Ho tardato a dar corso alla scansione con Combofix e Malware perchè dopo aver disinstallato i programmi che ti avevo detto mi sembrava tutto funzionasse alla grande. Sito della banca riattivato dopo aver scaricato qualche componente activex,I.E funzionante e la famosa scritta di Spyware sparita.Purtroppo oggi pomeriggio, aprendo ITunes, Spyware ha cominciato a segnalare Libreria C:\.......\MSVCR80.DLL;lavorando su Internet abbastanza di frequente appare l'avviso: ss3dfo.scr si è verificato un errore in ss3dfo.scr. L'applicazione verrà chiusa.Il sito ovviamente si chiude e tocca ricominciare. Così ho fatto la scansione con Malware e Combofix e te li accludo, ma mi sembra non abbiano dato risultati particolari; dammi un tuo illuminato parere,grazie Dimi3
Malwarebytes' Anti-Malware 1.41
Versione del database: 2851
Windows 5.1.2600 Service Pack 3
29/09/2009 21.49.33
mbam-log-2009-09-29 (21-49-33).txt
Tipo di scansione: Scansione completa (C:\|D:\|F:\|)
Elementi scansionati: 202048
Tempo trascorso: 28 minute(s), 43 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
ComboFix 09-09-28.01 - User 29/09/2009 20.13.56.2.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2046.1467 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-08-28 al 2009-09-29 )))))))))))))))))))))))))))))))))))
.
2009-09-28 17:46 . 2009-09-28 17:46 -------- d-----w- c:\windows\$regcmp$
2009-09-27 21:01 . 2009-09-27 21:01 -------- d-----w- c:\documents and settings\User\Dati applicazioni\EPSON
2009-09-23 18:42 . 2009-09-23 18:42 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Malwarebytes
2009-09-23 18:42 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 18:42 . 2009-09-23 18:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-09-23 18:42 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-23 18:42 . 2009-09-23 18:42 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-09-23 18:39 . 2009-09-23 18:39 4020703 ----a-w- c:\programmi\Malwarebytes.zip
2009-09-15 14:58 . 2009-09-15 14:58 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Yahoo!
2009-09-15 14:58 . 2009-09-15 14:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-09-15 14:58 . 2009-09-15 14:58 -------- d-----w- c:\programmi\Yahoo!
2009-09-09 15:48 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 10:47 . 2006-10-20 21:37 105048 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-25 22:03 . 2005-01-26 09:55 93464 ----a-w- c:\windows\system32\perfc010.dat
2009-08-25 22:03 . 2005-01-26 09:55 511346 ----a-w- c:\windows\system32\perfh010.dat
2009-08-25 22:00 . 2009-08-25 22:00 -------- d-----w- c:\programmi\MSBuild
2009-08-25 22:00 . 2009-08-25 22:00 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-05 08:59 . 2004-08-19 03:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-19 03:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-19 03:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 21:11 . 2009-07-13 21:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-03 16:55 . 2005-07-03 01:15 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 15:48 . 2009-06-25 15:48 5915912 ----a-w- c:\programmi\PTGui_8.2.1_trial_Setup.exe
2009-06-25 14:58 . 2009-06-25 15:09 1079825 ----a-w- c:\programmi\autostitch.zip
2008-10-14 20:13 . 2008-10-14 20:13 190080 ----a-w- c:\programmi\Navilog1.exe
2008-01-17 21:56 . 2008-01-17 21:56 774144 ----a-w- c:\programmi\autostitch.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2006-12-27 917504]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-18 1783808]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [18/10/2008 18.38.23 141312]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - INT15.SYS
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-09-29 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-24 21:33]
2009-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: imon.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Toolbar-Locked - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-29 20:17
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,f3,88,31,cf,0d,
79,55,4c,e2,63,26,f1,3f,c8,ff,68,39,9e,60,6a,c0,38,ea,c8,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ec,d0,a8,6d,6f,
ea,62,33,6a,9c,d6,61,af,45,84,18,6e,9c,f8,d8,07,1b,9d,3e,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e7,fd,87,0f,89,
75,4f,2e,ff,7c,85,e0,43,d4,0e,fe,e5,48,dd,e2,8b,5f,a0,5f,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,f2,7e,15,1a,5d,
50,7c,55,86,8c,21,01,be,91,eb,e7,f7,6a,98,36,f1,0b,a4,e0,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,ac,b3,b0,50,48,
da,3b,9e,f5,1d,4d,73,a8,13,5c,05,44,d2,44,c6,fe,c5,69,ed,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,84,bb,08,45,44,
c1,e2,69,df,20,58,62,78,6b,cf,c8,d4,39,a0,04,c3,6f,d2,bb,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7d,23,43,7b,6c,
8b,9e,d6,fb,a7,78,e6,12,2f,9a,ea,d4,f0,ca,f2,70,01,87,cd,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,c0,b8,06,07,5b,
f0,ff,70,01,3a,48,fc,e8,04,4a,f1,fc,42,0b,12,2a,a8,c7,be,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,cd,fa,7e,05,16,
9c,19,a7,f6,0f,4e,58,98,5b,89,c9,e5,fe,91,7f,7d,34,b6,26,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,19,68,a1,a3,81,
a0,bc,d0,3d,ce,ea,26,2d,45,aa,78,fa,2b,cb,57,5a,20,52,5f,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,72,5a,fe,11,c4,
3e,a7,74,2a,b7,cc,b5,b9,7f,41,e7,58,ee,76,79,9d,61,52,db,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,17,0a,d9,17,78,
98,b8,58,6c,43,2d,1e,aa,22,2f,9c,70,37,3f,80,49,f0,a4,fa,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2244)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-09-29 20.18.06
ComboFix-quarantined-files.txt 2009-09-29 18:18
Pre-Run: 69.250.252.800 byte disponibili
Post-Run: 69.286.395.904 byte disponibili
202 --- E O F --- 2009-09-15 21:26
