Condividi:        

Pulito o no? - httpS sempre sicuro? - Log HiJack - Combofix

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Pulito o no? - httpS sempre sicuro? - Log HiJack - Combofix

Postdi pegaso_torino » 22/12/09 15:00

Ciao a tutti,

dopo alcuni giorni che con link Google apriva altri siti e non riusco ad accedere ai vari siti Microsoft
non funzionava TASKMANAGER, REgedit

ho pensato prima di disturbare di fare alcune prove.

Ho XP3 con NOD32 senza anti-spyware, malware, ecc ecc

Comunque facendo alcune prove, PENSO e SPERO di essere pulito, chiedo se potete dare un occhiata ai log allegati.

Ho usato CCleaner, Ad-Ware (serve a poco?) - MBAM - SUPERAntiSpyware (penso abbia tolto il problema!!!
ha trovato TROJAN/Gen-Polax) e come log finali allego x un controllo chiavi registro di HiJackThis e ComboFix

Vi chiedo il protocollo HTTPS è sempre sicuro??!? con spyware, malware, ecc?? si può "lavorare"?

oltre a NOD32 cosa installo come anti-spyware, malware o posso farne a meno??

se tutto pulito, creo punto di ripristino, come cancello i vecchi con virus?

Vi ringrazio dell'aiuto e spero di non sbagliare sezione.... il modo di allegare....

Pegaso_Torino

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2[/quote]

Scan saved at 14.21.23, on 22/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMMI\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAMMI\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hJ\HiJackThis.exe
C:\Programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [CallControl 4.5] C:\PROGRAMMI\FAXTALK COMMUNICATOR\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] ;C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [snpstd] ;C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [RemoteControl] ;C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [WinampAgent] ;"C:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DOS2USB] C:\Programmi\DOS2USB\DOS2USB.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: CONTATORI - Icecast Streaming Media Server.url
O4 - Global Startup: stream15.top-ix.org-radiojukebox.m3u.url
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5341080703
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C58669B-D1F1-4EA2-8D53-A5A09DC09412}: NameServer = 193.70.192.25,193.70.152.25,213.205.32.70,213.205.36.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B5D47A8-9D0F-440D-BC5C-D2C1FC84296D}: NameServer = 193.70.192.25,193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{4197C68D-2E50-4F61-9134-9228DABE1611}: NameServer = 193.70.192.25,193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C0D45B0-6CE3-4381-A410-F8E58041BEEA}: NameServer = 151.99.0.100,151.99.125.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB850295-96AA-40B4-A834-A13B652AEF1C}: NameServer = 193.70.192.25,193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: DevNotifySvc - Unknown owner - C:\Programmi\Common Files\Sitecom Shared\PnP Universal Installer\DevNotifySvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Smart Card Base Component Helper (SetScardSvrService) - Unknown owner - C:\WINDOWS\system32\SetScardSvrService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 5833 bytes






ComboFix 09-12-21.04 - utente 22/12/2009 14.28.11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1471.992 [GMT 1:00]
Eseguito da: c:\hj\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Creati Da 2009-11-22 al 2009-12-22 )))))))))))))))))))))))))))))))))))
.

