Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Log ComboFix di un amico Opzioni
simo95
Inviato: Tuesday, March 16, 2010 2:29:35 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Ciao a tutti.
Vi allego il log di ComboFix e di HJT per un controllino....
Vedo che aveva parecchi rootkit nell'MBR.

Per il resto, il pc non funziona male. Ieri ho disinstallato AVG (con il tool di rimozione), ma vedo che vi sono ancora dei rimasugli (possiamo rimuoverli??).
Toolbar disinstallate tutte, Prefetch puliti, ADS pure, puilito con CCleaner e Deframmentato.
Finita la pulizia malware, provvederò con lo scandisk approfondito.

Grazie mille! Drool


ComboFix 10-03-15.05 - Notebook 16/03/2010 14.03.52.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.502.223 [GMT 1:00]
Eseguito da: c:\documents and settings\Notebook\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Notebook\Preferiti\Videos.url

.
((((((((((((((((((((((((( Files Creati Da 2010-02-16 al 2010-03-16 )))))))))))))))))))))))))))))))))))
.

2010-03-15 20:53 . 2010-03-15 20:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-15 18:18 . 2008-04-13 18:13 69120 ------w- c:\windows\system32\wlanapi.dll
2010-03-15 18:18 . 2008-04-13 18:14 32866 ------w- c:\windows\slrundll.exe
2010-03-15 18:18 . 2010-03-15 18:18 -------- d-----w- c:\windows\l2schemas
2010-03-15 18:18 . 2010-03-15 18:18 -------- d-----w- c:\windows\system32\it
2010-03-15 18:18 . 2010-03-15 18:18 -------- d-----w- c:\windows\system32\bits
2010-03-15 17:50 . 2010-03-15 20:50 -------- d-----w- C:\848daf514356491628e3ea6f08
2010-03-15 16:53 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-15 16:53 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-15 16:53 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-15 16:53 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-15 16:53 . 2010-03-15 16:53 -------- d-----w- c:\programmi\Avira
2010-03-15 16:53 . 2010-03-15 16:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-03-15 15:45 . 2010-03-15 17:09 -------- d-----w- C:\HiJackThis
2010-03-15 14:53 . 2010-03-15 14:53 61440 ----a-w- c:\documents and settings\Notebook\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-32a73278-n\decora-sse.dll
2010-03-15 14:53 . 2010-03-15 14:53 503808 ----a-w- c:\documents and settings\Notebook\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3e3cb2b1-n\msvcp71.dll
2010-03-15 14:53 . 2010-03-15 14:53 348160 ----a-w- c:\documents and settings\Notebook\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3e3cb2b1-n\msvcr71.dll
2010-03-15 14:53 . 2010-03-15 14:53 12800 ----a-w- c:\documents and settings\Notebook\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-32a73278-n\decora-d3d.dll
2010-03-15 14:53 . 2010-03-15 14:53 499712 ----a-w- c:\documents and settings\Notebook\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3e3cb2b1-n\jmc.dll
2010-03-15 14:52 . 2010-03-15 14:52 -------- d-----w- c:\programmi\File comuni\Java
2010-03-15 14:51 . 2010-03-15 14:51 -------- d-----w- c:\documents and settings\Notebook\Dati applicazioni\Malwarebytes
2010-03-15 14:50 . 2010-03-15 14:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-15 14:50 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-15 14:50 . 2010-03-15 14:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-15 14:50 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 14:50 . 2010-03-15 14:50 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-15 14:48 . 2010-03-15 14:48 79488 ----a-w- c:\documents and settings\Notebook\Dati applicazioni\Sun\Java\jre1.6.0_18\gtapi.dll
2010-03-15 14:48 . 2010-03-15 14:48 152576 ----a-w- c:\documents and settings\Notebook\Dati applicazioni\Sun\Java\jre1.6.0_18\lzma.dll
2010-03-15 14:25 . 2010-03-15 14:25 -------- d-sh--w- c:\documents and settings\Notebook\IECompatCache
2010-03-15 13:25 . 2010-03-16 05:07 -------- d-----w- C:\Varie

