Qualcuno potrebbe controllarmi questo log di Combofix:
- Codice: Seleziona tutto
ComboFix 10-07-12.06 - Romina 14/07/2010 2.20.31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1022.549 [GMT 2:00]
Eseguito da: f:\nuova cartella\Antivirus & Co\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
c:\documents and settings\Cristiano\Cookies\cristiano@managerzone.giocaregratis[2].txt
c:\documents and settings\Romina\Impostazioni locali\Dati applicazioni\cfcfernj.dat
c:\documents and settings\Romina\Impostazioni locali\Dati applicazioni\cfcfernj_nav.dat
c:\documents and settings\Romina\Impostazioni locali\Dati applicazioni\cfcfernj_navps.dat
c:\documents and settings\Romina\Impostazioni locali\Dati applicazioni\qqsqusw.dat
c:\documents and settings\Romina\Impostazioni locali\Dati applicazioni\qqsqusw_nav.dat
c:\documents and settings\Romina\Impostazioni locali\Dati applicazioni\qqsqusw_navps.dat
c:\windows\system32\Drivers\roixcaux.sys
.
((((((((((((((((((((((((( Files Creati Da 2010-06-14 al 2010-07-14 )))))))))))))))))))))))))))))))))))
.
2010-07-13 23:40 . 2010-07-13 23:37 397824 ----a-w- c:\windows\system32\CF24183.exe
2010-07-13 00:07 . 2010-07-13 00:07 -------- d-----w- c:\documents and settings\Romina\Dati applicazioni\Malwarebytes
2010-07-13 00:07 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 00:07 . 2010-07-13 00:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-13 00:07 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 00:07 . 2010-07-13 00:08 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-12 22:45 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-12 22:45 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-12 22:45 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-12 22:45 . 2010-07-12 22:45 -------- d-----w- c:\programmi\Avira
2010-07-12 22:45 . 2010-07-12 22:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-07-12 22:17 . 2010-07-13 23:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-12 21:50 . 2010-07-12 21:50 -------- d-----w- c:\programmi\VS Revo Group
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 00:07 . 2008-01-07 21:01 -------- d-----w- c:\programmi\Google
2010-07-14 00:04 . 2004-08-30 20:00 85678 ----a-w- c:\windows\system32\perfc010.dat
2010-07-14 00:04 . 2004-08-30 20:00 492836 ----a-w- c:\windows\system32\perfh010.dat
2010-07-13 23:33 . 2010-01-31 20:19 -------- d-----w- c:\documents and settings\Romina\Dati applicazioni\uTorrent
2010-07-12 21:58 . 2008-12-17 17:27 -------- d-----w- c:\programmi\CCleaner
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]
"WinVNC"="c:\programmi\UltraVNC\WinVNC.exe" [2005-08-06 974848]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"TPSMain"="TPSMain.exe" [2005-08-04 266240]
"THotkey"="c:\programmi\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2007-5-19 106560]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
2007-03-21 14:41 145496 ----a-w- c:\programmi\Pinnacle\Studio 11\LaunchList2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-05-01 20:04 1519616 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 16:04 2879488 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-03-13 13:27 319792 ----a-w- c:\programmi\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\UltraVNC\\winvnc.exe"=
"c:\\Programmi\\Hamachi\\hamachi.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\UltraVNC\\vncviewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
S3 NBAG723;ZyXEL 802.11a/b/g AG723 Driver;c:\windows\system32\drivers\Wlanchag.sys [12/10/2006 18.15.26 360256]
.
Contenuto della cartella 'Scheduled Tasks'
2010-05-10 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-07-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?b96cfe4aaf894cdeb8f2bdc276f580ef
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?b96cfe4aaf894cdeb8f2bdc276f580ef
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {B589195F-C1D1-476F-B672-FE5019945CEC} = 192.168.0.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-fssui - c:\programmi\Windows Live\Family Safety\fssui.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 02:26
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(988)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2010-07-14 02:28:53
ComboFix-quarantined-files.txt 2010-07-14 00:28
Pre-Run: 4.802.719.744 byte disponibili
Post-Run: 7.107.932.160 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 70B994AEDA9D09A957C8B831B77B6199
Io non ci capisco molto.
Grazie a tutti.