Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllino log ComboFix

Controllino log ComboFix Opzioni
Topic Precedente · Topic Sucessivo
simo95
Inviato: Saturday, November 21, 2009 6:54:28 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Ciao a tutti.
Mi potreste dare una controllatina al log?
(Come mai nè malwarebytes, nè AVG, rilevavano queste tracce del Navipromo??)
Grazie.
Ciao
PS: Non so se è importante, ma nella fase finale ComboFix ha detto che non trovava il Driver C:\Windows\System32\Drivers\COMBO-FIX.sys

Ciao


ComboFix 09-11-20.05 - vpnbaldo 11/21/2009 18:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.243 [GMT 1:00]
Eseguito da: c:\documents and settings\vpnbaldo\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\vpnbaldo\Impostazioni locali\Dati applicazioni\koigi.dat
c:\documents and settings\vpnbaldo\Impostazioni locali\Dati applicazioni\koigi_nav.dat
c:\recycler\S-1-5-21-398348589-4096269796-4152297477-500
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Creati Da 2009-10-21 al 2009-11-21 )))))))))))))))))))))))))))))))))))
.

2009-11-17 18:13 . 2009-11-17 19:11 -------- d-----w- c:\programmi\Ubisoft
2009-11-16 13:47 . 2009-11-16 13:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-11-15 13:23 . 2007-10-23 08:27 110592 ----a-w- c:\documents and settings\vpnbaldo\Dati applicazioni\U3\temp\cleanup.exe
2009-11-15 13:20 . 2008-05-02 09:41 3493888 ---ha-w- c:\documents and settings\vpnbaldo\Dati applicazioni\U3\temp\Launchpad Removal.exe
2009-11-15 13:19 . 2009-11-19 15:35 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\U3
2009-11-13 18:06 . 2009-10-23 16:34 652568 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmtrapx.dll
2009-11-13 18:06 . 2009-10-23 16:34 328472 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgxch32.dll
2009-11-13 18:06 . 2009-10-23 16:34 292632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avglngx.dll
2009-11-13 18:06 . 2009-10-23 16:34 615192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcertx.dll
2009-11-13 18:05 . 2009-10-23 16:34 610072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2009-11-11 18:45 . 2009-11-11 18:45 -------- d-----w- c:\programmi\Microsoft
2009-11-07 19:04 . 2009-11-07 19:04 -------- d-----w- C:\OEMSettings
2009-11-07 19:04 . 2009-11-07 19:04 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-11-07 19:03 . 2009-11-07 19:03 -------- d-----w- c:\programmi\NETGEAR
2009-11-06 19:44 . 2009-11-08 17:15 -------- d-----w- c:\programmi\JDownloader
2009-10-28 16:46 . 2009-10-29 09:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-10-28 16:46 . 2009-09-23 15:37 34112 ----a-w- c:\documents and settings\vpnbaldo\Dati applicazioni\Mozilla\Firefox\Profiles\6nh0jn98.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-10-28 16:46 . 2009-09-23 15:37 32448 ----a-w- c:\documents and settings\vpnbaldo\Dati applicazioni\Mozilla\Firefox\Profiles\6nh0jn98.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-10-28 16:46 . 2009-09-23 15:37 22352 ----a-w- c:\documents and settings\vpnbaldo\Dati applicazioni\Mozilla\Firefox\Profiles\6nh0jn98.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-10-27 13:55 . 2009-10-27 13:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrium
2009-10-27 13:54 . 2009-10-27 13:54 43646 ----a-r- c:\documents and settings\vpnbaldo\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_EF7BC6DDBE20B4C1311492.exe
2009-10-27 13:54 . 2009-10-27 13:54 43646 ----a-r- c:\documents and settings\vpnbaldo\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_D707CE1C009F1381803C2C.exe
2009-10-27 13:54 . 2009-10-27 13:54 43646 ----a-r- c:\documents and settings\vpnbaldo\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_81A4006ABC1B62DCE5F5CA.exe
2009-10-27 13:54 . 2009-10-27 13:54 43646 ----a-r- c:\documents and settings\vpnbaldo\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_21F3885A18D238E15AAE81.exe
2009-10-27 13:54 . 2009-10-27 13:54 29926 ----a-r- c:\documents and settings\vpnbaldo\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_455EF241629E11584EA727.exe
2009-10-27 13:54 . 2009-10-27 13:54 109534 ----a-r- c:\documents and settings\vpnbaldo\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_6FEFF9B68218417F98F549.exe
2009-10-27 13:53 . 2009-10-27 13:53 -------- d-----w- c:\programmi\Macrium
2009-10-26 16:05 . 2009-10-26 16:08 -------- d-----w- C:\Netgear
2009-10-23 16:48 . 2009-10-23 16:48 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\AVG9
2009-10-23 16:44 . 2009-10-23 16:42 2421016 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avguiadv.dll
2009-10-23 16:43 . 2009-10-23 16:42 4015384 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2009-10-23 16:43 . 2009-10-23 16:42 2010904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtray.exe
2009-10-23 16:43 . 2009-10-23 16:42 1257752 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2009-10-23 16:43 . 2009-10-23 16:42 3774232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2009-10-23 16:43 . 2009-10-23 16:34 97560 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgdumpx.exe
2009-10-23 16:43 . 2009-10-23 16:40 3963672 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2009-10-23 16:43 . 2009-10-23 16:40 496920 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2009-10-23 16:39 . 2009-10-23 16:34 842520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2009-10-23 16:39 . 2009-10-23 16:38 1657112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2009-10-23 16:35 . 2009-11-03 15:35 -------- d-----w- C:\$AVG
2009-10-23 16:35 . 2009-10-23 16:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-23 16:35 . 2009-10-23 16:35 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-23 16:35 . 2009-10-23 16:35 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-23 16:34 . 2009-11-21 17:08 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-23 16:34 . 2009-10-23 16:34 -------- d-----w- c:\programmi\AVG
2009-10-23 16:34 . 2009-10-23 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-10-23 15:40 . 2009-10-23 15:40 70608 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-23 15:38 . 2009-10-23 15:38 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-23 14:53 . 2009-10-23 14:53 -------- d-----w- c:\programmi\Analog Devices
2009-10-23 14:52 . 2009-10-23 14:52 -------- d-----w- C:\SWSetup
2009-10-23 14:47 . 2009-10-23 14:47 -------- d-----w- c:\programmi\Broadcom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 20:59 . 2008-08-30 12:27 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\Ashampoo
2009-11-18 18:58 . 2009-10-04 15:44 18656 ----a-w- c:\windows\NGSSLDrv.sys
2009-11-18 18:58 . 2009-09-30 17:31 31968 ----a-w- c:\windows\NGUninstallVPNTunnel.exe
2009-11-17 19:11 . 2004-06-01 11:49 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-16 15:47 . 2009-03-22 17:49 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\gtk-2.0
2009-11-13 18:00 . 2009-08-21 20:13 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\Auslogics
2009-11-01 10:44 . 2008-12-22 10:13 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2009-11-01 10:43 . 2009-09-07 16:16 38208 ----a-w- c:\documents and settings\vpnbaldo\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-30 15:46 . 2009-09-10 16:02 -------- d-----w- c:\programmi\Tracker Software
2009-10-27 18:50 . 2007-09-26 12:07 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-23 17:01 . 2009-04-10 17:41 -------- d-----w- c:\programmi\SpywareBlaster
2009-10-23 16:06 . 2004-06-03 14:42 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-10-16 18:35 . 2003-05-29 06:50 85468 ----a-w- c:\windows\system32\perfc010.dat
2009-10-16 18:35 . 2003-05-29 06:50 492996 ----a-w- c:\windows\system32\perfh010.dat
2009-10-16 16:10 . 2009-10-16 16:10 -------- d-----w- c:\programmi\EASEUS
2009-10-13 13:31 . 2009-10-13 13:31 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\kompozer.net
2009-10-10 17:26 . 2009-03-05 20:17 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\FileZilla
2009-10-10 12:51 . 2004-12-20 18:03 70608 ----a-w- c:\documents and settings\vpnbaldo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-07 17:18 . 2009-10-07 17:18 -------- d-----w- c:\programmi\TI Education
2009-10-06 13:24 . 2009-10-06 13:24 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\GlarySoft
2009-10-05 19:03 . 2009-10-05 19:01 -------- d-----w- c:\programmi\Free-Web-Buttons.com
2009-10-05 17:27 . 2009-10-05 17:28 185856 ----a-w- c:\windows\system32\framedyn.dll
2009-10-05 17:27 . 2009-10-05 17:28 5415 ----a-w- c:\windows\system32\Choice.com
2009-10-05 14:20 . 2009-09-30 14:17 18656 ----a-w- c:\windows\system32\drivers\NGSSLDrv.sys
2009-10-03 15:06 . 2008-12-06 13:03 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-09-27 16:02 . 2008-09-04 14:10 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\LimeWire
2009-09-27 15:49 . 2004-06-03 14:18 -------- d-----w- c:\programmi\File comuni\Roxio Shared
2009-09-27 15:45 . 2008-08-30 12:23 -------- d-----w- c:\programmi\Ashampoo
2009-09-25 15:11 . 2009-01-05 14:41 4045528 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-25 05:35 . 2004-08-23 19:35 669696 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:35 . 2009-04-02 12:34 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:17 . 2003-04-08 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2008-12-06 13:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-12-06 13:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2003-04-08 02:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 19:52 . 2003-04-08 02:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-08-29 11:59 . 2009-08-29 11:59 492996 ----a-w- c:\windows\system32\prfh0410.dat
2009-08-29 11:59 . 2009-08-29 11:59 85468 ----a-w- c:\windows\system32\prfc0410.dat
2009-08-28 07:01 . 2009-08-28 07:01 152576 ----a-w- c:\documents and settings\vpnbaldo\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-26 14:10 . 2004-05-18 18:30 213544 ----a-w- c:\windows\system32\drivers\b57xp32.sys
2009-08-26 08:00 . 2003-04-08 02:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 11:16 . 2009-08-25 11:16 32224 ----a-w- c:\windows\system32\drivers\psmounter.sys
2008-08-31 14:17 . 2008-08-31 14:14 8785344 ----a-w- c:\programmi\ShareazaV4.exe
2008-08-31 14:10 . 2008-08-31 13:46 5265101 ----a-w- c:\programmi\Shareaza_2.3.1.0_Win32.exe
2008-08-31 12:18 . 2008-08-31 12:18 1495112 ----a-w- c:\programmi\install_flash_player.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2008-01-02 14:49 . 2008-01-02 14:40 72 --sh--w- c:\windows\SED1FC91E.tmp
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"DSLAGENTEXE"="dslagent.exe" - c:\windows\system32\dslagent.exe [2001-10-02 16384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-23 16:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Mobile User VPN.lnk]
backup=c:\windows\pss\Mobile User VPN.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^NETGEAR WG111v3 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\NETGEAR WG111v3 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\WatchGuard\\Mobile User VPN\\Vpn.exe"=
"c:\\Programmi\\NX Client for Windows\\nxclient.exe"=
"c:\\Programmi\\NX Client for Windows\\bin\\nxssh.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Shareaza\\Shareaza.exe"=
"c:\\Documents and Settings\\vpnbaldo\\Desktop\\Simone\\uTorrent\\App\\utorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Ubisoft\\Splinter Cell Pandora Tomorrow\\Support\\Check_Appli\\pandora_detection.exe"=
"c:\\Programmi\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:TCP"= 1755:TCP:eMule TCP
"1756:UDP"= 1756:UDP:Emule UDP

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [5/20/2008 9:32 15328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/23/2009 17:35 333192]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [10/23/2009 17:34 285392]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [6/3/2004 16:37 217088]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 13:13 38144]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [6/3/2004 16:37 114232]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [12/6/2008 14:03 269648]
R3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (11);c:\windows\system32\drivers\Amps2prt.sys [1/7/2003 18:16 9600]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vapnt.sys [6/3/2004 16:36 36188]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/6/2008 14:03 19160]
R3 NGSSLDrv;VPN Tunnel NGSSLDrv Adapter;c:\windows\system32\drivers\NGSSLDrv.sys [9/30/2009 15:17 18656]
R3 SbieDrv;SbieDrv;c:\programmi\Sandboxie\SbieDrv.sys [5/28/2009 14:32 108032]
S2 gafwload;ZyXEL USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [6/14/2004 9:30 26987]
S2 U3sHlpDr;U3sHlpDr;\??\c:\windows\System32\Drivers\U3sHlpDr.sys --> c:\windows\System32\Drivers\U3sHlpDr.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/16/2009 17:10 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/16/2009 17:10 3072]
S3 FreeOTFE;FreeOTFE;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFE.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFE.sys [?]
S3 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherAES_ltc.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherAES_ltc.sys [?]
S3 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherBlowfish.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherBlowfish.sys [?]
S3 FreeOTFECypherCAST5;FreeOTFECypherCAST5;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherCAST5.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherCAST5.sys [?]
S3 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherCAST6_Gladman.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherCAST6_Gladman.sys [?]
S3 FreeOTFECypherDES;FreeOTFECypherDES;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherDES.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherDES.sys [?]
S3 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherMARS_Gladman.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherMARS_Gladman.sys [?]
S3 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherRC6_ltc.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherRC6_ltc.sys [?]
S3 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherSerpent_Gladman.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherSerpent_Gladman.sys [?]
S3 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherTwofish_ltc.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherTwofish_ltc.sys [?]
S3 FreeOTFEHashMD;FreeOTFEHashMD;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashMD.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashMD.sys [?]
S3 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashRIPEMD.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashRIPEMD.sys [?]
S3 FreeOTFEHashSHA;FreeOTFEHashSHA;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashSHA.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashSHA.sys [?]
S3 FreeOTFEHashTiger;FreeOTFEHashTiger;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashTiger.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashTiger.sys [?]
S3 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashWhirlpool.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashWhirlpool.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 15:02 287232]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/ig?hl=it
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://go.compaq.com/1Q00CDT/0410/bl7.asp
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0410/bl8.asp
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://62.123.107.140/MLWebCacheCleaner.cab
FF - ProfilePath - c:\documents and settings\vpnbaldo\Dati applicazioni\Mozilla\Firefox\Profiles\6nh0jn98.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\vpnbaldo\Dati applicazioni\Mozilla\Firefox\Profiles\6nh0jn98.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\vpnbaldo\Impostazioni locali\Dati applicazioni\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\programmi\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 18:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3584)
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WatchGuard\Mobile User VPN\IreIKE.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\WatchGuard\Mobile User VPN\IPSecMon.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Macrium\Reflect\ReflectService.exe
c:\programmi\Sandboxie\SbieSvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-21 18:49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-21 17:49

Pre-Run: 12.243.214.336 byte disponibili
Post-Run: 12.225.306.624 byte disponibili

- - End Of File - - 6BBF0DBA70C6CEDD82576B5FE1EFB069
Torna in alto
 
Sponsor
Inviato: Saturday, November 21, 2009 6:54:28 PM

 
Torna in alto
 
r16
Inviato: Saturday, November 21, 2009 10:17:52 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao simo95 .
Dei rimasugli del navipromo sono stati levati, assieme ad altro.
Riscontri problemi?
Torna in alto
 
simo95
Inviato: Saturday, November 21, 2009 10:47:39 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
No, sempre normale.
Non mi ha mai dato grossi problemi.
Grazie.

Ciao

EDIT: Dopo la scansione con Combofix, non funziona più l'autoplay.
Non ha grossa importanza, ma se riesco a risolvere sarei felice.
Grazie.

CiaoDrool
Torna in alto
 
r16
Inviato: Saturday, November 21, 2009 11:27:20 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
simo95 ha scritto:
No, sempre normale.
Non mi ha mai dato grossi problemi.
Grazie.
Ciao
EDIT: Dopo la scansione con Combofix, non funziona più l'autoplay.
Non ha grossa importanza, ma se riesco a risolvere sarei felice.
Grazie.
CiaoDrool

1) non hai avuto grossi problemi, perchè non avevi l'eseguibile del navipromo.

2) Combofix disattiva l'Autorun.inf delle periferiche di Default.
Prova questo per ripristinarlo:
http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=c680a7b6-e8fa-45c4-a171-1b389cfacdad&displaylang=en
Comunque simo95 ,per la sicurezza del pc, è un bene che l'Autoplay sia disattivato.
Torna in alto
 
enigmista63
Inviato: Sunday, November 22, 2009 1:02:11 AM

Rank: AiutAmico

Iscritto dal : 4/28/2007
Posts: 1,976
Shhh Ciao SIMO95 forse mi confondo con qualche altro utente,ma mi pare di aver notato che da qualche settimana posti vari log da analizzare,e fin qui' tutto normale quello che e' strano che ad ogni log risulta un antivirus diverso,il mio disinteressato consiglio e' quello di provare i software,ma anche di tenerli qualche periodo per valutarne la funzionalita' e l'efficacia.
Saluti

@R16 chiedo scusa per l'intervento.Saluti anche a te.
Torna in alto
 
simo95
Inviato: Monday, November 23, 2009 9:32:35 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
enigmista63 ha scritto:
Shhh Ciao SIMO95 forse mi confondo con qualche altro utente,ma mi pare di aver notato che da qualche settimana posti vari log da analizzare,e fin qui' tutto normale quello che e' strano che ad ogni log risulta un antivirus diverso,il mio disinteressato consiglio e' quello di provare i software,ma anche di tenerli qualche periodo per valutarne la funzionalita' e l'efficacia.
Saluti

@R16 chiedo scusa per l'intervento.Saluti anche a te.


Mi sa che ti sbagli...! Drool
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllino log ComboFix


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.