Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mappa di rete.

2 pages: 1 [2]
Mappa di rete. Opzioni
Topic Precedente · Topic Sucessivo
artemide
Inviato: Friday, January 09, 2009 9:16:53 PM

Rank: Member

Iscritto dal : 1/16/2007
Posts: 2
Ho capito correro' il rischio. Poi ti posto il log. Devo sbrigarmi perchè fra un po' a causa del passaggio a tele 2 staro' senza adsl per un po' ditempo.
Torna in alto
 
artemide
Inviato: Friday, January 09, 2009 9:29:11 PM

Rank: Member

Iscritto dal : 1/16/2007
Posts: 2
Questo è il log, pero' non mi sembra che abbia scansionato anche "G":

ComboFix 09-01-08.05 - Alessandro 2009-01-09 21:20:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1536.1152 [GMT 1:00]
Eseguito da: c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-12-09 al 2009-01-09 )))))))))))))))))))))))))))))))))))
.

2009-01-03 19:56 . 2009-01-03 19:56 <DIR> d-------- c:\programmi\Bit Che
2009-01-03 19:56 . 2009-01-03 19:56 <DIR> d-------- c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\Convivea
2009-01-03 19:56 . 2004-03-09 00:00 124,688 --a------ c:\windows\system32\mswinsck.ocx
2008-12-30 16:39 . 2008-12-30 16:39 0 --ah----- c:\windows\SwSys2.bmp
2008-12-30 16:39 . 2008-12-30 16:39 0 --ah----- c:\windows\SwSys1.bmp
2008-12-30 16:36 . 2009-01-05 13:13 <DIR> d-------- c:\programmi\Midway Home Entertainment
2008-12-24 14:17 . 2008-12-26 16:21 <DIR> d-------- c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\Software Informer
2008-12-12 09:26 . 2008-10-03 11:02 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2008-12-09 12:50 . 2008-12-09 12:51 <DIR> d-------- c:\programmi\KeyScrambler
2008-12-09 12:50 . 2008-03-22 22:37 113,896 --a------ c:\windows\system32\drivers\keyscrambler.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 20:18 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\TEMP
2009-01-06 08:33 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2009-01-06 08:31 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-01-05 11:09 --------- d-----w c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\uTorrent
2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-27 10:26 --------- d-----w c:\programmi\Trend Micro
2008-12-24 12:40 --------- d-----w c:\programmi\IObit
2008-12-24 12:40 --------- d-----w c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\IObit
2008-11-27 09:55 --------- d-----w c:\programmi\CCleaner
2008-11-18 12:24 --------- d-----w c:\programmi\IncrediMail
2008-11-17 16:16 --------- d-----w c:\programmi\Java
2008-11-11 08:23 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 668,672 ----a-w c:\windows\system32\wininet.dll
2008-08-15 09:04 560 ----a-w c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\ViewerApp.dat
2008-03-06 14:09 47,360 ----a-w c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2008-11-09 243072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"WinPatrol"="c:\programmi\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 333120]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 2611096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="c:\programmi\KeyScrambler\getting_started.html" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HDDlife HDD Access service"=3 (0x3)
"aawservice"=2 (0x2)
"a2free"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\Programmi\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15836:TCP"= 15836:TCP:BitComet 15836 TCP
"15836:UDP"= 15836:UDP:BitComet 15836 UDP
"9258:TCP"= 9258:TCP:BitComet 9258 TCP
"9258:UDP"= 9258:UDP:BitComet 9258 UDP
"15113:TCP"= 15113:TCP:BitComet 15113 TCP
"15113:UDP"= 15113:UDP:BitComet 15113 UDP
"20852:TCP"= 20852:TCP:BitComet 20852 TCP
"20852:UDP"= 20852:UDP:BitComet 20852 UDP
"9450:TCP"= 9450:TCP:BitComet 9450 TCP
"9450:UDP"= 9450:UDP:BitComet 9450 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 111184]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-08-17 160792]
R3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthdriver.sys [2008-08-17 58136]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-12-09 113896]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-01 20560]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S4 HDDlife HDD Access service;HDDlife HDD Access service;c:\programmi\File comuni\BinarySense\hldasvc.exe [2007-08-09 816376]
.
- - - - ORFÃOS REMOVIDOS - - - -

Notify-WgaLogon - (no file)


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://mystart.incredimail.com/italian
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\programmi\IncrediMail\bin\resources\WebMenuImg.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\programmi\BinarySense\HDDlife 3\hlAPP.dll
FF - ProfilePath - c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\Mozilla\Firefox\Profiles\3al5ku7g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT556636&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Italiano)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=HWFSSep08FFAB&search=
FF - component: c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\Mozilla\Firefox\Profiles\3al5ku7g.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 21:21:37
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-920026266-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*NULL*]
"OODI02.01.01.01PRO"="1C94F5825323B75A5184B728A923954CCB49E8D5BB056B1DA588B49F85AFE68478337A516A2580A6A4C38F201E432914DB0B56FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA6A0AC4980AC79338EDD5E5BE2F6E6672DD92010476E2A60D28526D3A6C85545A466662A99CBE5ADE17AC6CD36F89D07A72D2B89A79AAE8026463DEAAA570819E29BC4379892388A09200A400219D9FBCFB64E7BD7280E84E95ED36EA735937F882770ED63985D3670003929BE7345CD154B350619F8480F564524CCF6FAD77AB9C456A80C4936ADC03A136D5765E3964A0E0DBB4E81A0F607466EE6944FF83C7A036635472367A18AC1576ADA637A2328788A2600499C477E7FF611A270602DB2C696D47137D976BEE0CD6CFBF314F6C8DAE341D96C893E1E640595E4AF3868B2475EBE072EBBC3B434BEB81333FD452BD5527CAB9CF4CDAFBA642FC5F0F1BC2A113B9C2ABF7ED6A5ACF70698CE4BF8355E953D691CB21DE09DE41150AFC0AF2F042D8CA1BB55B0B10F4C7E2C0BD2AF2B3FEFD92BC45A07407C596036F89DF53AD239A05504BB85D9F210C192BFAC3A3B95A89EAC824698431A9AB3CD6C45FDA985E8DDD30FEC3E05C79DE130D7381EF154094B4E541696418C049A0DC036653EF747BFCFE5EA76FE4BD1E791529716C53F619592512C75783E741693BDB4809DDAE5349FA97BFEF2928FCB6543B08E0C710324A29EAFE087EFD098A1434AD55231D89BBB89275CF5093B007D50ADA800D9C692CA7A0E37F332FE8D1BBFC22247D1B9CD434DB9C7FC6A3F65D1B5FC3BC2B704F27AB4F38AA46D6C51883AADD44FEA2415764FC62DE34589537D43D0CDD6A11B47C332D4A1E75A0735984B5F1121F9B9AC3D7C22AC67018A95BEDB1F212303EF08616968F66D0A44FD9B21F0AD53D39EC9A059E41CAB55B9EA78F622A3F397E6A22EE7AAB9C8DD1AE306FA3D38E5A07B91CD7A6D82354F8E06B19E577CF7F1EB75A8CD594BF40E8594F030E3ED395AFB1C180BDB1D704E888D95F20284C3F86E54F6CFF6C3CA248632992ACAC3915353F974C8155D2A0A281DF2A7274ACCE35F08DF36CD6B8CFD1FCFDF6499E01A2D33ABFC854266940973C33C04128D6F4335CDCFDC66C35E505878CA703C21DFE057A86F29D0904828F48489635045EA766C53D533107CC921BC270175E213533AF9582E2CF2E8BD9939D614B3341B64B5823F26BEDEFDB8CBDC4FCF2B017ACAD7DB9C3E1E1C31D3DF5124BBF9D2EA60887A271997A8E17EFD4BD2A9DECFCF7FAF43C3CA2107DBCC5654CC044C08C7CCCDDA182BE90AF5CC3A218D2172CABD0E07F716A1EA2F93CFA7DBA4125671F776362E91F976623F3E59784B71DAB225F8FAC5CCB2C5D6B3E5D5847033"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-01-09 21:23:10
ComboFix-quarantined-files.txt 2009-01-09 20:23:08

Pre-Run: 38,190,358,528 byte disponibili
Post-Run: 38,235,762,688 byte disponibili

158 --- E O F --- 2008-12-18 15:43:09
Torna in alto
 
r16
Inviato: Friday, January 09, 2009 10:38:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
No, in effetti sembra che non abbia scansionato "G" (o non ha trovato niente)
Lasciamo le cose come stanno artemide , se riscontri qualche problema ,fai un fischio.
Ciao!
Torna in alto
 
artemide
Inviato: Friday, January 09, 2009 10:53:31 PM

Rank: Member

Iscritto dal : 1/16/2007
Posts: 2
Ok faro' cosi'! Ciao e grazie
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: 1 [2]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mappa di rete.


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.