Ecco il nuovo report:
ComboFix 12-06-06.02 - Administrator 06/06/2012 23.50.42.3.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.511.241 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFscript.txt.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\programmi\AskBarDis\bar\bin\askBar.dll"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmi\AskBarDis\bar\bin\askBar.dll
.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Creati Da 2012-05-06 al 2012-06-06 )))))))))))))))))))))))))))))))))))
.
.
2012-06-03 12:23 . 2012-06-06 20:12 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 17:47 . 2012-04-08 20:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 17:47 . 2012-04-08 20:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2008-12-12 18:08 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-12-05 16:08 . 2006-01-12 22:04 806912 -c--a-w- c:\programmi\WinMX.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-06_20.27.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-06 22:02 . 2012-06-06 22:02 16384 c:\windows\temp\Perflib_Perfdata_1f4.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-29 4603904]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2003-12-13 33792]
"vscvol.exe"="c:\programmi\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"vsc32cnf.exe"="c:\programmi\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-06-20 148888]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-01-02 98304]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"nwiz"="nwiz.exe" [2004-09-29 921600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"mxomssmenu"="c:\programmi\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=vscapi.dll
"WAVE1"=vscapi.dll
"midi2"=xgusb.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2011-11-28 18:01 3744552 ----a-w- c:\programmi\Alwil Software\Avast5\AvastUI.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\RamaLopster\\Lopster.exe"=
"c:\\Programmi\\WinMX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\FrostWire\\FrostWire.exe"=
"c:\\Programmi\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Programmi\\foobar2000\\fooassoc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16/07/2011 18.46.18 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/11/2008 14.09.54 314456]
R2 a2free;a-squared Free Service;c:\programmi\a-squared Free\a2service.exe [23/06/2007 10.59.02 224888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/11/2008 14.09.54 20568]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 4.09.02 50704]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [01/07/2006 19.25.48 951284]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [03/02/2010 9.35.14 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08/04/2012 22.40.23 257696]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [03/02/2010 9.35.14 135664]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - HTTPFILTER
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3796fe32-5949-11df-a744-0011d8c41d15}]
\Shell\AutoRun\command - F:\Menu.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56d41816-9ff7-11e0-af7c-0011d8c41d15}]
\Shell\AutoRun\command - F:\setup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5db47af8-440a-11df-a6c2-0011d8c41d15}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e4b5f64-3349-11de-9fa3-0011d8c41d15}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:47]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-03 07:35]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-03 07:35]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: larena.it\www
Trusted Zone: unicreditbanca.it
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - c:\programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
WebBrowser-{338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-07 00:03
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-4103915712-687431403-623738778-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-4103915712-687431403-623738778-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D3C37E0-5046-DEEB-5088-920F6191EFFF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oafjpoaifahfakgklhicdhfaebpamk"=hex:64,61,6b,68,6e,6c,6d,63,00,70
"oabehmbplnjcfgojnpajoapfoedglj"=hex:6a,61,66,68,6c,6d,6e,69,63,66,66,61,6a,64,
67,6f,68,67,70,68,00,cb
"naldnocbanfjkpdccneoppijhpim"=hex:6b,61,66,68,6d,6d,61,66,6a,68,67,6b,64,6b,
61,67,6d,65,63,64,62,64,00,00
.
[HKEY_USERS\S-1-5-21-4103915712-687431403-623738778-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E57E92D-5021-E6CC-D024-0041EFA88B6A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abnfjppignkbogpmdbcjpljogigmppfmnb"=hex:61,61,00,00
"bbnfjppignkbogpmdbbjkjcafkbfmcejbfbb"=hex:61,61,00,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\xgusb.cpl
.
- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\xgusb.cpl
.
- - - - - - - > 'explorer.exe'(2756)
c:\windows\system32\WININET.dll
c:\windows\system32\xgusb.cpl
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSIT.DLL
c:\programmi\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Maxtor\Sync\SyncServices.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\WINDOW~4\Datamngr\DATAMN~1.EXE
c:\windows\AGRSMMSG.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2012-06-07 00:14:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-06-06 22:14
ComboFix2.txt 2012-06-06 20:49
.
Pre-Run: 19.679.662.080 byte disponibili
Post-Run: 19.130.400.768 byte disponibili
.
- - End Of File - - D77FACBF494F40A669F8D2DF6DF41D17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.511.241 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFscript.txt.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\programmi\AskBarDis\bar\bin\askBar.dll"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmi\AskBarDis\bar\bin\askBar.dll
.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Creati Da 2012-05-06 al 2012-06-06 )))))))))))))))))))))))))))))))))))
.
.
2012-06-03 12:23 . 2012-06-06 20:12 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 17:47 . 2012-04-08 20:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 17:47 . 2012-04-08 20:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2008-12-12 18:08 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-12-05 16:08 . 2006-01-12 22:04 806912 -c--a-w- c:\programmi\WinMX.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-06_20.27.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-06 22:02 . 2012-06-06 22:02 16384 c:\windows\temp\Perflib_Perfdata_1f4.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-29 4603904]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2003-12-13 33792]
"vscvol.exe"="c:\programmi\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"vsc32cnf.exe"="c:\programmi\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-06-20 148888]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-01-02 98304]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"nwiz"="nwiz.exe" [2004-09-29 921600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"mxomssmenu"="c:\programmi\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=vscapi.dll
"WAVE1"=vscapi.dll
"midi2"=xgusb.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2011-11-28 18:01 3744552 ----a-w- c:\programmi\Alwil Software\Avast5\AvastUI.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\RamaLopster\\Lopster.exe"=
"c:\\Programmi\\WinMX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\FrostWire\\FrostWire.exe"=
"c:\\Programmi\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Programmi\\foobar2000\\fooassoc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16/07/2011 18.46.18 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/11/2008 14.09.54 314456]
R2 a2free;a-squared Free Service;c:\programmi\a-squared Free\a2service.exe [23/06/2007 10.59.02 224888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/11/2008 14.09.54 20568]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 4.09.02 50704]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [01/07/2006 19.25.48 951284]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [03/02/2010 9.35.14 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08/04/2012 22.40.23 257696]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [03/02/2010 9.35.14 135664]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - HTTPFILTER
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3796fe32-5949-11df-a744-0011d8c41d15}]
\Shell\AutoRun\command - F:\Menu.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56d41816-9ff7-11e0-af7c-0011d8c41d15}]
\Shell\AutoRun\command - F:\setup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5db47af8-440a-11df-a6c2-0011d8c41d15}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e4b5f64-3349-11de-9fa3-0011d8c41d15}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:47]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-03 07:35]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-03 07:35]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: larena.it\www
Trusted Zone: unicreditbanca.it
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - c:\programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
WebBrowser-{338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-07 00:03
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-4103915712-687431403-623738778-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-4103915712-687431403-623738778-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D3C37E0-5046-DEEB-5088-920F6191EFFF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oafjpoaifahfakgklhicdhfaebpamk"=hex:64,61,6b,68,6e,6c,6d,63,00,70
"oabehmbplnjcfgojnpajoapfoedglj"=hex:6a,61,66,68,6c,6d,6e,69,63,66,66,61,6a,64,
67,6f,68,67,70,68,00,cb
"naldnocbanfjkpdccneoppijhpim"=hex:6b,61,66,68,6d,6d,61,66,6a,68,67,6b,64,6b,
61,67,6d,65,63,64,62,64,00,00
.
[HKEY_USERS\S-1-5-21-4103915712-687431403-623738778-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E57E92D-5021-E6CC-D024-0041EFA88B6A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abnfjppignkbogpmdbcjpljogigmppfmnb"=hex:61,61,00,00
"bbnfjppignkbogpmdbbjkjcafkbfmcejbfbb"=hex:61,61,00,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\xgusb.cpl
.
- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\xgusb.cpl
.
- - - - - - - > 'explorer.exe'(2756)
c:\windows\system32\WININET.dll
c:\windows\system32\xgusb.cpl
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSIT.DLL
c:\programmi\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Maxtor\Sync\SyncServices.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\WINDOW~4\Datamngr\DATAMN~1.EXE
c:\windows\AGRSMMSG.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2012-06-07 00:14:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-06-06 22:14
ComboFix2.txt 2012-06-06 20:49
.
Pre-Run: 19.679.662.080 byte disponibili
Post-Run: 19.130.400.768 byte disponibili
.
- - End Of File - - D77FACBF494F40A669F8D2DF6DF41D17
Andy94: tutti i report generati dai programmi vanno inseriti con il tag MEMO.