shel ha scritto:Ma come posso averlo preso????????
Generalmente queste infezioni attraverso peer-to-peer (emule, torrent....) ma non e' da escludere anche da altre fonti.....
Purtroppo, malgrado i tuoi ottimi consigli, per il PC in Ufficio non ho potuto fare molto: mi si bloccava sempre alla schermata "Modalità Provvisoria" e mi usciva un messaggio di impossibilità a procedere in questa modalità. A questo punto, ho preferito formattarlo. Quando, però, ho visto nel tuo post il termine "Worm Bagle", mi è venuto in mente che c'era qualcosa del genere su una pen drive che utilizzo spesso (in una cartella Smart Movie per Pocket PC). Ho fatto una scansione della pen drive con avira e poi ho applicato la procedura che mi hai descritto sui miei PC dove ho inserito la pen drive. Se non ti è di troppo disturbo, dai un'occhiata ai report Combofix:
PC Desktop (che, penso, non abbia alcun problema: funziona alla perfezione):
ComboFix 10-06-30.03 - Paolo 01/07/2010 9:41.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.39.1040.18.1024.448 [GMT 2:00]
Eseguito da: c:\users\Paolo\Desktop\abc.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\SHELLLNK.TLB
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hkmsvc
((((((((((((((((((((((((( Files Creati Da 2010-06-01 al 2010-07-01 )))))))))))))))))))))))))))))))))))
.
2010-07-01 07:50 . 2010-07-01 07:54 -------- d-----w- c:\users\Paolo\AppData\Local\temp
2010-07-01 07:50 . 2010-07-01 07:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-08 17:35 . 2010-06-08 17:35 411368 ----a-w- c:\windows\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 07:54 . 2010-05-13 18:27 -------- d-----w- c:\users\Paolo\AppData\Roaming\Dropbox
2010-07-01 07:31 . 2009-05-09 11:38 689234 ----a-w- c:\windows\system32\perfh010.dat
2010-07-01 07:31 . 2009-05-09 11:38 124422 ----a-w- c:\windows\system32\perfc010.dat
2010-06-23 17:16 . 2009-11-14 12:28 -------- d-----w- c:\users\Paolo\AppData\Roaming\vlc
2010-06-16 15:16 . 2009-11-17 10:13 -------- d-----w- c:\program files\FCM
2010-05-28 08:17 . 2010-05-28 08:17 -------- d-----w- c:\program files\EPSON
2010-05-21 12:14 . 2009-11-13 20:00 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 18:27 . 2010-05-13 18:27 89831 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\Uninstall.exe
2010-05-10 18:37 . 2010-05-10 18:37 50354 ----a-w- c:\users\Paolo\AppData\Roaming\Facebook\uninstall.exe
2010-05-10 18:37 . 2010-05-10 18:37 -------- d-----w- c:\users\Paolo\AppData\Roaming\Facebook
2009-03-27 04:24 . 2009-04-22 05:58 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-04-22 05:19 . 2009-04-22 03:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-04-22 05:21 441856 ----a-w- c:\windows\System32\ntshrui.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-22 1174016]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-04-22 349184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\users\Paolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Paolo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Avvio veloce di Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\DRIVERS\1394ohci.sys [2009-04-22 162816]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\DRIVERS\acpipmi.sys [2009-04-22 9728]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-04-22 422992]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-04-22 297552]
R3 amdsata;amdsata;c:\windows\system32\DRIVERS\amdsata.sys [2009-04-22 77904]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-04-22 159312]
R3 AppID;Driver AppID;c:\windows\system32\drivers\appid.sys [2009-04-22 50176]
R3 AppIDSvc;Identità applicazione;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 Appinfo;Informazioni applicazioni;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-04-22 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-04-22 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-04-22 229888]
R3 BDESVC;Servizio di crittografia unità BitLocker;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-04-22 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-04-22 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-04-22 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-04-22 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-04-22 12160]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-04-22 37888]
R3 defragsvc;Utilità di deframmentazione dischi;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2009-04-22 720384]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-04-22 3100160]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-04-22 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-04-22 28160]
R3 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-04-22 45648]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-04-22 26624]
R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-04-22 67152]
R3 iaStorV;iaStorV;c:\windows\system32\DRIVERS\iaStorV.sys [2009-04-22 332368]
R3 IPBusEnum;Enumeratore bus IP PnP-X;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\DRIVERS\IPMIDrv.sys [2009-04-22 65536]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\DRIVERS\msiscsi.sys [2009-04-22 186960]
R3 KeyIso;Isolamento chiavi CNG;c:\windows\system32\lsass.exe [2009-04-22 22528]
R3 KtmRm;KtmRm per Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 lltdsvc;Mapper individuazione topologia livelli di collegamento;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-04-22 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-04-22 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-04-22 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-04-22 96848]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-04-22 30800]
R3 mpio;mpio;c:\windows\system32\DRIVERS\mpio.sys [2009-04-22 130640]
R3 msahci;msahci;c:\windows\system32\DRIVERS\msahci.sys [2009-04-22 27728]
R3 msdsm;msdsm;c:\windows\system32\DRIVERS\msdsm.sys [2009-04-22 115792]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-04-22 4096]
R3 MSiSCSI;Servizio iniziatore iSCSI Microsoft;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-04-22 12288]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-04-22 267264]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-04-22 27136]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-04-22 44624]
R3 nvstor;nvstor;c:\windows\system32\DRIVERS\nvstor.sys [2009-04-22 142416]
R3 PcaSvc;Servizio Risoluzione problemi compatibilità programmi;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 pla;Avvisi e registri di prestazioni;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 PNRPAutoReg;Servizio di pubblicazione nome computer PNRP;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-04-22 1383504]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-04-22 105552]
R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-04-22 5632]
R3 scfilter;Driver di filtro della classe Plug and Play smart card;c:\windows\system32\DRIVERS\scfilter.sys [2009-04-22 26624]
R3 SCPolicySvc;Criterio rimozione smart card;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 SensrSvc;Luminosità adattiva;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\DRIVERS\sffp_mmc.sys [2009-04-22 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-04-22 77904]
R3 Smb;Protocollo TCP/IP e TCP/IPv6 orientato ai messaggi (sessione SMB);c:\windows\system32\DRIVERS\smb.sys [2009-04-22 71168]
R3 sppuinotify;Servizio di notifica SPP;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-04-22 21072]
R3 storvsc;storvsc;c:\windows\system32\DRIVERS\storvsc.sys [2009-04-22 28240]
R3 TabletInputService;Servizio di input Tablet PC;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 TBS;Servizi di base TPM;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 THREADORDER;Server di ordinamento thread;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 TrustedInstaller;Programma di installazione dei moduli di Windows;c:\windows\servicing\TrustedInstaller.exe [2009-04-22 204800]
R3 UI0Detect;Rilevamento servizi interattivi;c:\windows\system32\UI0Detect.exe [2009-04-22 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\DRIVERS\uliagpkx.sys [2009-04-22 57424]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\DRIVERS\usbcir.sys [2009-04-22 86016]
R3 VaultSvc;Gestione credenziali;c:\windows\system32\lsass.exe [2009-04-22 22528]
R3 vhdmp;vhdmp;c:\windows\system32\DRIVERS\vhdmp.sys [2009-04-22 158288]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-04-22 52736]
R3 vmbus;vmbus;c:\windows\system32\DRIVERS\vmbus.sys [2009-04-22 175824]
R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-04-22 17920]
R3 vwifibus;Driver bus WiFi virtuale;c:\windows\System32\drivers\vwifibus.sys [2009-04-22 19968]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-04-22 21632]
R3 wbengine;Servizio modulo di backup a livello di blocco;c:\windows\system32\wbengine.exe [2009-04-22 1203200]
R3 WbioSrvc;Servizio di biometria Windows;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 wcncsvc;Windows Connect Now - Registro configurazioni;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 WcsPlugInService;Sistema colori Windows;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-04-22 19024]
R3 Wecsvc;Raccolta eventi Windows;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 wercplsupport;Segnalazioni di problemi e soluzioni nel Pannello di controllo;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 WerSvc;Servizio Segnalazione errori Windows;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-04-22 19024]
R3 WinRM;Gestione remota Windows (WS-Management);c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 Wlansvc;Configurazione automatica WLAN;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 WwanSvc;Configurazione automatica WWAN;c:\windows\system32\svchost.exe [2009-04-22 20992]
R4 Mcx2Svc;Servizio Media Center Extender;c:\windows\system32\svchost.exe [2009-04-22 20992]
S0 amdxata;amdxata;c:\windows\system32\DRIVERS\amdxata.sys [2009-04-22 23120]
S0 CLFS;Registro comune (CLFS);c:\windows\System32\CLFS.sys [2009-04-22 249424]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-04-22 369056]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-04-22 58448]
S0 fvevol;Driver filtro Crittografia unità BitLocker;c:\windows\System32\DRIVERS\fvevol.sys [2009-04-22 194488]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2009-04-22 13904]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-04-22 133200]
S0 msisadrv;msisadrv;c:\windows\system32\DRIVERS\msisadrv.sys [2009-04-22 13904]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-04-22 42576]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2009-04-22 173648]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Driver di filtro accelerazione bus macchina virtuale disco;c:\windows\system32\DRIVERS\vmstorfl.sys [2009-04-22 40912]
S0 vdrvroot;Driver enumeratore unità virtuale Microsoft;c:\windows\system32\DRIVERS\vdrvroot.sys [2009-04-22 32848]
S0 volmgr;Driver archiviazione volumi;c:\windows\system32\DRIVERS\volmgr.sys [2009-04-22 52304]
S0 volmgrx;Gestore volumi dinamici;c:\windows\System32\drivers\volmgrx.sys [2009-04-22 297040]
S0 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-04-22 141904]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-04-22 35328]
S1 CSC;Driver di File non in linea;c:\windows\system32\drivers\csc.sys [2009-04-22 387584]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2009-04-22 78336]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-04-22 32768]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-04-22 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-04-22 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-04-22 7168]
S1 tdx;Driver di supporto TDI legacy NetIO;c:\windows\system32\DRIVERS\tdx.sys [2009-04-22 74240]
S1 Wanarpv6;Driver ARP IPv6 di accesso remoto;c:\windows\system32\DRIVERS\wanarp.sys [2009-04-22 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-04-22 9728]
S2 AudioEndpointBuilder;Generatore endpoint audio di Windows;c:\windows\System32\svchost.exe [2009-04-22 20992]
S2 BFE;BFE (Base Filtering Engine);c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 CscService;File non linea;c:\windows\System32\svchost.exe [2009-04-22 20992]
S2 DPS;Servizio Criteri di diagnostica;c:\windows\System32\svchost.exe [2009-04-22 20992]
S2 gpsvc;Client di Criteri di gruppo;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 IKEEXT;Moduli di impostazione chiavi IPSec IKE e Auth-IP;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 iphlpsvc;Helper IP;c:\windows\System32\svchost.exe [2009-04-22 20992]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-04-22 48128]
S2 luafv;Virtualizzazione file controllo dell'account utente;c:\windows\system32\drivers\luafv.sys [2009-04-22 86528]
S2 MMCSS;Utilità di pianificazione classi multimediali;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 NlaSvc;Riconoscimento presenza in rete;c:\windows\System32\svchost.exe [2009-04-22 20992]
S2 nsi;Servizio Interfaccia archivio di rete;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-04-22 586752]
S2 Power;Alimentazione;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 ProfSvc;Servizio profili utente;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 RpcEptMapper;Agente mapping endpoint RPC;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 sppsvc;Protezione software;c:\windows\system32\sppsvc.exe [2009-04-22 3179520]
S2 SysMain;Ottimizzazione avvio;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2009-04-22 34816]
S2 UxSms;Gestione sessione di Gestione finestre desktop;c:\windows\System32\svchost.exe [2009-04-22 20992]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-04-22 20992]
S3 bowser;Driver di supporto del browser;c:\windows\system32\DRIVERS\bowser.sys [2009-04-22 69632]
S3 CertPropSvc;Propagazione certificati;c:\windows\system32\svchost.exe [2009-04-22 20992]
S3 CompositeBus;Driver enumeratore bus composito;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-04-22 31232]
S3 fdPHost;Host provider di individuazione funzioni;c:\windows\system32\svchost.exe [2009-04-22 20992]
S3 FDResPub;Pubblicazione risorse per individuazione;c:\windows\system32\svchost.exe [2009-04-22 20992]
S3 HomeGroupListener;Listener Gruppo Home;c:\windows\System32\svchost.exe [2009-04-22 20992]
S3 HomeGroupProvider;Provider Gruppo Home;c:\windows\System32\svchost.exe [2009-04-22 20992]
S3 monitor;Servizio driver funzioni di classe monitor Microsoft;c:\windows\system32\DRIVERS\monitor.sys [2009-04-22 23552]
S3 mpsdrv;Driver di autorizzazione di Windows Firewall;c:\windows\system32\drivers\mpsdrv.sys [2009-04-22 60416]
S3 mrxsmb10;Mini-redirector SMB 1.x;c:\windows\system32\DRIVERS\mrxsmb10.sys [2009-04-22 220672]
S3 mrxsmb20;Mini-redirector SMB 2.0;c:\windows\system32\DRIVERS\mrxsmb20.sys [2009-04-22 94720]
S3 netprofm;Servizio Elenco reti;c:\windows\System32\svchost.exe [2009-04-22 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-04-22 49152]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-04-22 18432]
S3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-04-22 20992]
S3 srv2;Driver server SMB 2.xxx;c:\windows\system32\DRIVERS\srv2.sys [2009-09-10 306688]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2009-04-22 113664]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2009-04-22 30208]
S3 tunnel;Driver scheda Microsoft Tunnel Miniport;c:\windows\system32\DRIVERS\tunnel.sys [2009-04-22 108032]
S3 umbus;Driver enumeratore UMBus;c:\windows\system32\DRIVERS\umbus.sys [2009-04-22 39936]
S3 UmRdpService;Redirector porta UserMode di Servizi Desktop remoto;c:\windows\System32\svchost.exe [2009-04-22 20992]
S3 WdiServiceHost;Host servizio di diagnostica;c:\windows\System32\svchost.exe [2009-04-22 20992]
S3 WdiSystemHost;Host sistema di diagnostica;c:\windows\System32\svchost.exe [2009-04-22 20992]
S3 WPDBusEnum;Servizio enumeratore dispositivi mobili;c:\windows\system32\svchost.exe [2009-04-22 20992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS AppIDSvc FontCache fdrespub QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
wercplsupport
ProfSvc
winmgmt
SessionEnv
schedule
browser
BDESVC
Themes
AppMgmt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\ewavz4yr.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Paolo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 09:53
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 09:53
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 09:53
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 09:54
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 09:54
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 09:54
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 09:54
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 09:54
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 09:54
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 09:54
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 09:54
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti:
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'Explorer.exe'(3864)
c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\sdclt.exe
.
**************************************************************************
.
Ora fine scansione: 2010-07-01 10:00:12 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-07-01 08:00
Pre-Run: 59.646.820.352 byte disponibili
Post-Run: 63.069.884.416 byte disponibili
- - End Of File - - 907C0BDF748BA29BE502862F74AAA8CC
PC Notebook (che, penso, abbia grossi problemi: formattato da poco, andava benissimo, oggi mi sono accorto che Avira è con l'ombrellino chiuso, malgrado risulti attivo, è di una lentezza esasperante ad ogni comando e la scansione con Combofix è durata circa 1 ora e non si è mai riavviato):
ComboFix 10-06-30.03 - Salvatore Vullo 01/07/10 10.52.10.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.698 [GMT 2:00]
Eseguito da: c:\documents and settings\Salvatore Vullo\Desktop\abc.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\xpsp1hfm.log
.
((((((((((((((((((((((((( Files Creati Da 2010-06-01 al 2010-07-01 )))))))))))))))))))))))))))))))))))
.
2010-07-01 08:09 . 2010-07-01 08:09 -------- d-s---w- c:\documents and settings\Salvatore Vullo\UserData
2010-06-23 18:25 . 2010-06-23 18:26 -------- d-----w- c:\programmi\Windows Media Connect 2
2010-06-23 18:23 . 2010-06-23 18:24 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-06-19 12:51 . 2010-06-19 12:51 503808 ----a-w- c:\documents and settings\Salvatore Vullo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7a3e6d18-n\msvcp71.dll
2010-06-19 12:51 . 2010-06-19 12:51 499712 ----a-w- c:\documents and settings\Salvatore Vullo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7a3e6d18-n\jmc.dll
2010-06-19 12:51 . 2010-06-19 12:51 348160 ----a-w- c:\documents and settings\Salvatore Vullo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7a3e6d18-n\msvcr71.dll
2010-06-19 12:51 . 2010-06-19 12:51 61440 ----a-w- c:\documents and settings\Salvatore Vullo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-645d47f9-n\decora-sse.dll
2010-06-19 12:51 . 2010-06-19 12:51 12800 ----a-w- c:\documents and settings\Salvatore Vullo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-645d47f9-n\decora-d3d.dll
2010-06-19 12:51 . 2010-06-19 12:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-19 09:48 . 2010-06-19 09:48 -------- d-----w- c:\documents and settings\Salvatore Vullo\Dati applicazioni\Nero
2010-06-15 10:18 . 2010-06-23 18:23 -------- d-----w- c:\windows\system32\LogFiles
2010-06-15 10:09 . 2010-06-23 18:42 -------- d-----w- c:\programmi\Microsoft ActiveSync
2010-06-15 10:08 . 2010-06-15 10:08 -------- d-----w- c:\windows\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 08:04 . 2010-02-15 19:57 103448 ----a-w- c:\documents and settings\Salvatore Vullo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-06-23 17:31 . 2004-08-19 12:00 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-06-23 17:31 . 2004-08-19 12:00 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-06-23 17:05 . 2010-02-16 13:57 -------- d-----w- c:\programmi\Microsoft.NET
2010-06-22 09:53 . 2010-02-15 22:04 -------- d-----w- c:\documents and settings\Salvatore Vullo\Dati applicazioni\vlc
2010-06-19 10:13 . 2010-02-15 16:06 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-02 08:06 . 2004-08-19 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-19 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 20:58 . 2010-04-18 20:58 29926 ----a-r- c:\documents and settings\Salvatore Vullo\Dati applicazioni\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2010-04-18 20:18 . 2010-04-18 20:18 503808 ----a-w- c:\documents and settings\Salvatore Vullo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-49eb6eb2-n\msvcp71.dll
2010-04-18 20:18 . 2010-04-18 20:18 499712 ----a-w- c:\documents and settings\Salvatore Vullo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-49eb6eb2-n\jmc.dll
2010-04-18 20:18 . 2010-04-18 20:18 348160 ----a-w- c:\documents and settings\Salvatore Vullo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-49eb6eb2-n\msvcr71.dll
2010-04-18 20:18 . 2010-04-18 20:18 61440 ----a-w- c:\documents and settings\Salvatore Vullo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-51f953db-n\decora-sse.dll
2010-04-18 20:18 . 2010-04-18 20:18 12800 ----a-w- c:\documents and settings\Salvatore Vullo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-51f953db-n\decora-d3d.dll
2010-04-16 16:06 . 2004-08-19 12:00 669696 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:06 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-12 15:29 . 2010-04-18 20:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia Internet Modem"="c:\programmi\Nokia\Nokia Internet Modem\WellPhone2.exe" [2009-11-09 1962648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programs\\RM.exe"=
"c:\\Programs\\Studio.exe"=
"c:\\Programs\\umi.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [15/02/10 6.09.26 200192]
S3 nokiacpo;Nokia Internet Stick Wireless Modem Service Install;c:\windows\system32\drivers\nokiacpo.sys [05/08/09 6.03.02 18688]
S3 nokiappo;Nokia Internet Stick Wireless Modem Power Policy Service;c:\windows\system32\drivers\nokiappo.sys [05/08/09 6.03.02 27008]
.
Contenuto della cartella 'Scheduled Tasks'
2010-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Connection Wizard,ShellNext =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Salvatore Vullo\Dati applicazioni\Mozilla\Firefox\Profiles\1o81s1ip.default\
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 11:41
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????4?5?5?4??????? ???B?????????????hLC????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1390067357-725345543-839522115-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-1390067357-725345543-839522115-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-1390067357-725345543-839522115-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-1390067357-725345543-839522115-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-1390067357-725345543-839522115-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000002
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-07-01 12:15:12
ComboFix-quarantined-files.txt 2010-07-01 10:14
Pre-Run: 80.004.808.704 byte disponibili
Post-Run: 81.965.969.408 byte disponibili
- - End Of File - - AB3085044E5F9EB31AF7CEE387B55FD6
Speriamo bene. Grazie in anticipo.