Sei sulla pagina 1di 14

ComboFix 12-01-05.02 - David 05/01/2012 23.42.04.4.

2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2013.1418 [GMT 1:0
0]
Eseguito da: c:\documents and settings\David\Documenti\Download\ComboFix.exe
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !
!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))
))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\clipsrv.exe . . . infetto!!
.
c:\windows\explorer.exe . . . infetto!!
.
c:\windows\regedit.exe . . . infetto!!
.
c:\windows\inf\unregmp2.exe . . . infetto!!
.
c:\windows\msagent\agentsvr.exe . . . infetto!!
.
c:\windows\pchealth\helpctr\binaries\HelpCtr.exe . . . infetto!!
.
c:\windows\pchealth\helpctr\binaries\HelpHost.exe . . . infetto!!
.
c:\windows\pchealth\helpctr\binaries\helpsvc.exe . . . infetto!!
.
c:\windows\pchealth\helpctr\binaries\HscUpd.exe . . . infetto!!
.
c:\windows\pchealth\helpctr\binaries\msconfig.exe . . . infetto!!
.
c:\windows\pchealth\helpctr\binaries\notiflag.exe . . . infetto!!
.
c:\windows\pchealth\UploadLB\Binaries\UploadM.exe . . . infetto!!
.
c:\windows\system32\accwiz.exe . . . infetto!!
.
c:\windows\system32\ahui.exe . . . infetto!!
.
c:\windows\system32\alg.exe . . . infetto!!
.
c:\windows\system32\arp.exe . . . infetto!!
.
c:\windows\system32\blastcln.exe . . . infetto!!
.
c:\windows\system32\calc.exe . . . infetto!!
.
c:\windows\system32\charmap.exe . . . infetto!!
.
c:\windows\system32\cidaemon.exe . . . infetto!!
.
c:\windows\system32\cisvc.exe . . . infetto!!
.
c:\windows\system32\cleanmgr.exe . . . infetto!!
.
c:\windows\system32\clipbrd.exe . . . infetto!!
.
c:\windows\system32\cmd.exe . . . infetto!!

.
c:\windows\system32\cmdl32.exe . . . infetto!!
.
c:\windows\system32\cmmon32.exe . . . infetto!!
.
c:\windows\system32\cmstp.exe . . . infetto!!
.
c:\windows\system32\compact.exe . . . infetto!!
.
c:\windows\system32\cscript.exe . . . infetto!!
.
c:\windows\system32\ctfmon.exe . . . infetto!!
.
c:\windows\system32\defrag.exe . . . infetto!!
.
c:\windows\system32\dfrgfat.exe . . . infetto!!
.
c:\windows\system32\dfrgntfs.exe . . . infetto!!
.
c:\windows\system32\diantz.exe . . . infetto!!
.
c:\windows\system32\diskpart.exe . . . infetto!!
.
c:\windows\system32\dmadmin.exe . . . infetto!!
.
c:\windows\system32\dplaysvr.exe . . . infetto!!
.
c:\windows\system32\dpnsvr.exe . . . infetto!!
.
c:\windows\system32\dpvsetup.exe . . . infetto!!
.
c:\windows\system32\drwtsn32.exe . . . infetto!!
.
c:\windows\system32\dvdupgrd.exe . . . infetto!!
.
c:\windows\system32\dwwin.exe . . . infetto!!
.
c:\windows\system32\dxdiag.exe . . . infetto!!
.
c:\windows\system32\esentutl.exe . . . infetto!!
.
c:\windows\system32\eudcedit.exe . . . infetto!!
.
c:\windows\system32\expand.exe . . . infetto!!
.
c:\windows\system32\finger.exe . . . infetto!!
.
c:\windows\system32\fltMc.exe . . . infetto!!
.
c:\windows\system32\freecell.exe . . . infetto!!
.
c:\windows\system32\fsquirt.exe . . . infetto!!
.
c:\windows\system32\ftp.exe . . . infetto!!
.
c:\windows\system32\grpconv.exe . . . infetto!!
.
c:\windows\system32\hostname.exe . . . infetto!!
.
c:\windows\system32\ie4uinit.exe . . . infetto!!

.
c:\windows\system32\iexpress.exe . . . infetto!!
.
c:\windows\system32\imapi.exe . . . infetto!!
.
c:\windows\system32\ipconfig.exe . . . infetto!!
.
c:\windows\system32\ipsec6.exe . . . infetto!!
.
c:\windows\system32\ipv6.exe . . . infetto!!
.
c:\windows\system32\ipxroute.exe . . . infetto!!
.
c:\windows\system32\lnkstub.exe . . . infetto!!
.
c:\windows\system32\locator.exe . . . infetto!!
.
c:\windows\system32\logagent.exe . . . infetto!!
.
c:\windows\system32\logman.exe . . . infetto!!
.
c:\windows\system32\logonui.exe . . . infetto!!
.
c:\windows\system32\magnify.exe . . . infetto!!
.
c:\windows\system32\mmcperf.exe . . . infetto!!
.
c:\windows\system32\mnmsrvc.exe . . . infetto!!
.
c:\windows\system32\mobsync.exe . . . infetto!!
.
c:\windows\system32\mplay32.exe . . . infetto!!
.
c:\windows\system32\mpnotify.exe . . . infetto!!
.
c:\windows\system32\msg.exe . . . infetto!!
.
c:\windows\system32\mshearts.exe . . . infetto!!
.
c:\windows\system32\mshta.exe . . . infetto!!
.
c:\windows\system32\msiexec.exe . . . infetto!!
.
c:\windows\system32\mspaint.exe . . . infetto!!
.
c:\windows\system32\mstsc.exe . . . infetto!!
.
c:\windows\system32\napstat.exe . . . infetto!!
.
c:\windows\system32\narrator.exe . . . infetto!!
.
c:\windows\system32\nbtstat.exe . . . infetto!!
.
c:\windows\system32\net.exe . . . infetto!!
.
c:\windows\system32\net1.exe . . . infetto!!
.
c:\windows\system32\netdde.exe . . . infetto!!
.
c:\windows\system32\netsetup.exe . . . infetto!!

.
c:\windows\system32\netstat.exe . . . infetto!!
.
c:\windows\system32\nslookup.exe . . . infetto!!
.
c:\windows\system32\ntsd.exe . . . infetto!!
.
c:\windows\system32\ntvdm.exe . . . infetto!!
.
c:\windows\system32\odbcad32.exe . . . infetto!!
.
c:\windows\system32\odbcconf.exe . . . infetto!!
.
c:\windows\system32\osk.exe . . . infetto!!
.
c:\windows\system32\ping6.exe . . . infetto!!
.
c:\windows\system32\powercfg.exe . . . infetto!!
.
c:\windows\system32\proquota.exe . . . infetto!!
.
c:\windows\system32\rasautou.exe . . . infetto!!
.
c:\windows\system32\rasphone.exe . . . infetto!!
.
c:\windows\system32\rcp.exe . . . infetto!!
.
c:\windows\system32\rdpclip.exe . . . infetto!!
.
c:\windows\system32\rdsaddin.exe . . . infetto!!
.
c:\windows\system32\rdshost.exe . . . infetto!!
.
c:\windows\system32\regini.exe . . . infetto!!
.
c:\windows\system32\regsvr32.exe . . . infetto!!
.
c:\windows\system32\rexec.exe . . . infetto!!
.
c:\windows\system32\routemon.exe . . . infetto!!
.
c:\windows\system32\rsh.exe . . . infetto!!
.
c:\windows\system32\rsmsink.exe . . . infetto!!
.
c:\windows\system32\rsmui.exe . . . infetto!!
.
c:\windows\system32\rsvp.exe . . . infetto!!
.
c:\windows\system32\rtcshare.exe . . . infetto!!
.
c:\windows\system32\runonce.exe . . . infetto!!
.
c:\windows\system32\scardsvr.exe . . . infetto!!
.
c:\windows\system32\sdbinst.exe . . . infetto!!
.
c:\windows\system32\sessmgr.exe . . . infetto!!
.
c:\windows\system32\sethc.exe . . . infetto!!

