Salve,
scansionato con VirIt, Avira, Malwarebyte, nulla trovato, ma Combo si !
Pls. potete controllare il Log?
Grazie in anticipo !
ComboFix 12-09-27.03 - Administrator 29/09/2012 13.07.08.7.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3535.2776 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {001310A0-0000-0000-0000-0000CD55927C}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000010-0000-0000-0000-0000B8013D00}
AV: AntiVir Desktop *Enabled/Updated* {00000010-0000-0000-0000-0000D8023D00}
AV: AntiVir Desktop *Enabled/Updated* {7C926B08-FFFF-FFFF-00E0-FD7FB0F21200}
AV: Avira Desktop *Disabled/Updated* {00000010-0000-0000-0000-0000B8013C00}
AV: Avira Desktop *Enabled/Updated* {00000010-0000-0000-0000-0000B8013B00}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
La copia infetta di c:\windows\system32\msgsvc.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\ERDNT\cache\msgsvc.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-28 al 2012-09-29 )))))))))))))))))))))))))))))))))))
.
.
2012-09-29 11:36 . 2012-09-29 11:37 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2012-09-29 07:24 . 2012-09-29 07:24 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\CrashRpt
2012-09-24 19:16 . 2012-09-24 19:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Avira
2012-09-24 19:15 . 2012-06-05 22:40 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-24 19:15 . 2012-06-05 22:40 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-24 19:15 . 2012-06-05 22:40 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-24 19:15 . 2012-09-24 19:15 -------- d-----w- c:\programmi\Avira
2012-09-24 19:15 . 2012-09-24 19:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2012-09-24 18:26 . 2012-09-24 18:26 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-04 23:22 . 2012-09-26 12:30 -------- d-----w- c:\programmi\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2012-09-28 13:00 . 2011-03-14 12:00 85144 ----a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2012-09-24 05:49 . 2011-04-20 19:40 32594 ----a-w- c:\windows\SCHEDLGU.TXT.TMP
2012-09-20 18:28 . 2012-05-27 14:45 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 18:28 . 2012-05-27 14:45 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 15:04 . 2011-04-20 13:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 11:08 . 2012-09-07 11:08 266720 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2002-12-31 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpyShelter"="c:\programmi\SpyShelter Personal Free\SpyShelter.exe" [2012-02-17 3006776]
"Freebie Notes"="c:\programmi\Power Soft\Freebie Notes\FreebieNotes.exe" [2010-10-30 3748688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [2004-01-05 176128]
"Six Engine"="c:\programmi\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2011-08-05 166680]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor .exe" [2007-12-10 323584]
"mouseElf"="c:\progra~1\ERGOMO~1\MouseElf.EXE" [2005-07-15 208896]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.ex e" [2007-12-10 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 182552]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoin t.exe" [2011-10-07 1387288]
"TkBellExe"="c:\programmi\Real\RealPlayer\update\r ealsched.exe" [2012-02-17 296056]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2012-04-18 421888]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
PopTray.lnk - c:\programmi\PopTray\PopTray.exe [2006-9-16 1666048]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - c:\programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
2003-09-03 06:14 49152 ----a-w- c:\windows\system32\Winlognotif.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRA GTLT.sys [14/03/2011 14.00.02 85144]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.s ys [24/09/2012 21.15.42 36000]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [06/01/2011 17.37.02 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [06/01/2011 17.37.04 31704]
R1 Spyshelter;Spyshelter;c:\programmi\SpyShelter Personal Free\SpyShelter.sys [28/06/2012 23.52.13 167224]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [24/09/2012 21.15.43 86224]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [16/01/2012 16.31.34 12184]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [22/08/2011 15.44.24 1526080]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programmi\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [20/04/2011 16.27.08 2314240]
R3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\drivers\IntcDAud.sys [20/04/2011 16.20.41 260864]
R3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [21/11/2011 18.42.19 618112]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi \TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [26/04/2011 15.30.20 10064]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [27/05/2012 16.45.41 250288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [20/04/2011 16.19.30 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 8.56.24 114144]
S4 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [14/03/2011 13.54.14 86016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-05-27 18:28]
.
2012-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34]
.
2012-09-04 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\programmi\Easeware\DriverEasy\DriverEasy.exe [2012-01-09 10:36]
.
2012-09-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-261903793-1801674531-500.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-01-30 16:45]
.
2012-08-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-261903793-1801674531-500.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-01-30 16:45]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{B7C64984-57D6-4B3C-9193-29A7BBD0CC9A}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\fpf11hmw.def ault\
FF - prefs.js: browser.search.selectedEngine - Virgilio
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q =
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining.ssl - false
FF - user.js: network.http.pipelining.maxrequests - 4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKU-Default-Run-MsnMsgr - c:\programmi\Windows Live\Messenger\MsnMsgr.Exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-29 13:37
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Rispondi quotando