Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

FINESTRA -CID-

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

FINESTRA -CID-

Postdi eliderossi86 » 31/03/08 13:20

Buon pomeriggio forum, da ieri pomeriggio sono assalita dalla continua apertura di finestre IE con scritta Cid... ho fatto girare Spybot - Adaware, fatto pulizia con Ccleaner ma niente.. continua ad aprirsi... vi posto il mio log... sperando in una mano, come sempre miracolosa, da parte vostra!

Logfile of HijackThis v1.99.1
Scan saved at 14:20, on 2008-03-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Elisa\IMPOST~1\Temp\Rar$EX00.313\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMul1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMul1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [Windows Pool Manager] poolsc.exe
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Dati applicazioni\Proxy Long Chin Ping\64 tool.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elismart86.spaces.live.com//Phot ... nPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/278ac79543f ... 601_it.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://elismart86.spaces.live.com/Photo ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
Avatar utente
eliderossi86
Utente Senior
 
Post: 124
Iscritto il: 05/10/06 13:51

Sponsor
 

Re: FINESTRA -CID-

Postdi Luke57 » 31/03/08 14:27

Ciao, scarica combofix sul desktop
ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconettiti da internet
disattiva l'antivirus


Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione che è piuttosto lenta, se spariscono le icone dal desktop è normale))
Segui le istruzioni e alla fine verrà generato un log (C:\combofix.txt).

Riavvia il pc, copia e incolla il contenuto del report in un post.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: FINESTRA -CID-

Postdi eliderossi86 » 31/03/08 21:01

ComboFix 08-03-30.4 - Elisa 2008-03-31 21.43.57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.260 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Elisa\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-02-28 al 2008-03-31 )))))))))))))))))))))))))))))))))))
.

2008-03-31 21:42 . 2008-03-31 21:42 <DIR> d-------- C:\ComboFix[1]
2008-03-30 22:57 . 2008-03-30 22:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-30 22:57 . 2008-03-30 22:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-29 18:56 . 2008-03-29 18:56 <DIR> d-------- C:\Programmi\drv dash
2008-03-29 18:56 . 2008-03-29 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Proxy Long Chin Ping
2008-03-29 18:55 . 2008-03-29 18:55 <DIR> d-------- C:\Programmi\Circle Developement
2008-03-25 20:11 . 2008-03-25 20:11 <DIR> d-------- C:\Programmi\The Adventure Company
2008-03-10 19:38 . 2008-03-25 20:08 <DIR> d-------- C:\Programmi\Playlogic
2008-03-05 16:36 . 2001-08-31 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-05 00:26 . 2008-03-29 18:55 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-03-05 00:26 . 2008-03-05 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-02-23 01:36 . 2008-02-23 01:36 <DIR> d-------- C:\Programmi\Xilisoft
2008-02-22 15:06 . 2008-02-22 15:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-22 14:48 . 2008-02-22 15:31 <DIR> d-------- C:\SDFix
2008-02-21 12:57 . 2008-02-21 21:35 594 --ahs---- C:\WINDOWS\system32\rreyasdx.ini
2008-02-21 04:05 . 2008-02-21 04:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 04:05 . 2008-02-21 04:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-21 04:05 . 2008-02-21 04:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-02-21 04:05 . 2008-02-21 04:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-21 04:05 . 2008-02-21 04:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-02-21 04:03 . 2008-02-21 04:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 04:03 . 2008-02-21 04:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-19 12:50 . 2008-02-19 12:47 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-19 12:50 . 2008-02-19 12:50 3,453 --a------ C:\WINDOWS\unins000.dat
2008-02-19 02:21 . 2008-02-19 02:21 <DIR> d-------- C:\Documents and Settings\Elisa\Dati applicazioni\AVS4YOU
2008-02-19 02:21 . 2008-02-19 02:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-02-19 02:19 . 2008-02-19 02:20 <DIR> d-------- C:\Programmi\File comuni\AVSMedia
2008-02-19 02:19 . 2008-02-19 02:20 <DIR> d-------- C:\Programmi\AVS4YOU
2008-02-18 23:39 . 2008-02-18 23:39 1,024 ---hs---- C:\WINDOWS\DR0bOb25
2008-02-18 23:32 . 2004-02-22 11:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-02-18 23:32 . 2006-10-07 18:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-02-18 23:32 . 2007-11-13 10:31 399,360 --a------ C:\WINDOWS\system32\Smab.dll
2008-02-18 23:32 . 2007-05-17 18:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-02-18 23:32 . 2005-02-28 14:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-02-18 23:32 . 2006-04-12 10:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-02-18 23:32 . 2004-01-25 01:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-02-18 23:32 . 2004-01-25 01:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-02-18 23:32 . 2006-04-05 09:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-02-18 23:32 . 2005-07-14 13:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-02-18 23:31 . 2008-02-18 23:31 <DIR> d-------- C:\Programmi\eRightSoft
2008-02-18 23:31 . 2005-02-13 01:00 186,880 -rahs---- C:\WINDOWS\system32\RLOgg.ax
2008-02-18 23:31 . 2005-01-18 01:26 179,200 -rahs---- C:\WINDOWS\system32\DiracSplitter.ax
2008-02-18 23:31 . 2006-08-16 16:53 175,104 -rahs---- C:\WINDOWS\system32\CoreAAC.ax
2008-02-18 23:31 . 2005-02-06 01:00 92,672 -rahs---- C:\WINDOWS\system32\RLVorbisDec.ax
2008-02-18 23:31 . 2005-02-22 18:55 81,920 -rahs---- C:\WINDOWS\system32\aac_parser.ax
2008-02-18 23:31 . 2005-02-13 01:00 67,584 -rahs---- C:\WINDOWS\system32\RLTheoraDec.ax
2008-02-18 23:31 . 2005-02-13 01:00 51,712 -rahs---- C:\WINDOWS\system32\RLSpeexDec.ax
2008-02-07 19:32 . 2008-02-08 22:03 <DIR> d-------- C:\Programmi\Dead City
2008-02-04 20:26 . 2008-02-04 20:26 221,184 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-02-04 20:26 . 2008-02-04 20:26 81,920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-02-01 12:17 . 2008-02-01 12:17 586,752 --a------ C:\WINDOWS\WLXPGSS.SCR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 11:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-03-29 12:09 --------- d-----w C:\Programmi\eMule
2008-03-25 18:11 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-11 15:16 --------- d-----w C:\Programmi\MessenPass
2008-03-05 14:32 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-03-02 11:45 --------- d-----w C:\Documents and Settings\Elisa\Dati applicazioni\zweitgeist
2008-03-02 11:44 --------- d-----w C:\Programmi\weblin
2008-02-27 22:26 --------- d-----w C:\Programmi\Windows Live
2008-02-23 00:43 --------- d-----w C:\Programmi\DivX
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-19 10:57 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-02-04 10:34 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-02-04 10:33 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:04 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2003-03-21 11:37 16,056 ----a-w C:\Programmi\owcstp16.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 12:12 56360 --a------ C:\Programmi\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Programmi\IncrediMail\bin\IncMail.exe" [ ]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2008-02-29 10:14 4670704]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 12:48 68856]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"DAEMON Tools-1033"="C:\Programmi\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41 57344]
"SpeedTouch USB Diagnostics"="C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-18 17:10 185896]
"fssui"="C:\Programmi\Windows Live\Family Safety\fssui.exe" [2007-12-17 12:12 243240]
"Windows Pool Manager"="poolsc.exe" []
"CHIN PING PHONE PILE"="C:\Documents and Settings\All Users\Dati applicazioni\Proxy Long Chin Ping\64 tool.exe" [2008-03-31 21:33 2186240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-07-07 18:41 57344 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-30 21:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxTrApp]
C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
C:\\dfndrff_e16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
C:\\kybrdff_e16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
C:\\nwnmff_e16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-08-30 07:48 69632 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 03:52 36975 C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winamp Agent]
C:\WINDOWS\System32\winamp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Logon Application]
C:\WINDOWS\System32\winIogon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Programmi\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 12:13]
S4 NetVci;NetVci;"\\?\C:\Programmi\File comuni\System\com1.exe" []

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-31 19:00:00 C:\WINDOWS\Tasks\A2A40528901BBA94.job"
- c:\docume~1\temp\datiap~1\drvdas~1\HECKSTUPIDBLUE.exe
"2007-02-14 08:48:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-03-31 18:54:02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 21:48:12
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-03-31 21.51.16
ComboFix-quarantined-files.txt 2008-03-31 19:51:13
ComboFix2.txt 2008-02-22 13:55:26
16 Directory 9,650,032,640 byte disponibili
19 Directory 9,637,912,576 byte disponibili
.
2008-03-20 12:07:10 --- E O F ---
Avatar utente
eliderossi86
Utente Senior
 
Post: 124
Iscritto il: 05/10/06 13:51

Re: FINESTRA -CID-

Postdi Luke57 » 01/04/08 07:37

Ciao, copia questo codice:

Codice: Seleziona tutto
file::
C:\Programmi\File comuni\System\com1.exe
C:\WINDOWS\Tasks\A2A40528901BBA94.job

registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Pool Manager"=-
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetVci]


apri un file di testo, salvalo con il nome obbligatorio di CFScript.txt, trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione e un eventuale riavvio.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: FINESTRA -CID-

Postdi eliderossi86 » 02/04/08 12:43

ComboFix 08-03-30.4 - Elisa 2008-04-01 14.28.40.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.275 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Elisa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Elisa\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Programmi\File comuni\System\com1.exe
C:\WINDOWS\Tasks\A2A40528901BBA94.job
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Tasks\A2A40528901BBA94.job

.
((((((((((((((((((((((((( Files Creati Da 2008-03-01 al 2008-04-01 )))))))))))))))))))))))))))))))))))
.

2008-03-31 21:42 . 2008-03-31 21:42 <DIR> d-------- C:\ComboFix[1]
2008-03-29 18:56 . 2008-03-29 18:56 <DIR> d-------- C:\Programmi\drv dash
2008-03-29 18:56 . 2008-03-29 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Proxy Long Chin Ping
2008-03-29 18:55 . 2008-03-29 18:55 <DIR> d-------- C:\Programmi\Circle Developement
2008-03-25 20:11 . 2008-03-25 20:11 <DIR> d-------- C:\Programmi\The Adventure Company
2008-03-10 19:38 . 2008-03-25 20:08 <DIR> d-------- C:\Programmi\Playlogic
2008-03-05 16:36 . 2001-08-31 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-05 00:26 . 2008-03-29 18:55 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-03-05 00:26 . 2008-03-05 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 11:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-03-29 12:09 --------- d-----w C:\Programmi\eMule
2008-03-25 18:11 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-11 15:16 --------- d-----w C:\Programmi\MessenPass
2008-03-05 14:32 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-03-02 11:45 --------- d-----w C:\Documents and Settings\Elisa\Dati applicazioni\zweitgeist
2008-03-02 11:44 --------- d-----w C:\Programmi\weblin
2008-02-27 22:26 --------- d-----w C:\Programmi\Windows Live
2008-02-23 00:43 --------- d-----w C:\Programmi\DivX
2008-02-22 23:36 --------- d-----w C:\Programmi\Xilisoft
2008-02-19 10:57 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-02-19 10:47 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-19 00:21 --------- d-----w C:\Documents and Settings\Elisa\Dati applicazioni\AVS4YOU
2008-02-19 00:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-02-19 00:20 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-02-19 00:20 --------- d-----w C:\Programmi\AVS4YOU
2008-02-18 21:31 --------- d-----w C:\Programmi\eRightSoft
2008-02-08 20:03 --------- d-----w C:\Programmi\Dead City
2008-02-04 10:34 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-02-01 10:17 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2003-03-21 11:37 16,056 ----a-w C:\Programmi\owcstp16.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 12:12 56360 --a------ C:\Programmi\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Programmi\IncrediMail\bin\IncMail.exe" [ ]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2008-02-29 10:14 4670704]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 12:48 68856]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"DAEMON Tools-1033"="C:\Programmi\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41 57344]
"SpeedTouch USB Diagnostics"="C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-18 17:10 185896]
"fssui"="C:\Programmi\Windows Live\Family Safety\fssui.exe" [2007-12-17 12:12 243240]
"CHIN PING PHONE PILE"="C:\Documents and Settings\All Users\Dati applicazioni\Proxy Long Chin Ping\64 tool.exe" [2008-04-01 12:46 2539520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-07-07 18:41 57344 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-30 21:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxTrApp]
C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
C:\\dfndrff_e16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
C:\\kybrdff_e16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
C:\\nwnmff_e16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-08-30 07:48 69632 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 03:52 36975 C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winamp Agent]
C:\WINDOWS\System32\winamp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Logon Application]
C:\WINDOWS\System32\winIogon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Programmi\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 12:13]

.
Contenuto della cartella 'Scheduled Tasks'
"2007-02-14 08:48:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-04-01 11:54:02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 14:32:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetVci]
"ImagePath"="\"\\?\C:\Programmi\File comuni\System\com1.exe\""
.
Ora fine scansione: 2008-04-01 14.35.10
ComboFix-quarantined-files.txt 2008-04-01 12:34:56
ComboFix2.txt 2008-03-31 19:51:17
ComboFix3.txt 2008-02-22 13:55:26
16 Directory 9,656,614,912 byte disponibili
19 Directory 9,645,772,800 byte disponibili
.
2008-03-20 12:07:10 --- E O F ---






Niente..le finestre si aprono comunque.. :(
Avatar utente
eliderossi86
Utente Senior
 
Post: 124
Iscritto il: 05/10/06 13:51

Re: FINESTRA -CID-

Postdi Luke57 » 02/04/08 14:19

Ciao, nel report di combofix ci sono segni del gromozon
scarica system scan.
http://www.suspectfile.com/systemscan
salvalo sul desktop.
Disconnettiti da internet e disattiva tutti i programmi in background(antivirus compreso).
avvialo, spunta la casellina, premi su proceed.
Spunta tutte le caselline premi scan now.
poi salva il file zip presente in C:\suspectfile, Il file zip ha ora e giorno della scansione, inseriscilo in un sito di hosting (sendmefile, easyshare et similia), poi incolla in un post il link per poterlo vedere.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: FINESTRA -CID-

Postdi eliderossi86 » 02/04/08 17:39

Avatar utente
eliderossi86
Utente Senior
 
Post: 124
Iscritto il: 05/10/06 13:51

Re: FINESTRA -CID-

Postdi Luke57 » 03/04/08 10:48

Ciao, da start>esegui>control userpasswords2 (lo digiti nello spazio)>OK, nella finestra Account che si apre individui l'utente
vHaDFPbYbP
lo evidenzi e lo rimuovi.

POiscarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio (estrai i file della cartella .zip nel desktop)
Avvia il file avenger.exe

All'interno del box bianco,copia e incolla le scritte seguenti:


folders to delete:
C:\documents and settings\vHaDFPbYbP


registry values to delete:
HKLM\Software\Microsoft\Windows\CurentVersion\Policies\Explorer\Run | CHIN PING PHONE PILE


Clicca sul pulsante Execute


Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Allega poi il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: FINESTRA -CID-

Postdi eliderossi86 » 03/04/08 13:54

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\documents and settings\vHaDFPbYbP" deleted successfully.

Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurentVersion\Policies\Explorer\Run|CHIN PING PHONE PILE"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurentVersion\Policies\Explorer\Run|CHIN PING PHONE PILE" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.




La prima cosa che si è generata una volta terminato il tutto e riconnessa... è..uan bella finestra CiD :cry:
Avatar utente
eliderossi86
Utente Senior
 
Post: 124
Iscritto il: 05/10/06 13:51

Re: FINESTRA -CID-

Postdi Luke57 » 03/04/08 14:29

Ciao, prova anche a scaricare deljob da qui:
http://home.hetnet.nl/~stefsmeenk/deljob.exe
lancialo
aspetta finchè non si aprirà un file di testo che verrà salvato sul desktop
metti in allegato il file logit.txt
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: FINESTRA -CID-

Postdi eliderossi86 » 03/04/08 16:50

--------------------------------------------------------
No LOP job-files found
--------------------------------------------------------
Files in Windows Tasks folder

AppleSoftwareUpdate.job
Verifica aggiornamenti per Windows Live Toolbar.job
--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 58F5-0296

Directory di C:\Documents and Settings\Elisa\Dati applicazioni

19/02/2008 02.21 <DIR> .
19/02/2008 02.21 <DIR> ..
07/02/2008 13.29 <DIR> Adobe
13/01/2007 14.29 <DIR> AdobeUM
27/09/2006 20.37 <DIR> APPLEC~1 Apple Computer
19/02/2008 02.21 <DIR> AVS4YOU
23/08/2007 18.45 <DIR> DivX
29/08/2007 14.14 <DIR> EPSON
19/09/2007 13.40 <DIR> Google
25/09/2006 18.51 <DIR> Help
25/09/2006 18.51 <DIR> IDENTI~1 Identities
14/12/2006 14.01 <DIR> Jasc
30/05/2007 19.10 <DIR> Lavasoft
13/10/2006 22.37 <DIR> LEADER~1 Leadertech
30/09/2006 21.08 <DIR> LGELEC~1 LG Electronics
10/06/2007 19.08 <DIR> MACROM~1 Macromedia
25/12/2007 19.52 <DIR> MICROS~1 Microsoft
27/09/2006 21.37 <DIR> Real
25/12/2007 19.10 <DIR> Samsung
25/09/2006 23.36 <DIR> Sun
06/12/2006 00.52 <DIR> vlc
05/10/2007 23.46 <DIR> Yahoo!
02/03/2008 13.45 <DIR> ZWEITG~1 zweitgeist
0 File 0 byte
23 Directory 9.217.028.096 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 58F5-0296

Directory di C:\Documents and Settings\All Users\Dati applicazioni

29/03/2008 18.56 <DIR> .
29/03/2008 18.56 <DIR> ..
27/10/2007 11.57 <DIR> Adobe
27/09/2006 20.25 <DIR> APPLEC~1 Apple Computer
19/02/2008 02.21 <DIR> AVS4YOU
14/09/2007 19.26 <DIR> FLOODL~1 FloodLightGames
19/09/2007 13.39 <DIR> Google
04/02/2008 12.34 <DIR> Lavasoft
05/03/2008 00.34 <DIR> MESSEN~1 Messenger Plus!
26/09/2006 17.21 <DIR> MICROS~1 Microsoft
03/12/2006 13.07 <DIR> Motive
03/12/2006 13.43 <DIR> MOTIVE~1 MotiveSysIDs
29/03/2008 18.56 <DIR> PROXYL~1 Proxy Long Chin Ping
31/03/2008 13.59 <DIR> SPYBOT~1 Spybot - Search & Destroy
26/10/2007 18.52 <DIR> TEMP
18/12/2006 00.33 <DIR> UDL
30/12/2006 20.37 <DIR> WINDOW~1 Windows Genuine Advantage
20/12/2007 11.56 <DIR> WLINST~1 WLInstaller
29/09/2006 15.32 <DIR> Yahoo!
29/09/2006 16.10 <DIR> YAHOO!~1 Yahoo! Companion
0 File 0 byte
20 Directory 9.217.028.096 byte disponibili
--------------------------------------------------------
All User Accounts
--------------------------------------------------------
Administrator
All Users
Elisa
Proprietario
--------------------------------------------------------
Avatar utente
eliderossi86
Utente Senior
 
Post: 124
Iscritto il: 05/10/06 13:51

Re: FINESTRA -CID-

Postdi Luke57 » 03/04/08 18:03

Ciao, elimina questa cartella:
C:\Documents and Settings\All Users\Dati applicazioni\Proxy Long Chin Ping
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: FINESTRA -CID-

Postdi eliderossi86 » 04/04/08 11:41

Ciao, grazie dell'aiuto datomo fino ad ora...

comunque non riesco a trovare questa cartella.. ho seguito il percorso da risorse del computer ed effettuato una ricerca ma senza risultati...come faccio?? :?:

Grazie ancora!
Avatar utente
eliderossi86
Utente Senior
 
Post: 124
Iscritto il: 05/10/06 13:51

Re: FINESTRA -CID-

Postdi Luke57 » 04/04/08 11:57

Ciao, da risorse del computer>strumenti>opzioni cartella>visualizzazione, metti la spunta a "visualizza file e cartelle nascosti", disattivala a "nascondi file protetti di sistema">OK. In questo modo dovrebbe apparire la cartella Dati e applicazioni, altrimenti nascosta.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: FINESTRA -CID-

Postdi eliderossi86 » 06/04/08 17:56

Ringrazio per l'aiuto sembra tutto risolto! :)
Avatar utente
eliderossi86
Utente Senior
 
Post: 124
Iscritto il: 05/10/06 13:51


Torna a Sicurezza e Privacy


Topic correlati a "FINESTRA -CID-":


Chi c’è in linea

Visitano il forum: Nessuno e 9 ospiti

cron