Processo rdwafak.exe

[karpo]

Ciao, all'avvio di XP Professional ho notato la presenza del processo "rdwafak.exe" che mi ha insospettito.
Ho fatto una ricerca su Google, ma non ho trovato niente.
Ho scannerizzato il file online con Virustotal e con l'antivirus Sunbelt mi ha trovato il Trojan Tibs.gen
Come mi devo comportare?
Cancello il file? Poi pulisco il registro?
Grazie

[shel]

ciao

scarica Malwarebytes


http://www.malwarebytes.org/mbam/program/mbam-setup.exe



1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum

[karpo]

Ho eseguito la scasione completa ed ecco il Log:

Malwarebytes' Anti-Malware 1.34
Versione del database: 1757
Windows 5.1.2600 Service Pack 3

13/02/2009 14.56.02
mbam-log-2009-02-13 (14-56-02).txt

Tipo di scansione: Scansione completa (D:\|)
Elementi scansionati: 121324
Tempo trascorso: 23 minute(s), 49 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

[shel]

sembra che il rapporto di malwarebytes sia pulito

puoi vedere il percorso che ha questo file?

[karpo]

Ciao, il percorso del file è: c:\documents and setting\carlo\impostazioni locali\dati applicazioni\rdwafak.exe

Nota: da ieri il computer lavora continuamente con la spia sempre accesa !

[Luke57]

Ciao, scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
disattiva antivirus, eventuale tea timer di spybot, disconnettiti da internet e chiudi le applicazioni.

Fatto questo, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se spariscono lo icone dal desktop è del tutto normale),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file o allegalo.

[karpo]

Ciao Luke57, ho eseguito quanto consigliato ed ecco il report, ma la macchina continua a "macinare" come se avesse chissà quale elaborazione da portare a termine ! Nesuna applicazione è in corso.

ComboFix 09-02-12.03 - Carlo 2009-02-14 16.29.26.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2047.1560 [GMT 1:00]
Eseguito da: d:\documents and settings\Carlo\desktop\combofix.exe
Opzioni usate :: /killall
AV: avast! antivirus 4.8.1335 [VPS 090213-0] *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Carlo\Dati applicazioni\inst.exe
d:\documents and settings\Carlo\Impostazioni locali\Dati applicazioni\oaumu.dat
d:\documents and settings\Carlo\Impostazioni locali\Dati applicazioni\oaumu_nav.dat
d:\documents and settings\Carlo\Impostazioni locali\Dati applicazioni\oaumu_navps.dat
d:\documents and settings\Carlo\Impostazioni locali\Dati applicazioni\rdwafak.dat
d:\documents and settings\Carlo\Impostazioni locali\Dati applicazioni\rdwafak.exe
d:\documents and settings\Carlo\Impostazioni locali\Dati applicazioni\rdwafak_nav.dat
d:\documents and settings\Carlo\Impostazioni locali\Dati applicazioni\rdwafak_navps.dat
d:\windows\emMON.exe
d:\windows\system32\mdm.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-01-14 al 2009-02-14 )))))))))))))))))))))))))))))))))))
.