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 12:47 . 2004-08-19 12:00 74310 ----a-w- c:\windows\system32\perfh010.dat
2010-03-16 12:47 . 2004-08-19 12:00 25994 ----a-w- c:\windows\system32\perfc010.dat
2010-03-16 05:06 . 2006-10-19 17:02 -------- d-----w- c:\programmi\Skype
2010-03-16 05:06 . 2007-03-02 11:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-03-15 22:37 . 2009-06-19 10:07 -------- d-----w- c:\programmi\Bonjour
2010-03-15 21:23 . 2007-07-10 08:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-03-15 18:21 . 2006-06-21 12:52 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-15 17:45 . 2006-10-19 17:02 -------- d-----w- c:\documents and settings\Notebook\Dati applicazioni\Skype
2010-03-15 17:39 . 2010-02-03 17:16 -------- d-----w- c:\programmi\CCleaner
2010-03-15 14:49 . 2007-03-06 10:18 -------- d-----w- c:\programmi\Java
2010-03-15 14:18 . 2006-06-21 15:03 -------- d-----w- c:\programmi\Google
2010-02-17 18:27 . 2009-03-11 20:38 -------- d-----w- c:\documents and settings\Notebook\Dati applicazioni\U3
2010-02-03 17:23 . 2006-06-21 13:06 83384 ----a-w- c:\documents and settings\Notebook\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-03 17:15 . 2010-02-03 17:15 -------- d-----w- c:\documents and settings\Notebook\Dati applicazioni\AnvSoft
2010-02-03 17:14 . 2010-02-03 17:14 -------- d-----w- c:\programmi\AnvSoft
2010-01-27 21:02 . 2009-10-19 15:12 -------- d-----w- c:\documents and settings\Notebook\Dati applicazioni\BitTorrent
2010-01-21 13:56 . 2008-10-22 18:09 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-15 20:24 . 2009-11-01 17:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-12-31 16:50 . 2004-08-19 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-20 11:03 . 2009-12-13 21:34 8854 ----a-r- c:\documents and settings\Notebook\Dati applicazioni\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\Uninstall_GameShadow_5A2F371F8B5D46B4833C0612B065BEC7.exe
2009-12-20 11:03 . 2009-12-13 21:34 45056 ----a-r- c:\documents and settings\Notebook\Dati applicazioni\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2009-12-20 11:03 . 2009-12-13 21:34 45056 ----a-r- c:\documents and settings\Notebook\Dati applicazioni\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2009-12-20 11:03 . 2009-12-13 21:34 45056 ----a-r- c:\documents and settings\Notebook\Dati applicazioni\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\ARPPRODUCTICON.exe
2009-12-19 13:31 . 2009-10-25 17:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-17 07:40 . 2006-06-21 12:48 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-11-28 13:11 . 2008-12-10 21:02 119808 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-16 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-07-12 01:55 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 15:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 11:39 292136 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-07-12 01:55 14720000 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 246504 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2005-11-21 14:55 45056 ----a-w- c:\programmi\HP\ToolBoxFX\bin\HPTLBXFX.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/11/2009 15.30.56 717296]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [24/07/2007 9.01.46 30192]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [05/09/2008 14.57.00 59648]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [08/09/2008 8.40.00 105984]
S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [08/09/2008 7.05.00 18816]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [17/07/2008 8.04.00 8064]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Notebook\Dati applicazioni\Mozilla\Firefox\Profiles\0zhea43w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2056116&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - P2P_Max_IT Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-AGRSMMSG - AGRSMMSG.exe
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-BearFlix - c:\programmi\BearFlix\BearFlix.exe
MSConfigStartUp-CmUsbSound - cmcnfgu.cpl
MSConfigStartUp-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
MSConfigStartUp-Skype - c:\programmi\Skype\Phone\Skype.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 14:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sphj.sys >>UNKNOWN [0x82F94938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85fff28
\Driver\ACPI -> ACPI.sys @ 0xf835acb8
\Driver\atapi -> atapi.sys @ 0xf82d1b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Periferica Bluetooth (Personal Area Network) -> SendCompleteHandler -> NDIS.sys @ 0xf81c7bb0
PacketIndicateHandler -> NDIS.sys @ 0xf81b6a0d
SendHandler -> NDIS.sys @ 0xf81cab40
user & kernel MBR OK

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1644491937-2111687655-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c7,75,66,19,ad,3f,6b,df,fa,12,44,ec,c8,ce,43,d4,74,d0,36,06,b9,
cb,95,c8,dd,55,78,27,67,f1,db,49,9f,a4,b3,bc,bc,e9,36,10,68,5c,5b,31,50,3e,\
"rkeysecu"=hex:4c,56,35,52,be,5f,42,f5,b7,0f,a4,bf,cd,b4,3c,9a
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(148)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\rundll32.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-16 14:19:42 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-16 13:19

Pre-Run: 14.014.320.640 byte disponibili
Post-Run: 13.900.210.176 byte disponibili

- - End Of File - - 85560649BC068E8AD701F3EF90C217FD




HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.29.28, on 16/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268673494515
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4858 bytes


Grazie ancora

Ciao!

Sponsor
Inviato: Tuesday, March 16, 2010 2:29:35 PM

 
r16
Inviato: Tuesday, March 16, 2010 2:42:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao simo95 .
Dove li vedi i "rimasugli" di AVG? Think
Il resto è a posto.
simo95
Inviato: Tuesday, March 16, 2010 2:51:11 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
1)Nell'inizio del report di Combofix, dove elenca gli AV;
2)In centro sicurezza PC, dove dice che sono installati più antivirus.

Comunque non ha importanza, è stato disinstallato correttamente lo stesso.

Grazie Drool
r16
Inviato: Tuesday, March 16, 2010 3:01:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

Questo è un bug di Combofix nel motore di scansione per gli antivirus.
Il centro sicurezza PC, non lo posso vedere.Drool
Ciao!
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.