Sono i difficolta con il PC succede una cosa strana: quando vado ad eseguire programmi che riguardano il controllo del sistema il ripristino della configurazione o comunque qualsiasi app. che controlli o i programmi antivirus risultano disattivati o impieghi la memoria interna del PC queste si bloccano (vedi es. file jpg allegato), per questo motivo ho fatto controllo con l'app. Combofix (file allegato combofix.txt). Se qualche buona anima mi aiuta a risolvere questo problema mi farebbe un grosso piacere, anche perché questo PC lo uso quotidianamente per il mio lavoro d'ufficio.
Grazie
Fabio Tortoioli
ComboFix 12-12-14.01 - f.tortoioli 17/12/2012 8.48.00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2343 [GMT 1:00]
Eseguito da: c:\documents and settings\f.tortoioli\desktop\abc.exe
Opzioni usate :: /killall
AV: ESET NOD32 antivirus system 2.70 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Creato nuovo punto di ripristino
* Resident AV is active
.
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\952670046D.sys
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\F.Tortoioli\Dati applicazioni\OfferBox
c:\documents and settings\F.Tortoioli\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\109.tmp
c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\18.tmp
c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\235.tmp
c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\4E.tmp
c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\5E.tmp
c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\6F.tmp
c:\documents and settings\F.Tortoioli\WINDOWS
c:\documents and settings\Fabio\Dati applicazioni\PriceGong
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\1.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\a.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\b.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\c.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\d.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\e.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\f.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\g.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\h.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\i.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\j.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\k.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\l.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\m.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\n.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\o.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\p.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\q.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\r.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\s.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\t.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\u.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\v.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\w.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\wlu.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\x.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\y.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\z.txt
c:\documents and settings\Fabio\Dati applicazioni\Toolbar4
c:\documents and settings\Fabio\Impostazioni locali\Dati applicazioni\138.tmp
c:\documents and settings\Fabio\Impostazioni locali\Dati applicazioni\143.tmp
c:\documents and settings\l.fedelini\Dati applicazioni\OfferBox
c:\documents and settings\l.fedelini\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\l.fedelini\Dati applicazioni\OfferBox\config.xml
c:\programmi\smartdl
c:\programmi\smartdl\header.bmp
c:\programmi\smartdl\header2.bmp
c:\programmi\smartdl\header3.bmp
c:\programmi\smartdl\installid
c:\programmi\smartdl\next.bmp
c:\programmi\smartdl\skip.bmp
c:\windows\IsUn0410.exe
c:\windows\system32\DIASUninst.ini
c:\windows\system32\SET51.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\Tasks\pwyegjup.job
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSDRV32
.
.
((((((((((((((((((((((((( Files Creati Da 2012-11-17 al 2012-12-17 )))))))))))))))))))))))))))))))))))
.
.
2012-12-14 09:55 . 2012-12-14 09:55 14664 ----a-w- c:\windows\stinger.sys
2012-12-14 09:54 . 2012-12-14 11:09 -------- d-----w- c:\programmi\stinger
2012-12-14 09:43 . 2012-11-19 00:04 6812136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{032D8CDA-2187-4E09-986F-4FB1A068185F}\mpengine.dll
2012-12-14 09:43 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-12-14 09:33 . 2012-12-14 09:33 -------- d-----w- c:\programmi\Microsoft Security Client
2012-12-13 11:44 . 2012-12-13 11:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-12-12 12:42 . 2012-12-12 12:42 -------- d-----w- c:\programmi\Electronic Arts
2012-12-12 12:42 . 2012-12-12 12:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2012-12-07 12:33 . 2012-12-07 12:33 -------- d-----w- c:\documents and settings\g.cristofori
2012-12-06 11:40 . 2011-11-04 19:13 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-12-06 11:40 . 2011-11-04 19:13 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-12-06 11:40 . 2011-11-04 19:13 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-12-06 11:40 . 2011-11-04 19:13 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-12-06 11:40 . 2011-11-04 19:13 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-12-06 11:40 . 2011-11-04 19:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-12-06 11:40 . 2011-11-04 19:13 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-12-06 11:00 . 2012-12-06 11:00 -------- d-----w- c:\documents and settings\e.varani\Impostazioni locali\Dati applicazioni\McAfee
2012-12-06 10:59 . 2012-12-06 10:59 -------- d-----w- c:\documents and settings\s.digennaro
2012-12-06 07:44 . 2012-12-06 07:44 -------- d-----w- c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\PCHealth
2012-12-05 10:27 . 2012-12-05 10:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Mobile Partner
2012-12-05 10:27 . 2012-12-05 10:26 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2012-12-05 10:27 . 2012-12-05 10:26 90368 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-12-05 10:27 . 2012-12-05 10:26 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-12-05 10:27 . 2012-12-05 10:26 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-12-05 10:27 . 2012-12-05 10:26 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-12-05 10:27 . 2012-12-05 10:26 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-12-05 10:27 . 2012-12-05 10:26 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-12-05 10:27 . 2012-12-05 10:26 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-12-05 10:27 . 2012-12-05 10:26 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-12-05 10:27 . 2012-12-05 10:26 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-12-05 10:27 . 2012-12-05 10:26 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-12-05 10:26 . 2012-12-05 10:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DatacardService
2012-12-04 08:08 . 2012-12-05 10:26 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-12-04 08:08 . 2012-12-05 10:26 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-12-04 08:08 . 2012-12-05 10:26 194816 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-12-04 08:07 . 2012-12-04 08:10 -------- d-----w- c:\programmi\Chiavetta Internet
2012-11-29 10:03 . 2012-11-29 10:03 -------- d-----w- c:\programmi\WinPcap
2012-11-29 10:03 . 2012-11-29 10:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Freemake
2012-11-29 10:02 . 2012-11-29 10:03 -------- d-----w- c:\programmi\Freemake
2012-11-29 09:10 . 2012-11-29 10:13 -------- d-----w- c:\programmi\TubeMaster++
2012-11-20 17:39 . 2009-03-04 16:30 709248 ----a-w- c:\windows\system32\drivers\rt2870.sys
2012-11-20 17:39 . 2009-03-04 16:23 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2012-11-20 17:39 . 2012-11-20 17:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ralink Driver
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 09:54 . 2012-05-31 09:15 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-13 11:55 . 2004-08-19 15:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2004-08-19 15:37 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2004-08-19 15:39 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-02 18:04 . 2004-08-19 15:39 58368 ----a-w- c:\windows\system32\synceng.dll
2012-12-14 17:03 . 2012-12-14 17:03 262112 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-05 . 1DBD3966123AC2F6ADE783F7F17F8C7F . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\programmi\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
"Advanced SystemCare 6"="c:\programmi\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"McAfeeUpdaterUI"="c:\programmi\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"KiesTrayAgent"="c:\programmi\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"ShStatEXE"="c:\programmi\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-14 215360]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-09-17 254896]
"McAfee NAC Tray Icon"="c:\programmi\McAfee\MNAC Scanner\ScannerTray.exe" [2012-07-02 407144]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"pcsmig"="c:\programmi\IBM\Personal Communications\pcsmig.exe" [2001-08-21 126976]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a shstat.lnk - c:\programmi\McAfee\VirusScan Enterprise\shstat.exe [2011-9-14 215360]
.
c:\documents and settings\Fabio\Menu Avvio\Programmi\Esecuzione automatica\
Dropbox.lnk - c:\documents and settings\F.Tortoioli\Dati applicazioni\Dropbox\bin\Dropbox.exe [N/A]
.
c:\documents and settings\Sis-Rete\Menu Avvio\Programmi\Esecuzione automatica\
DW_Start.lnk - c:\windows\system32\rwwnw64d.exe [N/A]
.
c:\documents and settings\assistenza.OLIDATA-VIMPZ\Menu Avvio\Programmi\Esecuzione automatica\
Deewoo.lnk - c:\windows\system32\lcntktdl.exe [N/A]
DW_Start.lnk - c:\windows\system32\rpwnw64k.exe [N/A]
.
c:\documents and settings\F.Tortoioli\Menu Avvio\Programmi\Esecuzione automatica\
StripSaver2.lnk - c:\programmi\StripSaver2\StripSaver2.exe [2011-8-14 4255744]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exE"=
"c:\\Programmi\\Imperivm Anthology\\Imperivm III\\gbr.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\CheckPoint\\SSL Network Extender\\slimsvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/03/2010 13.30.10 691696]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [31/05/2012 10.15.32 90368]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\programmi\IObit\Advanced SystemCare 6\ASCService.exe [05/12/2012 12.16.28 464256]
R2 cpextender;Check Point SSL Network Extender;c:\programmi\CheckPoint\SSL Network Extender\slimsvc.exe [12/04/2011 14.49.08 353800]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe [14/03/2011 16.27.28 271712]
R2 mfefire;McAfee Firewall Core Service;c:\programmi\File comuni\McAfee\SystemCore\mfefire.exe [22/10/2012 10.02.03 163200]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [31/05/2012 10.15.31 159640]
R2 NACClient;McAfee Network Access Control Client;c:\programmi\McAfee\MNAC Scanner\NACScanner.exe [02/07/2012 22.42.16 1918568]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/02/2011 22.23.34 35088]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [30/11/2010 16.20.18 1483072]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [05/12/2012 11.27.20 73216]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [22/10/2012 10.01.38 348880]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [22/10/2012 10.01.41 83920]
R3 onda_mx83xup_dc_enum;ONDA Mx83xUP DC Enumerator;c:\windows\system32\drivers\onda_mx83xup_dc_enum.sys [13/05/2010 13.54.16 67200]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [02/12/2008 14.46.05 47616]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 12.34.32 10064]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [10/06/2007 15.48.02 129304]
S0 a347scsi;a347scsi;c:\windows\system32\Drivers\a347scsi.sys --> c:\windows\system32\Drivers\a347scsi.sys [?]
