Ti ringrazio per l'interessmento ed eccoti il contenuto del file ComboFix.txt
.
ComboFix 09-12-09.04 - Dany 10/12/2009 13.32.18.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.452 [GMT 1:00]
Eseguito da: c:\downloads\Software\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\WinPCap
c:\programmi\WinPCap\daemon_mgm.exe
c:\programmi\WinPCap\npf_mgm.exe
c:\programmi\WinPCap\rpcapd.exe
c:\windows\kb913800.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Creati Da 2009-11-10 al 2009-12-10 )))))))))))))))))))))))))))))))))))
.
2009-12-08 11:07 . 2009-12-08 11:07 65536 ----a-w- c:\windows\system32\afasrv32.exe
2009-12-08 11:06 . 2008-05-27 09:52 51072 ----a-w- c:\windows\system32\drivers\MHIKEY10.sys
2009-12-08 11:06 . 2009-12-08 11:07 -------- d-----w- c:\programmi\USIM Editor
2009-12-05 19:21 . 2009-12-05 20:13 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-12-05 19:13 . 2009-12-05 19:44 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-05 19:13 . 2009-12-05 19:44 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-05 19:13 . 2009-12-05 19:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-12-05 19:09 . 2009-12-05 19:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-11-29 14:36 . 2009-11-29 14:36 -------- d-----w- c:\programmi\ART Inc
2009-11-29 10:48 . 2009-11-29 10:48 -------- d-----w- c:\documents and settings\Dany\Impostazioni locali\Dati applicazioni\Western_Digital
2009-11-29 10:47 . 2009-11-29 10:47 -------- d-----w- c:\documents and settings\Dany\Dati applicazioni\Western Digital
2009-11-29 10:47 . 2009-11-29 10:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Western Digital
2009-11-29 10:47 . 2009-11-29 10:47 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\ServiceTest
2009-11-29 10:47 . 2009-02-13 11:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2009-11-29 10:47 . 2009-11-29 10:47 -------- d-----w- c:\windows\system32\DRVSTORE
2009-11-29 10:47 . 2009-11-29 10:47 -------- d-----w- c:\programmi\Western Digital
2009-11-29 10:45 . 2009-11-29 10:45 -------- d-----w- c:\documents and settings\Dany\Impostazioni locali\Dati applicazioni\Western Digital
2009-11-21 18:09 . 2009-11-21 18:09 -------- d-----w- c:\documents and settings\Dany\Dati applicazioni\Apple Computer
2009-11-21 17:55 . 2009-11-21 17:55 -------- d-----w- c:\programmi\QuickTime
2009-11-21 17:55 . 2009-11-21 17:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-11-21 17:54 . 2009-11-21 17:54 -------- d-----w- c:\programmi\File comuni\Apple
2009-11-21 17:54 . 2009-11-21 17:54 -------- d-----w- c:\documents and settings\Dany\Impostazioni locali\Dati applicazioni\Apple
2009-11-21 17:54 . 2009-11-21 17:54 -------- d-----w- c:\programmi\Apple Software Update
2009-11-21 17:54 . 2009-11-21 17:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-11-21 17:54 . 2009-11-21 17:54 -------- d-----w- c:\documents and settings\Dany\Impostazioni locali\Dati applicazioni\Apple Computer
2009-11-20 09:17 . 2009-11-20 09:17 -------- d-----w- C:\FOUND.005
2009-11-19 16:43 . 2009-11-19 16:43 -------- d-----w- C:\FOUND.004
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 12:37 . 2008-02-04 17:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-05 19:44 . 2009-12-05 19:44 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-12-05 19:44 . 2009-12-05 19:44 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-12-05 19:44 . 2009-12-05 19:44 296976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-12-05 19:44 . 2009-12-05 19:44 264720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-12-05 19:44 . 2009-12-05 19:44 128016 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-12-05 19:44 . 2009-05-24 14:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-12-05 19:44 . 2009-12-05 19:44 109072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-12-05 19:44 . 2009-12-05 19:44 59920 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-12-05 19:44 . 2009-12-05 19:44 264720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-12-05 19:44 . 2009-12-05 19:44 296976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-12-05 19:44 . 2009-12-05 19:44 128016 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-11-19 10:22 . 2009-11-19 10:22 79488 ----a-w- c:\documents and settings\Dany\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-10-31 12:30 . 2009-10-31 12:30 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2009-10-31 12:30 . 2009-10-31 12:30 -------- d-----w- c:\programmi\DVDVideoSoft
2009-10-29 14:56 . 2003-09-24 22:43 94550 ----a-w- c:\windows\system32\perfc010.dat
2009-10-29 14:56 . 2003-09-24 22:43 517008 ----a-w- c:\windows\system32\perfh010.dat
2009-09-11 14:17 . 2004-09-07 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
.
- Codice: Seleziona tutto
<pre>
c:\programmi\File comuni\Nero\Lib\NeroCheck .exe
c:\programmi\Realtek\InstallShield\AzMixerSel .exe
c:\programmi\Synaptics\SynTP\SynTPLpr .exe
c:\programmi\Synaptics\SynTP\SynTPEnh .exe
c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI .exe
c:\programmi\Launch Manager\QtZgAcer .exe
c:\programmi\Ulead Systems\Ulead VideoStudio SE\uvPL .exe
c:\windows\ehome\ehtray .exe
</pre>
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe runtime -Delay" [X]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe -atboottime" [X]
"USBestCR"="c:\programmi\USIM Editor\iconcs1954140.exe RunFromReg" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-05-25 303376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 20.41.32 33808]
R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [08/12/2009 12.07.11 65536]
R2 GtDetectSc;GT Detect;c:\windows\system32\GtDetectSc.exe [31/01/2008 17.32.53 167936]
R2 WDDMService;WD SmartWare Drive Manager;c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14/10/2009 14.31.02 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 9.58.08 20480]
R3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [31/01/2008 17.32.51 17024]
R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [31/01/2008 17.32.53 115840]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [31/01/2008 17.32.53 34560]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 17.46.52 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 20.59.44 19472]
S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [25/08/2005 20.10.02 509312]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [24/08/2005 7.07.24 692992]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [30/11/2005 5.28.58 1088896]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [08/12/2009 12.06.59 51072]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [29/11/2009 11.47.26 11520]
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) =
hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.comIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Free Download Manager -
file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager -
file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager -
file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager -
file://c:\programmi\Free Download Manager\dlall.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-HijackThis - F:\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-10 13:41
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1688)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4036)
c:\windows\system32\WININET.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\acer\Empowering Technology\admServ.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\eHome\ehmsas.exe
c:\windows\RTHDCPL.EXE
c:\programmi\ATI Technologies\ATI.ACE\cli.exe
c:\windows\system32\rundll32.exe
c:\programmi\QuickTime\QTTask.exe
c:\programmi\USIM Editor\iconcs1954140.exe
c:\windows\system32\dllhost.exe
c:\docume~1\Dany\IMPOST~1\Temp\RtkBtMnt.exe
c:\programmi\ATI Technologies\ATI.ACE\cli.exe
c:\programmi\ATI Technologies\ATI.ACE\cli.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-10 13:44:24 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-10 12:44
Pre-Run: 25.572.573.184 byte disponibili
Post-Run: 25.479.479.296 byte disponibili
- - End Of File - - EE4D65564A114C47C5D29E75E4870116