Buon giorno a tutti,
Ho un problema con il computer, ho fatto girare combofix e vi riporto di seguito il risultato della scansione:
ComboFix 10-04-21.01 - utente 23/04/2010 9.56.30.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.220 [GMT 2:00]
Eseguito da: c:\documents and settings\utente\Documenti\Software\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100422-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tftp.exe . . . è infetto!!
.
((((((((((((((((((((((((( Files Creati Da 2010-03-23 al 2010-04-23 )))))))))))))))))))))))))))))))))))
.
2010-04-22 20:33 . 2010-04-22 20:33 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Malwarebytes
2010-04-22 20:33 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-22 20:33 . 2010-04-22 20:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-22 20:33 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 20:33 . 2010-04-22 20:33 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 20:09 . 2003-04-08 19:00 497812 ----a-w- c:\windows\system32\perfh010.dat
2010-03-28 20:09 . 2003-04-08 19:00 87648 ----a-w- c:\windows\system32\perfc010.dat
2010-03-27 20:22 . 2009-01-10 15:41 -------- d-----w- c:\programmi\CCleaner
2010-03-23 00:16 . 2010-03-23 00:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-23 00:16 . 2010-03-23 00:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-23 00:12 . 2009-12-30 00:35 199600 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-03-23 00:06 . 2010-01-24 16:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-03-23 00:06 . 2009-06-21 21:49 -------- d-----w- c:\programmi\DIFX
2010-03-23 00:06 . 2010-03-23 00:06 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-03-23 00:05 . 2009-06-21 21:49 -------- d-----w- c:\programmi\Nokia
2010-03-23 00:03 . 2009-06-21 22:07 -------- d-----w- c:\programmi\File comuni\Nokia
2010-03-23 00:00 . 2010-03-23 00:00 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-23 00:00 . 2010-03-23 00:00 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe
2010-03-23 00:00 . 2010-03-23 00:00 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-23 00:00 . 2010-03-23 00:01 34657496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_2.4.6IT.exe
2010-03-20 23:19 . 2010-02-14 15:10 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\vlc
2010-03-10 06:15 . 2003-04-08 19:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:16 . 2003-04-08 19:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2003-04-08 19:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 20:17 . 2008-01-31 00:08 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\MSN6
2010-02-17 12:05 . 2003-04-08 19:00 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2002-09-09 13:34 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-14 15:00 . 2009-04-09 19:27 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdw.DAT
2010-02-12 04:33 . 2003-04-08 19:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-04-08 19:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-04-22_22.17.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-23 07:52 . 2010-04-23 07:52 16384 c:\windows\Temp\Perflib_Perfdata_724.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 335872]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-09-26 114741]
"UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-05 88267]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-04-27 282624]
"Nokia FastStart"="c:\programmi\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2003-9-12 503869]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/01/2009 17.45.31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/01/2009 22.16.15 20560]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [11/01/2007 9.57.27 26240]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 10:01
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????2?5?2?4??@???? ?deB???????????????B????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(1140)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-04-23 10:03:14
ComboFix-quarantined-files.txt 2010-04-23 08:03
ComboFix2.txt 2010-04-22 23:02
ComboFix3.txt 2010-04-22 22:45
ComboFix4.txt 2010-04-22 22:19
Pre-Run: 6.438.809.600 byte disponibili
Post-Run: 6.403.477.504 byte disponibili
- - End Of File - - 8AA4F9642EF278B91800A522F12CA9DE
Aggiungo che ho lanciato Avast antivirus il quale non ha rilevato alcun problema e ho anche lanciato una scansione con Malwarebytes e mi ha rilevato alcuni file infetti che mi ha eliminato e ripetuta la scansione non ha piu' rilevato nulla.
Ringrazio in anticipo tutti coloro che sapranno darmi una mano.
Un salutone a tutti