Non riesco ad accedere ai siti degli antivirus

[Luke57]

Ciao, addirittura due pc insieme, siamo passati al seriale adesso.
Primo pc
Prepara un fle di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:

Codice: Seleziona tutto

NetSvcs::
ctillxx

Driver::
ctillxx

File::
c:\windows\system32\ozsryj.dll

salvi il file con il nome obbligatorio di CFScript.txt
lo metti nella stessa cartella di combofix e poi, con il puntatore del mouse, lo trascini sull'icona del programma stesso che farà una nuova scansione con le stesse modalità della precedente. Al termine della scansione (ilprgramma avvertirà) riavvia il computer e posta il nuovo report.

Secondo pc

Il file di testo CFScrip.txt dovrà essere questo:

Codice: Seleziona tutto

NetSvcs::
eqldd

Driver::
pcidisk
sr5usw46is4jhserthtksrw80
lich
eqldd]

File::
c:\windows\system32\drivers\d5b5751.sys
c:\windows\system32\drivers\c2bee533.sys
c:\windows\system32\olcafuy.dll
c:\windows\system32\pcidisk.sys

Registry::
[-HKLM\~\startupfolder\c:^documents and settings^user^menu avvio^programmi^esecuzione automatica^fmnupd32.exe]
[-HKLM\~\startupfolder\c:^documents and settings^user^menu avvio^programmi^esecuzione automatica^zqosys32.exe]

solito procedimento per il primo pc.
Inoltre elimina dall'esecuzione automatica questi due file:

[shabda]

stesso problema col mio netbook, posto il file genrato da combo fix, aiutatemi non so come fare



ComboFix 09-07-09.08 - io 11/07/2009 10.59.49.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.736 [GMT 2:00]
Eseguito da: c:\documents and settings\io\desktop\abc.exe
Opzioni usate :: /killall

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-484763869-1078081533-1606980848-1003
c:\windows\msetup
c:\windows\msetup\MSetup.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-06-11 al 2009-07-11 )))))))))))))))))))))))))))))))))))
.

2009-07-11 08:21 . 2009-07-11 08:21 152576 ----a-w- c:\documents and settings\io\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-14 16:28 . 2008-04-13 09:56 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2009-06-14 16:28 . 2008-04-13 09:56 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2009-06-14 16:28 . 2008-04-13 09:56 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2009-06-14 16:28 . 2008-04-13 09:56 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 08:24 . 2008-12-10 17:44 -------- d-----w- c:\programmi\CCleaner
2009-07-11 08:23 . 2008-10-29 08:44 -------- d-----w- c:\programmi\Java
2009-07-11 08:23 . 2008-10-28 23:12 73304 ----a-w- c:\windows\system32\perfc010.dat
2009-07-11 08:23 . 2008-10-28 23:12 446994 ----a-w- c:\windows\system32\perfh010.dat
2009-05-21 09:33 . 2009-01-25 08:26 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 14:03 . 2008-10-29 08:47 -------- d-----w- c:\programmi\Samsung
2008-04-14 12:00 . 2008-10-28 23:12 162941 --sha-r- c:\windows\system32\etnqbt.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EDS"="c:\programmi\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-20 659456]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\programmi\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\programmi\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-07 2768896]
"MagicKeyboard"="c:\programmi\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SUPBackGround"="c:\programmi\Samsung\Samsung Update Plus\SUPBackGround.exe" [2008-09-25 298664]
"ACU"="c:\programmi\Atheros WLAN Client\ACU.exe" [2008-09-29 450648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-18 137752]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-08-26 16851456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\io\Menu Avvio\Programmi\Esecuzione automatica\
Portable PowerPro.exe.lnk - d:\dati\progr\PortPPro\Portable PowerPro.exe [2008-11-30 33982]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3368:TCP"= 3368:TCP:ltioeh
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [29/10/2008 10.45.10 4300]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [14/01/2008 20.01.02 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [29/10/2008 10.49.01 238464]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [25/01/2009 12.04.24 57408]
S2 dchopr;Task Shell;c:\windows\system32\svchost.exe -k netsvcs [29/10/2008 1.12.41 14336]
S3 ADDMEM;ADDMEM;\??\c:\docume~1\io\IMPOST~1\Temp\__Samsung_Update\ADDMEM.SYS --> c:\docume~1\io\IMPOST~1\Temp\__Samsung_Update\ADDMEM.SYS [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [13/12/2008 12.39.43 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [13/12/2008 12.39.43 3072]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [30/10/2006 15.29.28 19840]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dchopr
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-DetectDatacard - c:\programmi\AliceEntry\DetectDatacard.exe


.
------- Scansione supplementare -------
.
uStart Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 11:03
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dchopr]
"ServiceDll"="c:\windows\system32\etnqbt.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(920)
d:\dati\progr\PortPPro\Appdata\PPro.dll
c:\windows\system32\btmmhook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ACS.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Samsung\MagicKBD\MagicKBD.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
d:\dati\progr\PortPPro\Appdata\powerpro.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-11 11.05.32 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-11 09:05

Pre-Run: 23.467.388.928 byte disponibili
Post-Run: 23.453.618.176 byte disponibili

129

[Luke57]

@shabda
Ciao, Prepara un fle di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:

Codice: Seleziona tutto

NetSvcs::
dchopr

Driver::
dchopr

File::
c:\windows\system32\etnqbt.dll

salvi il file con il nome obbligatorio di CFScript.txt
lo metti nella stessa cartella di combofix e poi, con il puntatore del mouse, lo trascini sull'icona del programma stesso che farà una nuova scansione con le stesse modalità della precedente. Al termine della scansione (il prgramma avvertirà) riavvia il computer e posta il nuovo report.

[shabda]

grazie luke57, guardando meglio i tuoi messaggi precedenti avevo già fatto come hai detto costruendo proprio quello script e ho risolto... sarei però curioso di sapere qual era il problema... virus? spyware? ora sono al sicuro dopo aver usato lo script? comunque posto il nuovo log e grazie ancora, veramente gentile...



ComboFix 09-07-09.08 - io 11/07/2009 12.30.29.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.622 [GMT 2:00]
Eseguito da: c:\documents and settings\io\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\io\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-6C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\etnqbt.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\etnqbt.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DCHOPR
-------\Service_dchopr


((((((((((((((((((((((((( Files Creati Da 2009-06-11 al 2009-07-11 )))))))))))))))))))))))))))))))))))
.

2009-07-11 09:31 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-11 09:31 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-11 09:31 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-11 09:31 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-11 09:31 . 2009-07-11 09:31 -------- d-----w- c:\programmi\Avira
2009-07-11 09:31 . 2009-07-11 09:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-07-11 08:21 . 2009-07-11 08:21 152576 ----a-w- c:\documents and settings\io\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-14 16:28 . 2008-04-13 09:56 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2009-06-14 16:28 . 2008-04-13 09:56 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2009-06-14 16:28 . 2008-04-13 09:56 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2009-06-14 16:28 . 2008-04-13 09:56 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 09:12 . 2009-01-25 09:35 -------- d-----w- c:\programmi\Microsoft ActiveSync
2009-07-11 08:24 . 2008-12-10 17:44 -------- d-----w- c:\programmi\CCleaner
2009-07-11 08:23 . 2008-10-29 08:44 -------- d-----w- c:\programmi\Java
2009-07-11 08:23 . 2008-10-28 23:12 73304 ----a-w- c:\windows\system32\perfc010.dat
2009-07-11 08:23 . 2008-10-28 23:12 446994 ----a-w- c:\windows\system32\perfh010.dat
2009-05-21 09:33 . 2009-01-25 08:26 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 14:03 . 2008-10-29 08:47 -------- d-----w- c:\programmi\Samsung
.

((((((((((((((((((((((((((((( SnapShot@2009-07-11_09.03.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-11 10:34 . 2009-07-11 10:34 16384 c:\windows\temp\Perflib_Perfdata_6c0.dat
+ 2009-07-11 09:31 . 2009-02-13 10:50 28376 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-07-11 09:19 . 2009-07-11 09:19 228352 c:\windows\Installer\17efa.msi
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EDS"="c:\programmi\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-20 659456]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\programmi\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\programmi\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-07 2768896]
"MagicKeyboard"="c:\programmi\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SUPBackGround"="c:\programmi\Samsung\Samsung Update Plus\SUPBackGround.exe" [2008-09-25 298664]
"ACU"="c:\programmi\Atheros WLAN Client\ACU.exe" [2008-09-29 450648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-18 137752]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-08-26 16851456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\io\Menu Avvio\Programmi\Esecuzione automatica\
Portable PowerPro.exe.lnk - d:\dati\progr\PortPPro\Portable PowerPro.exe [2008-11-30 33982]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3368:TCP"= 3368:TCP:*:Disabled:ltioeh

R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [29/10/2008 10.45.10 4300]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [14/01/2008 20.01.02 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [29/10/2008 10.49.01 238464]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [25/01/2009 12.04.24 57408]
S3 ADDMEM;ADDMEM;\??\c:\docume~1\io\IMPOST~1\Temp\__Samsung_Update\ADDMEM.SYS --> c:\docume~1\io\IMPOST~1\Temp\__Samsung_Update\ADDMEM.SYS [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [13/12/2008 12.39.43 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [13/12/2008 12.39.43 3072]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [30/10/2006 15.29.28 19840]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - SSMDRV
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 12:35
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2884)
d:\dati\progr\PortPPro\Appdata\PPro.dll
c:\windows\system32\btmmhook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ACS.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Samsung\MagicKBD\MagicKBD.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
d:\dati\progr\PortPPro\Appdata\powerpro.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-11 12.37.13 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-11 10:37
ComboFix2.txt 2009-07-11 09:05

Pre-Run: 23.282.888.704 byte disponibili
Post-Run: 23.204.241.408 byte disponibili

159

[marchio78]

Ciao, addirittura due pc insieme, siamo passati al seriale adesso.
Primo pc
Prepara un fle di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:

Codice: Seleziona tutto

NetSvcs::
ctillxx

Driver::
ctillxx

File::
c:\windows\system32\ozsryj.dll

salvi il file con il nome obbligatorio di CFScript.txt
lo metti nella stessa cartella di combofix e poi, con il puntatore del mouse, lo trascini sull'icona del programma stesso che farà una nuova scansione con le stesse modalità della precedente. Al termine della scansione (ilprgramma avvertirà) riavvia il computer e posta il nuovo report.

Secondo pc

Il file di testo CFScrip.txt dovrà essere questo:

Codice: Seleziona tutto

NetSvcs::
eqldd

Driver::
pcidisk
sr5usw46is4jhserthtksrw80
lich
eqldd]

File::
c:\windows\system32\drivers\d5b5751.sys
c:\windows\system32\drivers\c2bee533.sys
c:\windows\system32\olcafuy.dll
c:\windows\system32\pcidisk.sys

Registry::
[-HKLM\~\startupfolder\c:^documents and settings^user^menu avvio^programmi^esecuzione automatica^fmnupd32.exe]
[-HKLM\~\startupfolder\c:^documents and settings^user^menu avvio^programmi^esecuzione automatica^zqosys32.exe]

solito procedimento per il primo pc.
Inoltre elimina dall'esecuzione automatica questi due file:

Grazie Luke57, ho risolto il problema, appena possibile psterò i nuovi log, grazie ancora!!!

[alfciao]

anch'io ho un problema simile,posto il logo di combofix:

ComboFix 09-07-14.07 - Alfredo 15/07/2009 3:15.1.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3070.2546 [GMT 2:00]
Eseguito da: c:\users\Alfredo\Desktop\abc.exe
SP: Prevx Edge *enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D902}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3286787569-2455873475-3527190330-500
c:\$recycle.bin\S-1-5-21-618150609-179367079-237093379-500
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\alot\bin\alot.dll
c:\program files\alot\bin\ALOTSettings.exe
c:\program files\IEToolbar
c:\program files\IEToolbar\Ant.com Toolbar\ant.dll
c:\program files\IEToolbar\Ant.com Toolbar\tbu06896\ant.dll
c:\program files\IEToolbar\Ant.com Toolbar\tbu06896\AntPlugin.dll
c:\users\Alfredo\AppData\Local\ieyeess.dat
c:\users\Alfredo\AppData\Local\ieyeess_nav.dat
c:\users\Alfredo\AppData\Local\ieyeess_navps.dat
c:\users\Alfredo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Videos.url
c:\users\Alfredo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\windows\Installer\4bcda.msi
c:\windows\Installer\af087e.msi
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Creati Da 2009-06-15 al 2009-07-15 )))))))))))))))))))))))))))))))))))
.