2009-02-14 14:47 . 2009-02-14 14:47 <DIR> d-------- d:\programmi\Malwarebytes' Anti-Malware
2009-02-14 14:47 . 2009-02-11 10:19 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 14:47 . 2009-02-11 10:19 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2009-02-13 14:27 . 2009-02-13 14:27 <DIR> d-------- d:\documents and settings\Carlo\Dati applicazioni\Malwarebytes
2009-02-13 14:27 . 2009-02-13 14:27 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-02-04 10:57 . 2009-02-04 10:57 <DIR> d-------- d:\programmi\Startup Manager
2009-02-04 10:57 . 2009-02-04 10:57 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Startup Manager
2009-01-30 19:22 . 2009-01-30 19:22 <DIR> d-------- d:\documents and settings\Carlo\Dati applicazioni\JAM Software
2009-01-30 19:21 . 2009-01-30 19:21 <DIR> d-------- d:\programmi\TreeSize
2009-01-29 22:57 . 2009-01-30 19:18 15,688 --a------ d:\windows\system32\lsdelete.exe
2009-01-28 10:08 . 2009-01-28 10:08 64,160 --a------ d:\windows\system32\drivers\Lbd.sys
2009-01-28 10:07 . 2009-01-28 10:07 <DIR> d--h----- d:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-28 10:06 . 2009-01-28 10:06 <DIR> d-------- d:\programmi\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 20:15 3,594,752 ----a-w d:\windows\system32\dllcache\mshtml.dll
2008-12-27 16:19 --------- d-----w d:\programmi\TCPView
2008-12-27 15:48 --------- d-----w d:\programmi\eMule 0.49a X-Ray
2008-12-20 22:30 63,488 ------w d:\windows\system32\dllcache\icardie.dll
2008-12-20 22:30 6,066,688 ------w d:\windows\system32\dllcache\ieframe.dll
2008-12-20 22:30 44,544 ----a-w d:\windows\system32\dllcache\iernonce.dll
2008-12-20 22:30 384,512 ----a-w d:\windows\system32\dllcache\iedkcs32.dll
2008-12-20 22:30 383,488 ------w d:\windows\system32\dllcache\ieapfltr.dll
2008-12-20 22:30 347,136 ----a-w d:\windows\system32\dllcache\dxtmsft.dll
2008-12-20 22:30 267,776 ------w d:\windows\system32\dllcache\iertutil.dll
2008-12-20 22:30 230,400 ----a-w d:\windows\system32\dllcache\ieaksie.dll
2008-12-20 22:30 214,528 ----a-w d:\windows\system32\dllcache\dxtrans.dll
2008-12-20 22:30 153,088 ----a-w d:\windows\system32\dllcache\ieakeng.dll
2008-12-20 22:30 133,120 ----a-w d:\windows\system32\dllcache\extmgr.dll
2008-12-20 22:30 124,928 ----a-w d:\windows\system32\dllcache\advpack.dll
2008-12-19 09:12 70,656 ----a-w d:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w d:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w d:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w d:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w d:\windows\system32\dllcache\srv.sys
2008-09-20 18:19 20 ---h--w d:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2008-09-10 11:46 47,360 ------w d:\documents and settings\Carlo\Dati applicazioni\pcouffin.sys
2008-02-25 10:44 513,064 ------w d:\programmi\autorunsc.exe
2008-02-01 13:45 4,580,400 ------w d:\programmi\TVUPlayer2.3.5beta4.exe
2007-12-14 09:07 48,130 ------w d:\programmi\autoruns.chm
2007-02-09 18:17 693,840 ------w d:\documents and settings\All Users\wmv9VCMsetup.exe
2006-08-13 11:14 22,556 ------w d:\documents and settings\Carlo\AGGESTRA.EXE
2006-08-06 18:17 22,556 ------w d:\programmi\AGGESTRA.EXE
2006-07-28 07:32 7,005 ------w d:\programmi\Eula.txt
2002-03-18 08:18 12,073 ------w d:\programmi\hp201ip5.cat
2002-03-01 05:51 350,480 ------w d:\programmi\hpbf201i.dll
2002-03-01 05:51 190,736 ------w d:\programmi\hpbf201j.dll
2002-03-01 05:51 109,840 ------w d:\programmi\hpbf201f.dll
2002-03-01 05:51 1,096,464 ------w d:\programmi\hpbf201h.dll
2002-03-01 05:50 8,464 ------w d:\programmi\hpbf201e.dll
2002-03-01 05:50 46,914 ------w d:\programmi\hpbf201i.pmd
2002-03-01 05:50 1,417,488 ------w d:\programmi\hpbf201g.dll
2002-03-01 03:09 460,800 ------w d:\programmi\hpbf201k.dll
2002-02-28 02:46 1,658 ------w d:\programmi\hp201ip5.inf
2001-05-04 04:31 45,056 ------w d:\programmi\hpbafd32.dll
2001-03-14 09:08 58,880 ------w d:\programmi\hpdcmon.dll
2000-11-13 06:03 50,436 ------w d:\programmi\hpbf201i.hlp
2000-03-13 02:58 99,840 ------w d:\programmi\hpbftm32.dll
1999-09-21 15:00 425,984 ------w d:\programmi\SBSETUP.EXE
1999-03-10 15:53 99,840 ----a-w d:\programmi\File comuni\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w d:\programmi\File comuni\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w d:\programmi\File comuni\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w d:\programmi\File comuni\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w d:\programmi\File comuni\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w d:\programmi\File comuni\IRASRIAL.DLL
1996-10-07 15:48 6,725 ------w d:\programmi\HPLicit.txt
1987-10-08 16:57 76,816 ------w d:\programmi\BRUN40.EXE
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"PeerGuardian"="d:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"NBJ"="d:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"swg"="d:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"DSLAGENTEXE"="d:\program files\GlobespanVirata\Adsl\dslagent.exe" [2003-09-19 16384]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="d:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Ad-Watch"="d:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-29 509784]
"Google IME Autoupdater"="d:\programmi\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-10-17 308720]
"HP Software Update"="d:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="d:\programmi\QuickTime\qttask.exe" [2006-10-25 282624]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 d:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2007-12-05 d:\windows\system32\nwiz.exe]
"GSICONEXE"="gsicon.exe" [2003-01-08 d:\windows\system32\gsicon.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BlueSoleil.lnk - d:\programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-05-18 1183744]
WinManager.lnk - d:\programmi\PC-TV\WinManager\WinManager.exe [2008-12-26 61440]