2009-12-19 18:26 . 2009-12-22 11:51 52224 ----a-w- c:\documents and settings\utente\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-19 18:26 . 2009-12-21 17:16 117760 ----a-w- c:\documents and settings\utente\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-19 18:25 . 2009-12-19 18:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-12-19 18:25 . 2009-12-19 18:25 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-12-19 18:25 . 2009-12-19 18:25 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\SUPERAntiSpyware.com
2009-12-19 18:25 . 2009-12-19 18:25 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-12-19 11:42 . 2009-12-19 11:42 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Malwarebytes
2009-12-19 11:42 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 11:42 . 2009-12-19 11:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-19 11:42 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 11:42 . 2009-12-19 11:42 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-18 20:30 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-18 19:21 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-18 19:21 . 2009-12-21 16:48 862040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-18 19:21 . 2009-12-21 16:48 206944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-18 19:21 . 2009-12-18 19:21 15880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-18 19:21 . 2009-12-21 16:48 537576 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-18 19:21 . 2009-12-19 11:17 390288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-18 19:21 . 2009-12-21 16:48 370744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-18 19:21 . 2009-12-18 19:21 163728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-18 19:21 . 2009-12-21 16:48 194104 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-18 19:21 . 2009-12-19 11:17 6296864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-18 19:21 . 2009-12-18 19:21 87496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-18 19:21 . 2009-12-18 19:21 327000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-18 19:20 . 2009-12-21 16:48 933120 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-18 19:20 . 2009-12-18 19:20 641632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-18 19:20 . 2009-12-21 16:47 816272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-18 19:20 . 2009-12-21 16:47 822904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-18 19:20 . 2009-12-21 16:47 1643272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-18 19:20 . 2009-12-19 11:17 788880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-18 19:20 . 2009-12-21 16:47 1181328 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-18 19:19 . 2009-12-18 19:19 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-18 19:19 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-18 19:19 . 2009-12-18 19:19 -------- d-----w- c:\programmi\Lavasoft
2009-12-18 19:19 . 2009-12-18 19:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-12-18 18:04 . 2009-12-18 18:04 -------- d-----w- c:\programmi\CCleaner
2009-12-18 17:41 . 2009-12-18 17:41 -------- d-----w- c:\programmi\Trend Micro
2009-12-18 14:08 . 2009-12-22 13:27 -------- d-----w- C:\hJ
2009-12-18 13:42 . 2009-12-18 13:42 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-04 17:51 . 2009-12-04 17:51 -------- d-----w- c:\programmi\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 11:56 . 2009-03-17 16:04 1 ----a-w- c:\documents and settings\utente\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-18 18:48 . 2009-04-20 11:06 -------- d-----w- c:\programmi\ESET
2009-12-17 11:40 . 2007-04-05 16:09 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\AdobeUM
2009-12-11 09:04 . 2003-04-08 12:00 45234 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 09:04 . 2003-04-08 12:00 339160 ----a-w- c:\windows\system32\perfh010.dat
2009-11-21 15:54 . 2003-04-08 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 05:24 . 2006-06-23 11:28 669696 ------w- c:\windows\system32\wininet.dll
2009-10-28 09:23 . 2009-10-27 17:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-10-27 17:15 . 2009-10-27 17:15 1962544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-21 05:38 . 2004-08-19 22:39 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-19 22:39 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2006-05-14 09:26 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2003-04-08 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2003-04-08 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-25 05:35 . 2004-08-19 22:39 81920 ------w- c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-21_14.19.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-31 10:58 . 2009-12-21 17:11 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-31 10:58 . 2009-12-19 11:17 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-31 10:58 . 2009-12-21 17:11 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2007-03-31 10:58 . 2009-12-19 11:17 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-12-21 16:47 . 2009-12-21 17:11 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-03-31 10:58 . 2009-12-19 11:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DOS2USB"="c:\programmi\DOS2USB\DOS2USB.exe" [2007-02-15 280606]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CallControl 4.5"="c:\programmi\FAXTALK COMMUNICATOR\FTCtrl32.exe" [2002-05-18 122880]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2005-09-25 155648]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-07-22 483328]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"WinampAgent"="c:\programmi\Winamp\Winampa.exe" [2007-05-08 24576]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
CONTATORI - Icecast Streaming Media Server.url [2009-9-28 130]
stream15.top-ix.org-radiojukebox.m3u.url [2009-9-23 181]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2001-11-02 08:50 24636 ----a-w- c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^utente^Menu Avvio^Programmi^Esecuzione automatica^Collegamento a dos2usb.exe.lnk]
path=c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\Collegamento a dos2usb.exe.lnk
backup=c:\windows\pss\Collegamento a dos2usb.exe.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Util\\FTP\\3CDAEMON\\3CDaemon.EXE"=
"c:\\Programmi\\AboutTime\\AboutTime.exe"=
"c:\\Programmi\\Symantec\\pcAnywhere\\WINAW32.EXE"=
"c:\\Programmi\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"c:\\Programmi\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\Programmi\\SmartFTP Client\\SmartFTP.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/12/2009 20.21.21 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [13/10/2008 15.34.49 28544]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/10/2008 19.53.28 34824]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16.26.58 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16.26.56 74480]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 19.51.16 468224]
R2 eugss;EUTRON SmartKey GSS2 Driver;c:\windows\system32\drivers\eugssxp.sys [18/04/2008 17.30.55 57887]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [25/06/2007 15.10.16 43968]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16.27.00 7408]
S2 DevNotifySvc;DevNotifySvc;c:\programmi\Common Files\Sitecom Shared\PnP Universal Installer\DevNotifySvc.exe --> c:\programmi\Common Files\Sitecom Shared\PnP Universal Installer\DevNotifySvc.exe [?]
S2 KeyP;KeyP;c:\windows\system32\DRIVERS\KeyP.sys --> c:\windows\system32\DRIVERS\KeyP.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12.17.32 1181328]
S2 SetScardSvrService;Smart Card Base Component Helper;c:\windows\system32\SetScardSvrService.exe [14/02/2008 16.04.24 65536]
S3 ipmmlsnt;miniLector Smart Card Reader;c:\windows\system32\drivers\ipmmlsnt.sys [14/02/2008 16.04.24 16393]
S3 IPMNET;MiniLector USB Smart Card Reader;c:\windows\system32\drivers\ipmmluxp.sys [14/02/2008 15.58.01 21632]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [02/09/2008 23.20.21 65664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {0C58669B-D1F1-4EA2-8D53-A5A09DC09412} = 193.70.192.25,193.70.152.25,213.205.32.70,213.205.36.70
TCP: {3B5D47A8-9D0F-440D-BC5C-D2C1FC84296D} = 193.70.192.25,193.70.152.25
TCP: {4197C68D-2E50-4F61-9134-9228DABE1611} = 193.70.192.25,193.70.152.25
TCP: {4C0D45B0-6CE3-4381-A410-F8E58041BEEA} = 151.99.0.100,151.99.125.1
TCP: {FB850295-96AA-40B4-A834-A13B652AEF1C} = 193.70.192.25,193.70.152.25
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\ihs35sgq.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 14:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\awgina.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1148)
c:\programmi\SmartFTP Client\sfShellTools.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-12-22 14:34:02
ComboFix-quarantined-files.txt 2009-12-22 13:34
ComboFix2.txt 2009-12-21 14:23

Pre-Run: 8'518'238'208 byte disponibili
Post-Run: 8'491'958'272 byte disponibili

- - End Of File - - D2BA285433994755A0C5DD337EF7AC74[/code]
pegaso_torino
Newbie
 
Post: 4
Iscritto il: 22/12/09 14:12

Sponsor
 

Re: Pulito o no? - httpS sempre sicuro? - Log HiJack - Combofix

Postdi pegaso_torino » 22/12/09 21:39

Ciao Luke&Shel

non riesco a capire se sono pulito, infatti da due giorni, con IE la maggior parte delle volte che apro 2/3 pagine dallo stesso sito ad esempio il vostro, per leggere più cose, mi compare il messaggio

"Impossibile trovare il server"

premetto che sono in rete e con altro PC a 1 metro, la cosa non succede....

Il log di Hijackthis, l'ho controlalto dal loro sito e direi che non ci sono cose "anomale"
ma il log di ComboFix non sò analizzarlo, gentilmente qualcuno di voi può aiutarmi
rassicurandomi o dirmi se ho problemi gravi o no??

vi chiedo se il protocollo HTTPS lo posso usare senza problemi
o non posso "lavorare" normalmente??

grazie 1000 del vostro aiuto ...

Pegaso
pegaso_torino
Newbie
 
Post: 4
Iscritto il: 22/12/09 14:12

Re: Pulito o no? - httpS sempre sicuro? - Log HiJack - Combofix

Postdi Luke57 » 22/12/09 21:41

Ciao, i report sembrano a posto, ad-aware secondo me è da non tenere, bastano superantispyware e malwarebytes
http://www.malwarebytes.org/ affiancati all'antivirus residente.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Pulito o no? - httpS sempre sicuro? - Log HiJack - Combofix

Postdi pegaso_torino » 22/12/09 21:50

Ciao Luke

grazie della risposta, anche io volevo togliere AD-WARE ma non ero sicuro, invcece SuerAntiSpyware lo lascio??

se secondo te COMBOFIX dice tutto ok....
come mai per aprire una pagine da
IE che parte con Google, ad esempio questa pagina
viewforum.php?f=7

per 4/5 volte mi sono ritrovato "Impossibile trovare il server"...

poi ho provato UNA SOLA volta con Mozzila...
la pagina l'ha aperta al primo colpo??

oltre alla cache con i file, cosa posso rimuovere da IE
per farlo "riprendere"??

grazie 1000
Pegaso_Torino (luca)
pegaso_torino
Newbie
 
Post: 4
Iscritto il: 22/12/09 14:12

Re: Pulito o no? - httpS sempre sicuro? - Log HiJack - Combofix

Postdi pegaso_torino » 23/12/09 17:28

Ciao Luke

avendo dubbi, ho lanciato MBAM ed ho trovato:

(Spyware.Passwords)
(Rootkit.Agent)

cosa uso come ANTI-ROOTKIT "affidabile"??

con questo (Spyware.Passwords) catture la password anche in HTTPS?!??! mi sai dire?

ti allego il log MBAM

Malwarebytes' Anti-Malware 1.42
Versione del database: 3415
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

23/12/2009 15.49.10
mbam-log-2009-12-23 (15-49-10).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 226571
Tempo trascorso: 1 hour(s), 20 minute(s), 52 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 7

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Qoobox\Quarantine\C\WINDOWS\system32\curslib.dll.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wincert.dll.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BCBDCAE-39FE-494B-8C3B-EA8F11BA9F02}\RP5\A0002689.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BCBDCAE-39FE-494B-8C3B-EA8F11BA9F02}\RP5\A0002691.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BCBDCAE-39FE-494B-8C3B-EA8F11BA9F02}\RP5\A0002728.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BCBDCAE-39FE-494B-8C3B-EA8F11BA9F02}\RP5\A0002869.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BCBDCAE-39FE-494B-8C3B-EA8F11BA9F02}\RP5\A0003032.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
pegaso_torino
Newbie
 
Post: 4
Iscritto il: 22/12/09 14:12


Torna a Sicurezza e Privacy


Topic correlati a "Pulito o no? - httpS sempre sicuro? - Log HiJack - Combofix":


Chi c’è in linea

Visitano il forum: Nessuno e 35 ospiti

cron