Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

log combofix

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

log combofix

Postdi budi » 28/10/11 23:22

Salve ragazzi, spero possiate aiutarmi con un problema che ormai ho da diversi giorni. Utilizzo firefox e come antivirus avira. Da qualche giorno il mio computer è lentissimo e appaiono pubblicità di ogni genere ogni volta che tento di accedere a siti da me scelti. Ho scaricato con tanta fatica Combofix; fatta finalmente la scansione ha elaborato il log in cui dice che il sistema è infetto. Cosa devo fare? Vi posso postare il log? Grazie in anticipo. :)
budi
Utente Junior
 
Post: 44
Iscritto il: 28/10/11 23:09

Sponsor
 

Re: log combofix

Postdi Luke57 » 29/10/11 09:13

Ciao, inseriscilo qui
http://wikisend.com/
e posta il link (generalmente il primo) che ti sarò fornito per poterlo vedere
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: log combofix

Postdi budi » 29/10/11 12:48

Ciao Luke, grazie per la risposta. Ho provato a fare quello che mi hai detto ma c'è un problema: non riesco a caricare il file, perchè dopo averlo cercato e cliccato su upload non succede assolutamente nulla :cry:
budi
Utente Junior
 
Post: 44
Iscritto il: 28/10/11 23:09

Re: log combofix

Postdi Luke57 » 29/10/11 13:14

Ciao, allora copialo e incollalo in un post
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: log combofix

Postdi budi » 29/10/11 21:38

ok te lo posto qui... ecco:
ComboFix 11-10-28.04 - Administrator 28/10/2011 23.50.19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.627 [GMT 2:00]
Eseguito da: d:\programmi\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {0012F2B4-5CC9-7C92-0300-000000000000}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Dati applicazioni\OfferBox
c:\documents and settings\Administrator\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\Administrator\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\Administrator\Dati applicazioni\PriceGong
c:\documents and settings\Administrator\Dati applicazioni\PriceGong\Data\mru.xml
c:\programmi\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\windows\autorun.inf
c:\windows\system\autorun.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\msconfig.exe
c:\windows\system32\Temp
.
c:\windows\system32\midimap.dll . . . è infetto!!
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-28 al 2011-10-28 )))))))))))))))))))))))))))))))))))
.
.
2011-10-26 16:45 . 2011-10-26 16:45 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Avira
2011-10-26 16:44 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-26 16:44 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-26 16:44 . 2011-10-26 16:44 -------- d-----w- c:\programmi\Avira
2011-10-25 21:08 . 2011-10-26 16:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2011-10-25 06:11 . 2011-10-25 06:11 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-10-24 22:16 . 2011-10-24 22:16 -------- d-----w- C:\FyK
2011-10-24 22:16 . 2011-10-24 22:16 112280 ----a-w- c:\programmi\Setup-5.053.exe
2011-10-24 20:15 . 2011-10-24 20:15 -------- d-----w- c:\programmi\Ask.com
2011-10-24 20:14 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-24 15:59 . 2011-10-24 15:59 -------- d-----w- c:\programmi\Legal Mp3 Downloads
2011-10-24 05:57 . 2011-10-25 21:13 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\tor
2011-10-23 19:17 . 2011-10-25 21:16 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\tor
2011-10-23 19:15 . 2011-10-28 05:49 -------- d-----w- c:\programmi\8E162
2011-10-23 19:14 . 2011-10-26 15:56 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\E448E
2011-10-23 19:14 . 2011-10-23 19:14 -------- d-----w- c:\programmi\LP
2011-10-07 15:25 . 2011-10-07 15:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ImTOO
2011-10-07 14:44 . 2011-10-07 15:26 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2011-10-07 14:19 . 2010-12-24 11:18 73728 ----a-w- c:\windows\system\vdremote.dll
2011-10-07 14:19 . 2010-12-24 11:17 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2011-10-06 17:23 . 2011-10-06 17:24 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\avidemux
2011-10-06 17:12 . 2008-12-08 10:53 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2011-10-06 17:12 . 2008-06-08 20:58 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\programmi\ffdshow
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\programmi\Haali
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\programmi\AviSynth 2.5
2011-10-06 17:12 . 2010-08-26 21:45 147456 ----a-w- c:\windows\system32\stQTSource.ax
2011-10-06 17:12 . 2010-07-15 09:30 290816 ----a-w- c:\windows\system32\stFLVSource.ax
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\programmi\File comuni\SourceTec
2011-10-06 17:12 . 2009-08-17 07:54 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-10-06 17:12 . 2009-08-17 07:54 438272 ----a-w- c:\windows\system32\Mpeg2DecFilter.ax
2011-10-06 17:12 . 2009-08-17 07:54 217088 ----a-w- c:\windows\system32\CoreFLACDecoder.ax
2011-10-06 17:12 . 2009-03-17 15:38 70656 ----a-w- c:\windows\system32\RLAPEDec.ax
2011-10-06 16:50 . 2011-10-06 16:50 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\MotionDSP
2011-10-06 16:50 . 2011-10-06 17:05 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2011-10-06 15:36 . 2011-10-06 15:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\MotionDSP
2011-10-06 15:21 . 2011-10-06 15:22 7362048 ----a-w- c:\programmi\MM26_IT.msi
2011-10-06 15:16 . 2011-10-06 15:16 3227648 ----a-w- c:\programmi\movimaker.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 06:03 . 2011-06-20 10:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 15:52 . 2011-01-23 09:47 642317 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\mdbu.bin
2011-09-26 09:41 . 2008-07-29 18:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-08-31 15:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-08-31 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2008-04-13 17:13 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2008-04-13 16:50 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2008-09-26 01:36 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2008-09-26 01:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:41 . 2008-04-13 17:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-04-13 16:50 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-13 10:19 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-09-26 01:31 . 0FF0C3264283FDEDDAA6A9DE51341A3D . 1444352 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-09-26 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-09-26 . 19CB8AA5B83D0017EB9A9126AA2EEB55 . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-13 . B46240BFFFDD064F32BCD4F7D958014F . 272384 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-06-08 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\system32\usp10.dll
.
[-] 2008-09-26 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-09-26 . 43A8C03A8CF9DB90958238AB694BF79D . 371200 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[-] 2008-09-26 . D8B05CF0EAD10A78DACAE187559D113D . 42496 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP0.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
2010-09-12 13:02 3863136 ----a-w- c:\programmi\PHPNukeIT\tbPHP0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\programmi\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-27 20:41 1493160 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP0.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programmi\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"OfficeSyncProcess"="c:\programmi\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-20 718720]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2011-09-26 17353352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-12-06 20480]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="d:\vinci silvia 11-01-2011\Utente\programmi\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ApnUpdater"="c:\programmi\Ask.com\Updater\Updater.exe" [2011-07-27 397992]
"D24.exe"="c:\programmi\LP\908E\D24.exe" [2011-10-26 290304]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-09-26 25088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Sitecom Wireless Utility.lnk - c:\programmi\Sitecom\Common\RaUI.exe [2011-2-7 1630208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"d:\\Vinci Silvia 11-01-2011\\Utente\\programmi\\iTunes.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24/10/2011 22.14.14 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [26/10/2011 18.44.49 86224]
R2 AntiVirWebService;Avira Web Protection;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [26/10/2011 18.44.48 463824]
R3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22.37.50 4640000]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\programmi\System\CPL Bonus\Vcdrom.sys --> c:\programmi\System\CPL Bonus\Vcdrom.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [28/06/2011 20.32.24 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [28/06/2011 20.32.24 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmi\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 11.15.00 31125880]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-06-28 18:32]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-06-28 18:32]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2102507
uInternet Settings,ProxyServer = http=127.0.0.1:63455
uInternet Settings,ProxyOverride = <local>
IE: &Download All using 4shared Desktop - f:\4shared desktop\down_all.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\z3y39t2k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?hl=it
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63455
FF - prefs.js: network.proxy.type - 1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-PoService - (no file)
HKCU-Run-Device Detection - d:\programmi\MyComposer\dd.exe
HKCU-Run-Fraps - f:\mods\FRAPS.EXE
AddRemove-BitTorrent - f:\\BitTorrent.exe
AddRemove-eMule - f:\emule\Uninstall.exe
AddRemove-Fraps - f:\mods\uninstall.exe
AddRemove-mod_sobit - f:\gta san andreas\Uninstall s0beit 3.4 mod
AddRemove-MTA:SA Race - f:\gta san andreas\Uninstall.exe
AddRemove-{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1 - f:\sothink movie dvd maker\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 23:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-1220945662-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,f3,b1,06,9d,ab,c8,46,95,1f,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,f3,b1,06,9d,ab,c8,46,95,1f,9a,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1000)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2011-10-28 23:58:28
ComboFix-quarantined-files.txt 2011-10-28 21:58
.
Pre-Run: 19.085.197.312 byte disponibili
Post-Run: 19.342.979.072 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 9F983FE6D59F5FD45F123C970ECD72D3
budi
Utente Junior
 