S1 e9d6b5aa;e9d6b5aa;c:\windows\system32\drivers\e9d6b5aa.sys --> c:\windows\system32\drivers\e9d6b5aa.sys [?]
S1 fcf1e5a7;fcf1e5a7;c:\windows\system32\drivers\fcf1e5a7.sys [30/01/2009 12.53.02 0]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\programmi\Mobile Partner\UpdateDog\ouc.exe [05/12/2012 11.27.03 246112]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [30/01/2012 11.28.56 30312]
S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\DRIVERS\Eagle2RC.sys --> c:\windows\system32\DRIVERS\Eagle2RC.sys [?]
S3 Eagle2TV;TV tuner device;c:\windows\system32\Drivers\eagle2tv_B.sys --> c:\windows\system32\Drivers\eagle2tv_B.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [05/12/2012 11.27.19 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [05/12/2012 11.27.19 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [04/12/2012 9.08.02 235392]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [22/10/2012 10.01.41 83920]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [31/05/2012 10.15.41 87656]
S3 onda_mx83xup_cdc_acm;ONDA Mx83xUP CDC-ACM driver;c:\windows\system32\drivers\onda_mx83xup_cdc_acm.sys [13/05/2010 13.54.18 70400]
S3 onda_mx83xup_cpo;ONDA Mx83xUP Mass Storage Device;c:\windows\system32\drivers\onda_mx83xup_cpo.sys [13/05/2010 13.54.18 9728]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [10/12/2009 11.44.15 335104]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [30/01/2012 11.28.55 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [30/01/2012 11.28.56 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [30/01/2012 11.28.56 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [30/01/2012 11.28.57 114280]
S4 FreemakeVideoCapture;FreemakeVideoCapture;c:\programmi\Freemake\CaptureLib\CaptureLibService.exe [29/11/2012 11.03.08 8704]
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - mfeavfk01
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-983971780-233310153-1287535205-17785Core1cab915ac37f7a2.job
- c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-10 10:49]
.
2012-12-17 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programmi\Microsoft Security Client\MpCmdRun.exe [2012-09-12 16:25]
.
2012-12-17 c:\windows\Tasks\MpIdleTask.job
- c:\programmi\Microsoft Security Client\MpCmdRun.exe [2012-09-12 16:25]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxymds.sanita.it:8080
uInternet Settings,ProxyOverride = <local>
IE: &Point&&Go - c:\programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
IE: Add to AMV Converter... - c:\programmi\MP3 Player Utilities 4.05\AMVConverter\grab.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\programmi\MP3 Player Utilities 4.05\MediaManager\grab.html
IE: Salva oggetto con Star Downloader - c:\programmi\Star Downloader\sdie.htm
IE: Scarica link utilizzando Mega Manager...
Trusted Zone: carabinieri.it\retewebopz.rete.arma
Trusted Zone: carabinieri.it\vpn
Trusted Zone: interno.it\sii.cedinterforze
Trusted Zone: carabinieri.it\retewebopz.rete.arma
Trusted Zone: carabinieri.it\vpn
TCP: DhcpNameServer = 10.176.10.225 10.176.10.226
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://vpn.carabinieri.it/SNX/CSHELL/extender.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://vpn.carabinieri.it/sre/ICSScanner.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\F.Tortoioli\Dati applicazioni\Mozilla\Firefox\Profiles\f6uzbh9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.ftp - proxymds.sanita.it
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.sanita.it
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxymds.sanita.it
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxymds.sanita.it
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxymds.sanita.it
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: 2012-10-18 12:41; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-29 11:03; fmdownloader@gmail.com; c:\programmi\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF - ExtSQL: 2012-11-29 11:03; ytfmdownloader@gmail.com; c:\programmi\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111798&tt=3012_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3c90da6c000000000000544f60e9620a
FF - user.js: extensions.BabylonToolbar_i.hardId - 3c90da6c000000000000544f60e9620a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15544
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:23
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
------- Associazioni dei file -------
.
JSEFile=NOTEPAD.EXE %1
.txt=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
SafeBoot-SVCWINSPOOL
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-12-17 08:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-983971780-233310153-1287535205-17785\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13E24795-78EE-4B52-EF91-6B4229ED7FA0}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode)
"jabipfcpijimdchjiidf"=hex:6f,61,6a,6b,63,67,62,6f,6f,63,6e,6e,67,63,6f,63,6b,
6f,63,66,68,69,63,66,6f,6e,6d,6e,66,6b,00,ff
.
[HKEY_USERS\S-1-5-21-983971780-233310153-1287535205-17785\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7DE86B24-6665-5D15-2466-0697A5C566F0}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode)
"oabmhjpkeknpjeeaepkabojobdnkhj"=hex:64,61,65,6f,6a,6f,6d,61,00,85
"oafjhgjdhabhicgkohmnfpofnbfgho"=hex:6a,61,65,6f,64,6f,6a,64,65,64,68,67,69,64,
61,64,6c,65,66,6f,00,07
"napjfiiepkoccihlnllgmdolmonl"=hex:6a,61,62,6f,6a,70,67,66,68,67,6c,68,62,63,
65,67,6b,6c,63,68,00,07
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="1809B4F094A1C0D14B9FC94F1096C3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E6678901F07F589925C543F44B76CD5E46EAB0A9DCBA915F4D63A32722800BE6DA3E1AF1F9E7A9B5853F3AB4A86A9ED1613CCE307398ACA4213BDD0BC1237EEF47E8C8E8D4BC0F0BE1DDFE5115C12AF359B2406BDA36713151E2707FE4137C021284FA5941E27CDB8C483F685C2C7B3F64521BBA9431A65492DD794A5E792561912FF48D80AF89029BD889E5D5CEC340F8D358D3A31CB3EFDEDFFA0384F6BB64E1B9E424D9F172686B1ED30DD6C3D918D221D53C11FD287A73515B182F9E26F65EA9D70E976997109B5AF4763B17B37CF2DAD4506A4FB57D50CD66C83EF57096AB39C3908849FB8D0E84AA8B63C9F0B51ED3F9C040FD33173A27C72A9179C8D92D557EC700394788EAC6150B33D15123DA93D09026ED987ABB6293240F1701E4909F429E535547BD9C7FB8089197B834F6D54417B573856D2237BFF521B312F4416D31585EAEE8FCD2C17CE96A77B16E018A26028B59BA4AFC11A7AD34A4965871494D0A7EC843AB01D4AE6A2DC368EB4E542ECEC75D1FFE229188323CB44CF21A6FFD1F171B8CBF5DB0FE184EBF2ED9F58B72520FB13C8F2C0E85BAABA4963C71D28E5310129FC8628602D7C4A7F67855BBF2B48AFBBE8FF68D24D5FE257C3EF797AE3A520EFEE35137AFDD0CA45C9E8CA38F70E6577A2BA24D50E2B260A819EF9771384CE3CC47ACD9E536A35A9BB3FE370FD654506420963DD716C86E6A005F60CF08F1D851B9BA39E2BE10DC9436549E998A08E99641F9036B79455FB4BA8F34A2B5B9AB789987D3CB2C59354EB6F9333D04B919CEF23C77A3E9B4B69E248E082AA59D0B5255E15C2A0489E06EDB9F08EA0F2749EEB18BA4F997A26AE12BAF058B8B1C1C92F1DCB768A031D0445D3ADD784B11D7FC8BDECD4D87A167DD538889CB7239F49008508258B1E3E9C08A7F2D1FAB3B97A2A0EFE5DF12468A17B3F2A6D737F9234AC3D50BAEB9B904F642EE21FBF86DCC2FA93B965764AAA7B1F70EA1FD8CEA27DCE44DD1838ECD6EA1F9469A11CF76B31270803ABEFE6E07FA5FBAF4F2F619F30EBFDB8F51DCBFE79C3D892A431D26F76252C76406B730E1E0BC204DCDD09671C5BDE4AD7B21B3286928031A5C27D0BD5BC1D7577C3617E77577270C08C9FB7B0ED917CBC430D0D52D6ABCE50A06CF99D8C53F8CD9F7CCBC718C7FC704E0E3E399A4DF3B5630C28E30CB883C5C237F16DD78CD30B94C7F76AE881BC883EBEAEC39417103BB9B39E35F24F700C9BF40B1900898A298595F202C8F2F0D2E17B5CEE7EA455E6540E7DACA61E6C8ACEFF5DC39B57BF8DA1822398C5AB5460F"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(6076)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\programmi\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\programmi\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\programmi\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\McAfee\Common Framework\FrameworkService.exe
c:\programmi\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\programmi\McAfee\VirusScan Enterprise\mfeann.exe
c:\documents and settings\All Users\Dati applicazioni\Mobile Partner\OnlineUpdate\ouc.exe
c:\programmi\McAfee\Common Framework\naPrdMgr.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\McAfee\MNAC Scanner\Engine\enginemain.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\File comuni\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\programmi\McAfee\Common Framework\McTray.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Ora fine scansione: 2012-12-17 09:05:50 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-12-17 08:05
.
Pre-Run: 42.918.604.800 byte disponibili
Post-Run: 43.539.398.656 byte disponibili
.
- - End Of File - - 33AD4A1C615966D1F14CB93ACDA05452
Grazie
Fabio Tortoioli
ComboFix 12-12-14.01 - f.tortoioli 17/12/2012 8.48.00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2343 [GMT 1:00]
Eseguito da: c:\documents and settings\f.tortoioli\desktop\abc.exe
Opzioni usate :: /killall
AV: ESET NOD32 antivirus system 2.70 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Creato nuovo punto di ripristino
* Resident AV is active
.
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\952670046D.sys
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\F.Tortoioli\Dati applicazioni\OfferBox
c:\documents and settings\F.Tortoioli\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\109.tmp
c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\18.tmp
c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\235.tmp
c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\4E.tmp
c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\5E.tmp
c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\6F.tmp
c:\documents and settings\F.Tortoioli\WINDOWS
c:\documents and settings\Fabio\Dati applicazioni\PriceGong
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\1.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\a.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\b.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\c.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\d.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\e.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\f.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\g.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\h.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\i.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\j.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\k.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\l.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\m.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\n.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\o.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\p.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\q.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\r.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\s.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\t.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\u.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\v.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\w.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\wlu.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\x.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\y.txt
c:\documents and settings\Fabio\Dati applicazioni\PriceGong\Data\z.txt
c:\documents and settings\Fabio\Dati applicazioni\Toolbar4
c:\documents and settings\Fabio\Impostazioni locali\Dati applicazioni\138.tmp
c:\documents and settings\Fabio\Impostazioni locali\Dati applicazioni\143.tmp
c:\documents and settings\l.fedelini\Dati applicazioni\OfferBox
c:\documents and settings\l.fedelini\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\l.fedelini\Dati applicazioni\OfferBox\config.xml
c:\programmi\smartdl
c:\programmi\smartdl\header.bmp
c:\programmi\smartdl\header2.bmp
c:\programmi\smartdl\header3.bmp
c:\programmi\smartdl\installid
c:\programmi\smartdl\next.bmp
c:\programmi\smartdl\skip.bmp
c:\windows\IsUn0410.exe
c:\windows\system32\DIASUninst.ini
c:\windows\system32\SET51.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\Tasks\pwyegjup.job
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSDRV32
.
.
((((((((((((((((((((((((( Files Creati Da 2012-11-17 al 2012-12-17 )))))))))))))))))))))))))))))))))))
.
.
2012-12-14 09:55 . 2012-12-14 09:55 14664 ----a-w- c:\windows\stinger.sys
2012-12-14 09:54 . 2012-12-14 11:09 -------- d-----w- c:\programmi\stinger
2012-12-14 09:43 . 2012-11-19 00:04 6812136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{032D8CDA-2187-4E09-986F-4FB1A068185F}\mpengine.dll
2012-12-14 09:43 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-12-14 09:33 . 2012-12-14 09:33 -------- d-----w- c:\programmi\Microsoft Security Client
2012-12-13 11:44 . 2012-12-13 11:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-12-12 12:42 . 2012-12-12 12:42 -------- d-----w- c:\programmi\Electronic Arts
2012-12-12 12:42 . 2012-12-12 12:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2012-12-07 12:33 . 2012-12-07 12:33 -------- d-----w- c:\documents and settings\g.cristofori
2012-12-06 11:40 . 2011-11-04 19:13 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-12-06 11:40 . 2011-11-04 19:13 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-12-06 11:40 . 2011-11-04 19:13 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-12-06 11:40 . 2011-11-04 19:13 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-12-06 11:40 . 2011-11-04 19:13 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-12-06 11:40 . 2011-11-04 19:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-12-06 11:40 . 2011-11-04 19:13 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-12-06 11:00 . 2012-12-06 11:00 -------- d-----w- c:\documents and settings\e.varani\Impostazioni locali\Dati applicazioni\McAfee
2012-12-06 10:59 . 2012-12-06 10:59 -------- d-----w- c:\documents and settings\s.digennaro
2012-12-06 07:44 . 2012-12-06 07:44 -------- d-----w- c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\PCHealth
2012-12-05 10:27 . 2012-12-05 10:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Mobile Partner
