Condividi:        

Aiuto su log di combofix

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Aiuto su log di combofix

Postdi capantic » 03/07/12 10:25

Ciao a tutti, sono Luigi ed è la prima volta che scrivo sul vostro forum.
Avrei bisogno del vostro aiuto, giorni fa il mio antivirus Avira ha rilevato due trojan rookit di nome atraps.gen2 e sirefef non riuscendo ad eliminarli, ho fatto girare sul pc combofix e sembra che il problema sia risolto però vorrei che qualcuno leggese il report in quanto per me è arabo:

ComboFix 12-07-01.04 - User 02/07/2012 10.23.15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.447.138 [GMT 2:00]
Eseguito da: F:\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: Avira Desktop *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira Desktop *Enabled/Updated* {00000000-0715-0000-08F2-12003094807C}
AV: Avira Desktop *Enabled/Updated* {00000000-CAC8-FF3B-1E00-010000000000}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cleanup.exe
c:\documents and settings\User\Dati applicazioni\Desktopicon
c:\documents and settings\User\Dati applicazioni\OfferBox
c:\documents and settings\User\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\User\Dati applicazioni\OfferBox\http_app.offerbox.com\country.sxe
c:\documents and settings\User\Dati applicazioni\OfferBox\http_app.offerbox.com\history.db
c:\documents and settings\User\Dati applicazioni\OfferBox\http_app.offerbox.com\profile.sxe
c:\documents and settings\User\Dati applicazioni\OfferBox\http_app.offerbox.com\update.sxe
c:\documents and settings\User\Dati applicazioni\OfferBox\http_app.offerbox.com\update.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\{355355ac-1c29-6a98-b198-89b5b9cd8dfb}
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\{355355ac-1c29-6a98-b198-89b5b9cd8dfb}\@
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\{355355ac-1c29-6a98-b198-89b5b9cd8dfb}\n
c:\documents and settings\User\WINDOWS
C:\ds.exe
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\Installer\{355355ac-1c29-6a98-b198-89b5b9cd8dfb}
c:\windows\Installer\{355355ac-1c29-6a98-b198-89b5b9cd8dfb}\@
c:\windows\Installer\{355355ac-1c29-6a98-b198-89b5b9cd8dfb}\n
c:\windows\IsUn0410.exe
c:\windows\ST6UNST.000
c:\windows\system32\bit4ipki.dll.conf
c:\windows\system32\bit4upki-store.dll
c:\windows\system32\efehhggh.ini
c:\windows\system32\lhxonsgy.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\rqrssrqr.ini
c:\windows\system32\ryaijxut.ini
c:\windows\system32\xcsDd01
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EPSONSTATUSAGENT2
-------\Service_EPSONStatusAgent2
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-02 al 2012-07-02 )))))))))))))))))))))))))))))))))))
.
.
2012-06-29 08:25 . 2012-06-29 08:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Avira
2012-06-29 08:24 . 2012-06-29 08:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-06-29 08:24 . 2012-06-29 08:24 -------- d-----r- c:\documents and settings\Administrator\Preferiti
2012-06-13 15:30 . 2012-05-11 14:40 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-07 16:27 . 2012-06-07 16:27 421200 ----a-w- c:\programmi\Mozilla Firefox\msvcp100.dll
2012-06-07 16:27 . 2012-06-07 16:27 770384 ----a-w- c:\programmi\Mozilla Firefox\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 07:42 . 2012-05-16 07:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 07:42 . 2011-09-05 07:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2006-08-19 19:04 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2006-08-19 19:04 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2006-08-19 19:04 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2006-08-21 18:06 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-08-19 19:04 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2006-08-19 19:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-04-16 20:47 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-04-16 20:47 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-04-16 20:45 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-04-16 20:45 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2006-08-19 19:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2006-08-19 19:04 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2009-03-27 08:08 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-03-27 08:08 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2009-03-27 08:08 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:21 . 2006-03-02 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:06 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2006-03-02 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2004-08-19 15:34 2072832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2006-03-02 12:00 2196352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2006-08-19 19:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-24 07:41 . 2012-04-24 07:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-24 07:41 . 2012-04-24 07:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2007-05-21 12:11 . 2007-05-21 12:11 112640 ----a-w- c:\programmi\Uninstall Anagrafico - Controlli_AA7_AA9 1.4.1.exe
2007-02-22 08:04 . 2007-02-22 08:04 112640 ----a-w- c:\programmi\Uninstall ModuliControlloIVD.exe
2007-02-22 08:00 . 2007-02-22 08:00 112640 ----a-w- c:\programmi\Uninstall Anagrafico - Controlli_AA7_AA9 1.3.1.exe
2012-06-18 12:48 . 2011-09-15 07:03 85472 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"STO Backup Service"="c:\programmi\SmarThru Office\BackUpSvr.exe" [2010-08-03 184320]
"STO Launcher Service"="c:\programmi\SmarThru Office\LegacyLauncher.exe" [2010-08-03 331776]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-20 614400]
"4x24 Scan2PC"="c:\windows\Twain_32\Samsung\SCX4x24\Scan2pc.exe" [2009-09-01 503808]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
"VTTrayp"="VTtrayp.exe" [2005-08-03 163840]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Google Updater.lnk - c:\programmi\Google\Google Updater\GoogleUpdater.exe [2007-5-24 161776]
siscmon.lnk - c:\windows\system32\siscmon.exe [2006-9-14 159744]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [21/02/2012 12.37.43 36000]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [21/02/2012 12.37.47 86224]
R2 MySQL501;MySQL501;"c:\programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="c:\programmi\MySQL\MySQL Server 5.0\my.ini" MySQL501 --> c:\programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16/05/2012 9.10.33 250056]
S3 cmeu0wdm;CardMan 2020;c:\windows\system32\drivers\cmeu0wdm.sys [21/06/2004 15.25.02 42537]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [02/05/2012 16.58.55 113120]
S3 OMNUSB;Lettore USB di smart card Omnikey AG CardMan 2020;c:\windows\system32\drivers\sccmusbm.sys [14/09/2006 14.17.54 23936]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 07:42]
.
2012-06-28 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-24 06:57]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Acquisisci selezione - c:\programmi\SmarThru Office\WebCapture.dll2.htm
IE: Capture Selection - c:\programmi\SmarThru Office\WebCapture.dll2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Salva come HTML - c:\programmi\SmarThru Office\WebCapture.dll1.htm
IE: Salva testo selezionato - c:\programmi\SmarThru Office\WebCapture.dll.htm
IE: Save as HTML - c:\programmi\SmarThru Office\WebCapture.dll1.htm
IE: Save Selected Text - c:\programmi\SmarThru Office\WebCapture.dll.htm
IE: Web Capture - c:\programmi\SmarThru Office\WebCapture.dll
Trusted Zone: profisaz.it
Trusted Zone: profisweb.it
Trusted Zone: sistemi.com
Trusted Zone: sistemi.net
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{900AF9AD-E9B1-4366-A74E-F340D9BC612E}: NameServer = 151.99.125.2,193.70.152.25
TCP: Interfaces\{E0203FE1-DB9C-484E-9D2E-A43B1C9E104C}: NameServer = 192.168.0.1,151.99.125.3
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\6k165nzy.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 13&sr=0&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{1E71A77A-633D-48BE-9454-900C672359DE} - (no file)
BHO-{A7668D9F-02BE-4F03-938F-4BAF9D55F24A} - (no file)
BHO-{BE07CA3E-D3DB-49CC-AE4F-057DD0B84142} - (no file)
Toolbar-10 - (no file)
HKCU-Run-{9025B212-E1DC-7D34-2B4D-4863D45601B3} - c:\documents and settings\User\Dati applicazioni\Wexuv\wyotfol.exe
HKLM-Run-bit4id csp store register (M) - c:\windows\system32\bit4upki-store.dll
HKLM-Run-SunJavaUpdateSched - c:\programmi\Java\jre1.6.0_03\bin\jusched.exe
HKLM-Run-ccApp - c:\programmi\File comuni\Symantec Shared\ccApp.exe
HKLM-Run-BM674ad648 - c:\windows\system32\ofpkeser.dll
HKLM-Run-6479e5d4 - c:\windows\system32\glivknxc.dll
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0410.EXE
AddRemove-Anagrafico - Attribuzione P.IVA Ditta 1.7.0 - c:\anagraficopf\Uninstall_Anagrafico - Attribuzione P.IVA Ditta 1.7.0\Uninstall Anagrafico - Attribuzione P.IVA
AddRemove-Anagrafico - Attribuzione P.IVA Ditta 1.8.1 - c:\anagraficopf\Disinstalla_Attribuzione P.IVA Ditta 1.8.1\Uninstall Anagrafico - Attribuzione P.IVA
AddRemove-Anagrafico - Attribuzione P.IVA Società 1.7.1 - c:\anagraficopnf\Disinstalla_Attribuzione P.IVA Società 1.7.1\Uninstall Anagrafico - Attribuzione P.IVA
AddRemove-Anagrafico -Variazione P.IVA Ditta 1.6.0 - c:\variazionepf\Uninstall_Anagrafico -Variazione P.IVA Ditta 1.6.0\Uninstall Anagrafico -Variazione P.IVA
AddRemove-Anagrafico -Variazione P.IVA Ditta 1.7.3 - c:\variazionepf\Disinstalla_Variazione P.IVA Ditta 1.7.3\Uninstall Anagrafico -Variazione P.IVA
AddRemove-Contratti Locazione - 4.4.1 - c:\windows\IsUn0410.exe
AddRemove-Denunce cumulative - 1.0.0 - c:\windows\IsUn0410.exe
AddRemove-Entratel Pagamenti successivi - 1.5.2 - c:\windows\IsUn0410.exe
AddRemove-Fedra Plus - c:\windows\unin0410.exe
AddRemove-Moduli Controllo Altri Documenti - 1.0.2 - c:\windows\IsUn0410.exe
AddRemove-Moduli Controllo AR704 - 1.0.1 - c:\windows\IsUn0410.exe
AddRemove-Modulo Controllo Stampati Fiscali - 1.2.4 - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-02 11:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL501]
"ImagePath"="\"c:\programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\programmi\MySQL\MySQL Server 5.0\my.ini\" MySQL501"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL]
@Denied: ) (Everyone)
@=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\System32\SCardSvr.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\VTtrayp.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\cisvc.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\cidaemon.exe
c:\windows\system32\cidaemon.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-02 11:14:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-02 09:14
.
Pre-Run: 63.448.633.344 byte disponibili
Post-Run: 63.597.379.584 byte disponibili
.
- - End Of File - - 3008F4BA5B7B95F85FEBE0AAD970E45E


Grazie
Luigi
capantic
Newbie
 
Post: 2
Iscritto il: 03/07/12 09:31

Sponsor
 

Torna a Sicurezza e Privacy


Topic correlati a "Aiuto su log di combofix":

Aiuto debug.exe!
Autore: Ciozun
Forum: Programmazione
Risposte: 0

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti