sul server dell'ufficio dove lavoro abbiamo beccato il virus variante win32/conficker.x worm
il worm è stato rilevato dal nod 32 e bloccato, ma non eliminato
come fare ?
grazie
Moderatori: m.paolo, kadosh, Luke57
Driver::
ccahvno
ibwow
Folder::
c:\windows\Tasks
File::
c:\windows\system32\ebxmap.dll
Luke57 ha scritto:Ciao, nel report non c'è niente, disattiva l'antivirus e scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Fatto questo, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:
"%userprofile%\desktop\combofix.exe" /killall
Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavvia in modalità normale e posta il contenuto del file o allegalo.
ComboFix 09-02-19.01 - maspero 2009-02-20 17.25.30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.3071.2576 [GMT 1:00]
Eseguito da: c:\documents and settings\maspero\desktop\combofix.exe
Opzioni usate :: /killall
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
* Resident AV is active
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((((( Files Creati Da 2009-01-20 al 2009-02-20 )))))))))))))))))))))))))))))))))))
.
2009-02-20 17:02 . 2009-02-20 17:05 <DIR> d-------- c:\programmi\Windows Live Safety Center
2009-02-20 16:36 . 2009-02-20 16:37 <DIR> d-------- c:\windows\BDOSCAN8
2009-02-20 10:56 . 2009-02-20 11:01 <DIR> d-------- c:\windows\NV3040468.TMP
2009-02-20 10:56 . 2008-09-17 23:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2009-02-20 10:38 . 2009-02-20 10:38 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-20 10:38 . 2009-02-20 10:38 <DIR> d-------- c:\programmi\Reference Assemblies
2009-02-20 10:38 . 2009-02-20 10:38 <DIR> d-------- c:\programmi\MSBuild
2009-02-20 10:37 . 2009-02-20 10:38 <DIR> d-------- C:\32640fef16eaf6c9274a1b
2009-02-20 10:37 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-20 10:37 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-20 10:37 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-20 10:37 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-20 10:37 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-20 10:37 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-20 10:37 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-20 10:34 . 2009-02-20 10:35 <DIR> d-------- C:\836fb87bb6d6da5fdd63c7e9
2009-02-20 10:34 . 2009-02-20 10:34 <DIR> d-------- C:\4a3fa52be2d3d727af70c6
2009-02-19 22:25 . 2009-02-19 22:25 <DIR> d-------- c:\programmi\AnswerWorks 4.0
2009-02-19 22:16 . 2009-02-19 22:26 <DIR> d-------- c:\programmi\AutoCAD 2007
2009-02-19 22:16 . 2009-02-19 22:27 <DIR> d-------- c:\documents and settings\maspero\Dati applicazioni\Autodesk
2009-02-19 22:16 . 2009-02-19 22:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2009-02-19 22:14 . 2009-02-19 22:26 <DIR> d-------- c:\programmi\File comuni\Autodesk Shared
2009-02-19 22:14 . 2009-02-19 22:14 <DIR> d-------- c:\programmi\Autodesk
2009-02-19 20:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-19 20:22 . 2009-02-19 20:22 <DIR> d-------- c:\programmi\MSXML 4.0
2009-02-19 20:22 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-19 20:00 . 2009-02-19 20:00 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-19 20:00 . 2008-04-13 19:14 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2009-02-19 19:56 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0[/u]02829_.tmp
2009-02-19 19:41 . 2008-06-14 18:32 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-19 19:40 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-19 18:20 . 2008-06-17 20:01 8,490,496 -----c--- c:\windows\system32\dllcache\shell32.dll
2009-02-19 18:07 . 2009-02-19 18:07 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-19 16:47 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-19 16:47 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-19 16:47 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-19 16:47 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-19 16:42 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-19 16:42 . 2008-05-01 15:34 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-02-19 16:39 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-02-19 16:39 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-19 16:27 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-19 14:33 . 2009-02-20 10:40 1,374 --a------ c:\windows\imsins.BAK
2009-02-09 10:37 . 2009-02-09 10:37 <DIR> d-------- c:\programmi\TortoiseSVN
2009-02-09 10:37 . 2009-02-09 10:37 <DIR> d-------- c:\programmi\File comuni\TortoiseOverlays
2009-01-29 15:55 . 2009-02-20 14:19 664 --a------ c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 15:34 --------- d-----w c:\documents and settings\maspero\Dati applicazioni\foobar2000
2009-02-20 15:30 --------- d-----w c:\programmi\Mozilla Thunderbird
2009-02-20 11:22 --------- d-----w c:\documents and settings\Administrator.DPC\Dati applicazioni\foobar2000
2009-02-19 21:09 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-19 19:34 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-19 09:46 --------- d-----w c:\programmi\foobar2000
2009-02-18 13:08 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-02-17 10:47 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-02-17 10:38 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-02-16 13:13 --------- d-----w c:\documents and settings\maspero\Dati applicazioni\FileZilla
2009-02-12 13:10 --------- d-----w c:\programmi\Google
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-28 10:24 --------- d-----w c:\programmi\GuildFTPd
2009-01-22 10:04 --------- d-----w c:\programmi\CCleaner
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-25 94208]
"Google Update"="c:\documents and settings\maspero\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2005-09-25 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-01-31 385024]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
AutoCAD Startup Accelerator.lnk - c:\programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 11000]
Launchy.lnk - c:\programmi\Launchy\Launchy.exe [2008-12-04 286720]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^maspero^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\maspero\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-01-18 24635]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
S2 gupdate1c8f7ab5b44c074;Google Update Service (gupdate1c8f7ab5b44c074);c:\programmi\Google\Update\GoogleUpdate.exe [2008-08-06 133104]
S2 ipjnuvrdb;Installer Shell;c:\windows\system32\svchost.exe -k netsvcs [2006-03-02 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ipjnuvrdb
.
Contenuto della cartella 'Scheduled Tasks'
2009-02-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2008-09-08 08:37]
2009-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107963886-539718272-1231754661-3393.job
- c:\documents and settings\maspero\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-08 08:37]
2009-02-19 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
2009-02-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 192.168.206.213:3128
uInternet Settings,ProxyOverride = *.local;<local>
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {38021B14-24E5-45EB-9E23-2AECE18ED78A} = 192.168.202.202
FF - ProfilePath - c:\documents and settings\maspero\Dati applicazioni\Mozilla\Firefox\Profiles\e75lyydo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\documents and settings\maspero\Dati applicazioni\Mozilla\Firefox\Profiles\e75lyydo.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\maspero\Dati applicazioni\Mozilla\Firefox\Profiles\e75lyydo.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\maspero\Dati applicazioni\Mozilla\Firefox\Profiles\e75lyydo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\documents and settings\maspero\Impostazioni locali\Dati applicazioni\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\programmi\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 17:30:08
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ipjnuvrdb]
"ServiceDll"="c:\windows\system32\jyifu.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="F7C0667230F202213193EB00DAFC49221F2146D65D2E18E3CB3D1F010A4FE21CE7D8992D8A28F28CD8DA522D7D3B351E563AF2B699CF91531A7D5602E2CFD88A1E78382F74763C0EEAE27B8156C9D972783BF76460E7D6C617FEE0453625891AF32DB53C4776B0C6A396C4876E2E4615C10B3C4D0E89D1A922C5D03B4D0ED54B88376B6A5E34CBEB81966F985162AC1034C689327DBC0B7BDB0C172B78C042B0C11015A398B1A8C64936A0E590D3E082143F0F2892FA334EAC3F8D2E88637575C3E052A75AE3873404FCE1714066DE9F6CF75F18B1B31C4B3C006EB1D5123C53FB89A98A0A34CFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CBA7FD869164D6794A6A0AC4980AC7933EB0FF43D79C750198F8C474C09FBBD242ED65073669074A056F2DE9FC196EAAFA415CD695A39DAF440198A032CC32F4D2E1466BE65B5429B70F23D23316B67A578A9E9854D55C9FB646D0A44F6BC1872140815089E1B7F2F05B43B127201FBC1040FA024380A7151308D5C6DF3E69751C9184F13E0F23BD0D11E4BBC3AD7C5D37B4B01BC54491ABD6C42CABD8245C5C94D6C3D88516F77992B588F559377D0CD2729CA2B300AFEAB7414D35B54DFA8622F6F3AF7E8CB2AC9F64FE1715867A2C6E037F4AFABC7D12EB9D42ACC70C13F429553D4D16F43BDC22E35CE8B3B37327918C5A9EB7E01B4F53F9535FEB17B79B8B78AD1EA88950F88DF7E9682BEF7E846D0EB45E8B137415C9DAD8E434720BCB364CE27FCA68970C5AE65AD98BE3EA62E22045910A372025C0239054D3447E2CAFC9A032690E62949D065BBF3E5A5BF5937ACAAB285BBF717AB979BB44E8CB7B476AFC166E279F1048FC11F9FB5C978914FC6B382DDA31750EF6A08F7C0107CCF5A9179A40E13F80DCA7D670982CD8E473EF92319843CC7EEB59AB4750BF5E69CC408702A5587619CF263D803F5D6308CE93059EF299BE480F951C1F17E641F3F6820A1234F3040928F00ECC58B8D7E98CE16EAE7CCDBBF32CD00FE964388C2020A29BE216A681FEE3AA44F6815A113447B9EA2C2C59D1BDA545876EF529062D00337291BE3137DD8A26661EAB643F7911400FD29BC813070C5D1DFEDFC3183BC4123F868D0934C1A091EB5B06A29ACA1CF352E263130AA10EFA6AA6464221FFA45887AC898D1F19FC569177F7B8B233C787B18A873522AF8B157798C7F9E23642348ACDB76BAC87CC1A801000CA9434B6E555705A917C28F7FA7228219656E750606C2A6FB401E667B02A4430FC3E65EA508B6F14E327D5BE09CB0C7D0BB574F2BA825948A56B3B6845E65BACE205F29A41F3A8AAED8D308F303623E98E8A6B7E25F6E71DBF5406B856A5C3CE7096D0186E895506BC7B965E7"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'lsass.exe'(760)
c:\programmi\Bonjour\mdnsNSP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\programmi\Adobe\Acrobat 7.0\Distillr\acrodist.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-20 17:33:34 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-20 16:33:31
Pre-Run: 57.036.423.168 byte disponibili
Post-Run: 57,056,944,128 byte disponibili
250 --- E O F --- 2009-02-20 09:43:39
Driver::
ipjnuvrdb
File::
c:\windows\system32\jyifu.dll
c:\windows\[u]0[/u]02829_.tmp
c:\windows\imsins.BAK
ComboFix 09-02-21.01 - maspero 2009-02-23 12:50:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.3071.2514 [GMT 1:00]
Eseguito da: C:\ComboFix.exe
Opzioni usate :: C:\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
FILE ::
c:\windows\[u]0[/u]02829_.tmp
c:\windows\imsins.BAK
c:\windows\system32\jyifu.dll
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\imsins.BAK
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPJNUVRDB
-------\Service_ipjnuvrdb
((((((((((((((((((((((((( Files Creati Da 2009-01-23 al 2009-02-23 )))))))))))))))))))))))))))))))))))
.
2009-02-23 09:45 . 2009-02-23 09:45 171,362 --ahs---- c:\windows\system32\jyifu.hd
2009-02-20 17:22 . 2009-02-23 12:47 2,924,943 -ra------ C:\ComboFix.exe
2009-02-20 17:02 . 2009-02-20 17:05 <DIR> d-------- c:\programmi\Windows Live Safety Center
2009-02-20 16:36 . 2009-02-20 16:37 <DIR> d-------- c:\windows\BDOSCAN8
2009-02-20 10:56 . 2009-02-20 11:01 <DIR> d-------- c:\windows\NV3040468.TMP
2009-02-20 10:56 . 2008-09-17 23:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2009-02-20 10:38 . 2009-02-20 10:38 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-20 10:38 . 2009-02-20 10:38 <DIR> d-------- c:\programmi\Reference Assemblies
2009-02-20 10:38 . 2009-02-20 10:38 <DIR> d-------- c:\programmi\MSBuild
2009-02-20 10:37 . 2009-02-20 10:38 <DIR> d-------- C:\32640fef16eaf6c9274a1b
2009-02-20 10:37 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-20 10:37 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-20 10:37 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-20 10:37 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-20 10:37 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-20 10:37 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-20 10:37 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-20 10:34 . 2009-02-20 10:35 <DIR> d-------- C:\836fb87bb6d6da5fdd63c7e9
2009-02-20 10:34 . 2009-02-20 10:34 <DIR> d-------- C:\4a3fa52be2d3d727af70c6
2009-02-19 22:25 . 2009-02-19 22:25 <DIR> d-------- c:\programmi\AnswerWorks 4.0
2009-02-19 22:16 . 2009-02-19 22:26 <DIR> d-------- c:\programmi\AutoCAD 2007
2009-02-19 22:16 . 2009-02-19 22:27 <DIR> d-------- c:\documents and settings\maspero\Dati applicazioni\Autodesk
2009-02-19 22:16 . 2009-02-19 22:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2009-02-19 22:14 . 2009-02-19 22:26 <DIR> d-------- c:\programmi\File comuni\Autodesk Shared
2009-02-19 22:14 . 2009-02-19 22:14 <DIR> d-------- c:\programmi\Autodesk
2009-02-19 20:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-19 20:22 . 2009-02-19 20:22 <DIR> d-------- c:\programmi\MSXML 4.0
2009-02-19 20:22 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-19 20:00 . 2009-02-19 20:00 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-19 20:00 . 2008-04-13 19:14 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2009-02-19 19:56 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0[/u]02829_.tmp
2009-02-19 19:41 . 2008-06-14 18:32 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-19 19:40 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-19 18:20 . 2008-06-17 20:01 8,490,496 -----c--- c:\windows\system32\dllcache\shell32.dll
2009-02-19 18:07 . 2009-02-19 18:07 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-19 16:47 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-19 16:47 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-19 16:47 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-19 16:47 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-19 16:42 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-19 16:42 . 2008-05-01 15:34 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-02-19 16:39 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-02-19 16:39 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-19 16:27 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-09 10:37 . 2009-02-09 10:37 <DIR> d-------- c:\programmi\TortoiseSVN
2009-02-09 10:37 . 2009-02-09 10:37 <DIR> d-------- c:\programmi\File comuni\TortoiseOverlays
2009-01-29 15:55 . 2009-02-20 14:19 664 --a------ c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 11:45 --------- d-----w c:\documents and settings\maspero\Dati applicazioni\foobar2000
2009-02-23 08:24 --------- d-----w c:\programmi\Mozilla Thunderbird
2009-02-20 11:22 --------- d-----w c:\documents and settings\Administrator.DPC\Dati applicazioni\foobar2000
2009-02-19 21:09 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-19 19:34 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-19 09:46 --------- d-----w c:\programmi\foobar2000
2009-02-18 13:08 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-02-17 10:47 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-02-17 10:38 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-02-16 13:13 --------- d-----w c:\documents and settings\maspero\Dati applicazioni\FileZilla
2009-02-12 13:10 --------- d-----w c:\programmi\Google
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-28 10:24 --------- d-----w c:\programmi\GuildFTPd
2009-01-22 10:04 --------- d-----w c:\programmi\CCleaner
.
((((((((((((((((((((((((((((( SnapShot@2009-02-20_17.32.18.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-20 14:45:34 67,312 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-23 08:16:40 67,312 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-20 14:45:34 79,292 ----a-w c:\windows\system32\perfc010.dat
+ 2009-02-23 08:16:40 79,292 ----a-w c:\windows\system32\perfc010.dat
- 2009-02-20 14:45:34 432,356 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-23 08:16:40 432,356 ----a-w c:\windows\system32\perfh009.dat
- 2009-02-20 14:45:34 478,808 ----a-w c:\windows\system32\perfh010.dat
+ 2009-02-23 08:16:40 478,808 ----a-w c:\windows\system32\perfh010.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-25 94208]
"Google Update"="c:\documents and settings\maspero\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2005-09-25 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-01-31 385024]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
AutoCAD Startup Accelerator.lnk - c:\programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 11000]
Launchy.lnk - c:\programmi\Launchy\Launchy.exe [2008-12-04 286720]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^maspero^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\maspero\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-01-18 24635]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
S2 gupdate1c8f7ab5b44c074;Google Update Service (gupdate1c8f7ab5b44c074);c:\programmi\Google\Update\GoogleUpdate.exe [2008-08-06 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contenuto della cartella 'Scheduled Tasks'
2009-02-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2008-09-08 08:37]
2009-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107963886-539718272-1231754661-3393.job
- c:\documents and settings\maspero\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-08 08:37]
2009-02-23 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
2009-02-23 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 192.168.206.213:3128
uInternet Settings,ProxyOverride = *.local;<local>
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {38021B14-24E5-45EB-9E23-2AECE18ED78A} = 192.168.202.202
FF - ProfilePath - c:\documents and settings\maspero\Dati applicazioni\Mozilla\Firefox\Profiles\e75lyydo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\documents and settings\maspero\Dati applicazioni\Mozilla\Firefox\Profiles\e75lyydo.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\maspero\Dati applicazioni\Mozilla\Firefox\Profiles\e75lyydo.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\maspero\Dati applicazioni\Mozilla\Firefox\Profiles\e75lyydo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\documents and settings\maspero\Impostazioni locali\Dati applicazioni\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\programmi\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 12:54:55
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="F7C0667230F202213193EB00DAFC49221F2146D65D2E18E3CB3D1F010A4FE21CE7D8992D8A28F28CD8DA522D7D3B351E563AF2B699CF91531A7D5602E2CFD88A1E78382F74763C0EEAE27B8156C9D972783BF76460E7D6C617FEE0453625891AF32DB53C4776B0C6A396C4876E2E4615C10B3C4D0E89D1A922C5D03B4D0ED54B88376B6A5E34CBEB81966F985162AC1034C689327DBC0B7BDB0C172B78C042B0C11015A398B1A8C64936A0E590D3E082143F0F2892FA334EAC3F8D2E88637575C3E052A75AE3873404FCE1714066DE9F6CF75F18B1B31C4B3C006EB1D5123C53FB89A98A0A34CFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CBA7FD869164D6794A6A0AC4980AC7933EB0FF43D79C750198F8C474C09FBBD242ED65073669074A056F2DE9FC196EAAFA415CD695A39DAF440198A032CC32F4D2E1466BE65B5429B70F23D23316B67A578A9E9854D55C9FB646D0A44F6BC1872140815089E1B7F2F05B43B127201FBC1040FA024380A7151308D5C6DF3E69751C9184F13E0F23BD0D11E4BBC3AD7C5D37B4B01BC54491ABD6C42CABD8245C5C94D6C3D88516F77992B588F559377D0CD2729CA2B300AFEAB7414D35B54DFA8622F6F3AF7E8CB2AC9F64FE1715867A2C6E037F4AFABC7D12EB9D42ACC70C13F429553D4D16F43BDC22E35CE8B3B37327918C5A9EB7E01B4F53F9535FEB17B79B8B78AD1EA88950F88DF7E9682BEF7E846D0EB45E8B137415C9DAD8E434720BCB364CE27FCA68970C5AE65AD98BE3EA62E22045910A372025C0239054D3447E2CAFC9A032690E62949D065BBF3E5A5BF5937ACAAB285BBF717AB979BB44E8CB7B476AFC166E279F1048FC11F9FB5C978914FC6B382DDA31750EF6A08F7C0107CCF5A9179A40E13F80DCA7D670982CD8E473EF92319843CC7EEB59AB4750BF5E69CC408702A5587619CF263D803F5D6308CE93059EF299BE480F951C1F17E641F3F6820A1234F3040928F00ECC58B8D7E98CE16EAE7CCDBBF32CD00FE964388C2020A29BE216A681FEE3AA44F6815A113447B9EA2C2C59D1BDA545876EF529062D00337291BE3137DD8A26661EAB643F7911400FD29BC813070C5D1DFEDFC3183BC4123F868D0934C1A091EB5B06A29ACA1CF352E263130AA10EFA6AA6464221FFA45887AC898D1F19FC569177F7B8B233C787B18A873522AF8B157798C7F9E23642348ACDB76BAC87CC1A801000CA9434B6E555705A917C28F7FA7228219656E750606C2A6FB401E667B02A4430FC3E65EA508B6F14E327D5BE09CB0C7D0BB574F2BA825948A56B3B6845E65BACE205F29A41F3A8AAED8D308F303623E98E8A6B7E25F6E71DBF5406B856A5C3CE7096D0186E895506BC7B965E7"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'lsass.exe'(760)
c:\programmi\Bonjour\mdnsNSP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\programmi\Adobe\Acrobat 7.0\Distillr\acrodist.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-23 12:58:09 - Il pc è stato riavviato [maspero]
ComboFix-quarantined-files.txt 2009-02-23 11:58:06
Pre-Run: 57,003,790,336 byte disponibili
Post-Run: 56,996,306,944 byte disponibili
262 --- E O F --- 2009-02-20 09:43:39
Visitano il forum: Nessuno e 71 ospiti