-Procedura completata(fatta anche 2 volte x sicurezza)
-Il log lo allego:
Codice:
ComboFix 09-01-20.05 - Proprietario 2009-01-21 16.45.24.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.959.755 [GMT 1:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2008-12-21 al 2009-01-21 )))))))))))))))))))))))))))))))))))
.
2009-01-21 15:05 . 2009-01-21 15:05 <DIR> d-------- c:\programmi\Trend Micro
2009-01-01 18:43 . 2009-01-01 18:44 <DIR> d-------- C:\Rummy Royal
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 15:38 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-01-21 13:52 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-21 13:52 --------- d-----w c:\programmi\Java
2009-01-13 22:23 --------- d-----w c:\programmi\Zylom Games
2009-01-13 14:02 --------- d-----w c:\programmi\World of Warcraft
2008-12-31 18:17 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\Zylom
2008-12-12 09:15 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-12 09:15 --------- d-----w c:\programmi\Telecom Italia
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-27 18:00 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\Playrix Entertainment
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2007-10-07 08:27 80 --sh--r c:\windows\system32\099F8835CA.dll
2008-04-13 17:13 161,768 --sha-r c:\windows\system32\uihgk.dll
2008-05-07 13:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008050720080508\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DSLMON.lnk - c:\programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe [2008-06-21 962663]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Tasto di scelta rapida per l'avvio di AutoCAD.lnk
backup=c:\windows\pss\Tasto di scelta rapida per l'avvio di AutoCAD.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\World of Warcraft\\WoW-2.3.0-enGB-downloader.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Proprietario\\Documenti\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3838:TCP"= 3838:TCP:ztzls
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
R4 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 SSDefrag;SSDefrag;c:\windows\system32\drivers\SSDefrag.sys [2007-12-08 34560]
S4 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2008-12-12 8192]
S4 rebwygx;Manager Update;c:\windows\system32\svchost.exe -k netsvcs [2006-11-07 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rebwygx
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75413bcc-a609-11db-9742-001617db9581}]
\Shell\AutoRun\command - J:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec996c1f-d5ba-11dd-9b0f-001617db9581}]
\Shell\AutoRun\command - CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\Shell\open\command - CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {4819DFDF-ABC4-488C-A323-919848C51175} - hxxp://portal3.rinera.com/download/RineraProxy-1.4.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 16:48:33
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rebwygx]
"ServiceDll"="c:\windows\system32\uihgk.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*|˙˙˙˙;|ù9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(196)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-01-21 16.51.30
ComboFix-quarantined-files.txt 2009-01-21 15:51:28
ComboFix2.txt 2009-01-21 15:27:00
Pre-Run: 219.218.964.480 byte disponibili
Post-Run: 219,204,939,776 byte disponibili
122
-Credo che stavolta combofix non ha saputo risolvere i miei problemi