Post: 44
Iscritto il: 28/10/11 23:09

Re: log combofix

Postdi FrancescoFDAC » 30/10/11 09:59

Ciao. Ci sono delle infezioni da eliminare al più presto..
Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:

Codice: Seleziona tutto
File::
c:\programmi\movimaker.exe
c:\programmi\Setup-5.053.exe
c:\programmi\Ask.com\Updater\Updater.exe
c:\programmi\LP\908E\D24.exe

Folder::
c:\programmi\Ask.com
c:\programmi\Legal Mp3 Downloads
c:\programmi\8E162
c:\documents and settings\Administrator\Dati applicazioni\E448E
c:\documents and settings\Administrator\Dati applicazioni\ImTOO
c:\programmi\ConduitEngine
c:\programmi\PHPNukeIT
c:\programmi\LP

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"=-
[-HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
"D24.exe"=-

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2102507
uInternet Settings,ProxyServer = http=127.0.0.1:63455
IE: &Download All using 4shared Desktop - f:\4shared desktop\down_all.htm

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\z3y39t2k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2102507&SearchSource=3&q=
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63455
FF - prefs.js: network.proxy.type - 1


● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

http://img155.imageshack.us/img155/4837/cfscriptop0.gif

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi

P.S. Un saluto a Luke ;)
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: log combofix

Postdi budi » 30/10/11 17:35

Ciao Luke! Prima di tutto.. buona domenica! Secondo, ho fatto tutto quello che mi hai detto ed ecco il report:


ComboFix 11-10-28.04 - Administrator 30/10/2011 17.28.32.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.552 [GMT 1:00]
Eseguito da: d:\programmi\ComboFix.exe
Opzioni usate :: d:\vinci silvia 11-01-2011\Utente\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Outdated* {0012F2B4-5CC9-7C92-0300-000000000000}
.
FILE ::
"c:\programmi\Ask.com\Updater\Updater.exe"
"c:\programmi\LP\908E\D24.exe"
"c:\programmi\movimaker.exe"
"c:\programmi\Setup-5.053.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Dati applicazioni\E448E
c:\documents and settings\Administrator\Dati applicazioni\E448E\A143D.exe
c:\documents and settings\Administrator\Dati applicazioni\E448E\A1C90.exe
c:\documents and settings\Administrator\Dati applicazioni\E448E\E162.448
c:\documents and settings\Administrator\Dati applicazioni\ImTOO
c:\documents and settings\Administrator\Dati applicazioni\ImTOO\DVD Ripper Ultimate 6\action.js
c:\documents and settings\Administrator\Dati applicazioni\ImTOO\DVD Ripper Ultimate 6\action_new.js
c:\documents and settings\Administrator\Dati applicazioni\ImTOO\DVD Ripper Ultimate 6\customdata\oem.ini
c:\documents and settings\Administrator\Dati applicazioni\ImTOO\DVD Ripper Ultimate 6\customdata\settings.ini
c:\documents and settings\Administrator\Dati applicazioni\ImTOO\DVD Ripper Ultimate 6\devicesurport.ini
c:\documents and settings\Administrator\Dati applicazioni\ImTOO\DVD Ripper Ultimate 6\devicesurport_new.ini
c:\documents and settings\Administrator\Dati applicazioni\ImTOO\DVD Ripper Ultimate 6\index\indexversion.dat
c:\programmi\8E162
c:\programmi\8E162\lvvm.exe
c:\programmi\Ask.com
c:\programmi\Ask.com\assets\oobe\b.png
c:\programmi\Ask.com\assets\oobe\bl.png
c:\programmi\Ask.com\assets\oobe\br.png
c:\programmi\Ask.com\assets\oobe\l.png
c:\programmi\Ask.com\assets\oobe\pointer.png
c:\programmi\Ask.com\assets\oobe\r.png
c:\programmi\Ask.com\assets\oobe\t.png
c:\programmi\Ask.com\assets\oobe\tl.png
c:\programmi\Ask.com\assets\oobe\tr.png
c:\programmi\Ask.com\cobrand.ico
c:\programmi\Ask.com\config.xml
c:\programmi\Ask.com\favicon.ico
c:\programmi\Ask.com\fv_3b.ico
c:\programmi\Ask.com\GenericAskToolbar.dll
c:\programmi\Ask.com\mupcfg.xml
c:\programmi\Ask.com\precache.exe
c:\programmi\Ask.com\SaUpdate.exe
c:\programmi\Ask.com\TaskScheduler.exe
c:\programmi\Ask.com\Updater\config.xml
c:\programmi\Ask.com\Updater\Updater.exe
c:\programmi\Ask.com\UpdateTask.exe
c:\programmi\ConduitEngine
c:\programmi\ConduitEngine\appContextMenu.xml
c:\programmi\ConduitEngine\ConduitEngine.dll
c:\programmi\ConduitEngine\ConduitEngineHelper.exe
c:\programmi\ConduitEngine\ConduitEngineUninstall.exe
c:\programmi\ConduitEngine\engineContextMenu.xml
c:\programmi\ConduitEngine\EngineSettings.json
c:\programmi\ConduitEngine\INSTALL.LOG
c:\programmi\ConduitEngine\toolbar.cfg
c:\programmi\Legal Mp3 Downloads
c:\programmi\Legal Mp3 Downloads\AllTubeDownloaderSetup.exe
c:\programmi\Legal Mp3 Downloads\unins000.dat
c:\programmi\Legal Mp3 Downloads\unins000.exe
c:\programmi\LP
c:\programmi\LP\630E\F8.tmp
c:\programmi\LP\908E\10.tmp
c:\programmi\LP\908E\11.exe
c:\programmi\LP\908E\11.tmp
c:\programmi\LP\908E\12.tmp
c:\programmi\LP\908E\13.tmp
c:\programmi\LP\908E\14.tmp
c:\programmi\LP\908E\15.tmp
c:\programmi\LP\908E\16.tmp
c:\programmi\LP\908E\3.tmp
c:\programmi\LP\908E\4.exe
c:\programmi\LP\908E\4.tmp
c:\programmi\LP\908E\5.tmp
c:\programmi\LP\908E\6.tmp
c:\programmi\LP\908E\7.tmp
c:\programmi\LP\908E\8.tmp
c:\programmi\LP\908E\9.tmp
c:\programmi\LP\908E\A.tmp
c:\programmi\LP\908E\B.tmp
c:\programmi\LP\908E\C.tmp
c:\programmi\LP\908E\D.tmp
c:\programmi\LP\908E\D24.exe
c:\programmi\LP\908E\D3.tmp
c:\programmi\LP\908E\E.tmp
c:\programmi\LP\908E\E1.tmp
c:\programmi\LP\908E\F.exe
c:\programmi\LP\908E\F.tmp
c:\programmi\movimaker.exe
c:\programmi\PHPNukeIT
c:\programmi\PHPNukeIT\GottenAppsContextMenu.xml
c:\programmi\PHPNukeIT\OtherAppsContextMenu.xml
c:\programmi\PHPNukeIT\PHPNukeITToolbarHelper.exe
c:\programmi\PHPNukeIT\SharedAppsContextMenu.xml
c:\programmi\PHPNukeIT\tbPHP0.dll
c:\programmi\PHPNukeIT\tbPHP1.dll
c:\programmi\PHPNukeIT\tbPHPN.dll
c:\programmi\PHPNukeIT\toolbar.cfg
c:\programmi\PHPNukeIT\ToolbarContextMenu.xml
c:\programmi\PHPNukeIT\UNWISE.EXE
c:\programmi\PHPNukeIT\UNWISE.INI
c:\programmi\Setup-5.053.exe
.
c:\windows\system32\midimap.dll . . . è infetto!!
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-28 al 2011-10-30 )))))))))))))))))))))))))))))))))))
.
.
2011-10-29 12:19 . 2011-10-29 12:19 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\AskToolbar
2011-10-29 05:49 . 2011-10-29 05:49 -------- d-----w- c:\windows\system32\wbem\snmp
2011-10-29 05:49 . 2011-10-29 05:49 -------- d-----w- c:\windows\system32\xircom
2011-10-29 05:49 . 2011-10-29 05:49 -------- d-----w- c:\windows\srchasst
2011-10-29 05:49 . 2011-10-29 05:49 -------- d-----w- c:\programmi\microsoft frontpage
2011-10-26 16:45 . 2011-10-26 16:45 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Avira
2011-10-26 16:44 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-26 16:44 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-26 16:44 . 2011-10-26 16:44 -------- d-----w- c:\programmi\Avira
2011-10-25 21:08 . 2011-10-26 16:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2011-10-25 06:11 . 2011-10-25 06:11 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-10-24 22:16 . 2011-10-24 22:16 -------- d-----w- C:\FyK
2011-10-24 20:14 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-24 05:57 . 2011-10-25 21:13 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\tor
2011-10-23 19:17 . 2011-10-25 21:16 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\tor
2011-10-07 14:44 . 2011-10-07 15:26 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2011-10-07 14:19 . 2010-12-24 11:18 73728 ----a-w- c:\windows\system\vdremote.dll
2011-10-07 14:19 . 2010-12-24 11:17 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2011-10-06 17:23 . 2011-10-06 17:24 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\avidemux
2011-10-06 17:12 . 2008-12-08 10:53 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2011-10-06 17:12 . 2008-06-08 20:58 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\programmi\ffdshow
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\programmi\Haali
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\programmi\AviSynth 2.5
2011-10-06 17:12 . 2010-08-26 21:45 147456 ----a-w- c:\windows\system32\stQTSource.ax
2011-10-06 17:12 . 2010-07-15 09:30 290816 ----a-w- c:\windows\system32\stFLVSource.ax
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\programmi\File comuni\SourceTec
2011-10-06 17:12 . 2009-08-17 07:54 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-10-06 17:12 . 2009-08-17 07:54 438272 ----a-w- c:\windows\system32\Mpeg2DecFilter.ax
2011-10-06 17:12 . 2009-08-17 07:54 217088 ----a-w- c:\windows\system32\CoreFLACDecoder.ax
2011-10-06 17:12 . 2009-03-17 15:38 70656 ----a-w- c:\windows\system32\RLAPEDec.ax
2011-10-06 16:50 . 2011-10-06 16:50 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\MotionDSP
2011-10-06 16:50 . 2011-10-06 17:05 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2011-10-06 15:36 . 2011-10-06 15:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\MotionDSP
2011-10-06 15:21 . 2011-10-06 15:22 7362048 ----a-w- c:\programmi\MM26_IT.msi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 06:03 . 2011-06-20 10:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 15:52 . 2011-01-23 09:47 642317 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\mdbu.bin
2011-09-26 09:41 . 2008-07-29 18:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-08-31 15:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-08-31 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2008-04-13 17:13 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2008-04-13 16:50 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2008-09-26 01:36 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2008-09-26 01:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:41 . 2008-04-13 17:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-04-13 16:50 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-13 10:19 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-09-26 01:31 . 0FF0C3264283FDEDDAA6A9DE51341A3D . 1444352 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-09-26 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-09-26 . 19CB8AA5B83D0017EB9A9126AA2EEB55 . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-13 . B46240BFFFDD064F32BCD4F7D958014F . 272384 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-06-08 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\system32\usp10.dll
.
[-] 2008-09-26 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-09-26 . 43A8C03A8CF9DB90958238AB694BF79D . 371200 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[-] 2008-09-26 . D8B05CF0EAD10A78DACAE187559D113D . 42496 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-10-28_21.55.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-29 05:49 . 2011-10-29 05:49 16384 c:\windows\Temp\Perflib_Perfdata_310.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"OfficeSyncProcess"="c:\programmi\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-20 718720]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2011-09-26 17353352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-12-06 20480]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="d:\vinci silvia 11-01-2011\Utente\programmi\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-09-26 25088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Sitecom Wireless Utility.lnk - c:\programmi\Sitecom\Common\RaUI.exe [2011-2-7 1630208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"d:\\Vinci Silvia 11-01-2011\\Utente\\programmi\\iTunes.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24/10/2011 21.14.14 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [26/10/2011 17.44.49 86224]
R2 AntiVirWebService;Avira Web Protection;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [26/10/2011 17.44.48 463824]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\programmi\System\CPL Bonus\Vcdrom.sys --> c:\programmi\System\CPL Bonus\Vcdrom.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [28/06/2011 19.32.24 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [28/06/2011 19.32.24 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmi\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 10.15.00 31125880]
S3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21.37.50 4640000]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - HELPSVC
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-06-28 18:32]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-06-28 18:32]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1220945662-1606980848-500Core.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-10-29 12:29]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1220945662-1606980848-500UA.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-10-29 12:29]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\z3y39t2k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?hl=it
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-Legal Mp3 Downloads_is1 - c:\programmi\Legal Mp3 Downloads\unins000.exe
AddRemove-PHPNukeIT Toolbar - c:\progra~1\PHPNUK~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 17:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-1220945662-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,f3,b1,06,9d,ab,c8,46,95,1f,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,f3,b1,06,9d,ab,c8,46,95,1f,9a,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1000)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2011-10-30 17:37:32
ComboFix-quarantined-files.txt 2011-10-30 16:37
ComboFix2.txt 2011-10-28 21:58
.
Pre-Run: 18.847.281.152 byte disponibili
Post-Run: 18.809.053.184 byte disponibili
.
- - End Of File - - D392C6E6CADCFAE5DE92D73D923DDE31
budi
Utente Junior
 
Post: 44
Iscritto il: 28/10/11 23:09

Re: log combofix

Postdi FrancescoFDAC » 30/10/11 19:53

Ciao.

Ripristina un file di sistema

Per ripristinare il file midimap.dll, segui questa procedura:

● vai in C:\windows\system32
● rinomina il file midimap.dll in midimapold.dll
● scarica il nuovo file midimap.dll: http://www.dll-files.com/dllindex/dll-f ... ml?midimap
● salvalo sul Desktop
scompatta il file .zip
● taglia e incolla midimap.dll nella cartella C:\windows\system32
riavvia il sistema

Esegui nuovamente ComboFix, ed allega il nuovo Report.
Il PC come va?
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: log combofix

Postdi budi » 30/10/11 21:48

FrancescoFDAC ha scritto:Ciao.

Ripristina un file di sistema

Per ripristinare il file midimap.dll, segui questa procedura:

● vai in C:\windows\system32
● rinomina il file midimap.dll in midimapold.dll
● scarica il nuovo file midimap.dll: http://www.dll-files.com/dllindex/dll-f ... ml?midimap
● salvalo sul Desktop
scompatta il file .zip
● taglia e incolla midimap.dll nella cartella C:\windows\system32
riavvia il sistema

Esegui nuovamente ComboFix, ed allega il nuovo Report.
Il PC come va?

Ciao Francesco... ho provato a fare quello che hai detto, ma quando tento di scaricare il nuovo file mi appare questa scritta: Oops! something went wrong!

File not found midimap.dll

Go back to our start page
Volevo precisare che in principio questo computer aveva "windows vista" è stato sostituito con "window 7" quando l'avevo mandato in assistenza per una pulizia generale, perchè mi venne detto che era di gran lunga migliore. Non so se possa servire.. te lo scrivo solo perchè nel momento in cui ho rinominato il file mi è apparsa una schermata che mi chiedeva se volevo reimpostare tutto come prima, cliccando si mi chiedeva il cd di installazione.. cosa che io nn ho!
Grazie per aver risposto
budi
Utente Junior
 
Post: 44
Iscritto il: 28/10/11 23:09

Re: log combofix

Postdi budi » 30/10/11 22:13

Dimenticavo.... il computer è lentissimo! Da caricare a manovella!! :eeh: E poi ci sono sempre le pubblicità che appaiono!
Ultimamente sta funzionando male anche hotmail, perchè quando provo a cliccare su "rispondi" (a una mail) non succede nulla, quindi per poter rispondere devo cliccare su "nuovo" e incollare l'indirizzo della persona che mi interessa...
budi
Utente Junior
 
Post: 44
Iscritto il: 28/10/11 23:09

Re: log combofix

Postdi FrancescoFDAC » 31/10/11 09:04

Ciao. Vediamo se questo comando va a buon fine.

abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti

cerca ed elimina il file in grassetto

C:\WINDOWS\system32\midimap.dll

Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:

Codice: Seleziona tutto
FCopy::
c:\windows\ServicePackFiles\i386\midimap.dll|c:\windows\System32\midimap.dll



● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

http://img155.imageshack.us/img155/4837/cfscriptop0.gif

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi

Infine:
Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● doppio click su TDSSKiller.exe per avviare l'applicazione e successivamente sul pulsante Start Scan

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure, clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip, clicca quindi su Continua

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: clicca su Report e salva il contenuto in un file di testo
● è necessario riavviare il sistema: clicca su Riavvia ora
● una volta riavviato il sistema, il report del programma da allegare si trova in C:\ in questa forma:
TDSSKiller.[Version]_[Date]_[Time]_log.txt
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: log combofix

Postdi budi » 31/10/11 11:21

Ciao! Eccomi qui... missà tanto che nn è andato a buon fine neanche questo tentativo, perchè quando cerco di eliminare il file Midimap mi vien fuori una schermata che dice:

ERRORE DURANTE L'ELIMINAZIONE DEL FILE O DELLA CARTELLA
IMPOSSIBILE ELIMINARE MIDIMAP.
ACCESSO NEGATO.
CONTROLLARE CHE IL DISCO NON SIA PIENO O PROTETTO DA SCRITTURA E CHE IL FILE NON SIA ATTUALMENTE IN USO.

