Fatto
ComboFix 10-01-15.05 - Desk 16/01/2010 14.01.21.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.142 [GMT 1:00]
Eseguito da: c:\documents and settings\Desk\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-12-16 al 2010-01-16 )))))))))))))))))))))))))))))))))))
.
2010-01-14 12:01 . 2010-01-14 12:01 -------- d-----w- c:\documents and settings\Desk\Dati applicazioni\Malwarebytes
2010-01-14 12:01 . 2010-01-14 12:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-14 10:56 . 2010-01-14 10:56 -------- d-----w- c:\programmi\TrendMicro
2010-01-14 10:53 . 2010-01-14 10:54 -------- d-----w- C:\HijackThis
2010-01-10 15:55 . 2010-01-10 15:55 -------- d-----w- c:\programmi\VIA Technologies, Inc
2010-01-10 15:55 . 2003-07-04 22:14 32768 ----a-w- c:\windows\system32\UnAudioNT.dll
2010-01-10 14:45 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-20 18:07 . 2009-12-23 22:04 -------- d-----w- c:\programmi\WinDS PRO
2009-12-19 10:17 . 2009-12-19 10:19 -------- d-----w- c:\documents and settings\Desk\Dati applicazioni\HpUpdate
2009-12-19 10:17 . 2009-12-19 10:17 -------- d-----w- c:\windows\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 12:46 . 2010-01-14 23:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-01-14 23:29 . 2010-01-15 12:47 3776280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-01-14 23:29 . 2010-01-15 12:47 3967256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-01-14 23:29 . 2010-01-15 12:47 2352920 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgresf.dll
2010-01-14 23:29 . 2010-01-15 12:47 4043032 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2010-01-14 23:29 . 2010-01-15 12:47 2033432 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtray.exe
2010-01-14 23:29 . 2010-01-15 12:47 916248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcfgx.dll
2010-01-14 23:29 . 2008-11-11 09:48 -------- d-----w- c:\programmi\AVG
2010-01-14 20:57 . 2009-03-16 17:41 -------- d-----w- c:\documents and settings\Desk\Dati applicazioni\gtk-2.0
2010-01-05 10:39 . 2008-11-11 09:45 90800 ----a-w- c:\documents and settings\Desk\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-19 10:18 . 2008-11-15 13:31 -------- d-----w- c:\programmi\HP
2009-12-13 11:56 . 2009-12-13 11:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IObit
2009-12-13 11:56 . 2009-09-20 17:05 -------- d-----w- c:\programmi\IObit
2009-12-10 09:47 . 2003-04-08 12:00 80730 ----a-w- c:\windows\system32\perfc010.dat
2009-12-10 09:47 . 2003-04-08 12:00 482354 ----a-w- c:\windows\system32\perfh010.dat
2009-11-24 09:15 . 2009-03-16 13:08 -------- d-----w- c:\programmi\Java
2009-11-24 09:12 . 2009-11-24 09:12 152576 ----a-w- c:\documents and settings\Desk\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-24 09:11 . 2009-11-23 13:12 79488 ----a-w- c:\documents and settings\Desk\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:54 . 2003-04-08 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-15 13:07 . 2009-11-15 13:07 2232 ----a-w- c:\windows\java\Packages\Data\J5VN9V9Z.DAT
2009-11-15 13:07 . 2009-11-15 13:07 155995 ----a-w- c:\windows\java\Packages\9NRHJDJJ.ZIP
2009-11-15 13:07 . 2009-11-15 13:07 2678 ----a-w- c:\windows\java\Packages\Data\MNJP3J35.DAT
2009-11-15 13:07 . 2009-11-15 13:07 2678 ----a-w- c:\windows\java\Packages\Data\SLJHZBHV.DAT
2009-11-15 13:07 . 2009-11-15 13:07 2678 ----a-w- c:\windows\java\Packages\Data\8EYZJR1V.DAT
2009-11-15 13:07 . 2009-11-15 13:07 2678 ----a-w- c:\windows\java\Packages\Data\FTR3J5F7.DAT
2009-11-15 13:07 . 2009-11-15 13:07 2678 ----a-w- c:\windows\java\Packages\Data\1FFN97HV.DAT
2009-11-04 15:49 . 2009-11-11 15:41 635664 ----a-w- c:\documents and settings\Desk\Dati applicazioni\IObit\Common\TB_Helper.exe
2009-10-29 07:42 . 2003-04-08 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2008-11-11 09:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2003-04-08 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2008-11-11 09:32 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2008-11-11 09:32 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2008-11-17 20:21 265728 ----a-w- c:\windows\system32\drivers\http.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2001-12-23 4608]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PE2CKFNT SE"="c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2001-09-10 45568]
"D-Link AirPlus G"="c:\programmi\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-12 122368]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Photo Express Calendar Checker SE.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Photo Express Calendar Checker SE.lnk
backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Desk^Menu Avvio^Programmi^Esecuzione automatica^CTI Tray Icon.lnk]
path=c:\documents and settings\Desk\Menu Avvio\Programmi\Esecuzione automatica\CTI Tray Icon.lnk
backup=c:\windows\pss\CTI Tray Icon.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
2007-12-13 15:31 8824112 ----a-w- c:\programmi\VoipStunt.com\VoipStunt\VoipStunt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WFXSwtch]
2001-09-10 18:03 27648 ----a-w- c:\progra~1\Symantec\WinFax\WFXSWTCH.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Metin2_Italiano\\metin2.bin"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\Desk\\Desktop\\Simone\\Emule\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [29/03/2009 13.57.53 54752]
S2 gupdate1ca4128ce09348c;Servizio di Google Update (gupdate1ca4128ce09348c);c:\programmi\Google\Update\GoogleUpdate.exe [29/09/2009 18.17.57 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Desk\Desktop\everestultimate_build_1990\kerneld.wnt [10/01/2010 17.23.05 27760]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-09-29 17:17]
2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-09-29 17:17]
2010-01-15 c:\windows\Tasks\WebReg Deskjet F300 series.job
- c:\programmi\HP\Digital Imaging\bin\hpqwrg.exe [2005-12-15 15:45]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uDefault_Search_URL =
hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-16 14:07
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Desk\Desktop\everestultimate_build_1990\kerneld.wnt"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*]
"0140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(492)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(864)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-01-16 14:11:00
ComboFix-quarantined-files.txt 2010-01-16 13:10
ComboFix2.txt 2009-05-20 17:02
Pre-Run: 54.500.872.192 byte disponibili
Post-Run: 54.564.802.560 byte disponibili
- - End Of File - - 41CF157BBAE87EA5A1519B847BD327CB