2009-07-14 17:42 . 2009-07-14 17:46 -------- d-----w- c:\windows\BDOSCAN8
2009-07-13 17:07 . 2009-07-13 17:07 -------- dc-h--w- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-03 17:08 . 2009-07-03 17:08 -------- d-----w- c:\windows\Sun
2009-07-01 11:51 . 2009-07-01 11:51 -------- d-----w- c:\users\Alfredo\AppData\Roaming\Malwarebytes
2009-07-01 11:51 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-01 11:51 . 2009-07-01 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 11:51 . 2009-07-01 11:51 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-01 11:51 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-30 19:01 . 2009-07-15 01:04 117760 ----a-w- c:\users\Alfredo\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-30 12:37 . 2009-06-30 12:37 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2009-06-30 12:36 . 2009-07-15 00:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-30 12:36 . 2009-06-30 12:36 -------- d-----w- c:\users\Alfredo\AppData\Roaming\SUPERAntiSpyware.com
2009-06-30 12:17 . 2009-06-30 12:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-28 14:43 . 2009-06-28 14:43 92 ----a-w- c:\users\Alfredo\AppData\Local\ieyeess.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 01:04 . 2008-04-24 16:33 -------- d-----w- c:\users\Alfredo\AppData\Roaming\OpenOffice.org2
2009-07-15 00:50 . 2008-03-26 13:43 27525 ----a-w- c:\users\Alfredo\AppData\Roaming\nvModes.dat
2009-07-15 00:46 . 2008-04-12 20:42 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-15 00:08 . 2008-03-27 11:35 8268 ----a-w- c:\users\Alfredo\AppData\Local\d3d9caps.dat
2009-07-12 17:27 . 2008-01-21 21:43 212596981 ----a-w- c:\windows\DUMP48d2.tmp
2009-07-11 10:01 . 2008-04-24 16:33 1 ----a-w- c:\users\Alfredo\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-04 16:27 . 2009-03-01 16:07 -------- d-----w- c:\progra~2\PC Suite
2009-06-29 15:21 . 2009-03-17 16:02 -------- d-----w- c:\program files\Trojan Remover
2009-06-28 14:03 . 2008-05-10 16:53 -------- d-----w- c:\program files\TooFast
2009-06-28 14:02 . 2008-04-18 10:02 737280 ----a-w- c:\windows\iun6002.exe
2009-06-11 06:02 . 2007-11-27 00:07 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 17:17 . 2009-06-07 19:12 -------- d-----w- c:\users\Alfredo\AppData\Roaming\Sony
2009-06-10 17:16 . 2009-06-10 17:16 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-06-10 17:15 . 2009-06-10 16:52 -------- d-----w- c:\program files\Sony
2009-06-10 16:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-07 19:13 . 2009-06-07 19:13 -------- d-----w- c:\users\Alfredo\AppData\Roaming\Sony Corporation
2009-06-07 19:12 . 2009-06-07 19:12 -------- d-----w- c:\progra~2\Sony
2009-06-02 17:41 . 2009-06-02 17:41 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-30 19:59 . 2007-11-27 07:24 671010 ----a-w- c:\windows\system32\perfh010.dat
2009-05-30 19:59 . 2007-11-27 07:24 123620 ----a-w- c:\windows\system32\perfc010.dat
2009-04-30 12:37 . 2009-06-14 15:45 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-14 15:45 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-24 16:05 . 2009-06-10 19:16 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 19:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 19:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-10 19:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 19:15 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 19:15 2033152 ----a-w- c:\windows\system32\win32k.sys
2008-03-31 19:38 . 2008-03-31 19:38 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930a91b5-73ba-44d4-a446-5bcc7a2be1ec}"= "c:\program files\Peer2Peer-IT\tbPeer.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{930a91b5-73ba-44d4-a446-5bcc7a2be1ec}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930a91b5-73ba-44d4-a446-5bcc7a2be1ec}]
2008-09-15 05:47 1784856 ----a-w- c:\program files\Peer2Peer-IT\tbPeer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930a91b5-73ba-44d4-a446-5bcc7a2be1ec}"= "c:\program files\Peer2Peer-IT\tbPeer.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{930a91b5-73ba-44d4-a446-5bcc7a2be1ec}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930A91B5-73BA-44D4-A446-5BCC7A2BE1EC}"= "c:\program files\Peer2Peer-IT\tbPeer.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{930a91b5-73ba-44d4-a446-5bcc7a2be1ec}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\80486ffe-6b46-408f-a6e3-0c480115b0e3.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-12-03 2372840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-17 4702208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Alfredo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
C'Š Posta.lnk - c:\program files\C'Š Posta\CPosta.exe [2007-9-5 471040]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-11-28 946176]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-5-20 389120]

c:\users\Alfredo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
C'Š Posta.lnk - c:\program files\C'Š Posta\CPosta.exe [2007-9-5 471040]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5DBB0C4D-969D-459E-A788-A31354634EC3}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{B7A180F0-2179-4BD5-AD6E-25F8149CBE8E}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{6E97CB72-C456-4D8A-BA89-F1F910CD8F05}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C46D08D0-BE54-4DBB-BDF2-868029478008}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EFBD8BF0-A719-4EFB-AC94-0F2DE1699B63}"= UDP:c:\program files\AdunanzA\eMule_AdnzA.exe:eMule AdunanzA
"{41462A61-E3C0-497B-A239-0ABABF575944}"= TCP:c:\program files\AdunanzA\eMule_AdnzA.exe:eMule AdunanzA
"TCP Query User{7D3008D0-0066-4A98-A9A7-8F48F7434544}c:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:c:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{B80AC38A-ED31-47D9-8706-A36FC92ED2F5}c:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:c:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{4A4CD557-E726-4DEC-B5B9-2AC92ECF4D18}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{03EB1594-3511-4BBA-B280-941C30B1C4CE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{20A40C5A-C261-42D9-8C41-A943FBA02144}c:\\program files\\nanocom corporation\\ispq videochat\\ispqvideochat8.exe"= UDP:c:\program files\nanocom corporation\ispq videochat\ispqvideochat8.exe:Video chat software for desktop computers.
"UDP Query User{94DE9027-B4A1-47CA-A8EE-B7C20E5245A6}c:\\program files\\nanocom corporation\\ispq videochat\\ispqvideochat8.exe"= TCP:c:\program files\nanocom corporation\ispq videochat\ispqvideochat8.exe:Video chat software for desktop computers.
"TCP Query User{D25653F2-C8E6-48E8-B9F0-E2E673F77573}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{B453281B-228F-47F9-BCE3-997999344AEC}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"{751E4B44-64DB-4EFB-832F-5A619EBDE41F}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{7571E3A3-2EB4-4F45-94A9-F55594C74D29}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{936F2607-18F3-4262-9C00-12E933C0AA9C}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{1FDBCD30-FA9F-4E13-BA6D-CE7A744B1280}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"TCP Query User{68EE7985-D8C3-4C85-8201-E23EDBF7BE2D}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query User{7668E3FB-E367-49A7-88D8-865E2C8716F1}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{D4A74F1A-6E62-44F3-9BBA-758F671DCF72}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B60D402E-E968-47EE-A4DC-1B57E4431A9D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{B085EB66-A831-4337-88B8-643A731F8398}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{EBA4E03D-0CA9-4F42-9A45-B72548B22D86}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{9958A1C2-B276-4B99-9C3C-58875CC18E46}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{19C5BC19-E302-447A-A162-35DBA8B7B43D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{BE82993D-6A02-4D37-B9D2-AC701EF88579}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{82B3B149-C625-499C-A12C-72B591D392B1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{53C9F1D4-9335-4E55-84E4-8CD59C241D94}"= UDP:c:\program files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2
"{6EB33FD5-36E2-4E78-8FC4-6EE8C5118606}"= TCP:c:\program files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2
"TCP Query User{314B0AE6-53F8-4C93-8B9C-BC19B88B7351}c:\\program files\\toofast\\fastfilesharing.exe"= UDP:c:\program files\toofast\fastfilesharing.exe:FastFileSharing
"UDP Query User{6A108607-986F-4FFA-86B6-288F562815C7}c:\\program files\\toofast\\fastfilesharing.exe"= TCP:c:\program files\toofast\fastfilesharing.exe:FastFileSharing

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
S3 pcPAD16;pcPAD Filter Service 16;c:\windows\System32\drivers\PCPAD16.sys [02/04/2008 7:54 33374]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
HKLM-RunOnce-<NO NAME> - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://news.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Cerca - c:\program files\aol\aol toolbar 5.0\resources\it-it\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
TCP: {EED91AB1-6269-461D-AF9A-D6ADCF556FC8} = 1.253.128.30,192.168.0.155
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 03:28
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(1600)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Ora fine scansione: 2009-07-15 3:31
ComboFix-quarantined-files.txt 2009-07-15 01:30

Pre-Run: 62.328.750.080 byte disponibili
Post-Run: 62.350.667.776 byte disponibili

244 --- E O F --- 2009-07-07 16:17

[Rik]

Ciao a tutti. Anche io ho avuto il problema degli URL bloccati, e leggendo il post sono riuscito a risolvere con Combofix. Tuttavia noto ancora una lentezza della connessione, e ogni tanto vedo che il mio PC si connette a degli indirizzi che no conosco. Vorrei quindi pubblicare di seguito il mio ComboFix.txt dell'ultima esecuzione per controllare se, oltre la dll che bloccava gli indirizzi, non si entrato anche qualche backdoor che non sono riuscito ad inviduare. Se qualcuno più esperto di me potesse darci un'occhiata, gliene sarei grato.
Grazie dell'aiuto:

ComboFix 09-10-01.05 - Riccardo 04/10/2009 22.34.24.4.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.39.1033.18.3070.2074 [GMT 1:00]
Eseguito da: c:\users\Riccardo\Desktop\abc.exe
Opzioni usate :: /killall
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((( Files Creati Da 2009-09-04 al 2009-10-04 )))))))))))))))))))))))))))))))))))
.

