Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » xfavore mi controllate il log?

5 pages: 1 [2] 3 4 5
xfavore mi controllate il log? Opzioni
Topic Precedente · Topic Sucessivo
adesmash
Inviato: Friday, December 26, 2008 11:19:31 PM
Rank: AiutAmico

Iscritto dal : 12/26/2008
Posts: 49
dovevo riavviare con il cd dentro?
comunque si, a parte i video (proverò a fare come dici tu) il computer è migliorato tantissimo!
Grazie veramente!!!!!
Torna in alto
 
r16
Inviato: Friday, December 26, 2008 11:21:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
No, devi estrarlo il cd.
Torna in alto
 
adesmash
Inviato: Friday, December 26, 2008 11:23:27 PM
Rank: AiutAmico

Iscritto dal : 12/26/2008
Posts: 49
Perfetto!
grazie
Torna in alto
 
adesmash
Inviato: Friday, December 26, 2008 11:38:44 PM
Rank: AiutAmico

Iscritto dal : 12/26/2008
Posts: 49
no.......
ci credi che per scrupolo ho fatto partire Malwarebytes e in 6 minuti ha già trovato 1 infezione???!!!!!
Che faccio?la elimino normalmente?
Torna in alto
 
r16
Inviato: Saturday, December 27, 2008 12:16:46 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
adesmash ha scritto:
no.......
ci credi che per scrupolo ho fatto partire Malwarebytes e in 6 minuti ha già trovato 1 infezione???!!!!!
Che faccio?la elimino normalmente?

Postamela.
Poi , segui attentamente queste indicazioni:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Seguiranno istruzioni per disistallare Combofix.
Torna in alto
 
adesmash
Inviato: Saturday, December 27, 2008 12:53:22 AM
Rank: AiutAmico

Iscritto dal : 12/26/2008
Posts: 49
Scusa il ritardo.
Ti posto il log dell' infezione:


Malwarebytes' Anti-Malware 1.31
Versione del database: 1550
Windows 5.1.2600 Service Pack 3

27/12/2008 0.44.42
mbam-log-2008-12-27 (00-44-36).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 89200
Tempo trascorso: 45 minute(s), 32 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Per il lavoro con combofix meglio se lo faccio domani mattina che ora è un pò tardi...
Comunque poi posto tutto!
Domanda da ignorante:come si disabilita l'antivirus?ex:AVG, lo devo disinstallare?
Grazie
Torna in alto
 
adesmash
Inviato: Saturday, December 27, 2008 12:34:13 PM
Rank: AiutAmico

Iscritto dal : 12/26/2008
Posts: 49
ce l'ho fatta a fare tutto!

Ecco il log di combofix:

ComboFix 08-12-26.03 - ADELE 2008-12-27 12.17.22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.253 [GMT 1:00]
Eseguito da: c:\documents and settings\ADELE\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gfgiQXbc.ini
c:\windows\system32\gfgiQXbc.ini2
c:\windows\system32\mTsYaccf.ini
c:\windows\system32\mTsYaccf.ini2
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\Tasks\suovssst.job

.
((((((((((((((((((((((((( Files Creati Da 2008-11-27 al 2008-12-27 )))))))))))))))))))))))))))))))))))
.

2008-12-27 12:14 . 2008-12-27 12:14 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avg8
2008-12-26 23:27 . 2007-12-21 01:54 20,454 --------- c:\windows\hpoins01.dat.temp
2008-12-26 23:27 . 2003-04-06 05:33 16,622 --------- c:\windows\hpomdl01.dat.temp
2008-12-26 22:59 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2008-12-26 22:58 . 2001-08-30 23:07 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
2008-12-26 22:57 . 2001-08-30 22:10 899,754 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2008-12-26 22:56 . 2001-08-17 22:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2008-12-26 22:55 . 2001-08-17 21:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2008-12-26 22:54 . 2008-04-14 03:13 254,464 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2008-12-26 22:53 . 2001-08-30 23:07 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2008-12-26 22:52 . 2001-08-30 21:33 634,166 --a--c--- c:\windows\system32\dllcache\el656ct5.sys
2008-12-26 22:51 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2008-12-26 22:50 . 2001-08-30 20:33 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2008-12-26 22:49 . 2001-08-17 21:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2008-12-26 22:47 . 2001-08-17 22:07 56,960 --a--c--- c:\windows\system32\dllcache\aic78xx.sys
2008-12-26 22:47 . 2002-08-28 22:59 36,224 --a--c--- c:\windows\system32\dllcache\an983.sys
2008-12-26 22:47 . 2001-08-17 20:11 27,678 --a--c--- c:\windows\system32\dllcache\ali5261.sys
2008-12-26 22:47 . 2001-08-17 21:49 26,624 --a--c--- c:\windows\system32\dllcache\alifir.sys
2008-12-26 22:47 . 2001-08-17 20:11 16,969 --a--c--- c:\windows\system32\dllcache\amb8002.sys
2008-12-26 22:47 . 2001-08-17 21:52 12,032 --a--c--- c:\windows\system32\dllcache\amsint.sys
2008-12-26 22:47 . 2001-08-17 21:47 6,272 --a--c--- c:\windows\system32\dllcache\apmbatt.sys
2008-12-26 22:47 . 2001-08-17 21:51 5,248 --a--c--- c:\windows\system32\dllcache\aliide.sys
2008-12-26 22:46 . 2001-08-17 22:07 55,168 --a--c--- c:\windows\system32\dllcache\aic78u2.sys
2008-12-26 22:46 . 2001-08-30 23:08 24,576 --a--c--- c:\windows\system32\dllcache\agcgauge.ax
2008-12-26 22:46 . 2001-08-17 21:52 12,800 --a--c--- c:\windows\system32\dllcache\aha154x.sys
2008-12-26 19:49 . 2008-12-26 19:49 <DIR> d-------- c:\programmi\CCleaner
2008-12-26 19:43 . 2008-12-26 19:43 <DIR> d-------- c:\programmi\Trend Micro
2008-12-26 18:35 . 2008-12-26 18:35 <DIR> d-------- C:\VundoFix Backups
2008-12-25 21:51 . 2008-12-25 21:51 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\Malwarebytes
2008-12-25 21:49 . 2008-12-25 21:51 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-25 21:49 . 2008-12-25 21:49 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-25 21:49 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-25 21:49 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-25 21:15 . 2008-12-25 21:15 <DIR> d-------- c:\programmi\IObit
2008-12-25 21:15 . 2008-12-25 21:28 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\IObit
2008-12-25 00:59 . 2008-12-25 00:59 <DIR> d-------- c:\programmi\Google
2008-12-25 00:59 . 2008-12-25 00:59 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\Zylom
2008-12-25 00:59 . 2008-12-25 00:59 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\Ancient Quest of Saqqarah__gamehouse
2008-12-18 22:13 . 2008-12-18 22:13 <DIR> d-------- c:\windows\system32\it
2008-12-18 22:13 . 2008-12-18 22:13 <DIR> d-------- c:\windows\l2schemas
2008-12-14 14:41 . 2008-12-14 14:41 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\GameHouse
2008-12-14 14:30 . 2008-12-14 14:30 127 --a------ c:\windows\system32\MRT.INI
2008-12-14 01:30 . 2008-12-14 01:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-12-14 01:29 . 2008-12-14 01:29 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-12-14 01:29 . 2008-12-14 01:29 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\SUPERAntiSpyware.com
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2008-12-14 00:13 . 2007-12-20 23:40 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2008-12-14 00:13 . 2008-12-27 12:13 <DIR> d-------- c:\documents and settings\Administrator
2008-12-13 20:59 . 2008-12-14 02:12 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-13 20:58 . 2008-12-14 02:12 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-12-11 18:13 . 2008-12-11 18:13 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\Ancient Quest of Saqqarah__bfg
2008-12-11 18:12 . 2008-12-11 18:12 <DIR> d-------- c:\windows\Ancient Quest of Saqqarah
2008-12-11 18:06 . 2008-12-11 18:10 <DIR> d-------- c:\programmi\eToro
2008-12-11 17:59 . 2008-12-11 18:00 <DIR> d-------- C:\Virtual
2008-12-11 17:57 . 2008-12-11 17:57 <DIR> d-------- c:\windows\793CFFC9A72F431D9C742E9361E67D04.TMP
2008-12-11 17:57 . 2008-12-11 17:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\BufferZone
2008-12-11 16:43 . 2008-12-11 16:47 <DIR> d-------- C:\Casino
2008-12-04 12:56 . 2008-12-04 12:56 <DIR> d-------- c:\programmi\AVG
2008-12-04 11:02 . 2008-04-14 03:13 712,704 --------- c:\windows\system32\windowscodecs.dll
2008-12-04 11:02 . 2008-04-14 03:13 346,112 --------- c:\windows\system32\windowscodecsext.dll
2008-12-04 11:02 . 2008-04-14 03:13 276,992 --------- c:\windows\system32\wmphoto.dll
2008-12-04 11:02 . 2008-04-14 03:13 173,568 --a--c--- c:\windows\system32\dllcache\sysmoda.dll
2008-12-04 11:02 . 2008-04-14 03:13 69,120 --------- c:\windows\system32\wlanapi.dll
2008-12-04 11:02 . 2008-04-14 03:13 69,120 --a--c--- c:\windows\system32\dllcache\wlanapi.dll
2008-12-04 11:02 . 2008-04-14 03:13 53,248 --------- c:\windows\system32\tsgqec.dll
2008-12-04 11:02 . 2008-04-14 03:13 53,248 --a--c--- c:\windows\system32\dllcache\tsgqec.dll
2008-12-04 11:02 . 2008-04-14 03:13 50,688 --------- c:\windows\system32\tspkg.dll
2008-12-04 11:02 . 2008-04-14 03:13 50,688 --a--c--- c:\windows\system32\dllcache\tspkg.dll
2008-12-04 11:00 . 2008-04-14 03:13 651,264 --------- c:\windows\system32\dot3ui.dll
2008-12-04 10:59 . 2008-04-14 03:13 233,472 --a--c--- c:\windows\system32\dllcache\azroles.dll
2008-12-04 10:44 . 2008-08-14 14:22 2,148,864 --a--c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-04 10:44 . 2008-08-14 14:22 2,027,520 --a--c--- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 20:22 --------- d-----w c:\programmi\PopCap Games
2008-12-25 20:22 --------- d-----w c:\programmi\Motorola Phone Tools
2008-12-25 20:22 --------- d-----w c:\documents and settings\ADELE\Dati applicazioni\uTorrent
2008-12-25 20:18 --------- d-----w c:\programmi\Zylom Games
2008-12-13 15:53 --------- d-----w c:\documents and settings\ADELE\Dati applicazioni\Lavasoft
2008-12-11 15:50 --------- d-----w c:\programmi\VS Revo Group
2008-12-11 15:50 --------- d-----w c:\programmi\Crystal Player
2008-12-11 15:47 --------- d-----w c:\programmi\Oberon Media
2008-12-11 15:47 --------- d-----w c:\programmi\File comuni\Oberon Media
2008-12-11 15:46 --------- d-----w c:\programmi\Gamenext
2008-03-30 16:43 92,064 ----a-w c:\documents and settings\ADELE\mqdmmdm.sys
2008-03-30 16:43 9,232 ----a-w c:\documents and settings\ADELE\mqdmmdfl.sys
2008-03-30 16:43 79,328 ----a-w c:\documents and settings\ADELE\mqdmserd.sys
2008-03-30 16:43 66,656 ----a-w c:\documents and settings\ADELE\mqdmbus.sys
2008-03-30 16:43 6,208 ----a-w c:\documents and settings\ADELE\mqdmcmnt.sys
2008-03-30 16:43 5,936 ----a-w c:\documents and settings\ADELE\mqdmwhnt.sys
2008-03-30 16:43 4,048 ----a-w c:\documents and settings\ADELE\mqdmcr.sys
2008-03-30 16:43 25,600 ----a-w c:\documents and settings\ADELE\usbsermptxp.sys
2008-03-30 16:43 22,768 ----a-w c:\documents and settings\ADELE\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\MSMSGS.EXE" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-25 171448]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2008-12-21 2250256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\ADELE\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 1.0.1.lnk - c:\programmi\OpenOffice.org1.0.1\program\quickstart.exe [2002-07-04 61440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
hp psc 1000 series.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=djrtfu.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 CommDrv;CommDrv;\??\c:\windows\system32\CommDrv.sys []
.
Contenuto della cartella 'Scheduled Tasks'

2008-03-25 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1198198448.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{201107B4-20E6-4AAA-8812-0D409F790B2D} - (no file)


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.lifegate.it/gaatle

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game10.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 12:20:07
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\programmi\OpenOffice.org1.0.1\program\soffice.exe
c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\programmi\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-27 12:22:51 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-27 11:22:49

Pre-Run: 37.738.659.840 byte disponibili
Post-Run: 37,655,719,936 byte disponibili

212 --- E O F --- 2008-12-20 21:59:35
Torna in alto
 
r16
Inviato: Saturday, December 27, 2008 1:07:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Scarica questo:Avenger, scompatta Avenger all'interno di una apposita cartella.
http://swandog46.geekstogo.com/avenger.zip

Avvia AVENGER
Clicca Ok
Inserisci queste righe (fai copia-incolla) nel riquadro bianco: (quelle in neretto)

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Togli la spunta da Scan for Rootkit
Clicca su Execute e aspetta...
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis
Torna in alto
 
adesmash
Inviato: Saturday, December 27, 2008 1:19:24 PM
Rank: AiutAmico

Iscritto dal : 12/26/2008
Posts: 49
Ciao!grazie x l'aiuto anche oggi!!!!!!
Ecco i log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.17.30, on 27/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\MSMSGS.EXE
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\OpenOffice.org1.0.1\program\soffice.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lifegate.it/gaatle
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Programmi\OpenOffice.org1.0.1\program\quickstart.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5712 bytes
Torna in alto
 
r16
Inviato: Saturday, December 27, 2008 5:53:02 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Bene. Elimina questa cartella scritta in rosso: C:\Casino
Adesso fai una scansione con Malwarebytes, e elimina tutto quello che trova. (selezioni i file e clicchi Rimuovi Selezionati)
Fai una scansione con Superantispyware. (ricordati prima di aggiornarlo) e elimina tutto quello che trova.
E rifai una scansione con Combofix.
Devo vedere i tre log che ti rilasceranno.
*********************************************************************************************************
Poi fai: (queste operazioni le puoi fare anche prima delle scansioni)
Start\Esegui\ copia-incolla questa stringa: %temp% e elimina tutti i file che trovi nella cartella TEMP.(non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Torna in alto
 
adesmash
Inviato: Saturday, December 27, 2008 9:21:21 PM
Rank: AiutAmico

Iscritto dal : 12/26/2008
Posts: 49
Ciao!
Sono tornata solo ora...

Sto facendo le scansioni, poi posterò i log, le altre operazioni le ho fatte prima:
nella cartelle temp non riesco ad eliminare:

DFEFDD.tmp (prima c'è una bisciolina che non so fare)
DFEFE8.tmp (sempre prima bisciolina)

mi dice:Impossibile eliminare...........Accesso negato
Controllare che il disco non sia pieno o protetto da scrittura e che il file non sia attualmente in uso.

Tutti i programmi erano chiusi!
Torna in alto
 
adesmash
Inviato: Saturday, December 27, 2008 10:47:04 PM
Rank: AiutAmico

Iscritto dal : 12/26/2008
Posts: 49
Ok, ho i tre log:

Malwarebytes' Anti-Malware 1.31
Versione del database: 1550
Windows 5.1.2600 Service Pack 3

27/12/2008 21.54.41
mbam-log-2008-12-27 (21-54-37).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 89578
Tempo trascorso: 42 minute(s), 36 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/27/2008 at 10:32 PM

Application Version : 4.23.1006

Core Rules Database Version : 3686
Trace Rules Database Version: 1663

Scan type : Complete Scan
Total Scan Time : 00:31:43

Memory items scanned : 391
Memory threats detected : 0
Registry items scanned : 3709
Registry threats detected : 0
File items scanned : 24552
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\ADELE\Cookies\adele@eas.apm.emediate[3].txt
C:\Documents and Settings\ADELE\Cookies\adele@eas.apm.emediate[2].txt



ComboFix 08-12-26.03 - ADELE 2008-12-27 22.39.20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.511.210 [GMT 1:00]
Eseguito da: c:\documents and settings\ADELE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-11-27 al 2008-12-27 )))))))))))))))))))))))))))))))))))
.

2008-12-27 12:56 . 2008-12-27 13:00 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-27 12:56 . 2008-12-27 12:56 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-27 12:56 . 2008-12-27 12:56 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-27 12:56 . 2008-12-27 12:56 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-27 12:14 . 2008-12-27 12:56 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avg8
2008-12-26 23:27 . 2007-12-21 01:54 20,454 --------- c:\windows\hpoins01.dat.temp
2008-12-26 23:27 . 2003-04-06 05:33 16,622 --------- c:\windows\hpomdl01.dat.temp
2008-12-26 22:59 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2008-12-26 22:58 . 2001-08-30 23:07 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
2008-12-26 22:57 . 2001-08-30 22:10 899,754 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2008-12-26 22:56 . 2001-08-17 22:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2008-12-26 22:55 . 2001-08-17 21:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2008-12-26 22:54 . 2008-04-14 03:13 254,464 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2008-12-26 22:53 . 2001-08-30 23:07 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2008-12-26 22:52 . 2001-08-30 21:33 634,166 --a--c--- c:\windows\system32\dllcache\el656ct5.sys
2008-12-26 22:51 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2008-12-26 22:50 . 2001-08-30 20:33 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2008-12-26 22:49 . 2001-08-17 21:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2008-12-26 22:47 . 2001-08-17 22:07 56,960 --a--c--- c:\windows\system32\dllcache\aic78xx.sys
2008-12-26 22:47 . 2002-08-28 22:59 36,224 --a--c--- c:\windows\system32\dllcache\an983.sys
2008-12-26 22:47 . 2001-08-17 20:11 27,678 --a--c--- c:\windows\system32\dllcache\ali5261.sys
2008-12-26 22:47 . 2001-08-17 21:49 26,624 --a--c--- c:\windows\system32\dllcache\alifir.sys
2008-12-26 22:47 . 2001-08-17 20:11 16,969 --a--c--- c:\windows\system32\dllcache\amb8002.sys
2008-12-26 22:47 . 2001-08-17 21:52 12,032 --a--c--- c:\windows\system32\dllcache\amsint.sys
2008-12-26 22:47 . 2001-08-17 21:47 6,272 --a--c--- c:\windows\system32\dllcache\apmbatt.sys
2008-12-26 22:47 . 2001-08-17 21:51 5,248 --a--c--- c:\windows\system32\dllcache\aliide.sys
2008-12-26 22:46 . 2001-08-17 22:07 55,168 --a--c--- c:\windows\system32\dllcache\aic78u2.sys
2008-12-26 22:46 . 2001-08-30 23:08 24,576 --a--c--- c:\windows\system32\dllcache\agcgauge.ax
2008-12-26 22:46 . 2001-08-17 21:52 12,800 --a--c--- c:\windows\system32\dllcache\aha154x.sys
2008-12-26 19:49 . 2008-12-26 19:49 <DIR> d-------- c:\programmi\CCleaner
2008-12-26 19:43 . 2008-12-26 19:43 <DIR> d-------- c:\programmi\Trend Micro
2008-12-26 18:35 . 2008-12-26 18:35 <DIR> d-------- C:\VundoFix Backups
2008-12-25 21:51 . 2008-12-25 21:51 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\Malwarebytes
2008-12-25 21:49 . 2008-12-25 21:51 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-25 21:49 . 2008-12-25 21:49 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-25 21:49 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-25 21:49 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-25 21:15 . 2008-12-25 21:15 <DIR> d-------- c:\programmi\IObit
2008-12-25 21:15 . 2008-12-25 21:28 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\IObit
2008-12-25 00:59 . 2008-12-25 00:59 <DIR> d-------- c:\programmi\Google
2008-12-25 00:59 . 2008-12-25 00:59 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\Zylom
2008-12-25 00:59 . 2008-12-25 00:59 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\Ancient Quest of Saqqarah__gamehouse
2008-12-18 22:13 . 2008-12-18 22:13 <DIR> d-------- c:\windows\system32\it
2008-12-18 22:13 . 2008-12-18 22:13 <DIR> d-------- c:\windows\l2schemas
2008-12-14 14:41 . 2008-12-14 14:41 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\GameHouse
2008-12-14 14:30 . 2008-12-14 14:30 127 --a------ c:\windows\system32\MRT.INI
2008-12-14 01:30 . 2008-12-14 01:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-12-14 01:29 . 2008-12-14 01:29 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-12-14 01:29 . 2008-12-14 01:29 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\SUPERAntiSpyware.com
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2008-12-14 00:13 . 2007-12-20 23:40 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2008-12-14 00:13 . 2008-12-27 22:40 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2008-12-14 00:13 . 2008-12-27 12:56 <DIR> d-------- c:\documents and settings\Administrator
2008-12-13 20:59 . 2008-12-14 02:12 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-13 20:58 . 2008-12-14 02:12 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-12-11 18:13 . 2008-12-11 18:13 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\Ancient Quest of Saqqarah__bfg
2008-12-11 18:12 . 2008-12-11 18:12 <DIR> d-------- c:\windows\Ancient Quest of Saqqarah
2008-12-11 18:06 . 2008-12-11 18:10 <DIR> d-------- c:\programmi\eToro
2008-12-11 17:59 . 2008-12-11 18:00 <DIR> d-------- C:\Virtual
2008-12-11 17:57 . 2008-12-11 17:57 <DIR> d-------- c:\windows\793CFFC9A72F431D9C742E9361E67D04.TMP
2008-12-11 17:57 . 2008-12-11 17:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\BufferZone
2008-12-04 12:56 . 2008-12-04 12:56 <DIR> d-------- c:\programmi\AVG
2008-12-04 11:02 . 2008-04-14 03:13 712,704 --------- c:\windows\system32\windowscodecs.dll
2008-12-04 11:02 . 2008-04-14 03:13 346,112 --------- c:\windows\system32\windowscodecsext.dll
2008-12-04 11:02 . 2008-04-14 03:13 276,992 --------- c:\windows\system32\wmphoto.dll
2008-12-04 11:02 . 2008-04-14 03:13 173,568 --a--c--- c:\windows\system32\dllcache\sysmoda.dll
2008-12-04 11:02 . 2008-04-14 03:13 69,120 --------- c:\windows\system32\wlanapi.dll
2008-12-04 11:02 . 2008-04-14 03:13 69,120 --a--c--- c:\windows\system32\dllcache\wlanapi.dll
2008-12-04 11:02 . 2008-04-14 03:13 53,248 --------- c:\windows\system32\tsgqec.dll
2008-12-04 11:02 . 2008-04-14 03:13 53,248 --a--c--- c:\windows\system32\dllcache\tsgqec.dll
2008-12-04 11:02 . 2008-04-14 03:13 50,688 --------- c:\windows\system32\tspkg.dll
2008-12-04 11:02 . 2008-04-14 03:13 50,688 --a--c--- c:\windows\system32\dllcache\tspkg.dll
2008-12-04 11:00 . 2008-04-14 03:13 651,264 --------- c:\windows\system32\dot3ui.dll
2008-12-04 10:59 . 2008-04-14 03:13 233,472 --a--c--- c:\windows\system32\dllcache\azroles.dll
2008-12-04 10:44 . 2008-08-14 14:22 2,148,864 --a--c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-04 10:44 . 2008-08-14 14:22 2,027,520 --a--c--- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 20:22 --------- d-----w c:\programmi\PopCap Games
2008-12-25 20:22 --------- d-----w c:\programmi\Motorola Phone Tools
2008-12-25 20:22 --------- d-----w c:\documents and settings\ADELE\Dati applicazioni\uTorrent
2008-12-25 20:18 --------- d-----w c:\programmi\Zylom Games
2008-12-13 15:53 --------- d-----w c:\documents and settings\ADELE\Dati applicazioni\Lavasoft
2008-12-11 15:50 --------- d-----w c:\programmi\VS Revo Group
2008-12-11 15:50 --------- d-----w c:\programmi\Crystal Player
2008-12-11 15:47 --------- d-----w c:\programmi\Oberon Media
2008-12-11 15:47 --------- d-----w c:\programmi\File comuni\Oberon Media
2008-12-11 15:46 --------- d-----w c:\programmi\Gamenext
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-03-30 16:43 92,064 ----a-w c:\documents and settings\ADELE\mqdmmdm.sys
2008-03-30 16:43 9,232 ----a-w c:\documents and settings\ADELE\mqdmmdfl.sys
2008-03-30 16:43 79,328 ----a-w c:\documents and settings\ADELE\mqdmserd.sys
2008-03-30 16:43 66,656 ----a-w c:\documents and settings\ADELE\mqdmbus.sys
2008-03-30 16:43 6,208 ----a-w c:\documents and settings\ADELE\mqdmcmnt.sys
2008-03-30 16:43 5,936 ----a-w c:\documents and settings\ADELE\mqdmwhnt.sys
2008-03-30 16:43 4,048 ----a-w c:\documents and settings\ADELE\mqdmcr.sys
2008-03-30 16:43 25,600 ----a-w c:\documents and settings\ADELE\usbsermptxp.sys
2008-03-30 16:43 22,768 ----a-w c:\documents and settings\ADELE\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-27_12.22.26.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-27 11:56:40 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\MSMSGS.EXE" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-25 171448]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2008-12-21 2250256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-27 1261336]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\ADELE\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 1.0.1.lnk - c:\programmi\OpenOffice.org1.0.1\program\quickstart.exe [2002-07-04 61440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
hp psc 1000 series.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-27 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-27 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-27 76040]
R3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 CommDrv;CommDrv;\??\c:\windows\system32\CommDrv.sys []
.
Contenuto della cartella 'Scheduled Tasks'

2008-03-25 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1198198448.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.lifegate.it/gaatle

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game10.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 22:41:05
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
.
Ora fine scansione: 2008-12-27 22.42.10
ComboFix-quarantined-files.txt 2008-12-27 21:42:00
ComboFix2.txt 2008-12-27 11:22:53

Pre-Run: 37.510.017.024 byte disponibili
Post-Run: 37,506,793,472 byte disponibili

211 --- E O F --- 2008-12-20 21:59:35
Torna in alto
 
r16
Inviato: Saturday, December 27, 2008 11:02:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Non hai eliminato la chiave che Malwarebytes ha trovato.
Quando la scansione finisce, DEVI SELEZIONARE (mettere la spunta nel quadrettino ) e cliccare Rimuovi Selezionati
Poi riavvia il pc, e fai un'altra scansione per verificare se la rileva ancora.
Torna in alto
 
adesmash
Inviato: Saturday, December 27, 2008 11:07:31 PM
Rank: AiutAmico

Iscritto dal : 12/26/2008
Posts: 49
lo avevo fatto...
comunque riprovo!
Torna in alto
 
r16
Inviato: Saturday, December 27, 2008 11:21:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non voglio farti mettere le mani sul registro.
Se lo rileva ancora proviamo con Virit:
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).Posta anche il log. (lo trovi sull'icona in alto, con raffigurato un block notes ,con una penna)
Torna in alto
 
adesmash
Inviato: Saturday, December 27, 2008 11:30:40 PM
Rank: AiutAmico

Iscritto dal : 12/26/2008
Posts: 49
r16 ha scritto:
Non voglio farti mettere le mani sul registro.


Ha,ha...vedo che hai già capito quanto sono impedita!!!

OK,grazie, farò tutto...ora sta scansionando con Malwarebytes!
Torna in alto
 
r16
Inviato: Saturday, December 27, 2008 11:37:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
No, non ho pensato a quanto sei impedita.Drool
Nel limite del possibile, cerco sempre di evitare a TUTTI di mettere le manine nel registro.
Basta un piccolo errore, e invece di risolvere : Formatti.Anxious
Torna in alto
 
adesmash
Inviato: Sunday, December 28, 2008 12:00:36 AM
Rank: AiutAmico

Iscritto dal : 12/26/2008
Posts: 49
Avevo immaginato una cosa del genere...ma in ogni caso sono impedita!
Prima ti avevo mandato il log prima di aver rimosso le minacce...ora ho quello giusto:


Malwarebytes' Anti-Malware 1.31
Versione del database: 1550
Windows 5.1.2600 Service Pack 3

27/12/2008 23.53.04
mbam-log-2008-12-27 (23-53-04).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 89662
Tempo trascorso: 41 minute(s), 46 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)



Devo far partire VIRIT?
Torna in alto
 
r16
Inviato: Sunday, December 28, 2008 12:07:13 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non hai riavviato il pc.d'oh!
Delete on reboot significa che devi riavviare il pc perchè il file venga eliminato
Torna in alto
 
adesmash
Inviato: Sunday, December 28, 2008 12:37:06 AM
Rank: AiutAmico

Iscritto dal : 12/26/2008
Posts: 49
Si...
ma mi salva il log prima di riavviare...ed è quello che ti mando
io ho riavviato...devo fare una nuova scansione?e poi mandarti il log?
devo cercare un altro log?

non ce la posso fare...
Torna in alto
 
Utenti presenti in questo topic
Guest

5 pages: 1 [2] 3 4 5

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » xfavore mi controllate il log?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.