.
La copia infetta di c:\windows\system32\setup.exe stata trovata e disinfettata
ipristinata copia da - c:\system volume information\_restore{F7003760-18F3-4F53BB16-8B371C4D3006}\RP1\A0000216.exe
.
c:\windows\system32\setupn.exe . . . infetto!!
.
c:\windows\system32\shrpubw.exe . . . infetto!!
.
c:\windows\system32\sigverif.exe . . . infetto!!
.
c:\windows\system32\smlogsvc.exe . . . infetto!!
.
c:\windows\system32\sndrec32.exe . . . infetto!!
.
c:\windows\system32\sndvol32.exe . . . infetto!!
.
c:\windows\system32\sort.exe . . . infetto!!
.
c:\windows\system32\spider.exe . . . infetto!!
.
c:\windows\system32\syncapp.exe . . . infetto!!
.
c:\windows\system32\syskey.exe . . . infetto!!
.
c:\windows\system32\sysocmgr.exe . . . infetto!!
.
c:\windows\system32\taskmgr.exe . . . infetto!!
.
c:\windows\system32\tcpsvcs.exe . . . infetto!!
.
c:\windows\system32\telnet.exe . . . infetto!!
.
c:\windows\system32\tftp.exe . . . infetto!!
.
c:\windows\system32\tracert6.exe . . . infetto!!
.
c:\windows\system32\upnpcont.exe . . . infetto!!
.
c:\windows\system32\userinit.exe . . . infetto!!
.
c:\windows\system32\usrmlnka.exe . . . infetto!!
.
c:\windows\system32\usrprbda.exe . . . infetto!!
.
c:\windows\system32\usrshuta.exe . . . infetto!!
.
c:\windows\system32\verifier.exe . . . infetto!!
.
c:\windows\system32\vssadmin.exe . . . infetto!!
.
c:\windows\system32\vssvc.exe . . . infetto!!
.
c:\windows\system32\w32tm.exe . . . infetto!!
.
c:\windows\system32\wextract.exe . . . infetto!!
.
c:\windows\system32\wiaacmgr.exe . . . infetto!!
.
c:\windows\system32\winchat.exe . . . infetto!!

.
c:\windows\system32\winmine.exe . . . infetto!!
.
c:\windows\system32\winmsd.exe . . . infetto!!
.
c:\windows\system32\wscntfy.exe . . . infetto!!
.
c:\windows\system32\wscript.exe . . . infetto!!
.
c:\windows\system32\wuauclt.exe . . . infetto!!
.
c:\windows\system32\wuauclt1.exe . . . infetto!!
.
c:\windows\system32\wupdmgr.exe . . . infetto!!
.
c:\windows\system32\Com\comrepl.exe . . . infetto!!
.
c:\windows\system32\npp\nppagent.exe . . . infetto!!
.
c:\windows\system32\oobe\oobebaln.exe . . . infetto!!
.
c:\windows\system32\Restore\rstrui.exe . . . infetto!!
.
c:\windows\system32\Restore\srdiag.exe . . . infetto!!
.
c:\windows\system32\usmt\migload.exe . . . infetto!!
.
c:\windows\system32\usmt\migwiz.exe . . . infetto!!
.
c:\windows\system32\usmt\migwiza.exe . . . infetto!!
.
c:\windows\system32\wbem\mofcomp.exe . . . infetto!!
.
c:\windows\system32\wbem\scrcons.exe . . . infetto!!
.
c:\windows\system32\wbem\unsecapp.exe . . . infetto!!
.
c:\windows\system32\wbem\wbemtest.exe . . . infetto!!
.
c:\windows\system32\wbem\winmgmt.exe . . . infetto!!
.
c:\windows\system32\wbem\wmiadap.exe . . . infetto!!
.
c:\windows\system32\wbem\wmiapsrv.exe . . . infetto!!
.
c:\windows\system32\wbem\wmiprvse.exe . . . infetto!!
.
.
((((((((((((((((((((((((( Files Creati Da 2011-12-05 al 2012-01-05 ))))))))))
)))))))))))))))))))))))))
.
.
2012-01-05 22:56 . 2012-01-05 22:56
402
----a-wc:\documents and
settings\David\Impostazioni locali\Dati applicazioni\wsr21zt32.dll
2012-01-05 22:16 . 2012-01-05 22:22
-------d-----wc:\docum
ents and settings\All Users\Dati applicazioni\SecTaskMan
2012-01-05 22:15 . 2012-01-05 22:16
-------d-----wc:\progr
ammi\Security Task Manager
2011-12-31 08:04 . 2012-01-01 05:32
1069056 ----a-wc:\programmi\Moz
illa Firefox\firefox.exe