2009-10-04 21:38 . 2009-10-04 21:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-04 21:38 . 2009-10-04 21:38 -------- d-----w- c:\users\GestPay\AppData\Local\temp
2009-10-04 21:38 . 2009-10-04 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-04 19:02 . 2009-10-04 19:04 -------- d-----w- c:\windows\system32\ca-ES
2009-10-04 19:02 . 2009-10-04 19:04 -------- d-----w- c:\windows\system32\eu-ES
2009-10-04 19:02 . 2009-10-04 19:04 -------- d-----w- c:\windows\system32\vi-VN
2009-10-04 13:46 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-04 13:46 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-04 13:45 . 2009-10-04 13:45 -------- d-----w- c:\program files\iPod
2009-10-04 13:45 . 2009-10-04 13:46 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-04 13:45 . 2009-10-04 13:46 -------- d-----w- c:\program files\iTunes
2009-10-04 00:59 . 2009-10-04 00:59 -------- d-----w- c:\windows\system32\EventProviders
2009-10-04 00:57 . 2009-04-11 06:28 747008 ----a-w- c:\windows\system32\WsmSvc.dll
2009-10-04 00:02 . 2009-10-04 21:43 -------- d-----w- c:\users\Riccardo\AppData\Local\temp
2009-10-03 00:48 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 15:39 . 2009-09-30 15:39 -------- d-----w- c:\program files\Microsoft
2009-09-22 15:25 . 2009-09-22 15:25 -------- d-----w- c:\program files\gs
2009-09-22 15:19 . 2009-09-22 15:19 -------- d-----w- c:\programdata\PlotSoft
2009-09-22 15:19 . 2009-09-22 15:19 -------- d-----w- c:\program files\PlotSoft
2009-09-22 13:57 . 2009-10-02 12:34 -------- d-----w- c:\users\Riccardo\AppData\Roaming\Nitro PDF
2009-09-22 13:57 . 2009-09-15 09:16 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2009-09-22 13:57 . 2009-09-15 09:15 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2009-09-22 13:57 . 2009-09-22 13:57 -------- d-----w- c:\programdata\Nitro PDF
2009-09-22 13:57 . 2009-09-22 13:57 -------- d-----w- c:\program files\Nitro PDF
2009-09-22 13:57 . 2009-09-22 13:57 -------- d-----w- c:\program files\Common Files\Nitro PDF
2009-09-22 13:56 . 2009-09-22 13:56 -------- d-----w- c:\users\Riccardo\AppData\Roaming\Downloaded Installations
2009-09-16 13:53 . 2009-09-16 13:53 -------- d-----w- c:\program files\QuickTime
2009-09-15 09:17 . 2009-09-15 09:17 61760 ----a-w- c:\windows\system32\ASTSRV.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 21:42 . 2008-10-21 08:44 32156 ----a-w- c:\programdata\nvModes.dat
2009-10-04 21:38 . 2008-10-21 07:47 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-04 19:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-04 19:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-04 19:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-04 19:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-04 19:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-04 19:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-04 19:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-04 15:42 . 2009-03-16 22:24 -------- d-----w- c:\program files\JDownloader
2009-10-04 13:48 . 2009-05-01 11:05 -------- d-----w- c:\users\Riccardo\AppData\Roaming\Apple Computer
2009-10-04 13:45 . 2009-05-01 11:03 -------- d-----w- c:\program files\Common Files\Apple
2009-10-03 23:35 . 2009-10-03 23:35 4096 ----a-w- c:\windows\system32\06CE5.tmp
2009-10-03 23:10 . 2009-10-03 23:10 4096 ----a-w- c:\windows\system32\07232.tmp
2009-10-03 22:26 . 2009-10-03 22:26 4096 ----a-w- c:\windows\system32\06D14.tmp
2009-10-03 13:10 . 2009-10-03 13:10 4096 ----a-w- c:\windows\system32\099CE.tmp
2009-10-03 12:22 . 2009-10-03 12:22 4096 ----a-w- c:\windows\system32\07196.tmp
2009-10-03 11:37 . 2009-10-03 11:37 4096 ----a-w- c:\windows\system32\09462.tmp
2009-10-03 02:53 . 2009-01-17 21:30 -------- d-----w- c:\programdata\pdf995
2009-10-03 01:24 . 2008-11-19 23:13 -------- d-----w- c:\users\Riccardo\AppData\Roaming\FileZilla
2009-10-02 14:36 . 2008-11-27 18:26 -------- d-----w- c:\users\Riccardo\AppData\Roaming\Skype
2009-10-02 14:07 . 2008-11-27 18:27 -------- d-----w- c:\users\Riccardo\AppData\Roaming\skypePM
2009-09-27 18:09 . 2008-11-19 23:13 -------- d-----w- c:\program files\FileZilla FTP Client
2009-09-22 13:18 . 2009-01-17 21:30 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-09-22 13:18 . 2009-01-17 21:30 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-09-18 14:04 . 2008-10-21 10:17 -------- d-----w- c:\program files\ClipX
2009-09-10 01:17 . 2008-10-21 08:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-02 18:13 . 2008-12-01 07:54 -------- d-----w- c:\programdata\Installations
2009-09-02 18:11 . 2008-12-01 07:55 -------- d-----w- c:\program files\Nokia
2009-09-02 18:10 . 2008-12-01 08:21 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-30 10:00 . 2009-08-30 10:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-29 22:46 . 2009-02-18 17:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 22:01 . 2008-10-20 22:46 -------- d-----w- c:\programdata\NVIDIA
2009-08-29 21:13 . 2009-07-05 23:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-29 21:12 . 2009-07-05 23:18 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-29 00:27 . 2009-09-02 20:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 13:54 . 2009-05-14 11:25 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-08-28 13:54 . 2009-02-28 12:39 -------- d-----w- c:\program files\TortoiseSVN
2009-08-21 12:17 . 2008-10-20 22:41 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-19 12:35 . 2009-08-19 12:35 9787488 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-19 12:35 . 2009-08-19 12:35 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-19 12:35 . 2009-08-19 12:35 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-19 12:35 . 2009-08-19 12:35 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-08-19 12:35 . 2009-08-19 12:35 3197952 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-08-19 12:35 . 2009-08-19 12:35 1740800 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-19 12:35 . 2009-08-19 12:35 155648 ----a-w- c:\windows\system32\nvcod163.dll
2009-08-19 12:35 . 2009-08-19 12:35 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-19 12:35 . 2009-08-19 12:35 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-19 12:35 . 2008-09-15 23:58 991744 ----a-w- c:\windows\system32\nvapi.dll
2009-08-19 12:35 . 2008-09-15 23:58 7660544 ----a-w- c:\windows\system32\nvd3dum.dll
2009-08-19 12:35 . 2008-09-15 23:58 10420224 ----a-w- c:\windows\system32\nvoglv32.dll
2009-08-17 22:25 . 2008-12-01 07:58 -------- d-----w- c:\users\Riccardo\AppData\Roaming\Nokia
2009-08-17 14:08 . 2008-10-22 08:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 14:08 . 2008-10-22 08:18 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 14:08 . 2008-10-22 08:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-16 15:47 . 2008-10-20 21:51 -------- d-----w- c:\programdata\Microsoft Help
2009-08-15 01:41 . 2009-08-15 01:14 -------- d-----w- c:\program files\boost
2009-08-14 16:27 . 2009-09-09 20:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 20:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 20:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 20:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 20:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 20:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 20:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 20:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 20:41 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 20:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 20:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-12 22:08 . 2009-06-02 18:20 -------- d-----w- c:\program files\Safari
2009-08-07 18:51 . 2009-08-07 18:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 18:51 . 2009-08-07 18:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 21:52 . 2009-07-30 19:48 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 19:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 19:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 19:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 03:58 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 03:58 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 03:58 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 03:58 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 03:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-15 09:14 . 2009-07-15 09:14 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-07-11 19:01 . 2009-09-09 20:41 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 20:41 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 20:41 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 20:41 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 20:41 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2006-05-03 09:06 . 2009-05-09 22:13 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-05-09 22:13 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-05-09 22:13 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"EVEREST AutoStart"="c:\program files\Lavalys\EVEREST Ultimate Edition\everest_start.exe" [2009-05-24 334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]

c:\users\Riccardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LCDHype Version 0.6.lnk - c:\program files\LCDHype\lcdhype.exe [2009-6-11 1531392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Riccardo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCTray.lnk]
path=c:\users\Riccardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCTray.lnk
backup=c:\windows\pss\CCTray.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):87,db,44,49,26,45,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2F19C3BB-935C-4842-B324-727CFE41CB50}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{3A53433D-C1E6-47DF-AF64-03FB9E7AB3F9}c:\\program files\\microsoft virtual pc\\virtual pc.exe"= UDP:c:\program files\microsoft virtual pc\virtual pc.exe:Virtual PC 2007 SP1
"UDP Query User{D9CE08C0-39C2-4989-8C46-E2997E95F859}c:\\program files\\microsoft virtual pc\\virtual pc.exe"= TCP:c:\program files\microsoft virtual pc\virtual pc.exe:Virtual PC 2007 SP1
"{D70F5686-DB55-4D3E-ABFA-1F3499FD8B37}"= c:\program files\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe:XNA Game Studio 3.0 Transport
"{9F97D69B-F512-4B8C-92FF-5F969B1A76CA}"= c:\program files\Microsoft XNA\XNA Game Studio\v3.0\Bin\XnaLiveProxy.exe:XNA Framework Games for Windows - LIVE
"{589461BD-9B6D-417D-B648-7D45F29FD3AB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DFE6FACA-2E6B-4CC6-A688-EE079E2DDD40}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A5376931-8F24-4A74-9E5F-853CE6161172}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A929DA00-4C73-4C69-AC23-6EA1BB352064}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7C42E9F9-E2DA-4722-8DA6-220D79FC78BA}"= UDP:d:\giochi\StreetFighterIV\StreetFighterIV.exe:STREET FIGHTER IV
"{6D9B8B6D-8DA7-48BC-ADFF-EBD52D2EE066}"= TCP:d:\giochi\StreetFighterIV\StreetFighterIV.exe:STREET FIGHTER IV
"{F6D5AA4C-58EB-43A2-97C0-C8992B0352D8}"= UDP:d:\giochi\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{920812F2-2A21-43B9-9F2C-A1F70C4B4A4B}"= TCP:d:\giochi\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{A58D9196-5B71-42A9-A6E3-80BCA041EB34}"= UDP:5615:qzvztaz
"{A58C12DD-3691-4083-B8E0-73221D8667D9}"= UDP:5615:qzvztaz
"{6BC632A7-8A3F-4C31-AE52-1623B04D98E3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E8226B34-8384-40A8-ADE7-4FC7713F0F0E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [22/10/2008 9.18.26 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22/10/2008 9.18.24 297752]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15/09/2009 10.20.30 188736]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [11/06/2009 15.20.54 26736]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [25/11/2008 0.26.34 203616]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 14.48.18 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 14.48.12 8320]
S3 PRODIGY;PRODIGY;c:\windows\System32\drivers\prodigy.sys [07/06/2009 14.44.33 32377]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - EVERESTDRIVER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1769182520-1221554094-1942206469-1000Core.job
- c:\users\Riccardo\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-21 14:15]

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1769182520-1221554094-1942206469-1000UA.job
- c:\users\Riccardo\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-21 14:15]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Scarica con FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Scarica tutto con FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Riccardo\AppData\Roaming\Mozilla\Firefox\Profiles\iwiweab0.default\
FF - prefs.js: browser.startup.homepage - http://www.google.it
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Riccardo\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 22:43
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\windows\TEMP\TMP0000002FD4179AF31A9D2455 524288 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3836)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\LCDHype\data\screensaver.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\ASTSRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2009-10-04 22.47.34 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-04 21:47
ComboFix2.txt 2009-10-04 21:26

Pre-Run: 48.665.886.720 bytes free
Post-Run: 48.436.174.848 bytes free

334 --- E O F --- 2009-10-04 18:56

[yago73]

Ciao a tutti
anche io mi sono imbattuto in questo problema e addiritura su due pc contemporaneamente...
ho letto i post precedenti e ho installato e lanciato combofix.
Ora riesco ad accedere ai siti che prima non mi apriva, ma vorrei essere sicuro che tutto sia a posto.
Grazie in anticipo da yago73
Qui di seguito il log di combofix:

ComboFix 09-10-16.06 - Nic 17/10/2009 1.29.14.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.647 [GMT 2:00]
Eseguito da: d:\documenti\Download\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\22265443741.dll
c:\windows\system32\config\47867296.Evt
L:\Autorun.inf
M:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_asc3550p


((((((((((((((((((((((((( Files Creati Da 2009-09-16 al 2009-10-16 )))))))))))))))))))))))))))))))))))
.

