Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate per favore log

Mi controllate per favore log Opzioni
Topic Precedente · Topic Sucessivo
danuta60
Inviato: Thursday, May 08, 2008 8:05:08 PM

Rank: AiutAmico

Iscritto dal : 11/5/2007
Posts: 769
Scusate, ma con questi ragazzi al computer c'è sempre qualche problema (credo che è cominciato con voler mettere lo skin di naruto). Da giorni va lentissimo, ho fatto il lavoro con Norman, combofix e ve lo posto:

ComboFix 08-05-01.3 - daniela 2008-05-08 19:30:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.159 [GMT 2:00]
Eseguito da: C:\Documents and Settings\daniela\Desktop\Antivirus\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Programmi\rnamfler\radprlib.dll
C:\Programmi\rnamfler\radhslib.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\msssc.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-04-08 al 2008-05-08 )))))))))))))))))))))))))))))))))))
.

2008-05-07 09:10 . 2008-05-07 12:13 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-06 12:31 . 2008-05-07 10:43 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-06 12:31 . 2008-05-06 12:31 <DIR> d-------- C:\Programmi\AVG
2008-05-06 12:31 . 2008-05-06 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-05-06 12:31 . 2008-05-06 12:31 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-06 12:31 . 2008-05-06 12:31 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-06 12:31 . 2008-05-06 12:31 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-06 12:23 . 2008-05-08 19:18 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-05-05 09:01 . 2008-05-05 09:01 <DIR> d-------- C:\Documents and Settings\daniela\Dati applicazioni\.clamwin
2008-05-05 09:00 . 2008-05-05 09:00 <DIR> d-------- C:\Programmi\ClamWin
2008-05-05 09:00 . 2008-05-05 09:00 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin
2008-05-03 11:46 . 2008-05-04 09:45 <DIR> d-------- C:\Programmi\Total Video Converter
2008-05-01 13:57 . 2008-05-01 13:57 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-04-28 23:01 . 2008-04-28 23:01 <DIR> d-------- C:\Documents and Settings\daniela\Dati applicazioni\gtk-2.0
2008-04-28 22:09 . 2008-04-29 13:46 <DIR> d-------- C:\Documents and Settings\daniela\Dati applicazioni\.purple
2008-04-28 22:08 . 2008-04-29 13:49 <DIR> d-------- C:\Programmi\Aspell
2008-04-28 22:07 . 2008-04-29 13:48 <DIR> d-------- C:\Programmi\Pidgin
2008-04-28 22:06 . 2008-04-28 22:06 <DIR> d-------- C:\Programmi\File comuni\GTK
2008-04-24 16:12 . 2008-04-24 16:14 <DIR> d-------- C:\Programmi\MiniReminder
2008-04-24 15:35 . 2008-05-08 19:34 14,432,288 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-24 15:35 . 2008-05-08 19:09 169,580 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-24 15:29 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-24 13:49 . 2008-04-24 13:49 <DIR> d-------- C:\Documents and Settings\daniela\DoctorWeb
2008-04-24 11:31 . 2008-04-24 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-04-21 18:17 . 2008-04-21 18:17 50 --a------ C:\WINDOWS\cdplayer.ini
2008-04-18 16:56 . 2008-04-24 11:32 <DIR> d-------- C:\Programmi\Gabest
2008-04-18 16:56 . 2008-04-24 11:33 <DIR> d-------- C:\Programmi\AviSynth 2.5
2008-04-17 20:01 . 2008-04-17 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-04-17 20:00 . 2008-04-17 20:00 <DIR> d-------- C:\Programmi\DVD Shrink
2008-04-17 18:10 . 2008-04-17 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ahead
2008-04-15 19:40 . 2008-04-15 19:20 262,144 --a------ C:\Programmi\Uninstall Spy Blocker.dll
2008-04-15 11:16 . 2008-04-15 11:16 <DIR> d-------- C:\WINDOWS\Sun
2008-04-15 08:30 . 2008-04-15 08:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2008-04-15 08:30 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc0410.dll
2008-04-15 08:30 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc0410.dll
2008-04-15 08:30 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc0410.dll
2008-04-15 08:30 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc0410.dll
2008-04-15 08:29 . 2008-04-15 08:29 <DIR> d-------- C:\Programmi\Zone Labs
2008-04-15 08:29 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-14 21:24 . 2008-04-14 21:24 <DIR> d-------- C:\BackUpMSNCleaner
2008-04-08 12:16 . 2008-04-08 12:16 693,792 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2008-04-08 12:16 . 2008-04-08 12:16 560,672 --a------ C:\WINDOWS\system32\OGAAddin.dll
2008-04-08 12:16 . 2008-04-08 12:16 504,864 --a------ C:\WINDOWS\system32\OGAVerify.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 21:44 1,478,656 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-05-07 21:44 1,064,960 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-05-07 21:44 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\uTorrent
2008-05-07 14:19 --------- d--h--r C:\Programmi\rnamfler
2008-05-07 10:17 864,768 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-05-07 06:07 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-07 06:06 --------- d-----w C:\Programmi\SpywareBlaster
2008-05-06 13:15 476,160 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-05-06 13:15 1,473,536 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-05-06 12:11 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\SiteAdvisor
2008-05-06 10:19 --------- d-----w C:\Programmi\CCleaner
2008-05-05 15:36 1,454,080 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-05-05 15:36 1,132,032 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-05-04 12:39 394,240 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-05-04 12:39 1,437,696 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-05-03 21:42 877,056 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-05-03 21:42 1,430,528 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-05-03 18:18 --------- d-----w C:\Programmi\uTorrent
2008-05-01 18:04 975,360 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-05-01 12:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-01 11:37 396,288 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-05-01 11:33 --------- d-----w C:\Programmi\a-squared Free
2008-04-30 19:15 3,059,200 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-04-30 19:15 1,404,928 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-04-29 15:49 1,164,800 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-04-29 11:54 994,816 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-04-29 11:54 1,402,368 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-04-29 11:43 --------- d-----w C:\Programmi\Windows Live
2008-04-29 11:29 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-04-28 13:48 184,320 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-04-28 13:48 1,363,968 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-04-27 12:16 1,479,680 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-04-27 12:16 1,362,432 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-04-26 20:23 766,976 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-26 20:23 1,354,240 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-04-24 17:38 2,257,408 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-24 17:38 1,345,024 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-24 13:51 --------- d-----w C:\Programmi\eMule
2008-04-17 16:10 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\Ahead
2008-04-05 20:04 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\WinAlarm
2008-04-04 10:20 --------- d-----w C:\Programmi\IncrediMail
2008-04-04 10:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\IM
2008-04-04 10:19 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\IncrediMail
2008-04-04 09:04 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-04 07:16 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\Thunderbird
2008-04-03 14:20 --------- d-----w C:\Programmi\Microsoft Works
2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-04-02 18:33 --------- d-----w C:\Programmi\AoA Audio Extractor
2008-03-30 07:35 --------- d-----w C:\Programmi\OfficePowerT
2008-03-29 20:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-03-29 19:36 --------- d-----w C:\Programmi\File comuni\SWF Studio
2008-03-28 20:18 --------- d-----w C:\Programmi\AbiSuite2
2008-03-22 10:50 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\Uniblue
2008-03-20 20:15 --------- d-----w C:\Programmi\File comuni\xing shared
2008-03-20 20:15 --------- d-----w C:\Programmi\File comuni\Real
2008-03-20 18:16 --------- d-----w C:\Programmi\Java
2008-03-20 18:15 --------- d-----w C:\Programmi\File comuni\Java
2008-03-20 15:32 --------- d-----w C:\Programmi\Microsoft Encarta
2008-03-20 10:01 --------- d-----w C:\Programmi\Real
2008-03-20 07:57 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 18:25 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\WinPatrol
2008-03-19 18:25 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\vlc
2008-03-19 18:24 --------- d-----w C:\Programmi\BillP Studios
2008-03-19 18:07 --------- d-----w C:\Programmi\VideoLAN
2008-03-19 17:54 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\Media Player Classic
2008-03-19 17:53 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\DivX
2008-03-19 17:51 --------- d-----w C:\Programmi\Index.dat Analyzer
2008-03-19 17:43 --------- d-----w C:\Programmi\QuickTime Alternative
2008-03-19 17:28 --------- d-----w C:\Programmi\SiteAdvisor
2008-03-19 17:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-03-19 17:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-03-19 17:24 --------- d-----w C:\Programmi\Trend Micro
2008-03-19 16:53 --------- d-----w C:\Programmi\IObit
2008-03-19 16:46 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\Talkback
2008-03-19 16:27 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\U3
2008-03-19 16:23 --------- d-----w C:\Programmi\Yahoo! Games
2008-03-19 16:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Trymedia
2008-03-19 16:16 --------- d-----w C:\Programmi\TryMedia
2008-03-19 16:12 704 ----a-w C:\Dionakra.DAT
2008-03-19 16:03 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-19 15:20 --------- d-----w C:\Programmi\File comuni\Ahead
2008-03-19 15:16 --------- d-----w C:\Programmi\Nero
2008-03-19 15:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-03-19 15:09 --------- d-----w C:\Programmi\DivX
2008-03-19 15:07 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-03-19 15:07 --------- d-----w C:\Programmi\CyberLink
2008-03-19 15:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-03-19 15:05 --------- d-----w C:\Programmi\GameHouse
2008-03-19 15:05 --------- d-----w C:\Programmi\FunPause Atlantis
2008-03-19 15:04 --------- d-----w C:\Programmi\Luxor 2
2008-03-19 15:03 --------- d-----w C:\Programmi\PopCap Games
2008-03-18 20:09 --------- d-----w C:\Programmi\FastStone Capture
2008-03-18 20:09 --------- d-----w C:\Documents and Settings\daniela\Dati applicazioni\FastStone
2008-03-18 19:41 --------- d-----w C:\Programmi\MSXML 6.0
2008-03-18 19:39 --------- d-----w C:\Programmi\MSXML 4.0
2008-03-18 18:20 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-03-18 17:46 --------- d-----w C:\Programmi\Real Alternative
2008-03-18 17:42 --------- d-----w C:\Programmi\File comuni\Adobe
2008-03-18 17:25 --------- d-----w C:\Programmi\microsoft frontpage
2008-03-18 17:22 --------- d-----w C:\Programmi\Servizi in linea
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-30 21:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"IncrediMail"="C:\Programmi\IncrediMail\bin\IncMail.exe" [2008-03-11 17:30 243072]
"ccleaner"="C:\Programmi\CCleaner\CCleaner.exe" [2008-04-23 18:19 1189104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="C:\Program Files\Conexant\Adsl\dslstat.exe" [2005-08-25 11:59 344064]
"DSLAGENTEXE"="C:\Program Files\Conexant\Adsl\dslagent.exe" [2005-08-25 11:47 65536]
"WinPatrol"="C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe" [2007-08-06 19:06 292152]
"wrna3ls"="C:\Programmi\rnamfler\naomf.exe" [2006-04-01 11:45 1253960]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-03-20 22:14 185896]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-06 12:31 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00 15360]

C:\Documents and Settings\daniela\Menu Avvio\Programmi\Esecuzione automatica\
MiniReminder.lnk - C:\Programmi\MiniReminder\MiniReminder.exe [2008-03-17 01:00:00 142848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-06 12:31]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-06 12:31]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-06 12:31]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-06 12:31]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 19:34:09
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Programmi\rnamfler\radprlib.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\rnamfler\radprlib.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programmi\rnamfler\radprlib.dll
-> C:\Programmi\rnamfler\radhslib.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Programmi\rnamfler\radprlib.dll
.
Ora fine scansione: 2008-05-08 19:36:07
ComboFix-quarantined-files.txt 2008-05-08 17:35:58

9 Directory 54,949,957,632 byte disponibili
12 Directory 54,935,212,032 byte disponibili

238 --- E O F --- 2008-04-30 19:02:11


e questo di Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.02.31, on 08/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\rnamfler\naofsvc.exe
C:\Programmi\SiteAdvisor\6253\SAService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Programmi\rnamfler\naomf.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
c:\programmi\rnamfler\radprcmp.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\MiniReminder\MiniReminder.exe
C:\Programmi\IncrediMail\bin\ImApp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\BillP Studios\WinPatrol\WinPatrol.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\AVG\AVG8\avgtray.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60116
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60116
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [wrna3ls] C:\Programmi\rnamfler\naomf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MiniReminder.lnk = C:\Programmi\MiniReminder\MiniReminder.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0DF7E5F-49B2-4869-837A-81972A6AC441}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Programmi\rnamfler\naofsvc.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6253\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8534 bytes
Torna in alto
 
Sponsor
Inviato: Thursday, May 08, 2008 8:05:08 PM

 
Torna in alto
 
r16
Inviato: Friday, May 09, 2008 9:01:44 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao danuta60 .
Il log è pulito.
Un file infetto lo ha eliminato Combofix.
Ciao.
Torna in alto
 
danuta60
Inviato: Friday, May 09, 2008 11:17:49 PM

Rank: AiutAmico

Iscritto dal : 11/5/2007
Posts: 769
Ciao r16, GRAZIE MILLE !!!!!!!!!!!ma per caso ti interessa anche la FILOSOFIA ? Ho letto topic di " incapace76" e anche a me sembrato piuttosto spaventato. Del resto qui siamo quasi tutti "incapaci", ma forse meglio dire inesperti.
Ancora grazie!!!
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate per favore log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.