2011-12-30 16:28 . 2011-12-30 16:28


-------d-----wc:\progr
ammi\File comuni\Java
2011-12-30 16:28 . 2011-12-30 16:28
73728 ----a-wc:\windows\syste
m32\javacpl.cpl
2011-12-30 16:28 . 2011-12-30 16:28
-------d-----wc:\progr
ammi\Java
2011-12-19 12:28 . 2011-12-19 12:28
108
----a-wc:\documents and
settings\David\Dati applicazioni\netstat.bat
2011-12-15 23:56 . 2011-11-21 04:35
134104 ----a-wc:\programmi\Moz
illa Firefox\components\browsercomps.dll
2011-12-15 23:56 . 2011-11-21 04:35
801752 ----a-wc:\programmi\Moz
illa Firefox\mozsqlite3.dll
2011-12-15 23:56 . 2011-11-21 04:35
1989592 ----a-wc:\programmi\Moz
illa Firefox\mozjs.dll
2011-12-15 23:56 . 2011-11-21 04:35
89048 ----a-wc:\programmi\Moz
illa Firefox\libEGL.dll
2011-12-15 23:56 . 2011-11-21 04:35
478168 ----a-wc:\programmi\Moz
illa Firefox\libGLESv2.dll
2011-12-15 23:56 . 2011-11-21 04:35
15832 ----a-wc:\programmi\Moz
illa Firefox\mozalloc.dll
2011-12-15 23:56 . 2011-11-21 01:03
2106216 ----a-wc:\programmi\Moz
illa Firefox\D3DCompiler_43.dll
2011-12-15 23:56 . 2011-11-21 01:03
1998168 ----a-wc:\programmi\Moz
illa Firefox\d3dx9_43.dll
2011-12-08 12:38 . 2011-12-08 12:38
-------d-----wc:\progr
ammi\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
))))))))))))))))))))))))))))))
.
2012-01-02 10:16 . 2010-03-05 11:09
17719296
----a-wc:\windo
ws\RTHDCPL.EXE
2011-12-30 16:28 . 2010-04-25 16:09
472808 ----a-wc:\windows\syste
m32\deployJava1.dll
2011-12-22 19:21 . 2010-05-03 21:23
221184 ----a-wc:\windows\syste
m32\HPZipm12.exe
2011-12-16 01:25 . 2010-03-05 11:09
442368 -c--a-wc:\windows\vncut
il.exe
2011-12-16 01:25 . 2008-06-06 13:54
1118208 ----a-wc:\windows\UNRec
ode.exe
2011-12-16 01:25 . 2007-03-21 20:02
1118208 ----a-wc:\windows\UNNer
oVision.exe
2011-12-16 01:25 . 2007-02-28 15:41
1118208 ----a-wc:\windows\UNNer
oShowTime.exe
2011-12-16 01:25 . 2008-06-24 15:06
1118208 ----a-wc:\windows\UNNer
oMediaHome.exe
2011-12-16 01:25 . 2007-03-20 20:22
1118208 ----a-wc:\windows\UNNer
oBackItUp.exe
2011-12-16 01:24 . 2009-12-20 16:48
297984 -c--a-wc:\windows\syste
m32\wudfhost.exe
2011-12-16 01:24 . 2009-12-20 16:48
168960 -c--a-wc:\windows\syste
m32\wpdshextautoplay.exe
2011-12-16 01:24 . 2006-10-26 12:45
444928 ----a-wc:\windows\syste
m32\WISPTIS.EXE
2011-12-16 01:24 . 2009-12-20 16:48
160256 -c--a-wc:\windows\syste
m32\wdfmgr.exe
2011-12-16 01:23 . 2008-04-13 16:14
180224 ----a-wc:\windows\syste
m32\verclsid.exe

2011-12-16 01:23 . 2009-12-20


m32\uWDF.exe
2011-12-16 01:19 . 2010-03-30
m32\PresentationHost.exe
2011-12-16 01:16 . 2006-03-02
m32\migpwd.exe
2011-12-16 01:15 . 2008-07-29
m32\icardagt.exe
2011-12-16 01:14 . 2010-05-03
m32\HPZinw12.exe
2011-12-16 01:13 . 2009-12-20
m32\drmupgds.exe
2011-12-16 00:51 . 2010-03-05
MAN.EXE
2011-12-16 00:49 . 2010-05-03
how.exe
2011-12-16 00:49 . 2010-03-05
l.exe
2011-12-16 00:49 . 2010-03-05
L.EXE
2011-12-16 00:49 . 2010-03-05
dioService.exe
2011-12-16 00:40 . 2010-03-05
l.exe
2011-12-16 00:40 . 2010-05-03
nst.exe
2011-12-16 00:28 . 2010-03-05
RD.EXE
2011-12-16 00:28 . 2010-03-05
R.EXE
2011-12-15 23:11 . 2011-12-05
m32\FlashPlayerCPLApp.cpl
2011-12-15 22:59 . 2006-12-19
m32\IoctlSvc.exe
2011-12-15 22:57 . 2010-03-09
m32\browserchoice.exe
2011-12-15 01:24 . 2006-03-02
m32\cidaemon.exe
2011-12-10 14:24 . 2011-09-03
m32\drivers\mbam.sys
2011-12-03 18:29 . 2008-04-13
m32\ctfmon.exe
2011-11-30 23:25 . 2008-04-13
rer.exe
2011-11-29 12:15 . 2008-04-13
m32\alg.exe
2011-11-28 23:46 . 2010-03-05
m32\wuauclt1.exe
2011-11-28 23:46 . 2010-03-05
m32\wuauclt.exe
2011-11-28 23:46 . 2008-04-13
m32\wscript.exe
2011-11-28 23:46 . 2008-04-13
m32\wscntfy.exe
2011-11-28 23:46 . 2006-03-02
m32\winmsd.exe
2011-11-28 23:46 . 2010-03-05
m32\winchat.exe
2011-11-28 23:46 . 2008-04-13
m32\wextract.exe

16:48

160256 -c--a-w-

c:\windows\syste

22:10

440832 ----a-w-

c:\windows\syste

11:00

203776 -c--a-w-

c:\windows\syste

17:24

764416 ----a-w-

c:\windows\syste

21:23

217088 -c--a-w-

c:\windows\syste

16:48

401408 -c--a-w-

c:\windows\syste

11:09

229376 -c--a-w-

c:\windows\SOUND

23:20

847872 ----a-w-

c:\windows\SnapS

11:09

1978368 -c--a-w-

c:\windows\SkyTe

11:09

9866752 -c--a-w-

c:\windows\RTLCP

11:09

274432 -c--a-w-

c:\windows\RtkAu

11:09

2319872 -c--a-w-

c:\windows\MicCa

21:23

458240 -c--a-w-

c:\windows\IsUni

11:09

2960384 -c--a-w-

c:\windows\ALCWZ

11:09

208896 -c--a-w-

c:\windows\ALCMT

10:52

414368 ----a-w-

c:\windows\syste

09:30

233472 ----a-w-

c:\windows\syste

20:58

444928 ----a-w-

c:\windows\syste

11:00

159744 -c--a-w-

c:\windows\syste

10:52

20464

----a-w-

c:\windows\syste

16:14

166912 ----a-w-

c:\windows\syste

16:14

1187840 ----a-w-

c:\windows\explo

16:14

196096 ----a-w-

c:\windows\syste

09:25

320000 -c--a-w-

c:\windows\syste

09:25

198656 ----a-w-

c:\windows\syste

16:14

307200 ----a-w-

c:\windows\syste

16:14

165376 -c--a-w-

c:\windows\syste

11:00

163328 -c--a-w-

c:\windows\syste

09:23

187392 -c--a-w-

c:\windows\syste

16:14

218112 -c--a-w-

c:\windows\syste

2011-11-28 23:46 . 2010-03-05 09:23


379392 ----a-wm32\wbem\wmiprvse.exe
2011-11-28 23:46 . 2010-03-05 09:23
165376 -c--a-wm32\wbem\winmgmt.exe
2011-11-28 23:46 . 2010-03-05 09:23
348160 ----a-wm32\wbem\wmiadap.exe
2011-11-28 23:46 . 2010-03-05 09:23
269824 -c--a-wm32\wbem\wbemtest.exe
2011-11-28 23:46 . 2010-03-05 09:23
168448 -c--a-wm32\wbem\unsecapp.exe
2011-11-28 23:46 . 2010-03-05 09:23
187904 -c--a-wm32\wbem\scrcons.exe
2011-11-28 23:46 . 2010-03-05 09:23
168448 ----a-wm32\wbem\mofcomp.exe
2011-11-28 23:46 . 2006-03-02 11:00
203776 -c--a-wm32\w32tm.exe
2011-11-28 23:46 . 2006-03-02 11:00
185344 -c--a-wm32\vssadmin.exe
2011-11-28 23:46 . 2006-03-02 11:00
253440 -c--a-wm32\verifier.exe
2011-11-28 23:46 . 2001-08-30 23:08
225280 -c--a-wm32\usrshuta.exe
2011-11-28 23:46 . 2001-08-30 23:08
217088 -c--a-wm32\usrprbda.exe
2011-11-28 23:46 . 2001-08-30 23:08
233472 -c--a-wm32\usrmlnka.exe
2011-11-28 23:46 . 2008-04-13 16:14
178176 ----a-wm32\userinit.exe
2011-11-28 23:46 . 2008-04-13 16:14
168448 -c--a-wm32\upnpcont.exe
2011-11-28 23:46 . 2006-03-02 11:00
183808 -c--a-wm32\tracert6.exe
2011-11-28 23:46 . 2006-03-02 11:00
168960 -c--a-wm32\tftp.exe
2011-11-28 23:46 . 2008-04-13 16:14
229888 ----a-wm32\telnet.exe
2011-11-28 23:46 . 2006-03-02 11:00
171008 -c--a-wm32\tcpsvcs.exe
2011-11-28 23:46 . 2008-04-13 16:14
290816 ----a-wm32\taskmgr.exe
2011-11-28 23:46 . 2008-04-13 16:14
258560 -c--a-wm32\sysocmgr.exe
2011-11-28 23:46 . 2006-03-02 11:00
202752 -c--a-wm32\syncapp.exe
2011-11-28 23:46 . 2006-03-02 11:00
188928 -c--a-wm32\syskey.exe
2011-11-28 23:46 . 2011-05-25 01:06
749056 ----a-wm32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-11-28 23:46 . 2008-04-13 16:14
177664 -c--a-wm32\sort.exe
2011-11-28 23:45 . 2008-04-13 16:14
222208 -c--a-wm32\sigverif.exe
2011-11-28 23:45 . 2008-04-13 16:14
229888 -c--a-wm32\shrpubw.exe
2011-11-28 23:45 . 2008-04-13 16:14
184320 -c--a-wm32\setupn.exe
2011-11-28 23:45 . 2008-04-13 16:14
184320 -c--a-wm32\sethc.exe
2011-11-28 23:45 . 2008-04-13 16:14
229888 -c--a-wm32\sdbinst.exe

c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste

2011-11-28 23:45 . 2008-04-13 16:14


165888 -c--a-wm32\runonce.exe
2011-11-28 23:45 . 2008-04-13 16:14
229888 -c--a-wm32\rtcshare.exe
2011-11-28 23:45 . 2006-03-02 11:00
200704 -c--a-wm32\rsmui.exe
2011-11-28 23:45 . 2006-03-02 11:00
176128 -c--a-wm32\rsmsink.exe
2011-11-28 23:45 . 2008-04-13 16:14
167424 -c--a-wm32\rsh.exe
2011-11-28 23:45 . 2008-04-13 16:14
166400 -c--a-wm32\rexec.exe
2011-11-28 23:45 . 2006-03-02 11:00
177152 -c--a-wm32\routemon.exe
2011-11-28 23:45 . 2010-03-05 09:23
185344 -c--a-wm32\regini.exe
2011-11-28 23:45 . 2008-04-13 16:14
163840 ----a-wm32\regsvr32.exe
2011-11-28 23:45 . 2010-03-05 09:23
218624 -c--a-wm32\rdshost.exe
2011-11-28 23:45 . 2010-03-05 09:23
165376 -c--a-wm32\rdsaddin.exe
2011-11-28 23:45 . 2010-03-05 09:23
214528 ----a-wm32\rdpclip.exe
2011-11-28 23:45 . 2008-04-13 16:14
208896 -c--a-wm32\rasphone.exe
2011-11-28 23:45 . 2008-04-13 16:14
174592 -c--a-wm32\rcp.exe
2011-11-28 23:45 . 2006-03-02 11:00
163328 -c--a-wm32\rasautou.exe
2011-11-28 23:45 . 2008-04-13 16:14
202240 -c--a-wm32\proquota.exe
2011-11-28 23:45 . 2008-04-13 16:14
200704 -c--a-wm32\powercfg.exe
2011-11-28 23:45 . 2006-03-02 11:00
185344 -c--a-wm32\ping6.exe
2011-11-28 23:45 . 2008-04-13 16:14
221184 -c--a-wm32\odbcconf.exe
2011-11-28 23:45 . 2008-04-13 16:14
572928 ----a-wm32\ntvdm.exe
2011-11-28 23:45 . 2006-03-02 11:00
183296 ----a-wm32\ntsd.exe
2011-11-28 23:45 . 2008-04-13 16:14
230912 -c--a-wm32\nslookup.exe
2011-11-28 23:45 . 2008-04-13 16:14
188928 -c--a-wm32\netstat.exe
2011-11-28 23:45 . 2008-04-13 16:16
483328 -c--a-wm32\netsetup.exe
2011-11-28 23:45 . 2008-04-13 16:14
276480 ----a-wm32\net1.exe
2011-11-28 23:45 . 2008-04-13 16:14
194048 ----a-wm32\net.exe
2011-11-21 04:35 . 2011-12-15 23:56
134104 ----a-willa firefox\components\browsercomps.dll
.
.
------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-28 . 4E1F4B3BFB1F24A163C6AAAD3B378EB2 . 198656 . .

c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\programmi\moz

[7.4.7600.226] .

. c:\windows\system32\wuauclt.exe
[-] 2011-11-28 . 09C43E18EAE54719DE6811FCF767AF24 . 198656 . . [7.4.7600.226] .
. c:\windows\system32\dllcache\wuauclt.exe
[-] 2011-11-28 . 8721277BD8B72CD8C7B33338EAB27EA3 . 198656 . . [7.4.7600.226] .
. c:\windows\ERDNT\cache\wuauclt.exe
.
[-] 2011-11-28 . ED8DF62BAAE2BB93C405D22376AB62F2 . 178176 . . [5.1.2600.5512] .
. c:\windows\system32\userinit.exe
[-] 2011-11-28 . 113BDBDFD67D584EE2C15DB73AAAC92C . 178176 . . [5.1.2600.5512] .
. c:\windows\system32\dllcache\userinit.exe
[-] 2011-11-28 . 3B19E9FEB8CABB6D7B989879BB34B951 . 178176 . . [5.1.2600.5512] .
. c:\windows\ERDNT\cache\userinit.exe
.
[-] 2011-11-30 . A7868F186018DE251F0880E2EF12650A . 1187840 . . [6.00.2900.5512]
. . c:\windows\explorer.exe
[-] 2011-11-28 . F7EF5693E7BDA8D58675E21C1BB5588E . 1187840 . . [6.00.2900.5512]
. . c:\windows\system32\dllcache\explorer.exe
[-] 2011-11-28 . BCB7882A8C66265C942C4288415846D6 . 1187840 . . [6.00.2900.5512]
. . c:\windows\ERDNT\cache\explorer.exe
.
[-] 2011-11-28 . 42A3CD5051A6F3FA20975E63F4BAEAD6 . 303104 . . [5.1.2600.5512] .
. c:\windows\system32\dllcache\regedit.exe
[-] 2011-11-28 . 51D0F2AAB9C2C6D339497888C2197577 . 303104 . . [5.1.2600.5512] .
. c:\windows\regedit.exe
.
[-] 2011-12-03 . B36259BB3D7B9A8519FCC42E95D3DCE5 . 166912 . . [5.1.2600.5512] .
. c:\windows\system32\ctfmon.exe
[-] 2011-11-28 . E0143DD03516B5C3E0EFA7037DB7F33A . 166912 . . [5.1.2600.5512] .
. c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2011-11-28 . 9B676893CA7C51EC9F185EAA895BF04E . 165376 . . [5.1.2600.5512] .
. c:\windows\system32\wscntfy.exe
[-] 2011-11-28 . CA4DBA88F4D9A5C2AE72533442FD95FA . 165376 . . [5.1.2600.5512] .
. c:\windows\system32\dllcache\wscntfy.exe
[-] 2011-11-28 . 9630630B3372979486A20997A8649E9E . 165376 . . [5.1.2600.5512] .
. c:\windows\ERDNT\cache\wscntfy.exe
.
[-] 2011-11-28 . 2A110F5AE8D9661CF44E3C0E3BDF341A . 784384 . . [8.00.6001.18702]
. . c:\windows\system32\dllcache\iexplore.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-05_20.01.44 )))))))))))))))))
))))))))))))))))))))))))
.
+ 2006-03-02 11:00 . 2012-01-05 20:43 89536
c:\windows\system32\p
erfc009.dat
- 2006-03-02 11:00 . 2012-01-05 20:03 89536
c:\windows\system32\p
erfc009.dat
+ 2006-03-02 11:00 . 2012-01-05 20:43 531846
c:\windows\system32\
perfh010.dat
- 2006-03-02 11:00 . 2012-01-05 20:03 531846
c:\windows\system32\
perfh010.dat
+ 2006-03-02 11:00 . 2012-01-05 20:43 506264
c:\windows\system32\
perfh009.dat
- 2006-03-02 11:00 . 2012-01-05 20:03 506264
c:\windows\system32\
perfh009.dat
+ 2006-03-02 11:00 . 2012-01-05 20:43 105944
c:\windows\system32\
perfc010.dat
- 2006-03-02 11:00 . 2012-01-05 20:03 105944
c:\windows\system32\
perfc010.dat

+ 2006-10-26 19:06 . 2012-01-05 21:18 584192


c:\windows\Installer
\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 142360]
"RTHDCPL"="RTHDCPL.EXE" [2012-01-02 17719296]
"STICAP"="c:\windows\Twain_32\NX VEGA 300\SnapTrap.exe" [2012-01-05 307200]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 93
7920]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.ex
e" [2011-09-07 37296]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.ex
e" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2011 Russian\\fm.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/12/2010 18.57.22 691696]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [23/05/2011 19.15.
32 33824]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [05/12/2011 18.55.53 215
92]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [05/12/2011 18.29.00 332248]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [29/04/2011 14.01.42 101720


]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [05/12/2011 18.29.11 212568
]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.e
xe [03/09/2011 11.52.44 797696]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [05/12/2011 18.55.53
74200]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/09/2011
11.52.40 20464]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\syste
m32\drivers\SbFwIm.sys [05/12/2011 18.29.00 69208]
R3 SQTECH930B;NX VEGA 300;c:\windows\system32\drivers\Capt930b.sys [04/05/2010 0
.20.57 247325]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRI
VERS\ehdrv.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\sys
tem32\DRIVERS\epfwtdir.sys [?]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [02/03/2006
12.00.00 3584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c
:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 2
75968]
S2 ekrn;ESET Service;"c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\pr
ogrammi\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 SBAMSvc;VIPRE Antivirus Premium;"c:\programmi\Sunbelt Software\VIPRE\SBAMSvc.
exe" --> c:\programmi\Sunbelt Software\VIPRE\SBAMSvc.exe [?]
S2 SBPIMSvc;SB Recovery Service;"c:\programmi\Sunbelt Software\VIPRE\SBPIMSvc.ex
e" --> c:\programmi\Sunbelt Software\VIPRE\SBPIMSvc.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/03/2010 12.09.04
1684736]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32
\drivers\SbFwIm.sys [05/12/2011 18.29.00 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [05/12/2011 18.29.12 940
40]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\wind
ows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13
.16.28 899072]
.
.
------- Scansione supplementare ------.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\David\Dati applicazioni\Mozilla\Fir
efox\Profiles\r8rl1y6q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net

Rootkit scan 2012-01-05 23:56


Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione -------------------.
- - - - - - - > 'explorer.exe'(3688)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione -----------------------.
c:\windows\system32\msiexec.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\sessmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Ora fine scansione: 2012-01-06 00:00:56 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2012-01-05 23:00
ComboFix2.txt 2012-01-05 20:58
ComboFix3.txt 2012-01-05 20:05
.
Pre-Run: 294.849.544.192 byte disponibili
Post-Run: 294.836.670.464 byte disponibili
.
- - End Of File - - 6359683D190E63C03802E1894A529EEF