Ho dovuto trafficare un po', al limite delle mie conoscenze.
Ho disabilitato BitDefender (antivirus e firewall) e sono andato in modalità provvisoria. Però, lì, sul desktop non compariva l'exe di Combofix ed in Esplora non riuscivo a trovarlo. Sono rientrato in modalità normale, ho creato un collegamento in una cartella e sono ritornato in modalità provvisoria, dove finalmente. Combofix è partito ed ha creato il log. che posto qui sotto. Non ho ancora provveduto, come dice la guida, a disinstallare Combofix. Aspetto tue istruzioni.
ComboFix 11-12-26.02 - BRUNO 26/12/2011 21.55.32.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.798 [GMT 1:00]
Eseguito da: c:\documents and settings\BRUNO\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\BRUNO\Dati applicazioni\OfferBox
c:\documents and settings\BRUNO\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\BRUNO\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\BRUNO\Impostazioni locali\Dati applicazioni\Babylon8_8750.exe
c:\documents and settings\BRUNO\WINDOWS
c:\windows\bwUnin-6.1.4.61-8876480L.exe
c:\windows\IsUn0410.exe
c:\windows\system32\msssc.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\SET35.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET52.tmp
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-26 al 2011-12-26 )))))))))))))))))))))))))))))))))))
.
.
2011-12-26 17:35 . 2011-12-26 17:35 -------- d-----w- c:\programmi\p-nand-q.com
2011-12-25 00:15 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-12-24 15:00 . 1999-12-09 11:19 147456 ----a-w- c:\windows\system32\vbzip10.dll
2011-12-24 12:15 . 2011-12-24 12:15 -------- d-----w- c:\programmi\Navilog1
2011-12-23 20:07 . 2011-12-23 20:07 -------- d-----w- c:\documents and settings\BRUNO\Impostazioni locali\Dati applicazioni\bdch
2011-12-23 17:45 . 2011-12-23 17:45 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\IObit
2011-12-15 20:35 . 2011-12-15 20:35 -------- d-----w- c:\documents and settings\BRUNO\Dati applicazioni\Malwarebytes
2011-12-15 20:34 . 2011-12-15 20:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-12-15 20:34 . 2011-12-26 18:49 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-12-15 20:34 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-15 20:07 . 2011-12-24 12:16 -------- d---a-w- C:\Navilog1
2011-12-11 11:39 . 2011-12-11 11:39 98304 ----a-r- c:\documents and settings\BRUNO\Dati applicazioni\Microsoft\Installer\{2E295B5B-1AD4-4D36-97C2-A316084722CF}\python_icon.exe
2011-12-11 11:38 . 2011-12-11 11:39 -------- d-----w- C:\Python27
2011-12-06 16:39 . 2011-12-06 16:39 -------- d-----w- c:\programmi\TomTom International B.V
2011-12-06 16:38 . 2011-12-06 16:39 -------- d-----w- c:\programmi\TomTom HOME 2
2011-12-06 16:38 . 2011-12-06 16:38 -------- d-----w- c:\programmi\TomTom DesktopSuite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-26 14:56 . 2009-08-06 18:23 215904 ----a-w- c:\windows\system32\muweb.dll
2011-12-10 17:06 . 2011-05-18 09:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2006-03-02 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-03-02 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2006-03-02 12:00 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2004-08-19 15:34 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-12-15 10:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-06 10:37 . 2011-10-07 09:20 86016 ----a-w- c:\windows\system32\custmon32.dll
2011-10-03 03:06 . 2010-04-27 18:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2010-12-19 21:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2006-03-02 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\programmi\File comuni\LinkInstaller.exe
2004-03-11 12:27 . 2009-12-15 15:09 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2010-10-07 16384]
"ATnotes.exe"="c:\programmi\ATnotes\ATnotes.exe" [2005-01-05 1015808]
"KiesTrayAgent"="c:\programmi\Samsung\Kies\KiesTrayAgent.exe" [2011-11-08 3508624]
"KiesPDLR"="c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-08 21392]
"KiesHelper"="c:\programmi\Samsung\Kies\KiesHelper.exe" [2011-11-08 929168]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"zBrowser Launcher"="c:\programmi\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15360]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"BitDefender Antiphishing Helper"="c:\programmi\BitDefender\BitDefender 2011\ieshow.exe" [2011-04-08 71216]
"BDAgent"="c:\programmi\BitDefender\BitDefender 2011\bdagent.exe" [2011-05-19 1449368]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2011-03-22 74752]
"Babylon Client"="c:\programmi\Babylon\Babylon-Pro\Babylon.exe" [2010-04-11 3740088]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"PosService"="c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-03 218624]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - c:\programmi\FreePOPs\freepopsd.exe [2008-12-27 49152]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-10-7 169472]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-12-15 106560]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\AutorunsDisabled
QuickTV6.lnk - c:\programmi\AVerTV 6.1\AVerQT.exe [2006-8-23 520192]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12/12/2003 16.49.07 77312]
S1 BdRawPr;BdRawPr;c:\windows\system32\DRIVERS\bdrawpr.sys --> c:\windows\system32\DRIVERS\bdrawpr.sys [?]
S1 Bdvedisk;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 18.32.40 85128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [27/12/2009 11.56.11 135664]
S2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [15/12/2011 21.34.46 366152]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [18/12/2009 17.51.03 8192]
S2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [16/12/2009 1.43.15 100728]
S2 Updatesrv;BitDefender Desktop Update Service;c:\programmi\BitDefender\BitDefender 2011\updatesrv.exe [11/10/2010 18.34.40 43936]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [22/04/2010 12.19.50 149520]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\programmi\File comuni\BitDefender\BitDefender Firewall\bdfndisf.sys [20/08/2010 14.41.56 111696]
S3 CXFALCON;AVerMedia AVerTV Video Capture (Falcon);c:\windows\system32\drivers\AF2VCap.sys [15/12/2009 11.41.58 344320]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [08/08/2011 15.30.53 20032]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [20/06/2011 8.47.10 113280]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [27/04/2010 21.53.25 36608]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [27/12/2009 11.56.11 135664]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [20/06/2011 9.22.07 100736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15/12/2011 21.34.41 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Update Server;BitDefender Update Server v2;c:\programmi\File comuni\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [11/10/2010 18.26.36 307544]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [02/03/2006 13.00.00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12.16.28 753504]
S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [28/06/2010 11.55.36 633424]
S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [28/06/2010 11.55.42 970320]
S4 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13.21.10 92592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-12-26 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-27 12:40]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-27 10:56]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-27 10:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8D7D6354-20C3-4109-8EE3-54753FB4A251}: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java -
file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\BRUNO\Dati applicazioni\Mozilla\Firefox\Profiles\jn4y4kce.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=7cf3fe60-2370-11e1-825f-00112f948f33
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=7cf3fe60-2370-11e1-825f-00112f948f33
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=7cf3fe60-2370-11e1-825f-00112f948f33&q=
FF - prefs.js: network.proxy.type - 0
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
.
.
------- Associazioni dei file -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
SafeBoot-ioloSystemService
AddRemove-Manuale dell'utente di Creative WebCam NX Italian - c:\windows\IsUn0410.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\documents and settings\BRUNO\Impostazioni locali\Dati applicazioni\PowerOffer\unins000.exe
AddRemove-{56736259-613E-4A3B-B428-6235F2E76F44}_is1 - c:\programmi\Spyware Terminator\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-26 22:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(308)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2011-12-26 22:04:46
ComboFix-quarantined-files.txt 2011-12-26 21:04
.
Pre-Run: 13.122.764.800 byte disponibili
Post-Run: 13.313.060.864 byte disponibili
.
- - End Of File - - 72F6C5FC890448B0B7E7E04B3A6959F1