www.MegaLab.it

[pmarco66]

da qualche giorno sto inviando ai miei contatti un e-mail, non voluta da me, che conduce ad un sito commerciale.Questo succede con il mio account hotmail.Cosa posso fare? Grazie

[crazy.cat]

Sarai entrato a far parte di qualche botnet waledac.
Comincia a fare scansioni con antivirus, magari con avira rescue cd (trovi l'articolo nel sito) così da toglierti il virus.

[gioia271965]

Se con la scansione non rilevi nulla di particolare, devi sapere che esistono dei programmi (secondo me potenzialmente illegali), capaci di mandare email con le credenziali di chiunque, anche senza conoscere la password di accesso della casella di posta.

[pmarco66]

fatto scansione con antivirus ed antispyware e non ho trovato nulla, ma continuo a mandare mail con lo stesso contenuto

[crazy.cat]

Posta un log della scansione di combofix.

[pmarco66]

devo fare la scansione su ogni in cui ho quell'accaunt di posta? dove posso trovare combofix?

[crazy.cat]

devo fare la scansione su ogni in cui ho quell'accaunt di posta?

Su ogni cosa?
Se è su ogni pc, allora si, può darsi che uno sia infetto.

dove posso trovare combofix?

http://www.bleepingcomputer.com/combofi ... e-combofix

[pmarco66]

scaricato combofix ma mi da errore nell'installazione (forse perche' ho s.o. windows 7) cosa posso fare?
grazie

[pmarco66]

ComboFix 10-01-18.02 - Marco 19/01/2010 9.12.02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2311 [GMT 1:00]
Eseguito da: c:\documents and settings\Marco\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\Fast Browser Search
c:\programmi\Fast Browser Search\IE\1.bat
c:\programmi\Fast Browser Search\IE\about.html
c:\programmi\Fast Browser Search\IE\affid.dat
c:\programmi\Fast Browser Search\IE\basis.xml
c:\programmi\Fast Browser Search\IE\basis_br.xml
c:\programmi\Fast Browser Search\IE\basis_de.xml
c:\programmi\Fast Browser Search\IE\basis_en.xml
c:\programmi\Fast Browser Search\IE\basis_es.xml
c:\programmi\Fast Browser Search\IE\basis_fr.xml
c:\programmi\Fast Browser Search\IE\basis_it.xml
c:\programmi\Fast Browser Search\IE\basis_nr.xml
c:\programmi\Fast Browser Search\IE\basis_pt.xml
c:\programmi\Fast Browser Search\IE\basis_ru.xml
c:\programmi\Fast Browser Search\IE\basis_tr.xml
c:\programmi\Fast Browser Search\IE\BHO.dll
c:\programmi\Fast Browser Search\IE\fbsSearchProvider.xml
c:\programmi\Fast Browser Search\IE\fbstoolbar.manifest
c:\programmi\Fast Browser Search\IE\icons.bmp
c:\programmi\Fast Browser Search\IE\info.txt
c:\programmi\Fast Browser Search\IE\local.xml
c:\programmi\Fast Browser Search\IE\logobg.bmp
c:\programmi\Fast Browser Search\IE\MTWBtoolbar.html
c:\programmi\Fast Browser Search\IE\search.bmp
c:\programmi\Fast Browser Search\IE\search_br.bmp
c:\programmi\Fast Browser Search\IE\search_de.bmp
c:\programmi\Fast Browser Search\IE\search_es.bmp
c:\programmi\Fast Browser Search\IE\search_fr.bmp
c:\programmi\Fast Browser Search\IE\search_it.bmp
c:\programmi\Fast Browser Search\IE\search_pt.bmp
c:\programmi\Fast Browser Search\IE\search_ru.bmp
c:\programmi\Fast Browser Search\IE\SearchGuardPlus.exe
c:\programmi\Fast Browser Search\IE\SearchGuardPlus.ico
c:\programmi\Fast Browser Search\IE\SGPU.ico
c:\programmi\Fast Browser Search\IE\sgpUpdater.exe
c:\programmi\Fast Browser Search\IE\sgpUpdater.xml
c:\programmi\Fast Browser Search\IE\SGPUpdaterS.exe
c:\programmi\Fast Browser Search\IE\tbhelper.dll
c:\programmi\Fast Browser Search\IE\tbs_include_script_003175.js
c:\programmi\Fast Browser Search\IE\tbs_include_script_005064.js
c:\programmi\Fast Browser Search\IE\tbs_include_script_012817.js
c:\programmi\Fast Browser Search\IE\Toolbar Help.htm
c:\programmi\Fast Browser Search\IE\uninstall.exe
c:\programmi\Fast Browser Search\IE\uninstalSGP.exe
c:\programmi\Fast Browser Search\IE\uninstalSGPU.exe
c:\programmi\Fast Browser Search\IE\update.exe
c:\programmi\Fast Browser Search\IE\version.txt
c:\programmi\SGPSA
c:\programmi\SGPSA\BHO.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\Temp\3mrutxgr.dll
c:\windows\Temp\5-ohagn6.dll
c:\windows\Temp\7avt0jyd.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-12-19 al 2010-01-19 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 08:06 . 2009-07-13 07:41 -------- d-----w- c:\programmi\Symantec AntiVirus
2010-01-18 10:54 . 2008-04-14 03:00 546406 ----a-w- c:\windows\system32\perfh010.dat
2010-01-18 10:54 . 2008-04-14 03:00 106568 ----a-w- c:\windows\system32\perfc010.dat
2010-01-14 08:22 . 2009-07-13 08:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-12-17 14:15 . 2009-07-23 09:27 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\BitTorrent
2009-12-17 13:32 . 2009-12-17 13:31 -------- d-----w- c:\programmi\eMule
2009-11-30 09:12 . 2009-09-23 08:12 3695616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-26 08:30 . 2009-07-13 09:39 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\NeroVision
2009-11-21 15:54 . 2008-04-14 03:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-04 08:02 . 2009-11-04 08:02 152576 ----a-w- c:\documents and settings\Marco\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:40 . 2008-04-14 03:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 09:02 . 2009-07-08 06:46 137952 ----a-w- c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2008-09-01 . 7109E7E75CC8BB2B3C05E03CD80AA446 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 73728]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 2550272]
"LaCie Hard Drive Configuration"="c:\programmi\LaCie\SAFE Hard Drive\SAFE Hard Drive Configuration.exe" [2007-01-18 3624960]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2004-04-22 66656]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-04-22 124128]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-16 122368]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-23 520024]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-03-28 413696]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 137216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Marco\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-14 113664]
PHOTOfunSTUDIO.lnk - c:\programmi\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2009-7-23 44176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/07/2009 9.11.06 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22.34.37 1028432]
S2 LaCie Safe Hard Drive Enabler;LaCie Safe Hard Drive Enabler;c:\programmi\LaCie\SAFE Hard Drive\SafeService.exe [07/07/2009 12.31.32 61440]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys c:\windows\system32\Drivers\SSPORT.sys
S3 SavRoam;SAVRoam;c:\programmi\Symantec AntiVirus\SavRoam.exe [22/04/2004 11.45.44 173288]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 08:11]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.lnf.infn.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: SmarThru4 Acquisisci selezione - c:\programmi\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\programmi\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Salva come HTML - c:\programmi\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Salva testo selezionato - c:\programmi\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\programmi\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\programmi\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\programmi\SmarThru 4\WebCapture.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 09:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-01-19 09:21:20
ComboFix-quarantined-files.txt 2010-01-19 08:21

Pre-Run: 203.026.591.744 byte disponibili
Post-Run: 203.191.521.280 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6D7CB397F072121C98F28218360FC448

[pmarco66]

questo il log del secondo pc

ComboFix 10-01-19.01 - Marco 19/01/2010 22:16:33.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.39.1040.18.3572.2580 [GMT 1:00]
Eseguito da: c:\users\Marco\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

.
((((((((((((((((((((((((( Files Creati Da 2009-12-19 al 2010-01-19 )))))))))))))))))))))))))))))))))))
.

2010-01-19 21:20 . 2010-01-19 21:20 -------- d-----w- c:\users\Marco\AppData\Local\temp
2010-01-19 21:20 . 2010-01-19 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-13 17:40 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 17:40 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 16:40 . 2009-07-30 13:54 121848 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2010-01-12 16:40 . 2008-05-23 08:39 20288 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-01-10 20:13 . 2010-01-10 20:17 -------- d-----w- c:\program files\Diary Link
2010-01-10 20:13 . 2010-01-10 20:13 -------- d-----w- c:\program files\Borland
2009-12-26 13:02 . 2009-12-26 13:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-24 08:48 . 2009-12-24 08:48 -------- d-----w- c:\programdata\WinZip
2009-12-22 22:02 . 2009-12-22 22:02 -------- d-----w- c:\users\Marco\AppData\Local\Sophos
2009-12-20 21:27 . 2010-01-19 20:00 -------- d-----w- C:\My Folder_3
2009-12-20 21:25 . 2010-01-14 18:12 -------- d-----w- C:\My Folder_2
2009-12-20 21:24 . 2010-01-19 19:58 -------- d-----w- C:\My Folder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 20:59 . 2009-07-14 08:21 689472 ----a-w- c:\windows\system32\perfh010.dat
2010-01-19 20:59 . 2009-07-14 08:21 124626 ----a-w- c:\windows\system32\perfc010.dat
2010-01-19 18:26 . 2009-12-17 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 16:45 . 2009-12-16 17:32 -------- d-----w- c:\programdata\Microsoft Help
2010-01-14 10:12 . 2009-12-16 17:10 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 20:16 . 2010-01-07 20:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-20 19:52 . 2009-12-20 19:16 -------- d-----w- c:\program files\Newsoft
2009-12-20 19:18 . 2009-12-20 19:18 -------- d-----w- c:\program files\directx
2009-12-20 19:15 . 2009-12-20 19:15 -------- d-----w- c:\program files\Digital Photo Navigator 1.0
2009-12-20 19:15 . 2009-12-16 19:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-20 19:14 . 2009-12-17 08:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-20 19:10 . 2009-12-16 20:35 -------- d-----w- c:\programdata\NVIDIA
2009-12-20 19:07 . 2009-12-20 19:07 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-20 18:16 . 2003-04-05 12:33 20458 ----a-w- c:\windows\hpoins01.dat
2009-12-20 18:16 . 2009-12-20 18:08 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-20 18:16 . 2009-12-20 18:16 77004 ----a-w- c:\windows\system32\drivers\AFS.SYS
2009-12-20 18:09 . 2009-12-20 18:09 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-12-19 11:36 . 2009-12-17 20:18 -------- d-----w- c:\program files\Windows Live
2009-12-19 08:55 . 2009-12-19 08:55 -------- d-----w- c:\programdata\SafeNet Sentinel
2009-12-19 08:55 . 2009-12-19 08:55 -------- d-----w- c:\program files\SafeNet Sentinel
2009-12-19 08:55 . 2009-12-19 08:55 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2009-12-19 08:51 . 2009-12-16 20:28 108824 ----a-w- c:\users\Marco\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-19 08:41 . 2009-12-16 17:36 -------- d-----w- c:\program files\Microsoft Works
2009-12-18 08:50 . 2009-12-18 08:50 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2009-12-18 08:50 . 2009-12-18 08:50 -------- d-----w- c:\program files\Cisco Systems
2009-12-17 20:19 . 2009-12-17 20:19 -------- d-----w- c:\program files\Microsoft
2009-12-17 20:19 . 2009-12-17 20:19 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-17 20:14 . 2009-12-17 20:14 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-17 20:12 . 2009-12-17 20:12 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-17 20:11 . 2009-12-17 20:11 -------- d-----w- c:\users\Marco\AppData\Roaming\Malwarebytes
2009-12-17 20:11 . 2009-12-17 20:11 -------- d-----w- c:\programdata\Malwarebytes
2009-12-17 17:51 . 2009-12-17 17:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-17 12:23 . 2009-12-17 12:22 -------- d-----w- c:\program files\Microsoft Games
2009-12-17 12:09 . 2009-12-17 12:09 -------- d-----w- c:\users\Marco\AppData\Roaming\Thunderbird
2009-12-17 10:28 . 2009-12-17 10:28 -------- d-----w- c:\program files\Leica
2009-12-17 09:42 . 2009-12-17 09:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-17 09:07 . 2009-12-17 09:07 -------- d-----w- c:\programdata\nView_Profiles
2009-12-17 08:53 . 2009-12-16 17:48 -------- d-----w- c:\program files\Dell
2009-12-17 08:30 . 2009-12-17 08:30 -------- d-----w- c:\users\Marco\AppData\Roaming\Creative
2009-12-17 08:30 . 2009-12-17 08:30 -------- d-----w- c:\programdata\Creative
2009-12-17 08:19 . 2009-12-17 08:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_SensorsAlsDriver_01_09_00.Wdf
2009-12-17 08:16 . 2009-12-17 08:16 -------- d-----w- c:\program files\Creative
2009-12-17 08:15 . 2009-12-17 08:15 -------- d-----w- c:\program files\Dell Webcam
2009-12-16 20:45 . 2009-12-16 20:45 224816 ----a-r- c:\users\Marco\AppData\Roaming\Microsoft\Installer\{2220CF3A-EBD6-4070-94D0-0C7337B537A7}\ARPPRODUCTICON.exe
2009-12-16 20:44 . 2009-12-16 20:42 -------- d-----w- c:\programdata\Dell
2009-12-16 20:29 . 2009-12-16 20:29 1230960 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll
2009-12-16 19:14 . 2009-12-16 19:14 -------- d-----w- c:\program files\Intel
2009-12-16 19:02 . 2009-12-16 19:02 -------- d-----w- c:\program files\Google
2009-12-16 19:01 . 2009-12-16 18:17 -------- d-----w- c:\program files\Java
2009-12-16 18:26 . 2009-12-16 18:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-12-16 18:26 . 2009-12-16 18:26 -------- d-----w- c:\program files\DellTPad
2009-12-16 18:14 . 2009-12-16 18:14 -------- d-----w- c:\program files\WIDCOMM
2009-12-16 17:48 . 2009-12-16 17:48 45056 ----a-r- c:\users\Marco\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2009-12-16 17:48 . 2009-12-16 17:48 10134 ----a-r- c:\users\Marco\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2009-12-16 17:36 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-12-16 17:36 . 2009-12-16 17:36 -------- d-----w- c:\program files\Microsoft.NET
2009-12-16 17:32 . 2009-12-16 17:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-16 17:22 . 2009-12-16 17:21 -------- d-----w- c:\programdata\Sophos
2009-12-16 17:22 . 2009-12-16 17:21 -------- d-----w- c:\program files\Sophos
2009-12-16 17:21 . 2009-12-16 17:21 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-12-16 16:54 . 2009-12-16 16:54 -------- d-sh--we c:\programdata\Preferiti
2009-12-16 16:54 . 2009-12-16 16:54 -------- d-sh--we c:\programdata\Modelli
2009-12-16 16:54 . 2009-12-16 16:54 -------- d-sh--we c:\programdata\Menu Avvio
2009-12-16 16:54 . 2009-12-16 16:54 -------- d-sh--we c:\programdata\Documenti
2009-12-16 16:54 . 2009-12-16 16:54 -------- d-sh--we c:\programdata\Dati applicazioni
2009-12-16 16:54 . 2009-12-16 16:54 -------- d-sh--we c:\program files\File comuni
2009-12-16 16:24 . 2009-12-16 16:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2009-12-03 15:14 . 2009-12-17 20:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-12-17 20:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 07:22 . 2009-12-17 13:51 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-11 656384]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-07-08 413827]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-9-4 429096]
VPN Client.lnk - c:\windows\Installer\{229205AC-74D7-4045-BE2E-F3276B498EF1}\Icon3E5562ED7.ico [2009-12-18 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

R0 AFS;AFS;c:\windows\System32\drivers\AFS.SYS [20/12/2009 19:16 77004]
R1 SAVOnAccess;SAVOnAccess;c:\windows\System32\drivers\savonaccess.sys [12/01/2010 17:40 121848]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [27/04/2009 13:40 293968]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [16/07/2009 12:10 382752]
R2 SAVAdminService;Report sullo stato di Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [07/09/2009 12:11 104488]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [07/09/2009 12:11 93736]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [17/09/2009 01:03 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [17/09/2009 01:00 292128]
R3 acpials;Filtro sensore luce ambientale;c:\windows\System32\drivers\acpials.sys [14/07/2009 09:34 7680]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [16/12/2009 19:15 29472]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\System32\drivers\CtClsFlt.sys [17/12/2009 09:15 143968]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\System32\drivers\e1y6232.sys [16/12/2009 20:13 221912]
R3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\System32\drivers\netw5v32.sys [10/06/2009 22:18 4231168]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [03/06/2008 09:30 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [18/09/2008 17:03 277440]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [14/05/2009 09:01 4440064]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\System32\drivers\CtAudDrv.sys [17/12/2009 09:15 134144]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [17/12/2009 21:11 38224]
S4 SophosBootDriver;SophosBootDriver;c:\windows\System32\drivers\SophosBootDriver.sys [12/01/2010 17:40 20288]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fastweb.it/portale/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2010-01-19 22:22:15
ComboFix-quarantined-files.txt 2010-01-19 21:22

Pre-Run: 241.274.454.016 byte disponibili
Post-Run: 241.500.008.448 byte disponibili

- - End Of File - - 7367756DE2FF234050D8D04EC1F08562