Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

file di log Combofix (infezioni?)

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

file di log Combofix (infezioni?)

Postdi s@ly » 05/04/13 21:00

ciao, allego il log di combofix avrei bisogno di una lettura per eventuali consigli sulla presenza di virus nel pc.
Il pc presenta vari problemi i più evidenti sono un forte rallentamento e l'apertura indesiderata di pagine internet . essendo di proprietà della mia "rompi" nipote :) , non so aggiungere altro :-? ringrazio chiunque vorrà rispondermi
silvia

omboFix 13-04-05.01 - Ramona 05/04/2013 20.54.56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.673 [GMT 2:00]
Eseguito da: c:\documents and settings\Ramona\Desktop\abc.exe
AV: AntiVir Desktop *Disabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
AV: AntiVir Desktop *Disabled/Updated* {7698207D-3DA0-003E-AC1D-9876381E9876}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Ramona\Dati applicazioni\PriceGong
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\Ramona\Dati applicazioni\PriceGong\Data\z.xml
c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\lollipop
c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\lollipop\lollipop_03271211.bat
c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\lollipop\lollipop_03271211.exe
c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\lollipop\lollipop_03271211.lpd
c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\lollipop\lollipop_03271211_cfg.lpd
c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\lollipop\lollipop_03271211_ps.lpd
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETAE.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2013-03-05 al 2013-04-05 )))))))))))))))))))))))))))))))))))
.
.
2013-04-01 14:16 . 2013-04-01 14:08 5046324 ------r- c:\programmi\ComboFix.exe
2013-04-01 13:31 . 2013-04-01 13:31 -------- d-----w- c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\IAC
2013-03-20 22:58 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-20 22:58 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-20 20:16 . 2013-03-20 22:58 -------- d-----w- c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\ssupd
2013-03-20 20:16 . 2013-03-20 20:17 -------- d-----w- c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\ServiceManager
2013-03-20 20:16 . 2013-03-20 20:16 -------- d-----w- c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\sshelper
2013-03-20 20:16 . 2013-03-20 20:16 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2013-03-06 23:40 . 2013-04-05 18:32 -------- d-----w- c:\documents and settings\Ramona\Dati applicazioni\Skype
2013-03-06 23:39 . 2013-03-06 23:39 -------- d-----w- c:\programmi\File comuni\Skype
2013-03-06 23:39 . 2013-03-06 23:39 -------- d-----r- c:\programmi\Skype
2013-03-06 23:39 . 2013-03-06 23:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2013-03-06 20:31 . 2013-03-06 20:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 00:32 . 2008-04-13 18:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-03-02 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 19:57 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 19:57 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 19:57 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:54 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2006-03-02 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:24 . 2004-08-19 15:34 2073472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:24 . 2006-03-02 12:00 2196736 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-03 39408]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"hpWirelessAssistant"="c:\programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 137752]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"DVAPTray"="c:\windows\System32\DVAPTray.exe" [2009-10-30 188416]
"SsroService"="c:\documents and settings\All Users\Documenti\Application\CurrentFile\ssadl.exe" [2013-01-24 217600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido HP Photosmart Premier.lnk
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [05/09/2011 15.14.45 428200]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe [03/01/2012 15.58.13 632792]
S2 LiveUpSC;LiveUpSC;c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [05/02/2013 17.26.54 161280]
S2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [23/01/2010 17.02.43 86016]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [08/01/2013 13.53.48 161536]
S2 SsroService;Ssro Service;c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\ServiceManager\ssro.exe [20/03/2013 22.16.44 31232]
S2 SsupdService;Ssupd Service;c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\ssupd\ssupd.exe [20/03/2013 22.16.44 156160]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [23/01/2010 17.03.46 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [23/01/2010 17.03.46 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [23/01/2010 17.03.46 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [23/01/2010 17.03.46 104960]
S3 ONDAusbvoice;ONDA VoUSB Port;c:\windows\system32\drivers\ONDAusbvoice.sys [23/01/2010 17.03.47 105216]
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-03 23:18]
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-03 23:18]
.
2013-03-14 c:\windows\Tasks\RMSchedule.job
- c:\programmi\Registry Mechanic\RegMech.exe [2012-01-03 09:02]
.
2013-04-05 c:\windows\Tasks\User_Feed_Synchronization-{D5975FF8-E39E-4B4C-B023-EA18FCA75915}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/ig
uInternet Connection Wizard,ShellNext = iexplore
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
DPF: {E55B74AB-0B51-4BAE-A5B5-2531AB5EA4D9} - hxxp://assets.photobox.com/assets/v/vwU ... 5P2dnc.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-lollipop_03271211 - c:\documents and settings\ramona\impostazioni locali\dati applicazioni\lollipop\lollipop_03271211.exe
MSConfigStartUp-LGMobileSyncLauncher - c:\programmi\LG PC Suite II\LG_MobileSync_Launcher.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-lollipop_03271211 - c:\documents and settings\ramona\impostazioni locali\dati applicazioni\lollipop\lollipop_03271211.bat
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-05 21:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(892)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2013-04-05 21:02:16
ComboFix-quarantined-files.txt 2013-04-05 19:02
.
Pre-Run: 132.725.612.544 byte disponibili
Post-Run: 133.655.560.192 byte disponibili
.
- - End Of File - - 0F473E9249E791D6CEAB3A39A038223A
s@ly
Utente Junior
 
Post: 12
Iscritto il: 30/07/12 17:37

Sponsor
 

Re: file di log Combofix (infezioni?)

Postdi Luke57 » 06/04/13 08:51

Cio, apri un file di testo, al suo interno copia e incolla il seguente script:


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsroService"=-

File::
c:\documents and settings\All Users\Documenti\Application\CurrentFile\ssadl.exe


salva il file di testo sul desktop chiamandolo obbligatoriamente CFScript.txt

trascinalo sull'icona di combofix con il puntatore del mouse, il programma avvierà una nuova scansione.
POsta il report prodotto

Poi fai questa scansione:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/en/dow ... adwcleaner
Avvialo e clicca sul pulsante "Delete".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: file di log Combofix (infezioni?)

Postdi s@ly » 06/04/13 20:08

ComboFix 13-04-05.01 - Ramona 06/04/2013 21.00.00.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.602 [GMT 2:00]
Eseguito da: c:\documents and settings\Ramona\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\Ramona\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *Disabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
AV: AntiVir Desktop *Disabled/Updated* {7698207D-3DA0-003E-AC1D-9876381E9876}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\documents and settings\All Users\Documents\Application\CurrentFile\ssadl.exe"
.
.
((((((((((((((((((((((((( Files Creati Da 2013-03-06 al 2013-04-06 )))))))))))))))))))))))))))))))))))
.
.
2013-04-01 14:16 . 2013-04-01 14:08 5046324 ------r- c:\programmi\ComboFix.exe
2013-04-01 13:31 . 2013-04-01 13:31 -------- d-----w- c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\IAC
2013-03-20 22:58 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-20 22:58 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-20 20:16 . 2013-03-20 22:58 -------- d-----w- c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\ssupd
2013-03-20 20:16 . 2013-03-20 20:17 -------- d-----w- c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\ServiceManager
2013-03-20 20:16 . 2013-03-20 20:16 -------- d-----w- c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\sshelper
2013-03-20 20:16 . 2013-03-20 20:16 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 00:32 . 2008-04-13 18:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-03-02 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 19:57 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 19:57 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 19:57 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:54 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2006-03-02 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:24 . 2004-08-19 15:34 2073472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:24 . 2006-03-02 12:00 2196736 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-03 39408]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"hpWirelessAssistant"="c:\programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 137752]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"DVAPTray"="c:\windows\System32\DVAPTray.exe" [2009-10-30 188416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido HP Photosmart Premier.lnk
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [05/09/2011 15.14.45 428200]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe [03/01/2012 15.58.13 632792]
S2 LiveUpSC;LiveUpSC;c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [05/02/2013 17.26.54 161280]
S2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [23/01/2010 17.02.43 86016]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [08/01/2013 13.53.48 161536]
S2 SsroService;Ssro Service;c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\ServiceManager\ssro.exe [20/03/2013 22.16.44 31232]
S2 SsupdService;Ssupd Service;c:\documents and settings\Ramona\Impostazioni locali\Dati applicazioni\ssupd\ssupd.exe [20/03/2013 22.16.44 156160]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [23/01/2010 17.03.46 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [23/01/2010 17.03.46 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [23/01/2010 17.03.46 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [23/01/2010 17.03.46 104960]
S3 ONDAusbvoice;ONDA VoUSB Port;c:\windows\system32\drivers\ONDAusbvoice.sys [23/01/2010 17.03.47 105216]
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-03 23:18]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-03 23:18]
.
2013-03-14 c:\windows\Tasks\RMSchedule.job
- c:\programmi\Registry Mechanic\RegMech.exe [2012-01-03 09:02]
.
2013-04-06 c:\windows\Tasks\User_Feed_Synchronization-{D5975FF8-E39E-4B4C-B023-EA18FCA75915}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig?gl=us&hl=it
uInternet Connection Wizard,ShellNext = iexplore
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 85.37.17.13 85.38.28.81
DPF: {E55B74AB-0B51-4BAE-A5B5-2531AB5EA4D9} - hxxp://assets.photobox.com/assets/v/vwU ... 5P2dnc.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-06 21:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(892)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(5576)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2013-04-06 21:05:38
ComboFix-quarantined-files.txt 2013-04-06 19:05
ComboFix2.txt 2013-04-05 19:02
.
Pre-Run: 133.608.755.200 byte disponibili
Post-Run: 133.604.179.968 byte disponibili
.
- - End Of File - - CA1DC9C8B4228DBA4E949A9C2914B949
s@ly
Utente Junior
 
Post: 12
Iscritto il: 30/07/12 17:37

Re: file di log Combofix (infezioni?)

Postdi s@ly » 06/04/13 20:16

# AdwCleaner v2.200 - Logfile creato il 06/04/2013 alle 21:09:39
# Aggiornamento 02/04/2013 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : Ramona - RAMY
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\Ramona\Impostazioni locali\Temporary Internet Files\Content.IE5\C0D6YDX9\adwcleaner[1].exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\Ask
Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\Babylon
Cartella Eliminato : C:\Documents and Settings\Ramona\Dati applicazioni\Babylon
Cartella Eliminato : C:\Documents and Settings\Ramona\Dati applicazioni\Delta
Cartella Eliminato : C:\Documents and Settings\Ramona\Dati applicazioni\OpenCandy
Cartella Eliminato : C:\Documents and Settings\Ramona\Impostazioni locali\Dati applicazioni\Conduit
Cartella Eliminato : C:\Documents and Settings\Ramona\Impostazioni locali\Dati applicazioni\PackageAware
Cartella Eliminato : C:\Programmi\Conduit
Cartella Eliminato : C:\Programmi\Delta
File Eliminato : C:\WINDOWS\system32\conduitEngine.tmp

***** [Registro] *****

Chiave Eliminata : HKCU\Software\APN PIP
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\Delta
Chiave Eliminata : HKCU\Software\lollipop
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Eliminata : HKCU\Software\PIP
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\Software\Babylon
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Conduit.Engine
Chiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltaappCore
Chiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2582604
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\Software\Delta
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Chiave Eliminata : HKLM\Software\PIP

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.delta-search.com/?affID=1195 ... a0c6000000 --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [5210 octets] - [06/04/2013 21:09:39]

########## EOF - C:\AdwCleaner[S1].txt - [5270 octets] ##########
s@ly
Utente Junior
 
Post: 12
Iscritto il: 30/07/12 17:37

Re: file di log Combofix (infezioni?)

Postdi Luke57 » 07/04/13 10:30

Ciao, hai sempre problemi adesso?
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: file di log Combofix (infezioni?)

Postdi s@ly » 07/04/13 20:18

Luke , ti ringrazio moltissimo ora tutto sembra funzionare bene. mia nipote potrà continuare a " scasinare" sul pc.
e' probabile (quasi certo) che in futuro avrò ancora bisogno della tua competenza , quindi a presto silvia
s@ly
Utente Junior
 
Post: 12
Iscritto il: 30/07/12 17:37


Torna a Sicurezza e Privacy


Topic correlati a "file di log Combofix (infezioni?)":


Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti