Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Trojan Agent e Zbot

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Trojan Agent e Zbot

Postdi polly76 » 18/02/13 14:36

Salve! Ho rimosso tre trojan con Malwareantibytes, posto il log insieme a quello di Hijack, qualcuno può controllarli, per favore? Grazie molte!

Malwarebytes Anti-Malware 1.70.0.1100

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mionome:: Mionome-PC [amministratore]

18/02/2013 14:03:38
mbam-log-2013-02-18 (14-03-38).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 277271
Tempo impiegato: 3 minuti, 43 secondi

Processi rilevati in memoria: 1
C:\Users\Mionome\AppData\Roaming\Unxym\igbe.exe (IPH.Trojan.Zbot.Rke) -> 2796 -> Verrà eliminato al riavvio.

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |Etipxyyztu (IPH.Trojan.Zbot.Rke) -> Dati: C:\Users\Mionome\AppData\Roaming\Unxym\igbe.exe -> Spostato in quarantena ed eliminato con successo.

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 2
C:\Users\Mionome\AppData\Roaming\Unxym\igbe.exe (IPH.Trojan.Zbot.Rke) -> Verrà eliminato al riavvio.
C:\Users\Mionome\AppData\Roaming\Nokia\GetConnecte dWizard\TsWpfWrp.exe (Trojan.Agent.GPC) -> Spostato in quarantena ed eliminato con successo.



---------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:14:42, on 18/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\mionome\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1:9421
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/dev...e/AxLoader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/fr...loader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.e xe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_960c1f056a541068\STacSV64.e xe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9719 bytes
polly76
Utente Junior
 
Post: 31
Iscritto il: 25/07/11 18:53

Sponsor
 

Re: Trojan Agent e Zbot

Postdi shel » 18/02/13 15:57

ciao hai fatto una scansione veloce

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 277271
Tempo impiegato: 3 minuti, 43 secondi

aggiorna malwarebytes e ripeti la scansione, questa volta fai quella completa ed elimina cio' che trova - posta il log

fai anche una scansione con combofix

salvalo sul desktop (non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Trojan Agent e Zbot

Postdi polly76 » 18/02/13 16:05

La scansione completa di MAlwarebytes non ha trovato nulla. Ora lancio combofix e posto il report. Grazie!
polly76
Utente Junior
 
Post: 31
Iscritto il: 25/07/11 18:53

Re: Trojan Agent e Zbot

Postdi shel » 18/02/13 16:07

La scansione completa di MAlwarebytes non ha trovato nulla


allega il log della scansione insieme a quello di combofix
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Trojan Agent e Zbot

Postdi polly76 » 18/02/13 16:20

Ok, intanto questo è il report di Combofix:

ComboFix 13-02-18.01 - mionome 18/02/2013 16:08:50.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4063.2756 [GMT 1:00]
Eseguito da: C:\Users\mionome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYV7X23W\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino


((((((((((((((((((((((((( Files Creati Da 2013-01-18 al 2013-02-18 )))))))))))))))))))))))))))))))))))


2013-02-18 15:15:26 . 2013-02-18 15:15:26 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2013-02-18 15:15:26 . 2013-02-18 15:15:26 -------- d-----w- C:\Users\Public\AppData\Local\temp
2013-02-18 15:15:26 . 2013-02-18 15:15:26 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\temp
2013-02-18 15:15:26 . 2013-02-18 15:15:26 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-02-18 15:15:26 . 2013-02-18 15:15:26 -------- d-----w- C:\Users\Classic .NET AppPool\AppData\Local\temp
2013-02-18 12:56:38 . 2013-02-18 13:11:37 -------- d-----w- C:\Users\mionome\AppData\Roaming\Unxym
2013-02-18 12:56:38 . 2013-02-18 13:08:00 -------- d-----w- C:\Users\mionome\AppData\Roaming\Ciahv
2013-02-18 12:56:38 . 2013-02-18 12:56:38 -------- d-----w- C:\Users\mionome\AppData\Roaming\Aqohme
2013-02-13 17:53:15 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:53:15 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:50:59 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 17:50:57 . 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\system32\win32k.sys
2013-02-13 17:50:55 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-02-13 17:50:52 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 17:50:51 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 17:50:32 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-02-13 17:50:32 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-02-04 23:48:27 . 2013-02-04 23:53:38 -------- d-----w- C:\Program Files (x86)\Google
2013-02-04 18:49:02 . 2013-02-06 12:50:44 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-02-04 15:37:44 . 2013-02-05 23:16:00 -------- d-----w- C:\Users\mionome\AppData\Roaming\Iqhus
2013-02-04 15:37:44 . 2013-02-04 18:51:07 -------- d-----w- C:\Users\mionome\AppData\Roaming\Izgo
2013-02-04 15:37:44 . 2013-02-04 15:37:44 -------- d-----w- C:\Users\mionome\AppData\Roaming\Edqay
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2013-02-13 14:28:27 . 2012-04-02 16:33:18 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-13 14:28:27 . 2011-06-05 20:11:58 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-04 04:43:21 . 2013-02-13 17:51:01 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 . 2012-12-21 12:17:25 46080 ----a-w- C:\Windows\system32\atmlib.dll
2012-12-16 14:45:03 . 2012-12-21 12:17:24 367616 ----a-w- C:\Windows\system32\atmfd.dll
2012-12-16 14:13:28 . 2012-12-21 12:17:24 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 . 2012-12-21 12:17:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 17:38:20 . 2012-12-14 17:38:20 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2012-12-14 17:38:20 . 2012-12-14 17:38:20 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2012-12-14 17:38:19 . 2012-12-14 17:38:19 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2012-12-14 17:38:19 . 2012-12-14 17:38:19 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-12-14 17:38:19 . 2012-12-14 17:38:19 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2012-12-14 17:38:19 . 2012-12-14 17:38:19 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-12-14 17:38:19 . 2012-12-14 17:38:19 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
2012-12-14 17:38:19 . 2012-12-14 17:38:19 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2012-12-14 17:38:19 . 2012-12-14 17:38:19 367104 ----a-w- C:\Windows\SysWow64\html.iec
2012-12-14 17:38:19 . 2012-12-14 17:38:19 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
2012-12-14 17:38:19 . 2012-12-14 17:38:19 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-12-14 17:38:19 . 2012-12-14 17:38:19 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
2012-12-14 17:38:19 . 2012-12-14 17:38:19 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2012-12-14 17:38:19 . 2012-12-14 17:38:19 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2012-12-14 17:38:19 . 2012-12-14 17:38:19 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2012-12-14 17:38:19 . 2012-12-14 17:38:19 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2012-12-14 17:38:18 . 2012-12-14 17:38:18 76800 ----a-w- C:\Windows\system32\tdc.ocx
2012-12-14 17:38:18 . 2012-12-14 17:38:18 65024 ----a-w- C:\Windows\system32\pngfilt.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 55296 ----a-w- C:\Windows\system32\msfeedsbs.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 49664 ----a-w- C:\Windows\system32\imgutil.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 448512 ----a-w- C:\Windows\system32\html.iec
2012-12-14 17:38:18 . 2012-12-14 17:38:18 282112 ----a-w- C:\Windows\system32\dxtrans.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 267776 ----a-w- C:\Windows\system32\ieaksie.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 222208 ----a-w- C:\Windows\system32\msls31.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 197120 ----a-w- C:\Windows\system32\msrating.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 163840 ----a-w- C:\Windows\system32\ieakui.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 160256 ----a-w- C:\Windows\system32\ieakeng.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 149504 ----a-w- C:\Windows\system32\occache.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 145920 ----a-w- C:\Windows\system32\iepeers.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 12288 ----a-w- C:\Windows\system32\mshta.exe
2012-12-14 17:38:18 . 2012-12-14 17:38:18 114176 ----a-w- C:\Windows\system32\admparse.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 111616 ----a-w- C:\Windows\system32\iesysprep.dll
2012-12-14 17:38:18 . 2012-12-14 17:38:18 10752 ----a-w- C:\Windows\system32\msfeedssync.exe
2012-12-14 17:38:17 . 2012-12-14 17:38:17 89088 ----a-w- C:\Windows\system32\ie4uinit.exe
2012-12-14 17:38:17 . 2012-12-14 17:38:17 85504 ----a-w- C:\Windows\system32\iesetup.dll
2012-12-14 17:38:17 . 2012-12-14 17:38:17 82432 ----a-w- C:\Windows\system32\icardie.dll
2012-12-14 17:38:17 . 2012-12-14 17:38:17 534528 ----a-w- C:\Windows\system32\ieapfltr.dll
2012-12-14 17:38:17 . 2012-12-14 17:38:17 452608 ----a-w- C:\Windows\system32\dxtmsft.dll
2012-12-14 17:38:17 . 2012-12-14 17:38:17 403248 ----a-w- C:\Windows\system32\iedkcs32.dll
2012-12-14 17:38:17 . 2012-12-14 17:38:17 39936 ----a-w- C:\Windows\system32\iernonce.dll
2012-12-14 17:38:17 . 2012-12-14 17:38:17 3695416 ----a-w- C:\Windows\system32\ieapfltr.dat
2012-12-14 17:38:17 . 2012-12-14 17:38:17 30720 ----a-w- C:\Windows\system32\licmgr10.dll
2012-12-14 17:38:17 . 2012-12-14 17:38:17 249344 ----a-w- C:\Windows\system32\webcheck.dll
2012-12-14 17:38:17 . 2012-12-14 17:38:17 165888 ----a-w- C:\Windows\system32\iexpress.exe
2012-12-14 17:38:17 . 2012-12-14 17:38:17 160256 ----a-w- C:\Windows\system32\wextract.exe
2012-12-14 17:38:17 . 2012-12-14 17:38:17 103936 ----a-w- C:\Windows\system32\inseng.dll
2012-12-14 15:49:28 . 2012-04-03 08:34:47 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-12-12 19:50:56 . 2011-05-04 20:48:37 67413224 ----a-w- C:\Windows\system32\MRT.exe
2012-12-07 13:20:16 . 2013-01-09 20:20:08 441856 ----a-w- C:\Windows\system32\Wpc.dll
2012-12-07 13:15:31 . 2013-01-09 20:20:08 2746368 ----a-w- C:\Windows\system32\gameux.dll
2012-12-07 12:26:17 . 2013-01-09 20:20:08 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 . 2013-01-09 20:20:08 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 . 2013-01-09 20:20:08 30720 ----a-w- C:\Windows\system32\usk.rs
2012-12-07 11:20:03 . 2013-01-09 20:20:10 43520 ----a-w- C:\Windows\system32\csrr.rs
2012-12-07 11:20:03 . 2013-01-09 20:20:07 23552 ----a-w- C:\Windows\system32\oflc.rs
2012-12-07 11:20:01 . 2013-01-09 20:20:10 45568 ----a-w- C:\Windows\system32\oflc-nz.rs
2012-12-07 11:20:01 . 2013-01-09 20:20:08 44544 ----a-w- C:\Windows\system32\pegibbfc.rs
2012-12-07 11:20:01 . 2013-01-09 20:20:07 20480 ----a-w- C:\Windows\system32\pegi-fi.rs
2012-12-07 11:20:00 . 2013-01-09 20:20:08 20480 ----a-w- C:\Windows\system32\pegi-pt.rs
2012-12-07 11:19:59 . 2013-01-09 20:20:08 20480 ----a-w- C:\Windows\system32\pegi.rs
2012-12-07 11:19:58 . 2013-01-09 20:20:08 46592 ----a-w- C:\Windows\system32\fpb.rs
2012-12-07 11:19:57 . 2013-01-09 20:20:08 40960 ----a-w- C:\Windows\system32\cob-au.rs
2012-12-07 11:19:57 . 2013-01-09 20:20:08 21504 ----a-w- C:\Windows\system32\grb.rs
2012-12-07 11:19:57 . 2013-01-09 20:20:08 15360 ----a-w- C:\Windows\system32\djctq.rs
2012-12-07 11:19:56 . 2013-01-09 20:20:07 55296 ----a-w- C:\Windows\system32\cero.rs
2012-12-07 11:19:55 . 2013-01-09 20:20:07 51712 ----a-w- C:\Windows\system32\esrb.rs
2012-12-07 10:46:42 . 2013-01-09 20:20:10 43520 ----a-w- C:\Windows\SysWow64\csrr.rs
2012-12-07 10:46:42 . 2013-01-09 20:20:08 30720 ----a-w- C:\Windows\SysWow64\usk.rs
2012-12-07 10:46:41 . 2013-01-09 20:20:10 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
2012-12-07 10:46:41 . 2013-01-09 20:20:08 44544 ----a-w- C:\Windows\SysWow64\pegibbfc.rs
2012-12-07 10:46:41 . 2013-01-09 20:20:08 20480 ----a-w- C:\Windows\SysWow64\pegi-pt.rs
2012-12-07 10:46:41 . 2013-01-09 20:20:07 23552 ----a-w- C:\Windows\SysWow64\oflc.rs
2012-12-07 10:46:40 . 2013-01-09 20:20:07 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs
2012-12-07 10:46:39 . 2013-01-09 20:20:08 46592 ----a-w- C:\Windows\SysWow64\fpb.rs
2012-12-07 10:46:39 . 2013-01-09 20:20:08 20480 ----a-w- C:\Windows\SysWow64\pegi.rs
2012-12-07 10:46:38 . 2013-01-09 20:20:08 21504 ----a-w- C:\Windows\SysWow64\grb.rs
2012-12-07 10:46:37 . 2013-01-09 20:20:08 40960 ----a-w- C:\Windows\SysWow64\cob-au.rs
2012-12-07 10:46:37 . 2013-01-09 20:20:08 15360 ----a-w- C:\Windows\SysWow64\djctq.rs
2012-12-07 10:46:36 . 2013-01-09 20:20:07 55296 ----a-w- C:\Windows\SysWow64\cero.rs
2012-12-07 10:46:36 . 2013-01-09 20:20:07 51712 ----a-w- C:\Windows\SysWow64\esrb.rs
2012-12-03 14:36:36 . 2012-12-17 10:38:03 129216 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2012-12-03 14:36:35 . 2012-12-17 10:38:03 99912 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2012-11-30 05:45:35 . 2013-01-09 20:19:06 362496 ----a-w- C:\Windows\system32\wow64win.dll
2012-11-30 05:45:35 . 2013-01-09 20:19:06 243200 ----a-w- C:\Windows\system32\wow64.dll
2012-11-30 05:45:35 . 2013-01-09 20:19:06 13312 ----a-w- C:\Windows\system32\wow64cpu.dll
2012-11-30 05:43:12 . 2013-01-09 20:19:05 16384 ----a-w- C:\Windows\system32\ntvdm64.dll
2012-11-30 05:41:07 . 2013-01-09 20:19:11 424448 ----a-w- C:\Windows\system32\KernelBase.dll
2012-11-30 05:41:07 . 2013-01-09 20:19:08 1161216 ----a-w- C:\Windows\system32\kernel32.dll
2012-11-30 05:38:45 . 2013-01-09 20:19:05 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 20:19:04 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 12:25:58 2363392]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:17 1475584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 09:46:04 322104]
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 13:50:04 54576]
"WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 10:04:42 498744]
"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 00:00:44 90448]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 12:54:23 385248]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R1 SBRE;SBRE;C:\Windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe [2009-07-14 01:39:46 27136]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 09:38:54 3289208]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 11:28:36 160944]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys [2009-11-04 14:59:36 133632]
R3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys [2009-11-04 14:59:36 114304]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 20:35:28 5434368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:10:20 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2009-09-02 17:58:08 225280]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys [2011-02-08 07:14:20 84568]
R3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys [2011-04-05 15:35:20 60504]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 21:01:11 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 21:01:11 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 21:01:11 740864]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 14:07:35 57856]
R3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-21 19:46:45 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [2009-06-10 20:35:33 389120]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2012-11-16 19:17:15 27800]
S1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys [2011-04-05 15:35:20 253528]
S1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys [2011-04-05 15:35:20 94296]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 16:42:58 89600]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-13 12:54:46 86752]
S2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2010-01-19 12:24:08 9216]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 09:11:50 228408]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 21:05:32 187392]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 07:14:20 84568]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24:06 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

Contenuto della cartella 'Scheduled Tasks'

2013-02-18 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 16:33:18 . 2013-02-13 14:28:27]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-11-14 15:44:52 171520]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2010-03-23 12:53:06 487424]

------- Scansione supplementare -------

uStart Page = https://www.google.it/
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - C:\Users\mionome\AppData\Roaming\Mozilla\Firefox\Profiles\0h11vvu5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - ExtSQL: 2013-01-22 16:59; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-22 16:59; {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-22 16:59; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-22 16:59; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-22 16:59; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF - ExtSQL: 2013-02-04 19:43; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF - user.js: -
FF - user.js: security.enable_tls - false
FF - user.js: network.http.accept-encoding -
FF - user.js: secnetwork.http.accept-encodingurity.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - C:\Windows\system32\ezMDUninstall.exe
polly76
Utente Junior
 
Post: 31
Iscritto il: 25/07/11 18:53

Re: Trojan Agent e Zbot

Postdi shel » 18/02/13 16:36

elim ina manualmente queste cartelle una ad una

C:\Users\mionome\AppData\Roaming\Unxym
C:\Users\mionome\AppData\Roaming\Ciahv
C:\Users\mionome\AppData\Roaming\Aqohme
C:\Users\mionome\AppData\Roaming\Iqhus
C:\Users\mionome\AppData\Roaming\Izgo
C:\Users\mionome\AppData\Roaming\Edqay


disattiva e riattiva il ripristino, fai pulizia dei tem con ccleaner e fammi sapere se riscontri ancora problemi
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Trojan Agent e Zbot

Postdi polly76 » 18/02/13 17:01

In roaming non ci sono file, solo due cartelle: Media Center Programs e Microsoft, che non contengono quei file.
polly76
Utente Junior
 
Post: 31
Iscritto il: 25/07/11 18:53

Re: Trojan Agent e Zbot

Postdi shel » 18/02/13 17:06

fammi questa scansione facciamo un controllo approfondito prima di concludere

scarica OTL
Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.
A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt)

Allegali, non copiarli
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Trojan Agent e Zbot

Postdi polly76 » 18/02/13 17:24

Ho copiato i report, perché non compare il bottone Allega.
In ogni caso, ecco quello di OTL (ne ha prodotto solo uno)
http://wikisend.com/download/366088/OTL.Txt

