TR/Crypt.XPACK.Gen come eliminarlo?

[gahan]

non riesco a comprendere il problema...
avvia il PC in modalità provvisoria con rete (per farlo riavvia il PC e clicca ripetutamente su F5 fino a quando non compare una schermata nera con delle opzioni) e a PC avviato, scarica combofix sul desktop dal link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

ed eseguilo in questa modalità.

[mauri1974]

In pratica mi si apre una finestra dove mi dice
Attenzione!!
Combofix ha rilevatoche il seguente scanner è attivo:
antivirus Antivir Desktop
è risultato che gli antiviurs interferiscono...........
Per favore disabilitate gli scanner e cliccate su ok

Ti ricordo che Avira che è il mio antivirus l'ho disabilitato ...

Spero di essere stato esauriente .

[mauri1974]

Questo virus (penso) mi ha infettato 2 chiavette USB
Una l'avevo portata in un centro assistenza, mi avevano detto che aveva il virus e me l'avevano
tolto loro in 10 minuti con una scansione, per qualche giorno era tutto ok, poi mi si è ripresentato il virus (e non so neanche quale sia se TR/Crypt.XPACK.Gen o altro...)
Il problema ce l'ho anche in un' altra chiavetta...
cosa faccio ?
Grazie

[mauri1974]

Se può essere utile ho effettuato una scansione con Malwarebytes e questo è il log:
Malwarebytes' Anti-Malware 1.44
Versione del database: 3565
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

05/02/2010 11.16.26
mbam-log-2010-02-05 (11-16-26).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|)
Elementi scansionati: 162429
Tempo trascorso: 1 hour(s), 7 minute(s), 30 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
E:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Trojan.Agent) -> Quarantined and deleted successfully.

[gahan]

Ciao Mauri1974

effettua una scansione in modalità provvisoria con combofix e postami il log

NB - ricordati di disattivare l'antivirus e disconnetterti da internet

[mauri1974]

Ciao gahan !
Ecco il log di combofix... poi se andasse bene cosa faccio con l'altra chiave USB lo stesso procedimento prima con Malwarebytes e poi combofix e ti posto tutti i log ??


ComboFix 10-02-04.06 - Windows 05/02/2010 12.25.24.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.247.115 [GMT 1:00]
Eseguito da: c:\documents and settings\Windows\Desktop\abc.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Creati Da 2010-01-05 al 2010-02-05 )))))))))))))))))))))))))))))))))))
.

2010-01-31 15:04 . 2010-01-31 15:04 0 ----a-w- c:\windows\nsreg.dat
2010-01-31 15:01 . 2010-01-31 15:01 -------- d-----w- c:\documents and settings\Windows\Impostazioni locali\Dati applicazioni\Mozilla
2010-01-31 11:06 . 2010-01-31 20:50 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-29 08:22 . 2010-01-29 08:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-01-24 18:09 . 2010-01-24 18:09 -------- d-----w- c:\programmi\uTorrent
2010-01-23 23:44 . 2010-01-29 19:15 -------- d-----w- c:\documents and settings\Windows\Impostazioni locali\Dati applicazioni\Temp
2010-01-23 23:39 . 2010-01-23 23:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2010-01-23 23:38 . 2010-02-04 21:11 -------- d-----w- c:\programmi\McAfee Security Scan
2010-01-23 18:56 . 2010-01-31 11:49 -------- d-----w- c:\documents and settings\Windows\Impostazioni locali\Dati applicazioni\Google
2010-01-23 10:06 . 2010-01-23 10:07 -------- d-----w- c:\programmi\Navilog1
2010-01-22 12:04 . 2010-01-23 09:58 -------- d-----w- C:\Lop SD
2010-01-15 12:09 . 2010-01-15 12:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2010-01-15 12:09 . 2010-01-15 12:09 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\Yahoo!
2010-01-15 12:08 . 2010-01-15 12:09 -------- d-----w- c:\programmi\Yahoo!
2010-01-15 12:04 . 2010-01-15 12:04 -------- d-----w- c:\programmi\Trend Micro
2010-01-14 22:05 . 2010-01-14 22:05 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\Malwarebytes
2010-01-14 22:05 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 22:05 . 2010-01-14 22:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-14 22:05 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 22:04 . 2010-01-14 22:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 11:40 . 2009-09-26 23:50 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\uTorrent
2010-02-05 10:42 . 2001-10-15 04:25 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-05 10:32 . 2009-11-20 12:30 -------- d-----w- c:\programmi\Google
2010-02-04 21:02 . 2007-06-12 07:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic
2010-01-30 17:06 . 2007-06-21 13:56 -------- d-----w- c:\programmi\eMule
2010-01-15 12:08 . 2007-06-12 08:59 -------- d-----w- c:\programmi\CCleaner
2010-01-14 21:55 . 2009-11-24 16:43 79488 ----a-w- c:\documents and settings\Windows\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-07 15:40 . 2009-11-07 10:17 317695 --sha-w- c:\windows\system32\mswins.DLL
2009-12-10 22:40 . 2009-12-10 22:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-15 22:45 . 2009-04-10 14:56 1 ----a-w- c:\documents and settings\Windows\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-22_09.06.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-05 11:02 . 2010-02-05 11:02 16384 c:\windows\Temp\Perflib_Perfdata_4dc.dat
+ 2010-01-23 23:39 . 2010-01-23 23:55 85019 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2010-01-23 18:49 . 2010-01-23 18:49 24064 c:\windows\Installer\178001.msi
+ 2009-10-28 03:31 . 2009-10-28 03:31 257440 c:\windows\system32\Macromed\Flash\FlashUtil10d.exe
+ 2009-10-27 19:31 . 2009-10-27 19:31 1956816 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2009-10-27 19:31 . 2009-10-27 19:31 1956816 c:\windows\Downloaded Program Files\CONFLICT.2\FP_AX_CAB_INSTALLER.exe
+ 2009-10-27 19:31 . 2009-10-27 19:31 1956816 c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 12:56 1175944 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-23 39408]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2010-01-24 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-23 151552]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-23 90112]
"EssSpkPhone"="essspk.exe" [2001-08-21 49152]
"Impostazioni video HP"="c:\programmi\Hewlett-Packard\HP Display Settings\hpdisply.exe" [2001-07-27 49152]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2001-08-09 94208]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2001-08-09 352256]
"CP4HPOT"="c:\progra~1\HPONE-~1\OneTouch.EXE" [2001-09-27 77824]
"avgnt"="c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"D-Link AirPlus XtremeG Utility"="c:\programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe" [2006-11-20 1728512]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-02-25 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Windows\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-9-5 217088]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-5-31 577597]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R3 {40867A83-9E92-474c-A921-20AA73EAE42F};AIM 3.0 CH-7007;c:\windows\system32\drivers\a303.sys [01/01/1980 8.00.00 26169]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;c:\windows\system32\drivers\vch.sys [01/01/1980 8.00.00 18487]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [02/08/2006 3.17.51 41600]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [21/09/2006 10.19.04 347648]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [02/08/2006 3.17.51 55552]
S3 VDNG;Video to 1394, WDM Video Capture;c:\windows\system32\drivers\Vid21394.sys [02/08/2006 3.23.50 61568]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-09-02 12:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 12:38
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000013

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3732)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\windows\System32\shdoclc.dll
.
Ora fine scansione: 2010-02-05 12:46:02
ComboFix-quarantined-files.txt 2010-02-05 11:45
ComboFix2.txt 2010-01-22 09:14

Pre-Run: 6.765.387.776 byte disponibili
Post-Run: 6.821.367.808 byte disponibili

- - End Of File - - 30115A000F674C69E780D8D01B831454

[mauri1974]

Se ti può essere d'aiuto avira ha denominato così il nome del virus di questa chiavetta:
E:/ Autorun.inf
WORM/Conficker.Autorun.Gen wom

[gahan]

Ciao,
- disinstalla la Asktoolbar

- apri un file di testo ed incolla al suo interno questa riga:

Codice: Seleziona tutto

c:\windows\system32\mswins.DLL

salva il file come CFScript.txt

e trascinalo sull'icona del programma. Posta il log a scansione finita

- effettua una pulizi con CCleaner.


Ok, la pen drive è stata disinfettata.

[mauri1974]

scusa ma come si disinstalla la ask toolbar ?
scusa l' ignoranza ma io non so neanche cosa sia la ask toolbar

[mauri1974]

inoltre il file CScript in quale icona del programma devo trascinarlo ??
su combofix ???

[gahan]

il file CFScript.txt devi trascinarlo sull'icona di combofix e (devi eseguire quest'operazione direttamente sul desktop)

Per disinstallare la asktoolbar vai in:

start --> pannello di controllo --> installazioni applicazioni --> cerca la toolbar e clicca su "rimuovi"

[mauri1974]

scusami gahan.
ho disinstallato la asktoolbar.
Ho aperto un blocco note e ho inserito la scritta C:/windows/system ..............
ho salvato il file con il nome CFScript.txt e l'ho messo nel desktop
però appena trascino il file sopra l'icona di combofix che ho nel desktop non mi sparisce il file dentro l'icona di combofix, ma mi appare la finestra di apri il file con la procedura per eseguire di nuovo l'installazione del sotware con nome abc.exe con la scelta ESEGUI o ANNULLA !!?? Ma è normale ???

[gahan]

scusami gahan.
ho disinstallato la asktoolbar.
Ho aperto un blocco note e ho inserito la scritta C:/windows/system ..............
ho salvato il file con il nome CFScript.txt e l'ho messo nel desktop
però appena trascino il file sopra l'icona di combofix che ho nel desktop non mi sparisce il file dentro l'icona di combofix, ma mi appare la finestra di apri il file con la procedura per eseguire di nuovo l'installazione del sotware con nome abc.exe con la scelta ESEGUI o ANNULLA !!?? Ma è normale ???

Molto probabilmente perchè hai dato il nome abc al programma e non combofix... rinominalo in Combofix

[mauri1974]

Era denominato abc. Ora con tasto dx sull' icona l'ho rinominato Combofix, ho trascinato il file CFScript.txt sopra l'icona denominata Combofix, ma mi si apre la solita finestra di ESEGUIRE o ANNULLARE il software ......

[gahan]

Era denominato abc. Ora con tasto dx sull' icona l'ho rinominato Combofix, ho trascinato il file CFScript.txt sopra l'icona denominata Combofix, ma mi si apre la solita finestra di ESEGUIRE o ANNULLARE il software ......

dai l'esecuzione

[mauri1974]

posso farlo senza disconnettermi da internet ??

[gahan]

Sempre meglio eseguirlo disconnessi da internet

[mauri1974]

Ecco il log : intanto effettuo la pulizia con Cleaner
... poi attendo tue istruzioni per questa pen drive e cosa devo fare per la prossima pen drive che devo ancora
sistemare.... grazie mille gahan !!

ComboFix 10-02-04.06 - Windows 05/02/2010 14.38.04.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.247.103 [GMT 1:00]
Eseguito da: c:\documents and settings\Windows\Desktop\Combofix.exe
Opzioni usate :: c:\documents and settings\Windows\Desktop\CFScript.txt.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Creati Da 2010-01-05 al 2010-02-05 )))))))))))))))))))))))))))))))))))
.

2010-01-31 15:04 . 2010-01-31 15:04 0 ----a-w- c:\windows\nsreg.dat
2010-01-31 15:01 . 2010-01-31 15:01 -------- d-----w- c:\documents and settings\Windows\Impostazioni locali\Dati applicazioni\Mozilla
2010-01-31 11:06 . 2010-01-31 20:50 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-29 08:22 . 2010-01-29 08:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-01-24 18:09 . 2010-01-24 18:09 -------- d-----w- c:\programmi\uTorrent
2010-01-23 23:44 . 2010-01-29 19:15 -------- d-----w- c:\documents and settings\Windows\Impostazioni locali\Dati applicazioni\Temp
2010-01-23 23:39 . 2010-01-23 23:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2010-01-23 23:38 . 2010-02-04 21:11 -------- d-----w- c:\programmi\McAfee Security Scan
2010-01-23 18:56 . 2010-01-31 11:49 -------- d-----w- c:\documents and settings\Windows\Impostazioni locali\Dati applicazioni\Google
2010-01-23 10:06 . 2010-01-23 10:07 -------- d-----w- c:\programmi\Navilog1
2010-01-22 12:04 . 2010-01-23 09:58 -------- d-----w- C:\Lop SD
2010-01-15 12:09 . 2010-01-15 12:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2010-01-15 12:09 . 2010-01-15 12:09 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\Yahoo!
2010-01-15 12:08 . 2010-01-15 12:09 -------- d-----w- c:\programmi\Yahoo!
2010-01-15 12:04 . 2010-01-15 12:04 -------- d-----w- c:\programmi\Trend Micro
2010-01-14 22:05 . 2010-01-14 22:05 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\Malwarebytes
2010-01-14 22:05 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 22:05 . 2010-01-14 22:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-14 22:05 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 22:04 . 2010-01-14 22:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 13:46 . 2009-09-26 23:50 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\uTorrent
2010-02-05 12:00 . 2009-04-10 14:56 1 ----a-w- c:\documents and settings\Windows\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 10:42 . 2001-10-15 04:25 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-05 10:32 . 2009-11-20 12:30 -------- d-----w- c:\programmi\Google
2010-02-04 21:02 . 2007-06-12 07:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic
2010-01-30 17:06 . 2007-06-21 13:56 -------- d-----w- c:\programmi\eMule
2010-01-15 12:08 . 2007-06-12 08:59 -------- d-----w- c:\programmi\CCleaner
2010-01-14 21:55 . 2009-11-24 16:43 79488 ----a-w- c:\documents and settings\Windows\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-07 15:40 . 2009-11-07 10:17 317695 --sha-w- c:\windows\system32\mswins.DLL
2009-12-10 22:40 . 2009-12-10 22:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
.

((((((((((((((((((((((((((((( SnapShot@2010-01-22_09.06.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-05 12:58 . 2010-02-05 12:58 16384 c:\windows\Temp\Perflib_Perfdata_4d8.dat
+ 2010-01-23 23:39 . 2010-01-23 23:55 85019 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2010-01-23 18:49 . 2010-01-23 18:49 24064 c:\windows\Installer\178001.msi
+ 2009-10-28 03:31 . 2009-10-28 03:31 257440 c:\windows\system32\Macromed\Flash\FlashUtil10d.exe
+ 2009-10-27 19:31 . 2009-10-27 19:31 1956816 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2009-10-27 19:31 . 2009-10-27 19:31 1956816 c:\windows\Downloaded Program Files\CONFLICT.2\FP_AX_CAB_INSTALLER.exe
+ 2009-10-27 19:31 . 2009-10-27 19:31 1956816 c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-23 39408]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2010-01-24 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-23 151552]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-23 90112]
"EssSpkPhone"="essspk.exe" [2001-08-21 49152]
"Impostazioni video HP"="c:\programmi\Hewlett-Packard\HP Display Settings\hpdisply.exe" [2001-07-27 49152]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2001-08-09 94208]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2001-08-09 352256]
"CP4HPOT"="c:\progra~1\HPONE-~1\OneTouch.EXE" [2001-09-27 77824]
"avgnt"="c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"D-Link AirPlus XtremeG Utility"="c:\programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe" [2006-11-20 1728512]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-02-25 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Windows\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-9-5 217088]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-5-31 577597]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R3 {40867A83-9E92-474c-A921-20AA73EAE42F};AIM 3.0 CH-7007;c:\windows\system32\drivers\a303.sys [01/01/1980 8.00.00 26169]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;c:\windows\system32\drivers\vch.sys [01/01/1980 8.00.00 18487]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [21/09/2006 10.19.04 347648]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [02/08/2006 3.17.51 41600]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [02/08/2006 3.17.51 55552]
S3 VDNG;Video to 1394, WDM Video Capture;c:\windows\system32\drivers\Vid21394.sys [02/08/2006 3.23.50 61568]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 14:48
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000013

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
Ora fine scansione: 2010-02-05 14:55:04
ComboFix-quarantined-files.txt 2010-02-05 13:54
ComboFix2.txt 2010-02-05 11:46
ComboFix3.txt 2010-01-22 09:14

Pre-Run: 6.808.698.880 byte disponibili
Post-Run: 6.765.490.176 byte disponibili

- - End Of File - - 5D37BD01C62ADACE206AF2445690FE7D

[gahan]

scusami mauri,
chissà dove ho la testa oggi...lo script non ha funzionato perchè ho sbagliato io a scriverlo:

Codice: Seleziona tutto

file::
c:\windows\system32\mswins.DLL

Per quanto riguarda la pen drive, inserendolo nella porta USB l'antivirus dovrebbe bloccare eventuali infezioni al suo interno.

[mauri1974]

Ecco il log.. ora che faccio ??

ComboFix 10-02-04.07 - Windows 05/02/2010 16.14.01.4.1 - x86
Eseguito da: c:\documents and settings\Windows\Desktop\Combofix.exe
Opzioni usate :: c:\documents and settings\Windows\Desktop\CFScript.txt.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\mswins.DLL"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mswins.DLL

.
((((((((((((((((((((((((( Files Creati Da 2010-01-05 al 2010-02-05 )))))))))))))))))))))))))))))))))))
.

2010-01-31 15:04 . 2010-01-31 15:04 0 ----a-w- c:\windows\nsreg.dat
2010-01-31 15:01 . 2010-01-31 15:01 -------- d-----w- c:\documents and settings\Windows\Impostazioni locali\Dati applicazioni\Mozilla
2010-01-31 11:06 . 2010-01-31 20:50 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-29 08:22 . 2010-01-29 08:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-01-24 18:09 . 2010-01-24 18:09 -------- d-----w- c:\programmi\uTorrent
2010-01-23 23:44 . 2010-01-29 19:15 -------- d-----w- c:\documents and settings\Windows\Impostazioni locali\Dati applicazioni\Temp
2010-01-23 23:39 . 2010-01-23 23:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2010-01-23 23:38 . 2010-02-04 21:11 -------- d-----w- c:\programmi\McAfee Security Scan
2010-01-23 18:56 . 2010-01-31 11:49 -------- d-----w- c:\documents and settings\Windows\Impostazioni locali\Dati applicazioni\Google
2010-01-23 10:06 . 2010-01-23 10:07 -------- d-----w- c:\programmi\Navilog1
2010-01-22 12:04 . 2010-01-23 09:58 -------- d-----w- C:\Lop SD
2010-01-15 12:09 . 2010-01-15 12:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2010-01-15 12:09 . 2010-01-15 12:09 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\Yahoo!
2010-01-15 12:08 . 2010-01-15 12:09 -------- d-----w- c:\programmi\Yahoo!
2010-01-15 12:04 . 2010-01-15 12:04 -------- d-----w- c:\programmi\Trend Micro
2010-01-14 22:05 . 2010-01-14 22:05 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\Malwarebytes
2010-01-14 22:05 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 22:05 . 2010-01-14 22:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-14 22:05 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 22:04 . 2010-01-14 22:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 15:26 . 2009-09-26 23:50 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\uTorrent
2010-02-05 14:59 . 2007-06-12 07:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic
2010-02-05 14:12 . 2009-04-10 14:56 1 ----a-w- c:\documents and settings\Windows\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 10:42 . 2001-10-15 04:25 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-05 10:32 . 2009-11-20 12:30 -------- d-----w- c:\programmi\Google
2010-01-30 17:06 . 2007-06-21 13:56 -------- d-----w- c:\programmi\eMule
2010-01-15 12:08 . 2007-06-12 08:59 -------- d-----w- c:\programmi\CCleaner
2010-01-14 21:55 . 2009-11-24 16:43 79488 ----a-w- c:\documents and settings\Windows\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-10 22:40 . 2009-12-10 22:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
.

((((((((((((((((((((((((((((( SnapShot@2010-01-22_09.06.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-05 12:58 . 2010-02-05 12:58 16384 c:\windows\Temp\Perflib_Perfdata_4d8.dat
+ 2010-01-23 23:39 . 2010-01-23 23:55 85019 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2010-01-23 18:49 . 2010-01-23 18:49 24064 c:\windows\Installer\178001.msi
+ 2009-10-28 03:31 . 2009-10-28 03:31 257440 c:\windows\system32\Macromed\Flash\FlashUtil10d.exe
+ 2009-10-27 19:31 . 2009-10-27 19:31 1956816 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2009-10-27 19:31 . 2009-10-27 19:31 1956816 c:\windows\Downloaded Program Files\CONFLICT.2\FP_AX_CAB_INSTALLER.exe
+ 2009-10-27 19:31 . 2009-10-27 19:31 1956816 c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-23 39408]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2010-01-24 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-23 151552]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-23 90112]
"EssSpkPhone"="essspk.exe" [2001-08-21 49152]
"Impostazioni video HP"="c:\programmi\Hewlett-Packard\HP Display Settings\hpdisply.exe" [2001-07-27 49152]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2001-08-09 94208]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2001-08-09 352256]
"CP4HPOT"="c:\progra~1\HPONE-~1\OneTouch.EXE" [2001-09-27 77824]
"avgnt"="c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"D-Link AirPlus XtremeG Utility"="c:\programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe" [2006-11-20 1728512]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-02-25 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Windows\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-9-5 217088]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-5-31 577597]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R3 {40867A83-9E92-474c-A921-20AA73EAE42F};AIM 3.0 CH-7007;c:\windows\system32\drivers\a303.sys [01/01/1980 8.00.00 26169]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;c:\windows\system32\drivers\vch.sys [01/01/1980 8.00.00 18487]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [21/09/2006 10.19.04 347648]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [02/08/2006 3.17.51 41600]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [02/08/2006 3.17.51 55552]
S3 VDNG;Video to 1394, WDM Video Capture;c:\windows\system32\drivers\Vid21394.sys [02/08/2006 3.23.50 61568]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
TCP: {B49E476B-15C1-4E22-8094-AA9793D7438E} = 85.37.17.57 85.38.28.80
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 16:24
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000013

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
Ora fine scansione: 2010-02-05 16:32:39
ComboFix-quarantined-files.txt 2010-02-05 15:32
ComboFix2.txt 2010-02-05 13:55
ComboFix3.txt 2010-02-05 11:46
ComboFix4.txt 2010-01-22 09:14

Pre-Run: 6.780.989.440 byte disponibili
Post-Run: 6.762.704.896 byte disponibili

- - End Of File - - A9C759C86A937DA776185308F9685617