:( Secondo te devo perdere le speranze?!
budi
Utente Junior
 
Post: 44
Iscritto il: 28/10/11 23:09

Re: log combofix

Postdi FrancescoFDAC » 31/10/11 12:03

Allora.
Fai cosi;

Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:

File::
C:\WINDOWS\system32\midimap.dll

FCopy::
c:\windows\ServicePackFiles\i386\midimap.dll|c:\windows\System32\midimap.dll

● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

http://img155.imageshack.us/img155/4837/cfscriptop0.gif

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: log combofix

Postdi budi » 31/10/11 14:28

Fatto! Ecco il report di Combofix:

ComboFix 11-10-30.03 - Administrator 31/10/2011 14.25.29.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.565 [GMT 1:00]
Eseguito da: d:\programmi\ComboFix.exe
Opzioni usate :: d:\vinci silvia 11-01-2011\Utente\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Outdated* {0012F2B4-5CC9-7C92-0300-000000000000}
.
FILE ::
"c:\windows\system32\midimap.dll"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\midimap.dll . . . è infetto!!
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-28 al 2011-10-31 )))))))))))))))))))))))))))))))))))
.
.
2011-10-29 12:19 . 2011-10-29 12:19 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\AskToolbar
2011-10-29 05:49 . 2011-10-29 05:49 -------- d-----w- c:\windows\system32\wbem\snmp
2011-10-29 05:49 . 2011-10-29 05:49 -------- d-----w- c:\windows\system32\xircom
2011-10-29 05:49 . 2011-10-29 05:49 -------- d-----w- c:\windows\srchasst
2011-10-29 05:49 . 2011-10-29 05:49 -------- d-----w- c:\programmi\microsoft frontpage
2011-10-26 16:45 . 2011-10-26 16:45 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Avira
2011-10-26 16:44 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-26 16:44 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-26 16:44 . 2011-10-26 16:44 -------- d-----w- c:\programmi\Avira
2011-10-25 21:08 . 2011-10-26 16:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2011-10-25 06:11 . 2011-10-25 06:11 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-10-24 22:16 . 2011-10-24 22:16 -------- d-----w- C:\FyK
2011-10-24 20:14 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-24 05:57 . 2011-10-25 21:13 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\tor
2011-10-23 19:17 . 2011-10-25 21:16 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\tor
2011-10-07 14:44 . 2011-10-07 15:26 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2011-10-07 14:19 . 2010-12-24 11:18 73728 ----a-w- c:\windows\system\vdremote.dll
2011-10-07 14:19 . 2010-12-24 11:17 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2011-10-06 17:23 . 2011-10-06 17:24 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\avidemux
2011-10-06 17:12 . 2008-12-08 10:53 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2011-10-06 17:12 . 2008-06-08 20:58 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\programmi\ffdshow
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\programmi\Haali
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\programmi\AviSynth 2.5
2011-10-06 17:12 . 2010-08-26 21:45 147456 ----a-w- c:\windows\system32\stQTSource.ax
2011-10-06 17:12 . 2010-07-15 09:30 290816 ----a-w- c:\windows\system32\stFLVSource.ax
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\programmi\File comuni\SourceTec
2011-10-06 17:12 . 2009-08-17 07:54 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-10-06 17:12 . 2009-08-17 07:54 438272 ----a-w- c:\windows\system32\Mpeg2DecFilter.ax
2011-10-06 17:12 . 2009-08-17 07:54 217088 ----a-w- c:\windows\system32\CoreFLACDecoder.ax
2011-10-06 17:12 . 2009-03-17 15:38 70656 ----a-w- c:\windows\system32\RLAPEDec.ax
2011-10-06 16:50 . 2011-10-06 16:50 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\MotionDSP
2011-10-06 16:50 . 2011-10-06 17:05 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2011-10-06 15:36 . 2011-10-06 15:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\MotionDSP
2011-10-06 15:21 . 2011-10-06 15:22 7362048 ----a-w- c:\programmi\MM26_IT.msi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 06:03 . 2011-06-20 10:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 15:52 . 2011-01-23 09:47 642317 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\mdbu.bin
2011-09-26 09:41 . 2008-07-29 18:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-08-31 15:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-08-31 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2008-04-13 17:13 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2008-04-13 16:50 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2008-09-26 01:36 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2008-09-26 01:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:41 . 2008-04-13 17:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-04-13 16:50 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-13 10:19 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-09-26 01:31 . 0FF0C3264283FDEDDAA6A9DE51341A3D . 1444352 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-09-26 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-09-26 . 19CB8AA5B83D0017EB9A9126AA2EEB55 . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-13 . B46240BFFFDD064F32BCD4F7D958014F . 272384 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-06-08 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\system32\usp10.dll
.
[-] 2008-09-26 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-09-26 . 43A8C03A8CF9DB90958238AB694BF79D . 371200 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[-] 2008-09-26 . D8B05CF0EAD10A78DACAE187559D113D . 42496 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-10-28_21.55.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-31 07:07 . 2011-10-31 07:07 16384 c:\windows\Temp\Perflib_Perfdata_2f4.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"OfficeSyncProcess"="c:\programmi\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-20 718720]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2011-09-26 17353352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-12-06 20480]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="d:\vinci silvia 11-01-2011\Utente\programmi\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-09-26 25088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Sitecom Wireless Utility.lnk - c:\programmi\Sitecom\Common\RaUI.exe [2011-2-7 1630208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"d:\\Vinci Silvia 11-01-2011\\Utente\\programmi\\iTunes.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24/10/2011 21.14.14 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [26/10/2011 17.44.49 86224]
R2 AntiVirWebService;Avira Web Protection;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [26/10/2011 17.44.48 463824]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\programmi\System\CPL Bonus\Vcdrom.sys --> c:\programmi\System\CPL Bonus\Vcdrom.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [28/06/2011 19.32.24 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [28/06/2011 19.32.24 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmi\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 10.15.00 31125880]
S3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21.37.50 4640000]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-06-28 18:32]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-06-28 18:32]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1220945662-1606980848-500Core.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-10-29 12:29]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1220945662-1606980848-500UA.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-10-29 12:29]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\z3y39t2k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?hl=it
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-31 14:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-1220945662-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,f3,b1,06,9d,ab,c8,46,95,1f,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,f3,b1,06,9d,ab,c8,46,95,1f,9a,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(992)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(796)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\progra~1\FILECO~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~1\Office14\1040\GrooveIntlResource.dll
c:\windows\System32\cscui.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2011-10-31 14:34:22
ComboFix-quarantined-files.txt 2011-10-31 13:34
ComboFix2.txt 2011-10-30 16:37
ComboFix3.txt 2011-10-28 21:58
.
Pre-Run: 18.733.768.704 byte disponibili
Post-Run: 18.723.237.888 byte disponibili
.
- - End Of File - - 361033D38E4C0E1EDDEF3D75C741D8E3
budi
Utente Junior
 
Post: 44
Iscritto il: 28/10/11 23:09

Re: log combofix

Postdi FrancescoFDAC » 31/10/11 14:35

Ciao.
Accedi in modalità provvisoria;

Avvia il sistema in modalità provvisoria, cliccando sui seguenti link:
● modalità provvisoria in Windows XP: http://support.microsoft.com/kb/316434/it#3
● modalità provvisoria in Windows Vista e Seven: http://windowshelp.microsoft.com/Window ... 11040.mspx

Scarica ora il file Midimap.dll: http://wikisend.com/download/139164/midimap.dll
● taglia e incolla midimap.dll nella cartella C:\windows\system32: elimina prima il file midimap.dll, se presente nella cartella System32
riavvia il sistema


Il PC come va?
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: log combofix

Postdi budi » 31/10/11 15:14

Fatto tutto! ... il pc è lentissimissimissimo... un sacco di tempo per caricare una pagina. Sembra però che le pubblicità siano sparite... continuerò a fare qualche prova per avere proprio la certezza che sia così.
budi
Utente Junior
 
Post: 44
Iscritto il: 28/10/11 23:09

Re: log combofix

Postdi FrancescoFDAC » 31/10/11 15:42

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● doppio click su TDSSKiller.exe per avviare l'applicazione e successivamente sul pulsante Start Scan

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure, clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip, clicca quindi su Continua

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: clicca su Report e salva il contenuto in un file di testo
● è necessario riavviare il sistema: clicca su Riavvia ora
● una volta riavviato il sistema, il report del programma da allegare si trova in C:\ in questa forma:
TDSSKiller.[Version]_[Date]_[Time]_log.txt
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: log combofix

Postdi budi » 31/10/11 17:29

fatto anche questo.. solo che nn mi è chiara una cosa... il report, lo copio e incollo come per gli altri? Perchè io il file di testo non so come si fanno.. :-?
budi
Utente Junior
 
Post: 44
Iscritto il: 28/10/11 23:09

Re: log combofix

Postdi budi » 31/10/11 23:06

bè... penso sia un normale file che scritto per esempio sul blocco note viene salvato come txt. Comunque te lo allego qui.... grazie! :)


16:48:54.0515 0828 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
16:48:54.0921 0828 ============================================================
16:48:54.0921 0828 Current date / time: 2011/10/31 16:48:54.0921
16:48:54.0921 0828 SystemInfo:
16:48:54.0921 0828
16:48:54.0921 0828 OS Version: 5.1.2600 ServicePack: 3.0
16:48:54.0921 0828 Product type: Workstation
16:48:54.0921 0828 ComputerName: XP-HWNL-ZERO-V3
16:48:54.0921 0828 UserName: Administrator
16:48:54.0921 0828 Windows directory: C:\WINDOWS
16:48:54.0921 0828 System windows directory: C:\WINDOWS
16:48:54.0921 0828 Processor architecture: Intel x86
16:48:54.0921 0828 Number of processors: 1
16:48:54.0921 0828 Page size: 0x1000
16:48:54.0921 0828 Boot type: Normal boot
16:48:54.0921 0828 ============================================================
16:48:55.0531 0828 Initialize success
16:49:18.0031 0900 ============================================================
16:49:18.0031 0900 Scan started
16:49:18.0031 0900 Mode: Manual;
16:49:18.0031 0900 ============================================================
16:49:19.0609 0900 Abiosdsk - ok
16:49:20.0984 0900 abp480n5 - ok
16:49:22.0515 0900 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:49:22.0515 0900 ACPI - ok
16:49:24.0296 0900 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:49:24.0296 0900 ACPIEC - ok
16:49:26.0000 0900 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
16:49:26.0031 0900 ADIHdAudAddService - ok
16:49:27.0390 0900 adpu160m - ok
16:49:28.0796 0900 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
16:49:28.0812 0900 AEAudio - ok
16:49:30.0265 0900 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:49:30.0312 0900 aec - ok
16:49:31.0718 0900 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:49:31.0734 0900 AegisP - ok
16:49:33.0203 0900 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:49:33.0203 0900 AFD - ok
16:49:34.0859 0900 AgereSoftModem (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:49:34.0937 0900 AgereSoftModem - ok
16:49:36.0234 0900 Aha154x - ok
16:49:37.0625 0900 aic78u2 - ok
16:49:38.0984 0900 aic78xx - ok
16:49:40.0312 0900 AliIde - ok
16:49:41.0593 0900 amsint - ok
16:49:42.0968 0900 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:49:42.0984 0900 Arp1394 - ok
16:49:44.0296 0900 asc - ok
16:49:45.0656 0900 asc3350p - ok
16:49:47.0046 0900 asc3550 - ok
16:49:48.0453 0900 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:49:48.0453 0900 AsyncMac - ok
16:49:49.0843 0900 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:49:49.0843 0900 atapi - ok
16:49:51.0296 0900 Atdisk - ok
16:49:52.0843 0900 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:49:52.0875 0900 Atmarpc - ok
16:49:54.0234 0900 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:49:54.0265 0900 audstub - ok
16:49:55.0562 0900 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:49:55.0562 0900 avgntflt - ok
16:49:56.0859 0900 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:49:56.0890 0900 avipbb - ok
16:49:58.0265 0900 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:49:58.0296 0900 avkmgr - ok
16:49:59.0703 0900 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:49:59.0828 0900 BCM43XX - ok
16:50:01.0140 0900 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
16:50:01.0171 0900 bcm4sbxp - ok
16:50:02.0562 0900 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:50:02.0578 0900 Beep - ok
16:50:03.0937 0900 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
16:50:03.0984 0900 btaudio - ok
16:50:05.0343 0900 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
16:50:05.0359 0900 BTDriver - ok
16:50:06.0718 0900 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:50:06.0781 0900 BTKRNL - ok
16:50:08.0140 0900 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:50:08.0156 0900 BTWDNDIS - ok
16:50:09.0468 0900 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
16:50:09.0500 0900 BTWUSB - ok
16:50:09.0593 0900 catchme - ok
16:50:11.0078 0900 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:50:11.0093 0900 cbidf2k - ok
16:50:12.0421 0900 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:50:12.0437 0900 CCDECODE - ok
16:50:13.0718 0900 cd20xrnt - ok
16:50:15.0031 0900 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:50:15.0062 0900 Cdaudio - ok
16:50:16.0421 0900 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:50:16.0421 0900 Cdfs - ok
16:50:17.0890 0900 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:50:17.0921 0900 Cdrom - ok
16:50:19.0312 0900 Changer - ok
16:50:20.0656 0900 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:50:20.0671 0900 CmBatt - ok
16:50:21.0953 0900 CmdIde - ok
16:50:23.0265 0900 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:50:23.0265 0900 Compbatt - ok
16:50:24.0625 0900 Cpqarray - ok
16:50:25.0937 0900 dac2w2k - ok
16:50:27.0296 0900 dac960nt - ok
16:50:28.0640 0900 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:50:28.0640 0900 Disk - ok
16:50:30.0015 0900 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
16:50:30.0078 0900 dmboot - ok
16:50:31.0406 0900 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
16:50:31.0406 0900 dmio - ok
16:50:32.0796 0900 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:50:32.0796 0900 dmload - ok
16:50:34.0125 0900 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:50:34.0140 0900 DMusic - ok
16:50:35.0437 0900 dpti2o - ok
16:50:36.0812 0900 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:50:36.0828 0900 drmkaud - ok
16:50:38.0265 0900 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:50:38.0265 0900 Fastfat - ok
16:50:39.0609 0900 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:50:39.0609 0900 Fdc - ok
16:50:40.0921 0900 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
16:50:40.0937 0900 Fips - ok
16:50:42.0343 0900 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:50:42.0359 0900 Flpydisk - ok
16:50:43.0718 0900 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:50:43.0718 0900 FltMgr - ok
16:50:45.0062 0900 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:50:45.0078 0900 Fs_Rec - ok
16:50:46.0390 0900 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:50:46.0390 0900 Ftdisk - ok
16:50:47.0859 0900 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:50:47.0875 0900 GEARAspiWDM - ok
16:50:49.0203 0900 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:50:49.0218 0900 Gpc - ok
16:50:50.0593 0900 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
16:50:50.0609 0900 HBtnKey - ok
16:50:51.0953 0900 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:50:51.0968 0900 HDAudBus - ok
16:50:53.0328 0900 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:50:53.0343 0900 HidUsb - ok
16:50:54.0671 0900 hpn - ok
16:50:56.0015 0900 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
16:50:56.0015 0900 HpqKbFiltr - ok
16:50:57.0406 0900 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:50:57.0406 0900 HTTP - ok
16:50:58.0703 0900 i2omgmt - ok
16:51:00.0046 0900 i2omp - ok
16:51:01.0390 0900 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:51:01.0406 0900 i8042prt - ok
16:51:02.0921 0900 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:51:03.0140 0900 ialm - ok
16:51:04.0500 0900 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:51:04.0515 0900 iaStor - ok
16:51:05.0812 0900 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:51:05.0828 0900 Imapi - ok
16:51:07.0218 0900 ini910u - ok
16:51:08.0562 0900 IntelIde - ok
16:51:09.0875 0900 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:51:09.0875 0900 intelppm - ok
16:51:11.0187 0900 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:51:11.0218 0900 Ip6Fw - ok
16:51:12.0578 0900 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:51:12.0578 0900 IpFilterDriver - ok
16:51:13.0921 0900 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:51:13.0937 0900 IpInIp - ok
16:51:15.0265 0900 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:51:15.0296 0900 IpNat - ok
16:51:16.0625 0900 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:51:16.0640 0900 IPSec - ok
16:51:18.0031 0900 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:51:18.0062 0900 IRENUM - ok
16:51:19.0406 0900 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:51:19.0406 0900 isapnp - ok
16:51:20.0765 0900 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:51:20.0765 0900 Kbdclass - ok
16:51:22.0109 0900 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:51:22.0125 0900 kbdhid - ok
16:51:23.0453 0900 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:51:23.0484 0900 kmixer - ok
16:51:24.0828 0900 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:51:24.0843 0900 KSecDD - ok
16:51:26.0140 0900 lbrtfdc - ok
16:51:27.0593 0900 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:51:27.0609 0900 mnmdd - ok
16:51:28.0937 0900 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
16:51:28.0953 0900 Modem - ok
16:51:30.0265 0900 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:51:30.0296 0900 Mouclass - ok
16:51:31.0687 0900 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:51:31.0703 0900 mouhid - ok
16:51:33.0078 0900 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:51:33.0078 0900 MountMgr - ok
16:51:34.0390 0900 mraid35x - ok
16:51:35.0734 0900 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:51:35.0765 0900 MRxDAV - ok
16:51:37.0109 0900 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:51:37.0125 0900 MRxSmb - ok
16:51:38.0531 0900 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:51:38.0546 0900 Msfs - ok
16:51:39.0843 0900 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:51:39.0859 0900 MSKSSRV - ok
16:51:41.0171 0900 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:51:41.0187 0900 MSPCLOCK - ok
16:51:42.0500 0900 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:51:42.0515 0900 MSPQM - ok
16:51:43.0828 0900 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:51:43.0828 0900 mssmbios - ok
16:51:45.0187 0900 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:51:45.0203 0900 MSTEE - ok
16:51:46.0515 0900 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:51:46.0515 0900 Mup - ok
16:51:48.0000 0900 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:51:48.0031 0900 NABTSFEC - ok
16:51:49.0359 0900 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:51:49.0359 0900 NDIS - ok
16:51:50.0671 0900 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:51:50.0703 0900 NdisIP - ok
16:51:52.0031 0900 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:51:52.0031 0900 NdisTapi - ok
16:51:53.0375 0900 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:51:53.0406 0900 Ndisuio - ok
16:51:54.0796 0900 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:51:54.0828 0900 NdisWan - ok
16:51:56.0203 0900 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:51:56.0203 0900 NDProxy - ok
16:51:57.0656 0900 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:51:57.0656 0900 NetBIOS - ok
16:51:59.0015 0900 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:51:59.0046 0900 NetBT - ok
16:52:00.0406 0900 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:52:00.0406 0900 NIC1394 - ok
16:52:01.0718 0900 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:52:01.0718 0900 Npfs - ok
16:52:03.0062 0900 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:52:03.0062 0900 Ntfs - ok
16:52:04.0421 0900 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:52:04.0437 0900 Null - ok
16:52:05.0781 0900 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:52:05.0796 0900 NwlnkFlt - ok
16:52:07.0156 0900 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:52:07.0187 0900 NwlnkFwd - ok
16:52:08.0546 0900 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:52:08.0546 0900 ohci1394 - ok
16:52:09.0984 0900 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
16:52:10.0015 0900 Parport - ok
16:52:11.0343 0900 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:52:11.0343 0900 PartMgr - ok
16:52:12.0718 0900 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:52:12.0734 0900 ParVdm - ok
16:52:14.0078 0900 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
16:52:14.0078 0900 PCI - ok
16:52:15.0359 0900 PCIDump - ok
16:52:16.0734 0900 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:52:16.0734 0900 PCIIde - ok
16:52:18.0062 0900 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:52:18.0078 0900 Pcmcia - ok
16:52:19.0359 0900 PDCOMP - ok
16:52:20.0656 0900 PDFRAME - ok
16:52:22.0046 0900 PDRELI - ok
16:52:23.0500 0900 PDRFRAME - ok
16:52:24.0796 0900 perc2 - ok
16:52:26.0093 0900 perc2hib - ok
16:52:27.0609 0900 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:52:27.0625 0900 PptpMiniport - ok
16:52:29.0093 0900 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:52:29.0109 0900 PSched - ok
16:52:30.0437 0900 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:52:30.0468 0900 Ptilink - ok
16:52:31.0828 0900 ql1080 - ok
16:52:33.0171 0900 Ql10wnt - ok
16:52:34.0484 0900 ql12160 - ok
16:52:35.0906 0900 ql1240 - ok
16:52:37.0406 0900 ql1280 - ok
16:52:38.0750 0900 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:52:38.0765 0900 RasAcd - ok
16:52:40.0187 0900 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:52:40.0234 0900 Rasl2tp - ok
16:52:41.0593 0900 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:52:41.0609 0900 RasPppoe - ok
16:52:42.0953 0900 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:52:42.0968 0900 Raspti - ok
16:52:44.0343 0900 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:52:44.0343 0900 Rdbss - ok
16:52:45.0671 0900 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:52:45.0687 0900 RDPCDD - ok
16:52:47.0062 0900 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:52:47.0093 0900 rdpdr - ok
16:52:48.0468 0900 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:52:48.0484 0900 RDPWD - ok
16:52:49.0890 0900 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:52:49.0921 0900 redbook - ok
16:52:51.0468 0900 rt2870 (83b9e404b4f7e2c86b4a8d416645c1f6) C:\WINDOWS\system32\DRIVERS\rt2870.sys
16:52:51.0515 0900 rt2870 - ok
16:52:52.0843 0900 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:52:52.0859 0900 Secdrv - ok
16:52:54.0218 0900 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
16:52:54.0234 0900 Serial - ok
16:52:55.0609 0900 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:52:55.0625 0900 Sfloppy - ok
16:52:57.0421 0900 Simbad - ok
16:52:58.0781 0900 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:52:58.0796 0900 SLIP - ok
16:53:00.0140 0900 snpstd (da364fa202a87a09fcb6d80c955bc8c6) C:\WINDOWS\system32\DRIVERS\snpstd.sys
16:53:00.0171 0900 snpstd - ok
16:53:01.0500 0900 Sparrow - ok
16:53:02.0984 0900 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:53:02.0984 0900 splitter - ok
16:53:04.0343 0900 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
16:53:04.0343 0900 sr - ok
16:53:05.0703 0900 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:53:05.0718 0900 Srv - ok
16:53:07.0140 0900 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:53:07.0140 0900 ssmdrv - ok
16:53:08.0515 0900 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:53:08.0531 0900 streamip - ok
16:53:09.0875 0900 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:53:09.0890 0900 swenum - ok
16:53:11.0265 0900 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:53:11.0296 0900 swmidi - ok
16:53:12.0656 0900 symc810 - ok
16:53:13.0968 0900 symc8xx - ok
16:53:15.0281 0900 sym_hi - ok
16:53:16.0609 0900 sym_u3 - ok
16:53:18.0031 0900 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:53:18.0046 0900 sysaudio - ok
16:53:19.0406 0900 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:53:19.0421 0900 Tcpip - ok
16:53:20.0703 0900 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:53:20.0718 0900 TDPIPE - ok
16:53:22.0031 0900 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:53:22.0062 0900 TDTCP - ok
16:53:23.0390 0900 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:53:23.0406 0900 TermDD - ok
16:53:24.0734 0900 TosIde - ok
16:53:26.0093 0900 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:53:26.0125 0900 Udfs - ok
16:53:27.0484 0900 ultra - ok
16:53:28.0890 0900 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:53:28.0921 0900 Update - ok
16:53:30.0265 0900 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:53:30.0281 0900 usbehci - ok
16:53:31.0593 0900 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:53:31.0625 0900 usbhub - ok
16:53:32.0953 0900 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:53:32.0984 0900 usbscan - ok
16:53:34.0343 0900 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:53:34.0343 0900 USBSTOR - ok
16:53:35.0656 0900 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:53:35.0671 0900 usbuhci - ok
16:53:35.0765 0900 vcdrom - ok
16:53:37.0140 0900 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:53:37.0171 0900 VgaSave - ok
16:53:38.0531 0900 ViaIde - ok
16:53:39.0953 0900 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
16:53:39.0953 0900 VolSnap - ok
16:53:41.0343 0900 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:53:41.0375 0900 Wanarp - ok
16:53:42.0828 0900 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:53:42.0875 0900 Wdf01000 - ok
16:53:44.0156 0900 WDICA - ok
16:53:45.0468 0900 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:53:45.0484 0900 wdmaud - ok
16:53:46.0843 0900 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:53:46.0843 0900 WmiAcpi - ok
16:53:48.0296 0900 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:53:48.0312 0900 WS2IFSL - ok
16:53:49.0640 0900 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:53:49.0640 0900 WSTCODEC - ok
16:53:49.0703 0900 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
16:53:49.0875 0900 \Device\Harddisk0\DR0 - ok
16:53:49.0875 0900 MBR (0x1B8) (4e109e088ef4f29892fb4b77ab48296c) \Device\Harddisk1\DR3
16:53:49.0921 0900 \Device\Harddisk1\DR3 - ok
16:53:49.0937 0900 Boot (0x1200) (f9379f8b8670f0ac624b40c460b49cc6) \Device\Harddisk0\DR0\Partition0
16:53:49.0937 0900 \Device\Harddisk0\DR0\Partition0 - ok
16:53:49.0953 0900 Boot (0x1200) (44b083f11313492e411cdb3f61851281) \Device\Harddisk0\DR0\Partition1
16:53:49.0953 0900 \Device\Harddisk0\DR0\Partition1 - ok
16:53:49.0968 0900 Boot (0x1200) (fc68687c7b115899c1bd24ec75741adb) \Device\Harddisk1\DR3\Partition0
16:53:49.0968 0900 \Device\Harddisk1\DR3\Partition0 - ok
16:53:49.0968 0900 ============================================================
16:53:49.0968 0900 Scan finished
16:53:49.0968 0900 ============================================================
16:53:49.0984 2956 Detected object count: 0
16:53:49.0984 2956 Actual detected object count: 0
17:30:26.0968 0500 Deinitialize success
budi
Utente Junior
 
Post: 44
Iscritto il: 28/10/11 23:09

Re: log combofix

Postdi FrancescoFDAC » 01/11/11 10:29

Allega un log di Hijackthis aggiornato.

Il PC lamenta sempre gli stessi problemi?
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "log combofix":

Aiuto log Combofix
Autore: cariu
Forum: Sicurezza e Privacy
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti