File hijackthis

[Alessandro66]

Ciao a tutti,
inserisco qui sotto il file hijackthis.log per una vostra diagnosi.
Da ieri il mio portatile Dell ogni tanto si blocca, in particolare durante la navigazione con Chrome, non apro più alcun file o applicazione (ma i folder si) e non posso neanche lanciare ctrl+alt+del. Sono costretto a spegnere il pc da pulsante on/off e farlo ripartire.
Ho Win XP Professional SP2.
Grazie mille in anticipo.
Alessandro

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.41.22, on 05/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmi\DellTPad\Apoint.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Programmi\Wave Systems Corp\SecureUpgrade.exe
C:\Programmi\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Programmi\DellTPad\ApMsgFwd.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Programmi\File comuni\FotoNation\EvLstnr.exe
C:\Programmi\DellTPad\Apntex.exe
C:\Programmi\DellTPad\HidFind.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DellSupport\DSAgnt.exe
C:\Programmi\Digital Line Detect\DLG.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\gilibaus\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell ... bd=4071229
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.it/hws/sb/dell-row-re ... channel=it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=it&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell ... bd=4071229
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\Dell\BAE\BAE.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programmi\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: La barra dell'accessibilità - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Programmi\Accessibility_Toolbar\Accessibility_Toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Document Manager] C:\Programmi\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Programmi\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Programmi\File comuni\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Programmi\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gilibaus\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmi\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programmi\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7939312843
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Programmi\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Programmi\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Programmi\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Programmi\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Programmi\WampServer\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Programmi\WampServer\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10392 bytes

[shel]

ciaO

il log sembra pulito - prova a scaricare questa utility - avviala, esegui l'opzione 2 (Enable Task Manager and Regedit)
riavvia il sistema e controlla se ora funziona


http://www.suspectfile.com/forum/viewto ... f=8&t=2761

[Alessandro1966]

Ciao shel,

ho fatto quello che mi hai consigliato, ma non è cambiato nulla. Lo capisco dal fatto che, come prima, non riesco a visitare siti di software antivirus. Nel post precedente avevo dimenticato di segnalarlo. Quindi, non riesco nemmeno a fare una scansione online.

Ho letto di Combofix. Può essere un tentativo da fare?
Grazie.
Alessandro

[shel]

ciao

si te lo volevo far usare ma ti ho indicatop rima quella procedura per vedere se si sbloccava il task manager

scarica sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- disconnetiti da internet
- disattiva l'antivirus
- esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt

[Alessandro1966]

Ok grazie, nel frattempo mi ero portato avanti seguendo le istruzioni di un post precedente di Luke57.
Ecco il contenuto di Combofix.txt:

ComboFix 09-12-04.05 - gilibaus 05/12/2009 21.10.12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2038.1579 [GMT 1:00]
Eseguito da: c:\documents and settings\gilibaus\desktop\abc.exe
Opzioni usate :: /killall

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG.TXT
c:\windows\AegisP.inf
c:\windows\system32\armaz.dll
c:\windows\system32\sqlite3.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UTDEMTUC
-------\Service_utdemtuc


((((((((((((((((((((((((( Files Creati Da 2009-11-05 al 2009-12-05 )))))))))))))))))))))))))))))))))))
.

2009-12-05 19:51 . 2009-12-05 19:51 -------- d-----w- c:\documents and settings\gilibaus\Dati applicazioni\Malwarebytes
2009-12-05 19:51 . 2009-12-05 19:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-05 16:38 . 2009-12-05 16:38 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-12-05 10:33 . 2009-12-05 10:33 -------- d-----w- c:\programmi\CCleaner
2009-12-01 17:04 . 2009-11-19 10:48 872960 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-01 17:04 . 2009-11-19 10:48 43008 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 17:04 . 2009-11-19 10:48 340480 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 17:04 . 2009-11-19 10:48 346624 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-25 08:30 . 2009-12-05 07:26 -------- d-----w- c:\programmi\Inkscape
2009-11-24 09:22 . 2009-11-24 09:22 -------- d-----w- c:\programmi\Safari
2009-11-24 09:22 . 2009-11-24 09:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-11-24 09:22 . 2009-11-24 09:22 -------- d-----w- c:\programmi\File comuni\Apple
2009-11-23 21:00 . 2009-11-23 21:00 152576 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-23 20:59 . 2009-11-23 20:59 79488 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-05 21:25 . 2009-11-05 21:25 -------- d-----w- c:\programmi\Sony Setup
2009-11-05 20:16 . 2009-11-05 20:16 73728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 19:57 . 2008-01-07 15:50 -------- d-----w- c:\documents and settings\gilibaus\Dati applicazioni\Wave Systems Corp
2009-12-05 15:53 . 2008-10-25 16:50 -------- d-----w- c:\programmi\Flock
2009-12-05 09:09 . 2007-12-28 21:56 67640 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-04 12:54 . 2008-01-28 10:59 -------- d-----w- c:\documents and settings\gilibaus\Dati applicazioni\FileZilla
2009-12-04 12:30 . 2008-01-07 16:49 -------- d-----w- c:\programmi\Opera
2009-12-03 12:49 . 2008-01-07 22:14 48 ----a-w- c:\windows\wpd99.drv
2009-12-02 10:41 . 2004-09-09 08:37 76322 ----a-w- c:\windows\system32\perfc010.dat
2009-12-02 10:41 . 2004-09-09 08:37 452218 ----a-w- c:\windows\system32\perfh010.dat
2009-11-30 18:28 . 2008-01-28 10:59 -------- d-----w- c:\programmi\FileZillaFTP
2009-11-25 08:33 . 2008-10-12 14:30 -------- d-----w- c:\documents and settings\gilibaus\Dati applicazioni\Inkscape
2009-11-23 21:01 . 2007-12-28 21:35 -------- d-----w- c:\programmi\Java
2009-11-06 11:58 . 2009-11-05 13:16 -------- d-----w- c:\documents and settings\gilibaus\Dati applicazioni\Publish Providers
2009-11-05 13:20 . 2009-11-05 13:15 -------- d-----w- c:\documents and settings\gilibaus\Dati applicazioni\Sony
2009-11-05 13:09 . 2009-11-05 13:08 -------- d-----w- c:\programmi\NewBlue
2009-11-05 13:00 . 2009-11-05 12:58 -------- d-----w- c:\programmi\Sony
2009-11-05 12:58 . 2009-11-05 12:58 -------- d-----w- c:\programmi\Vstplugins
2009-11-05 12:58 . 2009-11-05 12:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sony
2009-10-31 21:31 . 2007-12-28 21:39 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-31 21:30 . 2009-10-31 21:30 -------- d-----w- c:\programmi\Picture Package
2009-10-30 20:35 . 2009-10-30 20:35 -------- d-----w- c:\programmi\jEdit
2009-10-24 18:48 . 2009-10-24 18:48 152576 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-11 03:17 . 2009-01-13 14:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-03 11:01 . 2009-10-03 11:01 152576 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2007-04-16 15:54 . 2004-09-09 08:36 173318 --sha-r- c:\windows\system32\cuomfwrc.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\programmi\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Google Update"="c:\documents and settings\gilibaus\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-05-29 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\DellTPad\Apoint.exe" [2007-09-09 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-10 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-10 137752]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"Document Manager"="c:\programmi\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-02-28 102400]
"SecureUpgrade"="c:\programmi\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 212992]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\quickset.exe" [2007-09-07 1236992]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\programmi\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"WFXSwtch"="c:\progra~1\WinFax\WFXSWTCH.exe" [2001-09-19 27648]
"EVENTLISTENER"="c:\programmi\File comuni\FotoNation\EvLstnr.exe" [2000-06-20 53248]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-09-13 405504]
"WinFaxAppPortStarter"="wfxsnt40.exe" - c:\windows\system32\WFXSNT40.EXE [2001-09-19 45568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-12-18 217088]
Digital Line Detect.lnk - c:\programmi\Digital Line Detect\DLG.exe [2007-12-28 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\programmi\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7864:TCP"= 7864:TCP:WWW
"3733:TCP"= 3733:TCP:rbxxw

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe -service --> c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe -service [?]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [18/12/2008 11.53.16 8192]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [09/09/2004 9.36.44 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [02/11/2006 13.32.32 97536]
S2 fkyhjary;Security Microsoft;c:\windows\system32\svchost.exe -k netsvcs [09/09/2004 9.37.15 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fkyhjary
.
Contenuto della cartella 'Scheduled Tasks'

2009-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1182062469-2684362251-302392456-1005Core.job
- c:\documents and settings\gilibaus\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-05-29 14:29]

2009-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1182062469-2684362251-302392456-1005UA.job
- c:\documents and settings\gilibaus\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-05-29 14:29]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www1.euro.dell.com/content/defau ... l=it&s=gen
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\gilibaus\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\XStandard\Bin\NPXStandard.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-Alice ti aiuta - c:\progra~1\ALICET~1\Uninstall.exe AliceRE
AddRemove-Pdf995 - c:\pdf995\setup.exe uninstall
AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\programmi\DellTPad\Uninstap.exe ADDREMOVE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 21:15
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fkyhjary]
"ServiceDll"="c:\windows\system32\cuomfwrc.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(1116)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Dell\QuickSet\NICCONFIGSVC.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\StacSV.exe
c:\programmi\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\windows\system32\WFXSVC.EXE
c:\programmi\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\DellTPad\ApMsgFwd.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
c:\programmi\DellTPad\Apntex.exe
c:\programmi\DellTPad\HidFind.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-05 21:18 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-05 20:18

Pre-Run: 104.741.531.648 byte disponibili
Post-Run: 104.648.192.000 byte disponibili

- - End Of File - - 2B7B94E2916CA1BD8A60C598BC58BAAA

[shel]

vai sul sito di virustotal e analizza questo file

c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT


qui lo riconosce dannoso

http://www.threatexpert.com/files/gdipf ... t.exe.html

[Alessandro1966]

Purtroppo non posso andare sul sito VirusTotal, il browser non me lo permette.
C'è qualche altra possibilità?
Grazie.

[shel]

Scarica e installa http://www.malwarebytes.org/mbam/program/mbam-setup.exe Aggiornalo e fai una scansione completa del computer. Posta il rapporto ottenuto. Per ora non rimuovere nessuna eventuale minaccia rilevata

[Luke57]

Purtroppo non posso andare sul sito VirusTotal, il browser non me lo permette.
C'è qualche altra possibilità?
Grazie.

Ciao, Apri un file di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:

Codice: Seleziona tutto

NetSvcs::
fkyhjary

Driver::
fkyhjary

File::
c:\windows\system32\cuomfwrc.dll

salvi il file con il nome obbligatorio di CFScript.txt
lo metti nella stessa cartella di combofix e poi, con il puntatore del mouse, lo trascini sull'icona del programma che farà una nuova scansione.
Posta il nuovo report prodotto.

[Alessandro966]

Grazie Luke57, ho seguito le tue istruzioni.
Qui sotto il nuovo report di ComboFix:


ComboFix 09-12-05.03 - gilibaus 06/12/2009 8.39.02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2038.1473 [GMT 1:00]
Eseguito da: c:\documents and settings\gilibaus\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\gilibaus\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\cuomfwrc.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cuomfwrc.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FKYHJARY
-------\Service_fkyhjary


((((((((((((((((((((((((( Files Creati Da 2009-11-06 al 2009-12-06 )))))))))))))))))))))))))))))))))))
.

2009-12-05 19:51 . 2009-12-05 19:51 -------- d-----w- c:\documents and settings\gilibaus\Dati applicazioni\Malwarebytes
2009-12-05 19:51 . 2009-12-05 19:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-05 16:38 . 2009-12-05 16:38 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-12-05 10:33 . 2009-12-05 10:33 -------- d-----w- c:\programmi\CCleaner
2009-12-01 17:04 . 2009-11-19 10:48 872960 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-01 17:04 . 2009-11-19 10:48 43008 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 17:04 . 2009-11-19 10:48 340480 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 17:04 . 2009-11-19 10:48 346624 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-25 08:30 . 2009-12-05 07:26 -------- d-----w- c:\programmi\Inkscape
2009-11-24 09:22 . 2009-11-24 09:22 -------- d-----w- c:\programmi\Safari
2009-11-24 09:22 . 2009-11-24 09:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-11-24 09:22 . 2009-11-24 09:22 -------- d-----w- c:\programmi\File comuni\Apple
2009-11-23 21:00 . 2009-11-23 21:00 152576 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-23 20:59 . 2009-11-23 20:59 79488 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 19:57 . 2008-01-07 15:50 -------- d-----w- c:\documents and settings\gilibaus\Dati applicazioni\Wave Systems Corp
2009-12-05 15:53 . 2008-10-25 16:50 -------- d-----w- c:\programmi\Flock
2009-12-05 09:09 . 2007-12-28 21:56 67640 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-04 12:54 . 2008-01-28 10:59 -------- d-----w- c:\documents and settings\gilibaus\Dati applicazioni\FileZilla
2009-12-04 12:30 . 2008-01-07 16:49 -------- d-----w- c:\programmi\Opera
2009-12-03 12:49 . 2008-01-07 22:14 48 ----a-w- c:\windows\wpd99.drv
2009-12-02 10:41 . 2004-09-09 08:37 76322 ----a-w- c:\windows\system32\perfc010.dat
2009-12-02 10:41 . 2004-09-09 08:37 452218 ----a-w- c:\windows\system32\perfh010.dat
2009-11-30 18:28 . 2008-01-28 10:59 -------- d-----w- c:\programmi\FileZillaFTP
2009-11-25 08:33 . 2008-10-12 14:30 -------- d-----w- c:\documents and settings\gilibaus\Dati applicazioni\Inkscape
2009-11-23 21:01 . 2007-12-28 21:35 -------- d-----w- c:\programmi\Java
2009-11-06 11:58 . 2009-11-05 13:16 -------- d-----w- c:\documents and settings\gilibaus\Dati applicazioni\Publish Providers
2009-11-05 21:25 . 2009-11-05 21:25 -------- d-----w- c:\programmi\Sony Setup
2009-11-05 20:16 . 2009-11-05 20:16 73728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-05 13:20 . 2009-11-05 13:15 -------- d-----w- c:\documents and settings\gilibaus\Dati applicazioni\Sony
2009-11-05 13:09 . 2009-11-05 13:08 -------- d-----w- c:\programmi\NewBlue
2009-11-05 13:00 . 2009-11-05 12:58 -------- d-----w- c:\programmi\Sony
2009-11-05 12:58 . 2009-11-05 12:58 -------- d-----w- c:\programmi\Vstplugins
2009-11-05 12:58 . 2009-11-05 12:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sony
2009-10-31 21:31 . 2007-12-28 21:39 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-31 21:30 . 2009-10-31 21:30 -------- d-----w- c:\programmi\Picture Package
2009-10-30 20:35 . 2009-10-30 20:35 -------- d-----w- c:\programmi\jEdit
2009-10-24 18:48 . 2009-10-24 18:48 152576 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-11 03:17 . 2009-01-13 14:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-03 11:01 . 2009-10-03 11:01 152576 ----a-w- c:\documents and settings\gilibaus\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-05_20.15.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-06 07:44 . 2009-12-06 07:44 16384 c:\windows\temp\Perflib_Perfdata_684.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\programmi\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Google Update"="c:\documents and settings\gilibaus\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-05-29 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\DellTPad\Apoint.exe" [2007-09-09 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-10 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-10 137752]
"SigmatelSysTrayApp"="stsystra.exe" [2007-09-13 405504]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"Document Manager"="c:\programmi\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-02-28 102400]
"SecureUpgrade"="c:\programmi\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 212992]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\quickset.exe" [2007-09-07 1236992]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\programmi\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"WFXSwtch"="c:\progra~1\WinFax\WFXSWTCH.exe" [2001-09-19 27648]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2001-09-19 45568]
"EVENTLISTENER"="c:\programmi\File comuni\FotoNation\EvLstnr.exe" [2000-06-20 53248]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-12-18 217088]
Digital Line Detect.lnk - c:\programmi\Digital Line Detect\DLG.exe [2007-12-28 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\programmi\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7864:TCP"= 7864:TCP:WWW
"3733:TCP"= 3733:TCP:rbxxw

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe -service --> c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe -service [?]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [09/09/2004 9.36.44 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [02/11/2006 13.32.32 97536]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [18/12/2008 11.53.16 8192]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www1.euro.dell.com/content/defau ... l=it&s=gen
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\gilibaus\Dati applicazioni\Mozilla\Firefox\Profiles\rqq2rgkm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\gilibaus\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\XStandard\Bin\NPXStandard.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 08:45
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(2708)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\Dell\QuickSet\NICCONFIGSVC.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\StacSV.exe
c:\windows\system32\WFXSVC.EXE
c:\programmi\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wfxsnt40.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
c:\programmi\DellTPad\ApMsgFwd.exe
c:\programmi\DellTPad\HidFind.exe
c:\programmi\DellTPad\Apntex.exe
c:\programmi\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-06 08:48 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-06 07:48
ComboFix2.txt 2009-12-05 20:18

Pre-Run: 104.646.688.768 byte disponibili
Post-Run: 104.616.534.016 byte disponibili

- - End Of File - - 5772ED7D1B4370304CC33BE005F7E385

[alex66]

Luke57,
grazie davvero per la tua assistenza. Un primo risultato c'è già: riesco a navigare sui siti di Trend Micro e altri software antivirus. In base al report di ComboFix, la situazione è risolta o c'è qualcos'altro che devo fare?

Grazie mille ancora.
Alessandro

[Luke57]

Ciao, il report di combofix pare a posto adesso. Al limite aggiorna malwarebytes e fai una scansione completa.