2009-10-16 23:32 . 2009-10-16 23:32 24383 ----a-w- c:\windows\system32\23325925041.dll
2009-10-16 23:26 . 2009-10-16 23:26 -------- d-----w- c:\documents and settings\Nic\Impostazioni locali\Dati applicazioni\Adobe
2009-10-16 22:56 . 2009-10-16 22:56 3434 ----a-w- c:\windows\mozver.dat
2009-10-16 22:56 . 2009-10-16 22:58 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-10-16 22:46 . 2009-10-16 22:50 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-16 22:46 . 2009-10-16 22:50 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-16 22:45 . 2009-10-16 22:45 -------- d-----w- c:\programmi\Kaspersky Lab
2009-10-16 22:45 . 2009-10-16 22:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-10-16 22:45 . 2009-10-16 22:46 -------- d-----w- c:\windows\LastGood.Tmp
2009-10-16 22:38 . 2009-10-16 22:38 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-16 22:28 . 2009-10-16 22:28 -------- d-----w- c:\programmi\CCleaner
2009-10-16 22:22 . 2009-10-16 22:22 -------- d-----w- c:\windows\system32\Lang
2009-10-16 21:59 . 2009-10-16 21:59 -------- d-----w- c:\windows\system32\LogFiles
2009-10-16 21:58 . 2009-10-16 21:58 -------- d-sh--w- c:\documents and settings\All Users\DRM
2009-10-16 21:58 . 2009-10-16 21:59 -------- d-----w- c:\windows\system32\drivers\umdf
2009-10-16 21:56 . 2009-10-16 21:57 -------- d-----w- c:\programmi\XnView
2009-10-16 21:56 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-10-16 21:56 . 2009-10-16 21:56 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-10-16 21:49 . 2006-07-21 08:40 143360 ------r- c:\windows\system32\RtlCPAPI.dll
2009-10-16 21:49 . 2009-10-16 21:49 -------- d-----w- c:\windows\system32\RTCOM
2009-10-16 21:48 . 2006-05-03 17:35 9709568 ------r- c:\windows\RTLCPL.exe
2009-10-16 21:48 . 2004-08-19 13:39 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-10-16 21:48 . 2004-08-19 13:39 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-10-16 21:48 . 2004-08-03 21:08 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-10-16 21:48 . 2004-08-03 21:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-10-16 21:48 . 2006-05-15 19:04 2879488 ------r- c:\windows\SkyTel.exe
2009-10-16 21:48 . 2006-08-31 15:35 364544 ------r- c:\windows\RtlUpd.exe
2009-10-16 21:48 . 2006-09-11 20:27 4381184 ------r- c:\windows\system32\drivers\RtkHDAud.Sys
2009-10-16 21:47 . 2006-09-11 17:58 16264192 ------r- c:\windows\RTHDCPL.exe
2009-10-16 21:47 . 2006-09-11 16:12 2155008 ------r- c:\windows\MicCal.exe
2009-10-16 21:47 . 2005-05-02 16:00 69632 ------r- c:\windows\Alcmtr.exe
2009-10-16 21:47 . 2006-05-03 17:26 2808832 ------r- c:\windows\alcwzrd.exe
2009-10-16 21:47 . 2009-10-16 21:47 -------- d-----w- c:\programmi\Realtek
2009-10-16 21:47 . 2006-09-11 15:34 499712 ------r- c:\windows\RtlExUpd.dll
2009-10-16 20:29 . 2007-03-07 06:49 2379776 ----a-w- c:\windows\system32\nvwssr.dll
2009-10-16 20:25 . 2004-08-13 02:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2009-10-16 20:24 . 2004-04-26 16:00 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-10-16 20:14 . 2009-10-16 20:14 53248 ----a-w- c:\windows\ctfxmon.exe
2009-10-16 20:14 . 2009-10-16 20:14 233472 ----a-w- c:\windows\ctfxmon.dll
2009-10-16 20:09 . 2009-10-16 20:09 -------- d-----w- c:\documents and settings\Nic\Dati applicazioni\Blitware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-16 23:24 . 2009-10-16 17:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-16 23:12 . 2009-10-16 18:32 -------- d-----w- c:\documents and settings\Nic\Dati applicazioni\Skype
2009-10-16 22:43 . 2009-10-16 18:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-10-16 22:26 . 2009-10-16 19:21 90112 ----a-w- c:\windows\DUMP4371.tmp
2009-10-16 22:24 . 2009-10-16 19:21 90112 ----a-w- c:\windows\DUMP6e0b.tmp
2009-10-16 22:21 . 2009-10-16 19:21 90112 ----a-w- c:\windows\DUMP4d26.tmp
2009-10-16 21:49 . 2001-08-31 09:00 47814 ----a-w- c:\windows\system32\perfc010.dat
2009-10-16 21:49 . 2001-08-31 09:00 345382 ----a-w- c:\windows\system32\perfh010.dat
2009-10-16 21:47 . 2009-10-16 17:40 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-16 20:12 . 2009-10-16 18:55 -------- d-----w- c:\documents and settings\Nic\Dati applicazioni\ZipGenius
2009-10-16 18:57 . 2009-10-16 18:55 -------- d-----w- c:\programmi\ZipGenius 6
2009-10-16 18:32 . 2009-10-16 18:32 -------- d-----r- c:\programmi\Skype
2009-10-16 18:32 . 2009-10-16 18:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-10-16 18:24 . 2009-10-16 18:24 8224 ----a-w- c:\documents and settings\Nic\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-16 18:24 . 2009-10-16 18:24 -------- d-----w- c:\programmi\microsoft frontpage
2009-10-16 18:24 . 2009-10-16 19:21 90112 ----a-w- c:\windows\DUMP31dd.tmp
2009-10-16 17:50 . 2009-10-16 17:38 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-10-16 17:41 . 2009-10-16 17:41 -------- d-----w- c:\programmi\Realtek Sound Manager
2009-10-16 17:41 . 2009-10-16 17:41 -------- d-----w- c:\programmi\AvRack
2009-10-16 17:41 . 2009-10-16 17:41 -------- d-----w- c:\programmi\Realtek AC97
2009-10-16 17:40 . 2009-10-16 17:40 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-10-16 17:30 . 2009-10-16 17:30 21840 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfxmon.exe"="c:\windows\ctfxmon.exe" [2009-10-16 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfxmon.exe"="c:\windows\ctfxmon.exe" [2009-10-16 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 8425472]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avp"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfxmon.exe"="c:\windows\ctfxmon.exe" [2009-10-16 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5389:TCP"= 5389:TCP:riedjhw

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 20.41.32 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 17.46.52 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 20.59.44 19472]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - KLBG

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vbcbqmkcm
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Scansione supplementare -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nic\Dati applicazioni\Mozilla\Firefox\Profiles\gc7tfgwb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.it
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 01:32
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2548)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spupdsvc.exe
c:\windows\system32\spnpinst.exe
c:\windows\system32\sysocmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-10-16 1.35.16 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-16 23:35

Pre-Run: 48.614.957.056 byte disponibili
Post-Run: 48.611.180.544 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

170

[Luke57]

Ciao, visualizza file e cartelle nascosti (risorse del computer>strumenti>opzioni cartella>visualizzazione, metti la spunta a "visualizza file e cartelle nascosti", premi ok.

Cerca ed elimina il file, se presente:
c:\windows\system32\23325925041.dll

[yago73]

Ciao, visualizza file e cartelle nascosti (risorse del computer>strumenti>opzioni cartella>visualizzazione, metti la spunta a "visualizza file e cartelle nascosti", premi ok.

Cerca ed elimina il file, se presente:
c:\windows\system32\23325925041.dll

Trovato ed eliminato, ti ringrazio.
Adesso posto il log dell'altro pc e quando puoi fammi sapere...

ComboFix 09-10-16.02 - Nick 16/10/2009 22.58.34.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.255.112 [GMT 2:00]
Eseguito da: c:\documents and settings\Nick\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091015-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
c:\programmi\webmediaplayer
c:\programmi\webmediaplayer\resources\wmp_translation_file.xml
c:\programmi\webmediaplayer\skins\classic.skn
c:\programmi\webmediaplayer\sqlite3.dll
c:\programmi\webmediaplayer\uninst.exe
c:\programmi\webmediaplayer\WebMediaPlayer.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-09-16 al 2009-10-16 )))))))))))))))))))))))))))))))))))
.

2009-09-20 15:38 . 2009-09-20 15:38 -------- d-----w- c:\programmi\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-16 19:23 . 2009-03-04 19:54 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-16 18:40 . 2009-03-24 21:48 -------- d-----w- c:\documents and settings\Nick\Dati applicazioni\Skype
2009-10-16 18:32 . 2009-07-01 23:14 -------- d-----w- c:\documents and settings\Nick\Dati applicazioni\skypePM
2009-09-24 19:34 . 2009-03-12 21:59 -------- d-----w- c:\programmi\JackSMS
2009-09-09 15:35 . 2008-06-19 10:13 -------- d-----w- c:\programmi\File comuni\Adobe
2009-09-08 20:43 . 2008-04-13 11:32 11352 ----a-w- c:\documents and settings\Nick\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-07 14:11 . 2009-09-07 14:10 -------- d-----w- c:\documents and settings\Nick\Dati applicazioni\XnView
2009-09-07 14:10 . 2009-09-07 14:09 -------- d-----w- c:\programmi\XnView
2009-09-07 13:41 . 2009-09-07 13:39 -------- d-----w- c:\documents and settings\Nick\Dati applicazioni\Download Manager
2009-09-01 15:35 . 2008-03-17 19:13 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-08-27 10:42 . 2009-08-27 10:41 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\K-Meleon
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2383:TCP"= 2383:TCP:chohxsot

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/06/2009 23.20.37 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/06/2009 23.20.37 20560]
R3 ATMEL WinXP PCMCIAFVNETR (2ARC)(R);ATMEL WinXP PCMCIAFVNETR (2ARC)(R) Service for IEEE 802.11b Wireless LAN PC Card;c:\windows\system32\drivers\fvnetr51.sys [14/01/2003 12.44.40 91648]
S3 ATMEL FVNETusbASKEY (AR)(R);ATMEL FVNETusbASKEY (AR)(R) Service for SANTIS WLAN USB Adapter;c:\windows\system32\drivers\vnetusbk.sys [20/02/2003 18.15.38 93184]
S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;c:\windows\system32\drivers\netr73.sys [13/01/2009 19.56.56 256000]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
woban

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-854245398-1343024091-1003Core.job
- c:\documents and settings\Nick\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-08-07 22:17]

2009-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-854245398-1343024091-1003UA.job
- c:\documents and settings\Nick\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-08-07 22:17]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.tiscali.it/
IE: &Clean Traces - c:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nick\Dati applicazioni\Mozilla\Firefox\Profiles\1aab0rng.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.it/
FF - component: c:\programmi\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Nick\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-Web-Mediaplayer - c:\programmi\WebMediaPlayer\uninst.exe
AddRemove-WinGimp-2.0_is1 - f:\gimp-2.0\setup\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-16 23:03
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-10-16 23.06.10
ComboFix-quarantined-files.txt 2009-10-16 21:05

Pre-Run: 5.912.125.440 byte disponibili
Post-Run: 5.880.590.336 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

118

[Luke57]

Ciao, pare a posto.

[yago73]

Ciao, pare a posto.

Ciao Luke57.....ti ringrazio dell'aiuto.

[Apet]

Ciao a tutti. Scusate ma coma faccio ad allegare il file generato da suspectfile? Non vedo il modo per farlo. Mi aiutate grazie

[sunjtd]

Ciao a tutti,
purtroppo sono l'ultimo di una lunga serie....anche il mio pc non mi fa accedere ai siti degli antivirus!
Ho scaricato combofix e di seguito troverete il report del programma.
Vi chiederei gentilmente di darmi una mano per andare avanti e risolvere il mio problema.
Grazie mille
Francesco


ComboFix 09-10-20.03 - utente 26/10/2009 16.11.29.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.222.109 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\abc.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\recycled\Recycled

.
((((((((((((((((((((((((( Files Creati Da 2009-09-26 al 2009-10-26 )))))))))))))))))))))))))))))))))))
.

2009-12-10 15:04 . 2005-10-21 01:47 12800 ------w- c:\windows\system32\drivers\usb8023x.sys
2009-12-10 15:04 . 2005-10-21 01:47 30592 ------w- c:\windows\system32\drivers\rndismpx.sys
2009-12-10 15:02 . 2009-10-12 16:38 -------- d-----w- c:\programmi\Microsoft ActiveSync
2009-10-26 14:57 . 2009-10-26 14:57 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-10-26 14:56 . 2009-10-26 14:56 -------- d-----w- c:\windows\LastGood
2009-10-21 09:34 . 2009-10-21 09:34 -------- d-----w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\Babylon
2009-10-21 09:27 . 2009-10-21 09:29 -------- d-----w- c:\programmi\Babylon
2009-10-21 09:27 . 2009-10-26 14:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-10-21 09:27 . 2009-10-21 09:56 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Babylon
2009-10-19 16:31 . 2009-10-19 16:31 -------- d-----w- c:\programmi\Conduit
2009-10-19 16:31 . 2009-10-19 16:31 -------- d-----w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\Conduit
2009-10-19 16:31 . 2009-10-20 06:46 -------- d-----w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\myBabylon_English
2009-10-19 16:31 . 2009-10-19 16:31 -------- d-----w- c:\programmi\myBabylon_English
2009-10-19 14:52 . 2009-10-19 15:13 -------- d-----w- c:\programmi\AskBarDis
2009-10-19 14:52 . 2009-10-19 14:52 -------- d-----w- c:\programmi\Foxit Software
2009-10-19 14:52 . 2009-10-19 14:52 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Foxit
2009-10-19 14:42 . 2005-03-18 11:18 143360 ----a-r- c:\windows\apptune1020.exe
2009-10-19 14:42 . 2009-10-19 14:42 -------- d--h--w- c:\programmi\Zenographics
2009-10-19 10:25 . 2009-10-19 10:33 -------- d-----w- c:\programmi\Lisrel
2009-10-18 16:08 . 2009-10-18 16:08 -------- d-----w- c:\programmi\DsNET Corp
2009-10-15 11:15 . 2009-10-25 17:15 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\vlc
2009-10-15 11:14 . 2009-10-15 11:14 -------- d-----w- c:\programmi\VideoLAN
2009-10-15 10:33 . 2009-10-26 14:16 -------- d-----w- C:\downloads
2009-10-15 10:33 . 2009-10-15 10:33 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\GrabPro
2009-10-15 10:33 . 2009-10-26 15:06 -------- d-----w- c:\programmi\Orbitdownloader
2009-10-15 10:33 . 2009-10-26 14:16 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Orbit
2009-10-13 21:42 . 2009-10-13 21:42 -------- d-----w- c:\windows\system32\LogFiles
2009-10-13 21:35 . 2009-10-13 21:35 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-13 21:35 . 2007-07-28 13:21 451456 ----a-w- c:\windows\system32\drivers\rt73.sys
2009-10-13 21:35 . 2009-10-13 21:35 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-13 21:35 . 2009-10-13 21:35 -------- d-----w- c:\programmi\GIGABYTE
2009-10-13 21:34 . 2009-10-13 21:34 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\InstallShield
2009-10-13 08:39 . 2009-10-13 08:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-13 08:39 . 2009-10-20 11:14 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\skypePM
2009-10-13 08:37 . 2009-10-13 08:37 -------- d-----w- c:\programmi\File comuni\Skype
2009-10-13 08:37 . 2009-10-13 08:37 -------- d-----r- c:\programmi\Skype
2009-10-12 16:37 . 2009-10-12 16:37 -------- d-----w- c:\programmi\Risorse di Windows Mobile
2009-10-12 10:36 . 2009-10-12 10:36 -------- d-----w- C:\zanic
2009-10-12 10:36 . 2009-10-12 10:36 21036 ----a-w- c:\windows\system32\SIntfNT.dll
2009-10-12 10:36 . 2009-10-12 10:36 15132 ----a-w- c:\windows\system32\SIntf32.dll
2009-10-12 10:36 . 2009-10-12 10:36 12067 ----a-w- c:\windows\system32\SIntf16.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 10:13 . 2005-03-12 08:09 50432 ----a-w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-25 13:05 . 2005-01-13 08:00 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-11-25 13:05 . 2005-01-13 08:00 -------- d-----w- c:\programmi\Symantec
2009-11-25 13:00 . 2005-01-13 08:00 -------- d-----w- c:\programmi\Norton AntiVirus
2009-11-25 12:59 . 2005-01-13 08:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-10-25 10:02 . 2004-08-30 11:02 63378 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 10:02 . 2004-08-30 11:02 425670 ----a-w- c:\windows\system32\perfh010.dat
2009-10-20 13:17 . 2006-02-22 17:06 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Skype
2009-10-19 14:42 . 2005-01-13 08:00 -------- d-----w- c:\programmi\Hewlett-Packard
2009-10-19 14:22 . 2005-02-28 10:14 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-13 08:37 . 2006-02-22 17:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2006-02-22 18:15 . 2006-02-22 18:15 12316 ----a-w- c:\programmi\Doc rimborsi.pdf
2006-02-22 16:49 . 2006-02-22 16:49 10005816 ----a-w- c:\programmi\SkypeSetup.exe
2002-12-05 15:01 . 2002-12-05 13:49 248307 ---ha-w- c:\programmi\LISWIN32.GID
2002-11-25 13:32 . 2009-10-19 10:26 36864 ----a-w- c:\programmi\LisUtils.dll
2001-06-20 13:01 . 2009-10-19 10:26 9728 ----a-w- c:\programmi\README.WRI
2001-06-20 09:16 . 2009-10-19 10:26 1130635 ----a-w- c:\programmi\multilev5.exe
2001-06-18 14:57 . 2009-10-19 10:26 1408474 ----a-w- c:\programmi\lisrel85.exe
2001-06-18 14:42 . 2009-10-19 10:26 143360 ----a-w- c:\programmi\LisOut.dll
2001-06-13 14:33 . 2009-10-19 10:26 966357 ----a-w- c:\programmi\prelis25.exe
2001-06-08 10:11 . 2009-10-19 10:26 16796963 ----a-w- c:\programmi\Liswin32.hlp
2001-06-06 13:17 . 2009-10-19 10:26 41766 ----a-w- c:\programmi\Liswin32.cnt
2001-06-04 09:41 . 2009-10-19 10:26 303104 ----a-w- c:\programmi\LisData.dll
2001-05-25 09:07 . 2009-10-19 10:26 61440 ----a-w- c:\programmi\LisWin32.EXE
2001-05-25 09:07 . 2009-10-19 10:26 73728 ----a-w- c:\programmi\LisDBMS.dll
2001-05-25 09:06 . 2009-10-19 10:26 450560 ----a-w- c:\programmi\LisPath.dll
2001-05-25 08:57 . 2009-10-19 10:26 53248 ----a-w- c:\programmi\LisEdit.dll
2001-05-25 08:51 . 2009-10-19 10:26 102400 ----a-w- c:\programmi\LisApp.dll
2001-04-23 12:55 . 2009-10-19 10:26 535372 ----a-w- c:\programmi\ScatterSub.dll
2001-04-23 12:55 . 2009-10-19 10:26 531144 ----a-w- c:\programmi\BoxWhiskerSub.dll
2001-02-26 11:34 . 2009-10-19 10:26 1028608 ----a-w- c:\programmi\H5KRNL32.DLL
2001-02-23 10:17 . 2009-10-19 10:26 966096 ----a-w- c:\programmi\CONFIRM.EXE
2001-02-23 10:17 . 2009-10-19 10:26 1038305 ----a-w- c:\programmi\CATFIRM.EXE
2001-02-23 10:16 . 2009-10-19 10:26 1056768 ----a-w- c:\programmi\ROBOEX32.DLL
2007-04-16 15:54 . 2004-08-19 08:00 171376 --sha-r- c:\windows\system32\khepbn.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyBa.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58 333192 ----a-w- c:\programmi\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-08-30 07:28 2259480 ----a-w- c:\programmi\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyBa.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\programmi\myBabylon_English\tbmyBa.dll" [2009-08-30 2259480]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-30 118784]
"SunJavaUpdateSched"="c:\programmi\Java\j2re1.4.2_03\bin\jusched.exe" [2003-05-02 32881]
"UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-24 122939]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 536576]
"HPHUPD05"="c:\programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-22 483328]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958]
"eabconfg.cpl"="c:\programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 286720]
"PASSWOR"="c:\windows\PASSWORD.EXE" [2004-09-21 65536]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"OrderReminder"="c:\programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"Babylon Client"="c:\programmi\Babylon\Babylon-Pro\Babylon.exe" [2007-10-10 2997984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\
ctfmon.exe [2006-6-27 20480]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Gigabyte Wireless Utility.lnk - c:\programmi\GIGABYTE\Common\GNConfig.exe [2009-10-13 753664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^utente^Menu Avvio^Programmi^Esecuzione automatica^ctfmon.exe]
path=c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\ctfmon.exe
backup=c:\windows\pss\ctfmon.exeStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6622:TCP"= 6622:TCP:fxdxzvv
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S2 trkhkjhv;Installer Microsoft;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 9.00.00 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
trkhkjhv
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2003-05-03 10:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyServer = 10.7.129.253:3128
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 16:21
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

c:\windows\system32\ZSHP1020.EXE [3988] 0xFF109DA0

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????2?1?6?7??????? ???B???????????????B????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trkhkjhv]
"ServiceDll"="c:\windows\system32\khepbn.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Ora fine scansione: 2009-10-26 16.24.47
ComboFix-quarantined-files.txt 2009-10-26 15:24

Pre-Run: 19.688.280.064 byte disponibili
Post-Run: 19.956.101.120 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - CF3362F4E7A0E6F31C1B614BA299D22E

[Luke57]

Ciao, Prepara un file di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:

Codice: Seleziona tutto

[NetSvcs::
trkhkjhv

Driver::
trkhkjhv

File::
c:\windows\system32\khepbn.dll

salvi il file con il nome obbligatorio di CFScript.txt
lo metti nella stessa cartella di combofix e poi, con il puntatore del mouse, lo trascini sull'icona del programma stesso che farà una nuova scansione con le stesse modalità della precedente. Al termine della scansione (il programma avvertirà) riavvia il computer e posta il nuovo report.

[sunjtd]

Ciao Luke,
prima di tutto grazie per la velocità della tua risposta!

Ecco di seguito il report finale

ComboFix 09-10-20.03 - utente 26/10/2009 17.22.23.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.222.111 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\utente\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\khepbn.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\recycled\Recycled
c:\windows\system32\khepbn.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TRKHKJHV
-------\Service_trkhkjhv


((((((((((((((((((((((((( Files Creati Da 2009-09-26 al 2009-10-26 )))))))))))))))))))))))))))))))))))
.

2009-12-10 15:04 . 2005-10-21 01:47 12800 ------w- c:\windows\system32\drivers\usb8023x.sys
2009-12-10 15:04 . 2005-10-21 01:47 30592 ------w- c:\windows\system32\drivers\rndismpx.sys
2009-12-10 15:02 . 2009-10-12 16:38 -------- d-----w- c:\programmi\Microsoft ActiveSync
2009-10-26 14:57 . 2009-10-26 14:57 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-10-21 09:34 . 2009-10-21 09:34 -------- d-----w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\Babylon
2009-10-21 09:27 . 2009-10-21 09:29 -------- d-----w- c:\programmi\Babylon
2009-10-21 09:27 . 2009-10-26 16:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-10-21 09:27 . 2009-10-21 09:56 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Babylon
2009-10-19 16:31 . 2009-10-19 16:31 -------- d-----w- c:\programmi\Conduit
2009-10-19 16:31 . 2009-10-19 16:31 -------- d-----w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\Conduit
2009-10-19 16:31 . 2009-10-20 06:46 -------- d-----w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\myBabylon_English
2009-10-19 16:31 . 2009-10-19 16:31 -------- d-----w- c:\programmi\myBabylon_English
2009-10-19 14:52 . 2009-10-19 15:13 -------- d-----w- c:\programmi\AskBarDis
2009-10-19 14:52 . 2009-10-19 14:52 -------- d-----w- c:\programmi\Foxit Software
2009-10-19 14:52 . 2009-10-19 14:52 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Foxit
2009-10-19 14:42 . 2005-03-18 11:18 143360 ----a-r- c:\windows\apptune1020.exe
2009-10-19 14:42 . 2009-10-19 14:42 -------- d--h--w- c:\programmi\Zenographics
2009-10-19 10:25 . 2009-10-19 10:33 -------- d-----w- c:\programmi\Lisrel
2009-10-18 16:08 . 2009-10-18 16:08 -------- d-----w- c:\programmi\DsNET Corp
2009-10-15 11:15 . 2009-10-25 17:15 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\vlc
2009-10-15 11:14 . 2009-10-15 11:14 -------- d-----w- c:\programmi\VideoLAN
2009-10-15 10:33 . 2009-10-26 15:56 -------- d-----w- C:\downloads
2009-10-15 10:33 . 2009-10-15 10:33 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\GrabPro
2009-10-15 10:33 . 2009-10-26 16:30 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Orbit
2009-10-15 10:33 . 2009-10-26 15:57 -------- d-----w- c:\programmi\Orbitdownloader
2009-10-13 21:42 . 2009-10-13 21:42 -------- d-----w- c:\windows\system32\LogFiles
2009-10-13 21:35 . 2009-10-13 21:35 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-13 21:35 . 2007-07-28 13:21 451456 ----a-w- c:\windows\system32\drivers\rt73.sys
2009-10-13 21:35 . 2009-10-13 21:35 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-13 21:35 . 2009-10-13 21:35 -------- d-----w- c:\programmi\GIGABYTE
2009-10-13 21:34 . 2009-10-13 21:34 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\InstallShield
2009-10-13 08:39 . 2009-10-13 08:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-13 08:39 . 2009-10-20 11:14 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\skypePM
2009-10-13 08:37 . 2009-10-13 08:37 -------- d-----w- c:\programmi\File comuni\Skype
2009-10-13 08:37 . 2009-10-13 08:37 -------- d-----r- c:\programmi\Skype
2009-10-12 16:37 . 2009-10-12 16:37 -------- d-----w- c:\programmi\Risorse di Windows Mobile
2009-10-12 10:36 . 2009-10-12 10:36 -------- d-----w- C:\zanic
2009-10-12 10:36 . 2009-10-12 10:36 21036 ----a-w- c:\windows\system32\SIntfNT.dll
2009-10-12 10:36 . 2009-10-12 10:36 15132 ----a-w- c:\windows\system32\SIntf32.dll
2009-10-12 10:36 . 2009-10-12 10:36 12067 ----a-w- c:\windows\system32\SIntf16.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 10:13 . 2005-03-12 08:09 50432 ----a-w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-25 13:05 . 2005-01-13 08:00 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-11-25 13:05 . 2005-01-13 08:00 -------- d-----w- c:\programmi\Symantec
2009-11-25 13:00 . 2005-01-13 08:00 -------- d-----w- c:\programmi\Norton AntiVirus
2009-11-25 12:59 . 2005-01-13 08:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-10-25 10:02 . 2004-08-30 11:02 63378 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 10:02 . 2004-08-30 11:02 425670 ----a-w- c:\windows\system32\perfh010.dat
2009-10-20 13:17 . 2006-02-22 17:06 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Skype
2009-10-19 14:42 . 2005-01-13 08:00 -------- d-----w- c:\programmi\Hewlett-Packard
2009-10-19 14:22 . 2005-02-28 10:14 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-13 08:37 . 2006-02-22 17:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2006-02-22 18:15 . 2006-02-22 18:15 12316 ----a-w- c:\programmi\Doc rimborsi.pdf
2006-02-22 16:49 . 2006-02-22 16:49 10005816 ----a-w- c:\programmi\SkypeSetup.exe
2002-12-05 15:01 . 2002-12-05 13:49 248307 ---ha-w- c:\programmi\LISWIN32.GID
2002-11-25 13:32 . 2009-10-19 10:26 36864 ----a-w- c:\programmi\LisUtils.dll
2001-06-20 13:01 . 2009-10-19 10:26 9728 ----a-w- c:\programmi\README.WRI
2001-06-20 09:16 . 2009-10-19 10:26 1130635 ----a-w- c:\programmi\multilev5.exe
2001-06-18 14:57 . 2009-10-19 10:26 1408474 ----a-w- c:\programmi\lisrel85.exe
2001-06-18 14:42 . 2009-10-19 10:26 143360 ----a-w- c:\programmi\LisOut.dll
2001-06-13 14:33 . 2009-10-19 10:26 966357 ----a-w- c:\programmi\prelis25.exe
2001-06-08 10:11 . 2009-10-19 10:26 16796963 ----a-w- c:\programmi\Liswin32.hlp
2001-06-06 13:17 . 2009-10-19 10:26 41766 ----a-w- c:\programmi\Liswin32.cnt
2001-06-04 09:41 . 2009-10-19 10:26 303104 ----a-w- c:\programmi\LisData.dll
2001-05-25 09:07 . 2009-10-19 10:26 61440 ----a-w- c:\programmi\LisWin32.EXE
2001-05-25 09:07 . 2009-10-19 10:26 73728 ----a-w- c:\programmi\LisDBMS.dll
2001-05-25 09:06 . 2009-10-19 10:26 450560 ----a-w- c:\programmi\LisPath.dll
2001-05-25 08:57 . 2009-10-19 10:26 53248 ----a-w- c:\programmi\LisEdit.dll
2001-05-25 08:51 . 2009-10-19 10:26 102400 ----a-w- c:\programmi\LisApp.dll
2001-04-23 12:55 . 2009-10-19 10:26 535372 ----a-w- c:\programmi\ScatterSub.dll
2001-04-23 12:55 . 2009-10-19 10:26 531144 ----a-w- c:\programmi\BoxWhiskerSub.dll
2001-02-26 11:34 . 2009-10-19 10:26 1028608 ----a-w- c:\programmi\H5KRNL32.DLL
2001-02-23 10:17 . 2009-10-19 10:26 966096 ----a-w- c:\programmi\CONFIRM.EXE
2001-02-23 10:17 . 2009-10-19 10:26 1038305 ----a-w- c:\programmi\CATFIRM.EXE
2001-02-23 10:16 . 2009-10-19 10:26 1056768 ----a-w- c:\programmi\ROBOEX32.DLL
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyBa.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58 333192 ----a-w- c:\programmi\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-08-30 07:28 2259480 ----a-w- c:\programmi\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyBa.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\programmi\myBabylon_English\tbmyBa.dll" [2009-08-30 2259480]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-30 118784]
"SunJavaUpdateSched"="c:\programmi\Java\j2re1.4.2_03\bin\jusched.exe" [2003-05-02 32881]
"UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-24 122939]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 536576]
"HPHUPD05"="c:\programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-22 483328]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958]
"eabconfg.cpl"="c:\programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 286720]
"PASSWOR"="c:\windows\PASSWORD.EXE" [2004-09-21 65536]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"OrderReminder"="c:\programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"Babylon Client"="c:\programmi\Babylon\Babylon-Pro\Babylon.exe" [2007-10-10 2997984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\
ctfmon.exe [2006-6-27 20480]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Gigabyte Wireless Utility.lnk - c:\programmi\GIGABYTE\Common\GNConfig.exe [2009-10-13 753664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^utente^Menu Avvio^Programmi^Esecuzione automatica^ctfmon.exe]
path=c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\ctfmon.exe
backup=c:\windows\pss\ctfmon.exeStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6622:TCP"= 6622:TCP:fxdxzvv
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.
Contenuto della cartella 'Scheduled Tasks'

2009-10-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2003-05-03 10:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyServer = 10.7.129.253:3128
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 17:32
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????2?1?6?7??????? ???B???????????????B????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\abc\CF10397.exe
c:\programmi\xampp\apache\bin\apache.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmi\xampp\FileZillaFTP\FileZillaServer.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\xampp\apache\bin\apache.exe
c:\windows\system32\wscntfy.exe
c:\abc\PEV.cfxxe
.
**************************************************************************
.
Ora fine scansione: 2009-10-26 17.40.53 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-26 16:40
ComboFix2.txt 2009-10-26 15:24

Pre-Run: 19.950.571.520 byte disponibili
Post-Run: 19.843.473.408 byte disponibili

- - End Of File - - 3BCD8B8B5FC1C17C6D0FB39C864A61C5

[sunjtd]

Il computer adesso funziona alla grande....grazie davvero Luke, il vostro forum è davvero una manna dal cielo per i naviganti "inesperti" come me!

Buona Serata

[gincobiloba]

Buondì, sono l'ennesimo utente con il medesimo problema di tutti gli altri! Scan di AVG, HiJackThis ed altri a.v. non hanno dato frutto...Allego il report di ComboFix:

ComboFix 09-11-03.01 - hopewell 04/11/2009 0.14.37.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.3327.2640 [GMT 1:00]
Eseguito da: e:\documents and settings\hopewell\desktop\abc.exe
Opzioni usate :: /killall
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\hopewell\Dati applicazioni\BITS
e:\documents and settings\hopewell\Dati applicazioni\BITS\BITS.ini
e:\documents and settings\hopewell\Dati applicazioni\BITS\pl.dat
e:\documents and settings\hopewell\Dati applicazioni\BITS\UPnP.ini
e:\documents and settings\hopewell\Dati applicazioni\FlashGetBHO
e:\documents and settings\hopewell\Dati applicazioni\FlashGetBHO\FlashGetBHO3.dll
e:\documents and settings\hopewell\Dati applicazioni\FlashGetBHO\GetAllUrl.htm
e:\documents and settings\hopewell\Dati applicazioni\FlashGetBHO\GetUrl.htm
e:\programmi\BigSeekPro Toolbar\tbHElper.dll
e:\programmi\FlashGet Network
e:\recycler\S-1-5-21-789336058-1957994488-682003330-1003

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDRIVER
-------\Service_WinDriver


((((((((((((((((((((((((( Files Creati Da 2009-10-03 al 2009-11-03 )))))))))))))))))))))))))))))))))))
.

2009-11-03 23:18 . 2009-11-03 23:18 -------- d-----w- e:\windows\system32\wbem\snmp
2009-11-03 22:37 . 2009-11-03 22:37 -------- d-----w- e:\documents and settings\hopewell\Dati applicazioni\AVG9
2009-11-01 23:27 . 2009-11-01 23:27 -------- d-----w- e:\programmi\Direct MIDI to MP3 Converter
2009-10-31 19:20 . 2009-10-31 19:21 -------- d-----w- e:\programmi\Sim Rpg Maker Fr
2009-10-31 04:18 . 2009-10-31 04:19 -------- d-----w- e:\programmi\Install Creator Pro
2009-10-31 04:00 . 2009-10-31 04:05 -------- d-----w- e:\programmi\SkyDreamsGames
2009-10-31 01:01 . 2009-10-31 01:02 -------- d-----w- e:\programmi\Exult
2009-10-28 20:32 . 2009-10-28 20:32 -------- d-----w- E:\$AVG
2009-10-27 14:24 . 2009-11-02 19:46 156672 ----a-w- e:\windows\system32\rmc_fixasf.exe
2009-10-27 14:24 . 2009-11-02 19:46 237568 ----a-w- e:\windows\system32\rmc_rtspdl.dll
2009-10-27 14:23 . 2009-11-02 20:17 -------- d-----w- e:\documents and settings\hopewell\Impostazioni locali\Dati applicazioni\mdnslib
2009-10-27 14:23 . 2009-11-03 23:10 -------- d-----w- e:\documents and settings\hopewell\Impostazioni locali\Dati applicazioni\FLVService
2009-10-27 14:23 . 2009-11-02 20:23 -------- d-----w- e:\programmi\Replay Media Catcher
2009-10-27 14:23 . 2009-10-27 14:23 -------- d-----w- e:\windows\Replay Media Catcher
2009-10-23 04:24 . 2009-10-23 04:24 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\Toolbar4
2009-10-23 04:24 . 2009-11-03 23:16 -------- d-----w- e:\programmi\BigSeekPro Toolbar
2009-10-13 08:35 . 2009-10-13 08:35 -------- d-----w- e:\programmi\File comuni\Logitech
2009-10-13 08:35 . 2009-10-13 08:35 -------- d-----w- e:\documents and settings\hopewell\Impostazioni locali\Dati applicazioni\Downloaded Installations
2009-10-11 18:18 . 2009-10-11 18:18 -------- d-----w- e:\documents and settings\hopewell\Dati applicazioni\Leadertech
2009-10-11 18:17 . 2009-10-13 08:35 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\Logishrd
2009-10-11 18:17 . 2009-10-11 18:19 -------- d-----w- e:\programmi\File comuni\LogiShrd
2009-10-11 18:17 . 2009-10-11 18:17 -------- d-----w- e:\programmi\Logitech
2009-10-11 18:17 . 2009-10-11 18:17 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\Logitech
2009-10-07 17:51 . 2009-10-30 01:42 -------- d-----w- e:\programmi\Audacity
2009-10-07 13:56 . 2009-10-07 13:56 -------- d-----w- e:\documents and settings\hopewell\Dati applicazioni\Smith Micro
2009-10-07 13:56 . 2009-10-21 03:26 -------- d---a-w- e:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-07 13:53 . 2009-10-07 13:53 -------- d-----w- e:\programmi\Smith Micro
2009-10-07 00:24 . 2009-10-07 00:24 -------- d-----w- e:\windows\system32\oodag
2009-10-06 21:02 . 2009-10-06 21:02 -------- d-----w- e:\programmi\OO Software
2009-10-06 10:47 . 2009-10-06 18:48 -------- d--h--w- e:\documents and settings\All Users\Dati applicazioni\ActiveSMART

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 22:49 . 2008-11-03 18:19 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\avg8
2009-11-03 22:29 . 2008-11-03 18:03 -------- d-----w- e:\documents and settings\hopewell\Dati applicazioni\Skype
2009-11-03 22:02 . 2009-10-03 09:38 -------- d-----w- e:\documents and settings\hopewell\Dati applicazioni\gtk-2.0
2009-11-03 21:25 . 2009-09-14 18:48 2098 --sha-w- e:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2009-11-03 21:00 . 2008-11-03 18:10 -------- d-----w- e:\documents and settings\hopewell\Dati applicazioni\skypePM
2009-11-03 18:26 . 2008-11-12 15:28 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-03 18:11 . 2008-11-12 23:21 96 ---ha-w- e:\windows\system32\HsInfo.dat
2009-11-03 16:44 . 2008-11-12 15:28 -------- d-----w- e:\programmi\Spybot - Search & Destroy
2009-11-03 16:43 . 2001-08-31 11:00 78324 ----a-w- e:\windows\system32\perfc010.dat
2009-11-03 16:43 . 2001-08-31 11:00 475968 ----a-w- e:\windows\system32\perfh010.dat
2009-11-03 16:34 . 2009-11-03 16:34 4096 ----a-w- e:\windows\system32\01.tmp
2009-11-02 03:02 . 2008-11-04 08:57 -------- d-----w- e:\documents and settings\hopewell\Dati applicazioni\uTorrent
2009-10-29 10:25 . 2008-11-03 18:19 -------- d-----w- e:\programmi\AVG
2009-10-28 20:13 . 2008-11-03 18:19 360584 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2009-10-28 20:13 . 2008-11-03 18:19 12464 ----a-w- e:\windows\system32\avgrsstx.dll
2009-10-28 20:13 . 2008-11-03 18:19 28424 ----a-w- e:\windows\system32\drivers\avgmfx86.sys
2009-10-28 20:13 . 2008-11-03 18:19 333192 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2009-10-14 09:26 . 2008-11-03 21:24 -------- d-----w- e:\programmi\File comuni\Adobe
2009-10-03 08:55 . 2009-10-03 08:55 -------- d-----w- e:\programmi\GIMP-2.0
2009-10-03 08:18 . 2008-12-13 13:33 -------- d-----w- e:\programmi\File comuni\Real
2009-10-03 08:18 . 2009-10-03 08:18 -------- d-----w- e:\programmi\File comuni\xing shared
2009-10-02 08:02 . 2009-06-24 15:27 -------- d-----w- e:\programmi\Ubisoft
2009-10-02 08:01 . 2008-11-03 17:42 -------- d--h--w- e:\programmi\InstallShield Installation Information
2009-10-01 13:42 . 2009-03-24 08:38 -------- d-----w- e:\programmi\Warcraft III
2009-10-01 11:24 . 2009-10-01 11:24 4096 ----a-w- e:\windows\d3dx.dat
2009-09-30 20:24 . 2009-09-14 18:48 88 --sh--r- e:\documents and settings\All Users\Dati applicazioni\AAA1776DCE.sys
2009-09-30 14:18 . 2009-09-30 14:18 -------- d-----w- e:\programmi\AGEIA Technologies
2009-09-30 14:18 . 2008-11-03 19:13 -------- d-----w- e:\programmi\File comuni\Wise Installation Wizard
2009-09-29 17:48 . 2009-09-29 17:48 -------- d-----w- e:\documents and settings\hopewell\Dati applicazioni\Apple Computer
2009-09-29 12:27 . 2009-09-29 12:27 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\TomTom
2009-09-29 12:26 . 2009-09-29 12:26 -------- d-----w- e:\documents and settings\hopewell\Dati applicazioni\TomTom
2009-09-20 11:57 . 2009-09-20 11:57 0 ---ha-w- e:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-09-20 11:57 . 2009-09-20 11:57 0 ---ha-w- e:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-09-20 10:22 . 2009-09-20 10:22 25512 ----a-w- e:\windows\system32\drivers\ggsemc.sys
2009-09-20 10:22 . 2009-09-20 10:22 13224 ----a-w- e:\windows\system32\drivers\ggflt.sys
2009-09-20 10:22 . 2009-09-20 10:22 1112288 ----a-w- e:\windows\system32\WdfCoInstaller01007.dll
2009-09-20 10:22 . 2009-09-20 10:10 -------- d-----w- e:\programmi\Sony Ericsson
2009-09-20 10:15 . 2009-09-20 10:11 -------- d-----w- e:\programmi\Avanquest update
2009-09-20 10:11 . 2009-09-20 10:11 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\BVRP Software
2009-09-20 10:10 . 2009-09-20 10:10 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\Sony Ericsson
2009-09-16 11:41 . 2009-04-18 14:24 -------- d-----w- e:\programmi\Microsoft Silverlight
2009-09-14 18:48 . 2009-09-14 18:48 -------- d-----w- e:\programmi\File comuni\Enterbrain
2009-09-14 18:47 . 2009-09-14 18:47 -------- d-----w- e:\programmi\Enterbrain
2009-09-14 13:25 . 2009-09-14 13:25 -------- d-----w- e:\programmi\Driver Cleaner Pro
2009-09-14 11:48 . 2009-09-14 11:48 -------- d-----w- e:\programmi\NVIDIA Corporation
2009-09-14 11:48 . 2009-09-14 11:48 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\NVIDIA Corporation
2009-09-14 11:22 . 2009-09-14 11:22 -------- d-----w- e:\programmi\SystemRequirementsLab
2009-08-17 01:03 . 2009-08-17 01:03 3674112 ----a-w- e:\windows\system32\nvwssr.dll
2009-08-17 01:02 . 2009-08-17 01:02 229376 ----a-w- e:\windows\system32\nvmccs.dll
2009-08-16 22:57 . 2009-09-30 14:18 485920 ----a-w- e:\windows\system32\nvudisp.exe
2009-08-16 22:57 . 2009-08-16 22:57 868352 ----a-w- e:\windows\system32\nvapi.dll
2009-08-16 22:57 . 2009-08-16 22:57 7729568 ----a-w- e:\windows\system32\drivers\nv4_mini.sys
2009-08-16 22:57 . 2009-08-16 22:57 5845760 ----a-w- e:\windows\system32\nv4_disp.dll
2009-08-16 22:57 . 2009-08-16 22:57 2189856 ----a-w- e:\windows\system32\nvcuvid.dll
2009-08-16 22:57 . 2009-08-16 22:57 2002944 ----a-w- e:\windows\system32\nvcuda.dll
2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- e:\windows\system32\nvcuvenc.dll
2009-08-16 22:57 . 2009-08-16 22:57 1597690 ----a-w- e:\windows\system32\nvdata.bin
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- e:\windows\system32\nvcodins.dll
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- e:\windows\system32\nvcod.dll
2009-08-16 22:57 . 2009-08-16 22:57 10457088 ----a-w- e:\windows\system32\nvoglnt.dll
2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- e:\windows\system32\PhysXLoader.dll
2009-08-12 05:54 . 2008-11-07 23:34 107888 ----a-w- e:\windows\system32\CmdLineExt.dll
2009-08-12 01:48 . 2008-11-09 16:51 67808 ----a-w- e:\documents and settings\hopewell\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-11 10:35 . 2009-09-30 14:17 485920 ----a-w- e:\windows\system32\NVUNINST.EXE
2009-03-11 13:12 . 2009-03-13 01:12 44 ---h--w- e:\programmi\c5bae7bd.tmp
2007-01-03 10:49 . 2007-01-03 10:49 159894 --sha-r- e:\windows\system32\fcwurpfx.dll
.

------- Sigcheck -------

[-] 2007-01-03 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . e:\windows\system32\rpcss.dll

[-] 2007-01-03 10:48 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . e:\windows\system32\es.dll

[-] 2007-01-03 . F959D929A6A22D78E3A6851A9361CE18 . 296960 . . [5.1.2600.2627] . . e:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="e:\programmi\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"LightScribe Control Panel"="e:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"ISUSPM"="e:\programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="e:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-10-03 198160]
"SunJavaUpdateSched"="e:\programmi\Java\jre6\bin\jusched.exe" [2009-04-08 148888]
"Six Engine"="e:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"QuickTime Task"="e:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"OODefragTray"="e:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"nwiz"="e:\programmi\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NeroFilterCheck"="e:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"LogitechCommunicationsManager"="e:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"HP Software Update"="e:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"D-Link D-Link Wireless N DWA-140"="e:\programmi\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 1388544]
"Ask and Record FLV Service"="e:\programmi\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"Adobe Reader Speed Launcher"="e:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="e:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RTHDCPL"="RTHDCPL.EXE" - e:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - e:\windows\system32\advpack.dll [2007-01-03 123904]

e:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - e:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-28 20:13 12464 ----a-w- e:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E:\Programmi
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e:\programmi\Free Video Zilla

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Programmi\\uTorrent\\uTorrent.exe"=
"e:\\Programmi\\eMule\\emule.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"e:\\Programmi\\Warcraft III\\Warcraft III.exe"=
"e:\\Programmi\\THQ\\Company of Heroes\\RelicCOH.exe"=
"e:\\Programmi\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Netts\\Florensia\\Bin\\Launcher.exe"=
"e:\\Programmi\\Sony Ericsson\\Update Service\\Update Service.exe"=
"e:\\Programmi\\Giganology\\Gigaget\\Gigaget.exe"=
"e:\\Programmi\\Skype\\Phone\\Skype.exe"=
"e:\\Programmi\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5231:TCP"= 5231:TCP:vmfzke

R0 mv61xx;mv61xx;e:\windows\system32\drivers\mv61xx.sys [10/06/2008 11.33.10 150568]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [03/11/2008 19.19.20 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [03/11/2008 19.19.22 360584]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;e:\windows\system32\drivers\l1e51x86.sys [03/11/2008 19.03.50 36864]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;e:\windows\system32\drivers\rt2870.sys [03/11/2008 18.42.41 476416]
S2 rimlv;Monitor Update;e:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S2 zxyqwpr;Security System;e:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S3 dkqgzlt;dkqgzlt;e:\windows\system32\01.tmp [03/11/2009 17.34.45 4096]
S3 ggflt;SEMC USB Flash Driver Filter;e:\windows\system32\drivers\ggflt.sys [20/09/2009 11.22.31 13224]
S3 XDva260;XDva260;\??\e:\windows\system32\XDva260.sys --> e:\windows\system32\XDva260.sys [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*NewlyCreated* - MESSENGER
*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zxyqwpr
rimlv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"e:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: &Download All by Gigaget - e:\programmi\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - e:\programmi\Giganology\Gigaget\geturl.htm
IE: E&sporta in Microsoft Excel - e:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {0530E600-A96C-4FC3-AEB9-5DDAA923E432} = 192.168.0.1
TCP: {64261C71-DDC2-409E-A85E-8C117B7F7A16} = 192.168.0.1
FF - ProfilePath - e:\documents and settings\hopewell\Dati applicazioni\Mozilla\Firefox\Profiles\8bu6fitd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
e:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-FastCAD - c:\program files\ProFantasy\CC3\UNINST.EXE



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dkqgzlt]
"ImagePath"="\??\e:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rimlv]
"ServiceDll"="e:\windows\system32\fcwurpfx.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zxyqwpr]
"ServiceDll"="e:\windows\system32\fcwurpfx.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2052111302-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4253675C-8DEE-A7BF-6A35-1E56095664A5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oanbbjbhifmbecohmofcemkoanfpmf"=hex:64,61,6f,68,68,64,6f,62,00,85
"oajcjkcalaamgnafdfcmcacoighigm"=hex:6a,61,6e,68,6d,65,6f,66,6b,67,62,6e,62,6b,
6d,62,69,6c,6f,67,00,07
"nadcdkombibhknokgcfgbehofdcl"=hex:6a,61,6e,68,6d,65,6f,66,6b,67,62,6e,62,6b,
6d,62,69,6c,6f,67,00,07

