il log di combofix e il risultato di gmer..... questo log e del pc formattato........
mentre nei portatili il risultato di gmer e uguale cambia solo il nome scritto dopo [auto] ma...
ComboFix 12-03-13.01 - Patrizia 15/03/2012 16.44.07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1551 [GMT 1:00]
Eseguito da: c:\documents and settings\Patrizia\Documenti\Download\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-15 al 2012-03-15 )))))))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 15:07 . 2012-03-13 19:50 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-15 . E88631E21A9CACA06104802F9E915115 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-08-15 . 902E0A75C51196A82BED9CC0E3AC8756 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-03-13_21.06.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-15 14:32 . 2012-03-15 14:32 16384 c:\windows\temp\Perflib_Perfdata_2dc.dat
- 2012-03-13 18:31 . 2012-03-13 18:31 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2012-03-13 18:31 . 2012-03-14 18:54 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2012-03-13 18:31 . 2012-03-14 18:54 2426 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2012-03-13 18:31 . 2012-03-14 18:54 8972 c:\windows\pchealth\helpctr\Config\Cntstore.bin
+ 2012-03-13 18:33 . 2012-03-14 14:32 157472 c:\windows\system32\javaws.exe
+ 2012-03-13 18:33 . 2012-03-14 14:32 149280 c:\windows\system32\javaw.exe
+ 2012-03-13 18:33 . 2012-03-14 14:32 149280 c:\windows\system32\java.exe
+ 2012-03-14 14:32 . 2012-03-14 14:32 472808 c:\windows\system32\deployJava1.dll
+ 2012-03-14 14:34 . 2012-03-14 14:34 203776 c:\windows\Installer\13e2da9.msi
+ 2012-03-14 14:32 . 2012-03-14 14:32 901120 c:\windows\Installer\13e2da4.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"Sidebar"="c:\programmi\Windows Sidebar\sidebar.exe" [2008-08-15 1274880]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-08-15 08:31 1274880 ----a-w- c:\programmi\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\programmi\Java\jre1.6.0_07\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8009:TCP"= 8009:TCP:nyrrd
.
S2 djunydjcn;hhbqg;c:\windows\system32\svchost.exe -k netsvcs [13/04/2008 18.14.22 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/03/2012 21.38.14 1691480]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13.49.20 227232]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - KWWOIFOC
*Deregistered* - kwwoifoc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
djunydjcn
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2008-08-15 08:23 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-573735546-1801674531-1003Core.job
- c:\documents and settings\Patrizia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-03-13 18:52]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-573735546-1801674531-1003UA.job
- c:\documents and settings\Patrizia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-03-13 18:52]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://klit.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=IT&install_date=20120313&user_guid=4F0B37D9CFB7456D973FE862E7D41455&machine_id=081921be40e8709d4fdecc58400c5710&browser=IE&os=win&os_version=5.1-x86-SP3
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\documents and settings\Patrizia\Dati applicazioni\Mozilla\Firefox\Profiles\59y60lng.default\
FF - prefs.js: browser.startup.homepage -
Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-15 16:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\djunydjcn]
"ServiceDll"="c:\windows\system32\jjxgrlp.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2536)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2012-03-15 16:46:29
ComboFix-quarantined-files.txt 2012-03-15 15:46
ComboFix2.txt 2012-03-14 14:40
ComboFix3.txt 2012-03-13 21:07
.
Pre-Run: 494.109.859.840 byte disponibili
Post-Run: 494.100.451.328 byte disponibili
.
- - End Of File - - 1E60D6CEA9F515034616C388AC920C55