Grazie ancora.
polly76
Utente Junior
 
Post: 31
Iscritto il: 25/07/11 18:53

Re: Trojan Agent e Zbot

Postdi shel » 18/02/13 20:46

apri otl e copia questo codice



Codice: Seleziona tutto
:OTL
[2013/02/18 13:56:38 | 000,000,000 | ---D | C] -- C:\Users\Giovi\AppData\Roaming\Unxym
[2013/02/18 13:56:38 | 000,000,000 | ---D | C] -- C:\Users\Giovi\AppData\Roaming\Ciahv
[2013/02/18 13:56:38 | 000,000,000 | ---D | C] -- C:\Users\Giovi\AppData\Roaming\Aqohme
[2013/02/04 16:37:44 | 000,000,000 | ---D | C] -- C:\Users\Giovi\AppData\Roaming\Izgo
[2013/02/04 16:37:44 | 000,000,000 | ---D | C] -- C:\Users\Giovi\AppData\Roaming\Iqhus
[2013/02/04 16:37:44 | 000,000,000 | ---D | C] -- C:\Users\Giovi\AppData\Roaming\Edqay


:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]

clicca su RUN SCAN e posta il log
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Trojan Agent e Zbot

Postdi polly76 » 18/02/13 22:20

polly76
Utente Junior
 
Post: 31
Iscritto il: 25/07/11 18:53

Re: Trojan Agent e Zbot

Postdi shel » 18/02/13 22:32

hai commesso qualche errore

apri nuovamante otl e copia il testo che ti ho postato prima poi clicca su RUN FIX

il log lo trovi nella cartella di otl che dovrebbe essere in C:/
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Trojan Agent e Zbot

Postdi polly76 » 18/02/13 23:19

L'ho rifatto, spero vada bene, grz! http://wikisend.com/download/328478/OTL.Txt
polly76
Utente Junior
 
Post: 31
Iscritto il: 25/07/11 18:53

Re: Trojan Agent e Zbot

Postdi shel » 18/02/13 23:27

c'e' qualcosa che non va

apri il blocco note e copia questo

Codice: Seleziona tutto
Folder::
C:\Users\Giovi\AppData\Roaming\Unxym
C:\Users\Giovi\AppData\Roaming\Ciahv
C:\Users\Giovi\AppData\Roaming\Aqohme
C:\Users\Giovi\AppData\Roaming\Izgo
C:\Users\Giovi\AppData\Roaming\Iqhus
C:\Users\Giovi\AppData\Roaming\Edqay


Salva il file sul Desktop come CFScript.txt

Trascina il file appena creato ovvero CFScript.txt sull'icona di ComboFix che hai scaricato prima

al termine il PC si dovrebbe ravviare, eventualmente riavvia tu manualmente, allega il log che trovi in C:\ComboFix.txt
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Trojan Agent e Zbot

Postdi polly76 » 18/02/13 23:43

polly76
Utente Junior
 
Post: 31
Iscritto il: 25/07/11 18:53

Re: Trojan Agent e Zbot

Postdi shel » 18/02/13 23:52

usi un proxy per navigare?

apri otl e clicca su cleanup dopo il riavvio si disinstallera' combofix e otl
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Trojan Agent e Zbot

Postdi polly76 » 18/02/13 23:54

Ciao, no ho una connessione flat wifi. Ok. In ogni caso, ho risolto? Grazie ancora!
polly76
Utente Junior
 
Post: 31
Iscritto il: 25/07/11 18:53

Re: Trojan Agent e Zbot

Postdi shel » 18/02/13 23:55

si ora dovresti essere a posto

se non hai altri problemi possiamo chiudere
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Trojan Agent e Zbot

Postdi polly76 » 18/02/13 23:59

Ok, buonanotte, sei stato molto cortese : ) ciao.
polly76
Utente Junior
 
Post: 31
Iscritto il: 25/07/11 18:53

Re: Trojan Agent e Zbot

Postdi polly76 » 20/02/13 14:02

Chiedo scusa, ho fatto una scansione con Malwarebytes ieri, c'era di nuovo quel Trojan in Appdata, l'ho rimosso, riscansionato e non c'era più. Oggi di nuovo! Posto il log. Grazie!
http://wikisend.com/download/498874/log.txt
polly76
Utente Junior
 
Post: 31
Iscritto il: 25/07/11 18:53

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Trojan Agent e Zbot":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti