scusami ma ci ha messo un oretta buona il combo!!! fatto allego file, il link mi fa casino, pero' ora il pc sembra regolare tanto che sto usando quello "infetto" e pare regolare dopo 4 riavvii in automatico etc etc
ComboFix 10-07-26.04 - Ashanty 27/07/2010 17.06.29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3038.1657 [GMT 2:00]
Eseguito da: c:\users\Ashanty\Desktop\Pippo\pippo.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *disabled* (Outdated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Ashanty\AppData\Local\hzatug.dat
c:\users\Ashanty\AppData\Local\hzatug_nav.dat
c:\users\Ashanty\AppData\Local\hzatug_navps.dat
c:\users\Ashanty\AppData\Local\mcmodupiu
c:\users\Ashanty\AppData\Local\mcmodupiu\dihbsnmtssd.exe
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\$NtUninstallMTF1011$\zrpt.xml
c:\windows\svc.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\nnopml.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\senekafppevbvd.dat
c:\windows\system32\senekanvofeoxq.dat
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll
----- BITS: Possibili siti infetti -----
hxxp://solaruploaderz.com.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Follower
((((((((((((((((((((((((( Files Creati Da 2010-06-27 al 2010-07-27 )))))))))))))))))))))))))))))))))))
.
2010-07-27 15:17 . 2010-07-27 15:19 -------- d-----w- c:\users\Ashanty\AppData\Local\temp
2010-07-27 15:17 . 2010-07-27 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-26 20:09 . 2010-07-26 20:09 -------- d-----w- c:\users\Ashanty\AppData\Roaming\7FB11026D1D429A03820AA4D33E4B26C
2010-07-26 19:22 . 2010-07-26 19:22 -------- d-----w- c:\windows\Sun
2010-07-26 18:43 . 2010-07-26 18:43 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 15:13 . 2008-01-21 06:30 734648 ----a-w- c:\windows\system32\perfh010.dat
2010-07-27 15:13 . 2008-01-21 06:30 147816 ----a-w- c:\windows\system32\perfc010.dat
2010-07-26 22:20 . 2010-04-14 05:26 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-26 19:05 . 2008-12-22 08:33 -------- d-----w- c:\users\Ashanty\AppData\Roaming\Skype
2010-07-26 18:43 . 2009-02-04 10:21 -------- d-----w- c:\users\Ashanty\AppData\Roaming\skypePM
2010-07-15 01:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-15 01:06 . 2008-08-10 01:39 -------- d-----w- c:\programdata\Microsoft Help
2010-06-05 05:58 . 2009-06-19 17:22 -------- d-----w- c:\users\Ashanty\AppData\Roaming\Azureus
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-26 17:06 . 2010-06-10 07:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 07:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59 . 2010-06-10 07:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 07:30 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 07:30 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 07:30 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 07:29 2037248 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 16:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Ashanty\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-04 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]
"googletalk"="c:\users\Ashanty\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-12 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-04-28 115560]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-5-3 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 10:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2007-10-11 06:45 31232 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2008-08-10 02:05 24576 ----a-w- c:\program files\Sony\Marketing Tools\MarketingTools.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2008-06-27 19:01 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):98,4b,58,7e,9d,2d,cb,01
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-12 30192]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-03-21 717296]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-09 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-27 299008]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-08 5120]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-19 411488]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-14 99376]
S3 NETw5v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 11:54]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 11:54]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3736995038-543946607-3095475113-1003Core.job
- c:\users\Ashanty\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-04 18:43]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3736995038-543946607-3095475113-1003UA.job
- c:\users\Ashanty\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-04 18:43]
.
.
------- Scansione supplementare -------
.
uStart Page =
www.ashanty.it/uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {FF4651E0-0F78-4294-9C75-E5792C4F2D4C} = 192.168.1.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-khggeesys - nnopml.dll
HKCU-Run-itvqfjik - c:\users\Ashanty\AppData\Local\mcmodupiu\dihbsnmtssd.exe
HKLM-Run-c:\users\Ashanty\AppData\Local\Temp\opeC0D5.exe - c:\users\Ashanty\AppData\Local\Temp\opeC0D5.exe
HKLM-Run-hgdcawsys - nnopml.dll
HKLM-Run-sta - tmtqp.dll
HKLM-Run-MChk - c:\windows\system32\gmtqp.exe
HKU-Default-Run-xxvwvvsys - nnopml.dll
SafeBoot-Symantec Antvirus
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-27 17:23
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\users\Ashanty\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
.
**************************************************************************
.
Ora fine scansione: 2010-07-27 17:30:28 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-07-27 15:30
Pre-Run: 214.239.137.792 byte disponibili
Post-Run: 214.001.655.808 byte disponibili
- - End Of File - - 35AABD7749514A8FFC42CA728B5929D4