d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\AutorunsDisabled
Porta Symantec Fax Starter Edition.lnk - d:\programmi\Microsoft Office\Office\1040\OLFSNT40.EXE [1999-03-10 45568]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BlueSoleil.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Nikon Monitor.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^NkvMon.exe.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-01-29 20:33 509784 d:\programmi\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--------- 2005-07-07 18:41 57344 d:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--------- 2008-10-15 01:04 39792 d:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google IME Autoupdater]
--a------ 2008-10-17 09:38 308720 d:\programmi\Google\Google Pinyin\GooglePinyinDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 d:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-10-11 18:25 1961984 d:\programmi\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 18:58 282624 d:\programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-07 21:48 68856 d:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\Microsoft Office\\Office\\1040\\wfxmsrvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\WINDOWS\\System32\\dpvsetup.exe"=
"d:\\WINDOWS\\System32\\mmc.exe"=
"d:\\Programmi\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"d:\\Programmi\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"d:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"d:\\Programmi\\TVAnts\\Tvants.exe"=
"d:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Programmi\\LimeWire\\LimeWire.exe"=
"d:\\Programmi\\MUTE\\fileSharingMUTE-MFC_0.0.1.exe"=
"d:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"d:\\Documents and Settings\\Carlo\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"d:\\Programmi\\eMule 0.49a X-Ray\\emule.exe"=
"d:\\Programmi\\eMule 0.49a X-Ray\\eMule\\emule.exe"=
"d:\\Programmi\\eMule 0.49a X-Ray\\Xtreme\\emule0.49b-Xtreme7.0\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 hotcore2;hotcore2;d:\windows\system32\drivers\hotcore2.sys [2008-07-20 30808]
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-01-28 64160]
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2008-05-15 114768]
R1 sp_rsdrv2;sp_rsdrv2;d:\windows\system32\drivers\sp_rsdrv2.sys [2008-04-25 141312]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2008-05-15 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S2 hppecp00;hppecp00;\??\d:\windows\system32\drivers\hppecp00.sys --> d:\windows\system32\drivers\hppecp00.sys [?]
S3 GRABSTER250;Grabster AV 250;d:\windows\system32\drivers\GRABSTER250.SYS [2008-02-21 114432]
S3 UDXTTM6000;DTV-DVB UDXTTM6000 - USB 2.0 Receiver;d:\windows\system32\drivers\UDXTTM6000.sys [2008-06-15 236928]
S3 UDXTTM6000HID;UDXTTM6000HID - HID Driver;d:\windows\system32\drivers\UDXTTM6000HID.sys [2008-06-15 17408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{237b5ff7-a013-11dd-8390-00138f71842e}]
\Shell\AutoRun\command - L:\AUTORUN.EXE
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-28 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-30 19:18]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} - hxxp://visualizzamms.net.vodafone.it/mm ... tiveXs.cab
DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2mail.com/static/apps/ut ... Helper.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 16:35:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,08,36,9d,a3,8b,
48,09,4c,e2,63,26,f1,3f,c8,ff,68,1a,d1,e5,09,d7,c1,22,59,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,7d,26,19,f1,34,
66,e4,20,6a,9c,d6,61,af,45,84,18,20,02,69,5f,98,e3,ae,37,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,90,2b,0c,d5,bc,
47,d1,92,ff,7c,85,e0,43,d4,0e,fe,0e,fc,83,8f,ea,72,ee,40,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,9c,b6,c4,05,34,
c7,97,9d,86,8c,21,01,be,91,eb,e7,4d,d7,de,9c,4b,87,77,35,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,74,27,62,3b,84,
1e,58,6e,f5,1d,4d,73,a8,13,5c,05,ee,1b,54,ea,d3,84,17,01,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,7f,e9,b0,3c,d3,
d8,39,ed,df,20,58,62,78,6b,cf,c8,ba,f8,c3,8e,7a,32,56,c6,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,19,a5,d1,a2,98,
bd,84,da,fb,a7,78,e6,12,2f,9a,ea,fb,25,f8,29,bf,0a,fe,be,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,8a,c6,f7,3a,63,
00,42,98,01,3a,48,fc,e8,04,4a,f1,37,f0,f0,14,ac,e7,ca,5e,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,5d,b7,db,c1,bc,
02,30,6c,f6,0f,4e,58,98,5b,89,c9,97,a9,c9,cd,f3,c4,ca,e4,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,bc,92,8d,2c,ac,
e6,27,8b,3d,ce,ea,26,2d,45,aa,78,5d,3b,e0,c1,d0,3b,fc,5c,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,9e,78,c0,fc,ab,
4d,3f,f8,2a,b7,cc,b5,b9,7f,41,e7,0c,f8,40,96,fc,37,97,f0,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,5c,42,8f,04,2d,
b2,62,74,6c,43,2d,1e,aa,22,2f,9c,51,53,6b,9f,b6,8c,1d,e6,6c,43,2d,1e,aa,22,\
.
------------------------ Altri processi in esecuzione ------------------------
.
d:\programmi\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
d:\programmi\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
d:\programmi\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE
d:\programmi\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
d:\programmi\JAVA\JRE6\BIN\JQS.EXE
d:\windows\SYSTEM32\NVSVC32.EXE
d:\windows\SYSTEM32\LOCATOR.EXE
d:\programmi\FILE COMUNI\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE
d:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
d:\windows\SYSTEM32\RUNDLL32.EXE
d:\programmi\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-14 16:37:27 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-14 15:37:24

Pre-Run: 29.946.068.992 byte disponibili
Post-Run: 29,929,193,472 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\="Microsoft Windows"

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
299 --- E O F --- 2009-02-11 14:29:30