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="408155D2F75DDC77160C32F1F163F42B37FDC5AB384A6A4C40282D94417D8CC6F73772C889A6F9E018BC897AD07BC3DD7EBE941FA295DCA8965C7FA1385BD896287EE3AA2180833363FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5CA9C6AECB7A5D1407864A3FC3DB8644475C0EFBE691F5E04A7D8DC014D7FA7B699A6CFC64A6ED4E24A39E0161E9D0E7167D52C3378463F18F3F25B32CD17C967887AF276FC4436986DF5BC8B59128693F2E8FA5A2E7BA0F4FB724400BBEC7672C32AD38FDAB4AC70C67147E1ED02B8924E67D9D56D4D1D748CA06134CF0870FC087C52F3606A32D0DCEAC11F1CB0FCA5D83A62C720813316D3D9B5BFBDE7973A7D3AF0DB322029D188D5F74764A1C743346E9538CE378446637874F1DA170BD84CBF0D704F3AC64EEFEB99E69B8AD9125D0F91B2D6A96FA10C7C1262577D159AF8468982D137F9007631F0A7AA6B571E42DDC115246918779DF969D7F4219783778C65D2338687209DBC335CDC737A5DA486EC2EC4422DC6454267609875391D8850FB8D2436CA0D372B1247974CA089F70DC4460569533CADE627494F1A35B8C6F9C3F9A3821F6F790475B0D281D3282DCABAD888E4E08569C94DFE64FBED5785B998ACCBB33903B0736678503EC040723311AAF294199678F59073B1271BFF95409B8B11BDF539787035658C9119FE14217A99801F66C121D9DB93ECD181E2148BEEA04C37D613AAB88B96DE2EFEC7E195E80F7968CC99C8EA7CC933E263CB20B6347F148F0A804ED75A99F5B86167BEBD745F590353D04900F985042212628D073F69EE036D40C2D4AC041E1E40C2BE3AB243037349675353E7A7E5924ACAC354029A2E75C58192DDB9C94CB2E00940CD24CB77663EA5772F5D01DAB5C65A0376E0D875C086AAC1556E0D18F9DEAF1D69EF191602F11BF204A041D818CA89AB7775A4DE0EE05F4F0B5B326CA7C87B197AF4D37299BA6797D227964C90B15E07E27C9663C5C65D82FCDBF2F3CACD3F5087D98952ABA0B852A3A204D94C10AF0B51F1939D9300E7124C13304C7A21495C153930D5FB762972D2166A61A302E7B6AD289A1C75E468C860C422AF5E54E9BC65003F2EACF1594EE3B4331B367EAE4110CE1EEB9EB952C72FBA21FF1134F467BE52E8F11D34E1B3D402DA45E8DEBC47F676AE387F64D0567B28ED20C59A488A95B60A13B297FF848BC22A9BCDEA2E9EE56F2B7A92D7D81C7A44529387EA2867A4BE9597648DBB2A710A25E14A6C551FE9CC9934051FCBD5C9C09788D5ADF1E81251EDAF13FDCFE53EC33D45049CBB331D247190FBBE58CCE39A0104959385C31AB53C00530BCC929DCDC14FBBBF4F56CE6C4DA7BD7157330EAD62D4B7B49"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1060)
e:\windows\system32\SHSVCS.dll
e:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'lsass.exe'(1116)
e:\windows\system32\WLDAP32.dll
e:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
e:\windows\system32\ipsecsvc.dll

- - - - - - - > 'explorer.exe'(2580)
e:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
e:\documents and settings\hopewell\Impostazioni locali\Dati applicazioni\FLVService\lib\FLVSrvLib.dll
e:\windows\system32\COMRes.dll
e:\windows\system32\LINKINFO.dll
e:\windows\system32\msi.dll
e:\windows\system32\wpdshserviceobj.dll
e:\windows\system32\portabledevicetypes.dll
e:\windows\system32\portabledeviceapi.dll
e:\windows\System32\NETRAP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
e:\windows\system32\nvsvc32.exe
e:\programmi\Java\jre6\bin\jqs.exe
e:\programmi\File comuni\LightScribe\LSSrvc.exe
e:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
e:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
e:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
e:\windows\system32\oodag.exe
e:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
e:\windows\system32\RUNDLL32.EXE
e:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-03 0.21.37 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-03 23:20

Pre-Run: 295.173.632.000 byte disponibili
Post-Run: 296.720.793.600 byte disponibili

# Fine log combofix.
Ho il "vago" sospetto che mi direte di rimuovere un po' di servizi e files tipo fcwurpfx.dll ma prima di mettermi a fare (altri) danni ho pensato fosse meglio chiedere consiglio a Veri esperti! Grazie mille in anticipo!

[ithilde]

Anche io lo stesso problema......cosa devo fare? Allego report di ComboFix.....grazie in anticipo!!


ComboFix 09-11-04.05 - Marcot 05/11/2009 10.57.33.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.637 [GMT 1:00]
Eseguito da: c:\documents and settings\Marcot\desktop\abc.exe
Opzioni usate :: /killall
AV: avast! antivirus 4.8.1356 [VPS 091104-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\Starware316
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\FindIt.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\FindItHot.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\findithotxp.png
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\finditxp.png
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\Highlight.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\highlighthotxp.png
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\highlightxp.png
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\Reference.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\referencehotxp.png
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\referencexp.png
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\screensaver.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\Screensavers0.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\starware_toolbar_icon.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\Weather.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\weatherhotxp.png
c:\documents and settings\All Users\Dati applicazioni\Starware316\buttons\weatherxp.png
c:\documents and settings\All Users\Dati applicazioni\Starware316\contexts\error.xml
c:\documents and settings\All Users\Dati applicazioni\Starware316\contexts\Related.xml
c:\documents and settings\All Users\Dati applicazioni\Starware316\contexts\Travel.xml
c:\documents and settings\All Users\Dati applicazioni\Starware316\images\walertXP.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware316\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Dati applicazioni\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Dati applicazioni\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Dati applicazioni\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Dati applicazioni\Starware316\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Dati applicazioni\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316
c:\documents and settings\Marcot\Dati applicazioni\Starware316\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Configurator\Configurator.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Configurator\Configurator.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Games\GamesOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Games\GamesOptions.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Games\images\active\Games0.bmp
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Layouts\ToolbarLayout.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Manager\ManagerOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Manager\ManagerOptions.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Movies\images\active\Movies0.bmp
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Movies\MoviesOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Movies\MoviesOptions.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Reference\ReferenceOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Screensavers\ScreensaversOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Screensavers\ScreensaversOptions.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\Marcot\Dati applicazioni\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Toolbar\TBProductsOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Weather\AlertArchive.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Weather\WeatherOptions.xml
c:\documents and settings\Marcot\Dati applicazioni\Starware316\Weather\WeatherOptions.xml.backup
c:\programmi\screensavers.com
c:\programmi\screensavers.com\SSSInst\bin\iebyterange.xml
c:\programmi\screensavers.com\SSSInst\bin\iebyterange.xml.backup
c:\programmi\screensavers.com\SSSInst\bin\SSSUninst.exe
c:\programmi\Starware316
c:\programmi\Starware316\brand.bmp
c:\programmi\Starware316\icons\star_16.ico
c:\programmi\Starware316\Starware316Config.xml
c:\programmi\Starware316\Starware316Uninstall.exe
c:\recycler\S-1-5-21-2466274224-1182450430-1963764069-500
c:\windows\system32\2
c:\windows\system32\2\BiMMonNT.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-10-05 al 2009-11-05 )))))))))))))))))))))))))))))))))))
.

2009-11-05 09:02 . 2009-11-05 09:02 -------- d-----w- c:\programmi\McAfee Security Scan
2009-11-05 09:02 . 2009-11-05 09:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2009-11-05 08:34 . 2009-11-05 09:01 -------- d-----w- c:\programmi\Winpooch
2009-10-26 08:27 . 2009-10-26 08:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 10:09 . 2004-08-27 09:25 76772 ----a-w- c:\windows\system32\perfc010.dat
2009-11-05 10:09 . 2004-08-27 09:25 454130 ----a-w- c:\windows\system32\perfh010.dat
2009-11-04 09:33 . 2006-05-25 06:56 -------- d-----w- c:\documents and settings\Marcot\Dati applicazioni\XnView
2009-10-27 09:02 . 2007-06-22 13:22 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-10-20 13:24 . 2007-07-06 15:02 -------- d-----w- c:\programmi\CTR_RAST
2009-10-01 09:00 . 2006-05-25 06:56 -------- d-----w- c:\programmi\XnView
2008-05-26 08:29 . 2008-05-26 08:29 15251 -c--a-w- c:\programmi\settings.dat
2009-03-17 09:48 . 2009-03-17 09:48 106496 --sha-r- c:\windows\system32\mygahct.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-04 7204864]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-02-25 127037]
"PTHOSTTR"="c:\programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-04-08 73728]
"PDF Complete"="c:\programmi\PDF Complete\pdfsty.exe" [2005-03-06 276480]
"StatusClient 2.6"="c:\programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-10 188416]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2006-10-19 185896]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-07-11 282624]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-16 122368]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-11-04 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-10-14 14864384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Marcot\Menu Avvio\Programmi\Esecuzione automatica\
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
AutoCAD LT Startup Accelerator.lnk - c:\programmi\File comuni\Autodesk Shared\acstart17.exe [2006-3-5 11000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"61852:TCP"= 61852:TCP:OfflineExplorer FilesPhoto
"58872:TCP"= 58872:TCP:OfflineExplorer MakerDownloaded
"47575:UDP"= 47575:UDP:OfflineExplorer GlobalizationWorks
"32500:UDP"= 32500:UDP:OfflineExplorer PatchPhoto

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/09/2009 12.14.17 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/09/2009 12.14.17 20560]
R2 cpwnt;cpwnt;c:\windows\system32\drivers\Cpwnt.sys [05/05/2006 15.37.57 21824]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 pdfcDispatcher;PDF Document Manager;c:\programmi\PDF Complete\pdfsvc.exe [24/04/2006 21.13.08 476160]
S2 CPUSB;CPUsb.Sys driver;c:\windows\system32\drivers\CPUSB.sys [22/05/2006 8.58.36 17080]
S2 pitskyah;sekbo;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 2.00.00 14336]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pitskyah
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-01 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]

2009-11-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
TCP: {EFB006D9-2718-4527-9CC8-B02DA74532B7} = 213.140.2.43,213.140.2.49
DPF: {4819DFDF-ABC4-488C-A323-919848C51175} - hxxp://portal3.rinera.com/download/Conv ... -1.7.0.cab
FF - ProfilePath - c:\documents and settings\Marcot\Dati applicazioni\Mozilla\Firefox\Profiles\5wx70iwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/firefox?client=fir ... t:official
FF - plugin: c:\programmi\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\programmi\Java\jre1.5.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-LangDetect.ext - (no file)
HKLM-Run-ISUSPM Startup - c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - c:\programmi\File comuni\InstallShield\UpdateService\issch.exe
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\programmi\Qualcomm\Eudora\EuShlExt.dll
AddRemove-FtpGenius_is1 - c:\programmi\ZipGenius 6\unins001.exe
AddRemove-Office8.0 - c:\programmi\Microsoft Office\Office\Install\Acme.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 11:05
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\programmi\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pitskyah]
"ServiceDll"="c:\windows\system32\mygahct.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3220)
c:\programmi\Google\Quick Search Box\bin\1.2.1150.158\qsb.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\hasplms.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\programmi\McAfee Security Scan\1.0.150\SSScheduler.exe
c:\programmi\SEC\Natural Color\NaturalColorLoad.exe
c:\programmi\Fastweb\PrintAndFax\FaxMonitor.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-05 11.13.53 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-05 10:13

Pre-Run: 21.091.586.048 byte disponibili
Post-Run: 32.429.416.448 byte disponibili

[Luke57]

Ho il "vago" sospetto che mi direte di rimuovere un po' di servizi e files tipo fcwurpfx.dll ma prima di mettermi a fare (altri) danni ho pensato fosse meglio chiedere consiglio a Veri esperti! Grazie mille in anticipo!

Ciao, se lo sai gia che lo chedi a fà Prepara un file di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:

Codice: Seleziona tutto

NetSvcs::
zxyqwpr
rimlv

Driver::
zxyqwpr
rimlv
rimlv]

File::
e:\windows\system32\fcwurpfx.dll

salvi il file con il nome obbligatorio di CFScript.txt
lo metti nella stessa cartella di combofix e poi, con il puntatore del mouse, lo trascini sull'icona del programma stesso che farà una nuova scansione con le stesse modalità della precedente.