2012-12-05 10:27 . 2012-12-05 10:26 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2012-12-05 10:27 . 2012-12-05 10:26 90368 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-12-05 10:27 . 2012-12-05 10:26 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-12-05 10:27 . 2012-12-05 10:26 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-12-05 10:27 . 2012-12-05 10:26 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-12-05 10:27 . 2012-12-05 10:26 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-12-05 10:27 . 2012-12-05 10:26 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-12-05 10:27 . 2012-12-05 10:26 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-12-05 10:27 . 2012-12-05 10:26 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-12-05 10:27 . 2012-12-05 10:26 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-12-05 10:27 . 2012-12-05 10:26 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-12-05 10:26 . 2012-12-05 10:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DatacardService
2012-12-04 08:08 . 2012-12-05 10:26 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-12-04 08:08 . 2012-12-05 10:26 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-12-04 08:08 . 2012-12-05 10:26 194816 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-12-04 08:07 . 2012-12-04 08:10 -------- d-----w- c:\programmi\Chiavetta Internet
2012-11-29 10:03 . 2012-11-29 10:03 -------- d-----w- c:\programmi\WinPcap
2012-11-29 10:03 . 2012-11-29 10:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Freemake
2012-11-29 10:02 . 2012-11-29 10:03 -------- d-----w- c:\programmi\Freemake
2012-11-29 09:10 . 2012-11-29 10:13 -------- d-----w- c:\programmi\TubeMaster++
2012-11-20 17:39 . 2009-03-04 16:30 709248 ----a-w- c:\windows\system32\drivers\rt2870.sys
2012-11-20 17:39 . 2009-03-04 16:23 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2012-11-20 17:39 . 2012-11-20 17:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ralink Driver
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 09:54 . 2012-05-31 09:15 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-13 11:55 . 2004-08-19 15:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2004-08-19 15:37 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2004-08-19 15:39 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-02 18:04 . 2004-08-19 15:39 58368 ----a-w- c:\windows\system32\synceng.dll
2012-12-14 17:03 . 2012-12-14 17:03 262112 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-05 . 1DBD3966123AC2F6ADE783F7F17F8C7F . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\programmi\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
"Advanced SystemCare 6"="c:\programmi\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"McAfeeUpdaterUI"="c:\programmi\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"KiesTrayAgent"="c:\programmi\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"ShStatEXE"="c:\programmi\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-14 215360]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-09-17 254896]
"McAfee NAC Tray Icon"="c:\programmi\McAfee\MNAC Scanner\ScannerTray.exe" [2012-07-02 407144]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"pcsmig"="c:\programmi\IBM\Personal Communications\pcsmig.exe" [2001-08-21 126976]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a shstat.lnk - c:\programmi\McAfee\VirusScan Enterprise\shstat.exe [2011-9-14 215360]
.
c:\documents and settings\Fabio\Menu Avvio\Programmi\Esecuzione automatica\
Dropbox.lnk - c:\documents and settings\F.Tortoioli\Dati applicazioni\Dropbox\bin\Dropbox.exe [N/A]
.
c:\documents and settings\Sis-Rete\Menu Avvio\Programmi\Esecuzione automatica\
DW_Start.lnk - c:\windows\system32\rwwnw64d.exe [N/A]
.
c:\documents and settings\assistenza.OLIDATA-VIMPZ\Menu Avvio\Programmi\Esecuzione automatica\
Deewoo.lnk - c:\windows\system32\lcntktdl.exe [N/A]
DW_Start.lnk - c:\windows\system32\rpwnw64k.exe [N/A]
.
c:\documents and settings\F.Tortoioli\Menu Avvio\Programmi\Esecuzione automatica\
StripSaver2.lnk - c:\programmi\StripSaver2\StripSaver2.exe [2011-8-14 4255744]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exE"=
"c:\\Programmi\\Imperivm Anthology\\Imperivm III\\gbr.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\CheckPoint\\SSL Network Extender\\slimsvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/03/2010 13.30.10 691696]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [31/05/2012 10.15.32 90368]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\programmi\IObit\Advanced SystemCare 6\ASCService.exe [05/12/2012 12.16.28 464256]
R2 cpextender;Check Point SSL Network Extender;c:\programmi\CheckPoint\SSL Network Extender\slimsvc.exe [12/04/2011 14.49.08 353800]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe [14/03/2011 16.27.28 271712]
R2 mfefire;McAfee Firewall Core Service;c:\programmi\File comuni\McAfee\SystemCore\mfefire.exe [22/10/2012 10.02.03 163200]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [31/05/2012 10.15.31 159640]
R2 NACClient;McAfee Network Access Control Client;c:\programmi\McAfee\MNAC Scanner\NACScanner.exe [02/07/2012 22.42.16 1918568]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/02/2011 22.23.34 35088]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [30/11/2010 16.20.18 1483072]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [05/12/2012 11.27.20 73216]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [22/10/2012 10.01.38 348880]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [22/10/2012 10.01.41 83920]
R3 onda_mx83xup_dc_enum;ONDA Mx83xUP DC Enumerator;c:\windows\system32\drivers\onda_mx83xup_dc_enum.sys [13/05/2010 13.54.16 67200]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [02/12/2008 14.46.05 47616]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 12.34.32 10064]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [10/06/2007 15.48.02 129304]
S0 a347scsi;a347scsi;c:\windows\system32\Drivers\a347scsi.sys --> c:\windows\system32\Drivers\a347scsi.sys [?]
S1 e9d6b5aa;e9d6b5aa;c:\windows\system32\drivers\e9d6b5aa.sys --> c:\windows\system32\drivers\e9d6b5aa.sys [?]
S1 fcf1e5a7;fcf1e5a7;c:\windows\system32\drivers\fcf1e5a7.sys [30/01/2009 12.53.02 0]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\programmi\Mobile Partner\UpdateDog\ouc.exe [05/12/2012 11.27.03 246112]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [30/01/2012 11.28.56 30312]
S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\DRIVERS\Eagle2RC.sys --> c:\windows\system32\DRIVERS\Eagle2RC.sys [?]
S3 Eagle2TV;TV tuner device;c:\windows\system32\Drivers\eagle2tv_B.sys --> c:\windows\system32\Drivers\eagle2tv_B.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [05/12/2012 11.27.19 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [05/12/2012 11.27.19 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [04/12/2012 9.08.02 235392]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [22/10/2012 10.01.41 83920]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [31/05/2012 10.15.41 87656]
S3 onda_mx83xup_cdc_acm;ONDA Mx83xUP CDC-ACM driver;c:\windows\system32\drivers\onda_mx83xup_cdc_acm.sys [13/05/2010 13.54.18 70400]
S3 onda_mx83xup_cpo;ONDA Mx83xUP Mass Storage Device;c:\windows\system32\drivers\onda_mx83xup_cpo.sys [13/05/2010 13.54.18 9728]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [10/12/2009 11.44.15 335104]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [30/01/2012 11.28.55 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [30/01/2012 11.28.56 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [30/01/2012 11.28.56 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [30/01/2012 11.28.57 114280]
S4 FreemakeVideoCapture;FreemakeVideoCapture;c:\programmi\Freemake\CaptureLib\CaptureLibService.exe [29/11/2012 11.03.08 8704]
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - mfeavfk01
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-983971780-233310153-1287535205-17785Core1cab915ac37f7a2.job
- c:\documents and settings\F.Tortoioli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-10 10:49]
.
2012-12-17 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programmi\Microsoft Security Client\MpCmdRun.exe [2012-09-12 16:25]
.
2012-12-17 c:\windows\Tasks\MpIdleTask.job
- c:\programmi\Microsoft Security Client\MpCmdRun.exe [2012-09-12 16:25]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxymds.sanita.it:8080
uInternet Settings,ProxyOverride = <local>
IE: &Point&&Go - c:\programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
IE: Add to AMV Converter... - c:\programmi\MP3 Player Utilities 4.05\AMVConverter\grab.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\programmi\MP3 Player Utilities 4.05\MediaManager\grab.html
IE: Salva oggetto con Star Downloader - c:\programmi\Star Downloader\sdie.htm
IE: Scarica link utilizzando Mega Manager...
Trusted Zone: carabinieri.it\retewebopz.rete.arma
Trusted Zone: carabinieri.it\vpn
Trusted Zone: interno.it\sii.cedinterforze
Trusted Zone: carabinieri.it\retewebopz.rete.arma
Trusted Zone: carabinieri.it\vpn
TCP: DhcpNameServer = 10.176.10.225 10.176.10.226
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://vpn.carabinieri.it/SNX/CSHELL/extender.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://vpn.carabinieri.it/sre/ICSScanner.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\F.Tortoioli\Dati applicazioni\Mozilla\Firefox\Profiles\f6uzbh9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.ftp - proxymds.sanita.it
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.sanita.it
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxymds.sanita.it
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxymds.sanita.it
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxymds.sanita.it
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: 2012-10-18 12:41; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-29 11:03; fmdownloader@gmail.com; c:\programmi\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF - ExtSQL: 2012-11-29 11:03; ytfmdownloader@gmail.com; c:\programmi\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111798&tt=3012_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3c90da6c000000000000544f60e9620a
FF - user.js: extensions.BabylonToolbar_i.hardId - 3c90da6c000000000000544f60e9620a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15544
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:23
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
------- Associazioni dei file -------
.
JSEFile=NOTEPAD.EXE %1
.txt=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
SafeBoot-SVCWINSPOOL
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-12-17 08:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-983971780-233310153-1287535205-17785\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13E24795-78EE-4B52-EF91-6B4229ED7FA0}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode)
"jabipfcpijimdchjiidf"=hex:6f,61,6a,6b,63,67,62,6f,6f,63,6e,6e,67,63,6f,63,6b,
6f,63,66,68,69,63,66,6f,6e,6d,6e,66,6b,00,ff
.
[HKEY_USERS\S-1-5-21-983971780-233310153-1287535205-17785\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7DE86B24-6665-5D15-2466-0697A5C566F0}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode)
"oabmhjpkeknpjeeaepkabojobdnkhj"=hex:64,61,65,6f,6a,6f,6d,61,00,85
"oafjhgjdhabhicgkohmnfpofnbfgho"=hex:6a,61,65,6f,64,6f,6a,64,65,64,68,67,69,64,
61,64,6c,65,66,6f,00,07
"napjfiiepkoccihlnllgmdolmonl"=hex:6a,61,62,6f,6a,70,67,66,68,67,6c,68,62,63,
65,67,6b,6c,63,68,00,07
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="1809B4F094A1C0D14B9FC94F1096C3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E6678901F07F589925C543F44B76CD5E46EAB0A9DCBA915F4D63A32722800BE6DA3E1AF1F9E7A9B5853F3AB4A86A9ED1613CCE307398ACA4213BDD0BC1237EEF47E8C8E8D4BC0F0BE1DDFE5115C12AF359B2406BDA36713151E2707FE4137C021284FA5941E27CDB8C483F685C2C7B3F64521BBA9431A65492DD794A5E792561912FF48D80AF89029BD889E5D5CEC340F8D358D3A31CB3EFDEDFFA0384F6BB64E1B9E424D9F172686B1ED30DD6C3D918D221D53C11FD287A73515B182F9E26F65EA9D70E976997109B5AF4763B17B37CF2DAD4506A4FB57D50CD66C83EF57096AB39C3908849FB8D0E84AA8B63C9F0B51ED3F9C040FD33173A27C72A9179C8D92D557EC700394788EAC6150B33D15123DA93D09026ED987ABB6293240F1701E4909F429E535547BD9C7FB8089197B834F6D54417B573856D2237BFF521B312F4416D31585EAEE8FCD2C17CE96A77B16E018A26028B59BA4AFC11A7AD34A4965871494D0A7EC843AB01D4AE6A2DC368EB4E542ECEC75D1FFE229188323CB44CF21A6FFD1F171B8CBF5DB0FE184EBF2ED9F58B72520FB13C8F2C0E85BAABA4963C71D28E5310129FC8628602D7C4A7F67855BBF2B48AFBBE8FF68D24D5FE257C3EF797AE3A520EFEE35137AFDD0CA45C9E8CA38F70E6577A2BA24D50E2B260A819EF9771384CE3CC47ACD9E536A35A9BB3FE370FD654506420963DD716C86E6A005F60CF08F1D851B9BA39E2BE10DC9436549E998A08E99641F9036B79455FB4BA8F34A2B5B9AB789987D3CB2C59354EB6F9333D04B919CEF23C77A3E9B4B69E248E082AA59D0B5255E15C2A0489E06EDB9F08EA0F2749EEB18BA4F997A26AE12BAF058B8B1C1C92F1DCB768A031D0445D3ADD784B11D7FC8BDECD4D87A167DD538889CB7239F49008508258B1E3E9C08A7F2D1FAB3B97A2A0EFE5DF12468A17B3F2A6D737F9234AC3D50BAEB9B904F642EE21FBF86DCC2FA93B965764AAA7B1F70EA1FD8CEA27DCE44DD1838ECD6EA1F9469A11CF76B31270803ABEFE6E07FA5FBAF4F2F619F30EBFDB8F51DCBFE79C3D892A431D26F76252C76406B730E1E0BC204DCDD09671C5BDE4AD7B21B3286928031A5C27D0BD5BC1D7577C3617E77577270C08C9FB7B0ED917CBC430D0D52D6ABCE50A06CF99D8C53F8CD9F7CCBC718C7FC704E0E3E399A4DF3B5630C28E30CB883C5C237F16DD78CD30B94C7F76AE881BC883EBEAEC39417103BB9B39E35F24F700C9BF40B1900898A298595F202C8F2F0D2E17B5CEE7EA455E6540E7DACA61E6C8ACEFF5DC39B57BF8DA1822398C5AB5460F"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(6076)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\programmi\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\programmi\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\programmi\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\McAfee\Common Framework\FrameworkService.exe
c:\programmi\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\programmi\McAfee\VirusScan Enterprise\mfeann.exe
c:\documents and settings\All Users\Dati applicazioni\Mobile Partner\OnlineUpdate\ouc.exe
c:\programmi\McAfee\Common Framework\naPrdMgr.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\McAfee\MNAC Scanner\Engine\enginemain.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\File comuni\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\programmi\McAfee\Common Framework\McTray.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Ora fine scansione: 2012-12-17 09:05:50 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-12-17 08:05
.
Pre-Run: 42.918.604.800 byte disponibili
Post-Run: 43.539.398.656 byte disponibili
.
- - End Of File - - 33AD4A1C615966D1F14CB93ACDA05452