ecco i log
Malwarebytes' Anti-Malware 1.30
Versione del database: 1367
Windows 5.1.2600 Service Pack 3
05/11/2008 23.24.00
mbam-log-2008-11-05 (23-24-00).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 104161
Tempo trascorso: 14 minute(s), 41 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
ComboFix 08-11-04.02 - Mauro 2008-11-05 23.26.27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1536 [GMT 1:00]
Eseguito da: c:\documents and settings\Mauro\Desktop\combofix\ComboFix.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((( Files Creati Da 2008-10-05 al 2008-11-05 )))))))))))))))))))))))))))))))))))
.
2008-11-05 18:29 . 2008-08-30 12:11 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2008-11-05 18:28 . 2008-11-05 23:07 <DIR> d-------- C:\VEXPLITE
2008-11-05 15:42 . 2008-11-05 15:42 <DIR> d-------- C:\VundoFix Backups
2008-11-05 15:24 . 2008-11-05 15:24 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-11-05 15:24 . 2008-11-05 15:24 <DIR> d-------- c:\documents and settings\Mauro\Dati applicazioni\SUPERAntiSpyware.com
2008-11-05 15:24 . 2008-11-05 15:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-11-04 19:23 . 2008-11-04 19:23 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-04 19:23 . 2008-11-04 19:23 <DIR> d-------- c:\documents and settings\Mauro\Dati applicazioni\Malwarebytes
2008-11-04 19:23 . 2008-11-04 19:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-04 19:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-04 19:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-31 18:10 . 2008-11-05 15:47 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2008-10-30 20:18 . 2008-10-30 20:20 <DIR> d-------- c:\programmi\RegCleaner
2008-10-29 15:42 . 2008-11-01 14:25 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-29 15:42 . 2008-10-29 15:42 1,409 --a------ c:\windows\QTFont.for
2008-10-21 20:31 . 2008-10-21 20:31 <DIR> d-------- c:\programmi\SlySoft
2008-10-09 14:17 . 2008-10-09 14:17 <DIR> d-------- C:\loesch
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 21:53 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-05 21:32 --------- d-----w c:\programmi\QuickTime
2008-11-05 14:24 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-05 14:07 --------- d-----w c:\programmi\SpywareBlaster
2008-11-04 18:44 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-26 11:27 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-20 16:26 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2008-10-05 12:41 --------- d-----w c:\programmi\Windows Live Safety Center
2008-09-24 20:13 --------- d-----w c:\programmi\Lavasoft
2008-09-24 20:12 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-09-24 19:10 --------- d-----w c:\programmi\PC Tools Firewall Plus
2008-09-23 18:05 --------- d--h--r c:\documents and settings\Flavio Massimo.OK\Dati applicazioni\SecuROM
2008-09-23 17:45 108,144 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-23 17:45 --------- d-----w c:\documents and settings\Flavio Massimo.OK\Dati applicazioni\Loescher
2008-09-23 15:09 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-09-11 19:13 --------- d-----w c:\programmi\CCleaner
2008-09-08 14:45 --------- d-----w c:\programmi\FDRLab
.
(((((((((((((((((((((((((((((
snapshot@2008-11-05_15.56.08,75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 17:13:48 343,040 -c--a-w c:\windows\system32\dllcache\msvcrt.dll
+ 2008-04-13 17:13:50 584,704 -c--a-w c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-04-13 17:13:50 56,320 -c--a-w c:\windows\system32\dllcache\secur32.dll
+ 2001-07-09 10:50:42 155,648 ----a-w c:\windows\system32\NeroCheck.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 2611096]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2008-10-16 249856]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
acrobat assistant.lnk - c:\programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-02-27 127488]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"<NO NAME>"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-07-28 160792]
R2 PMJ151NM;Panasonic DVC Web Camera;c:\windows\system32\DRIVERS\PMJ151NM.sys [2002-03-19 14848]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\viritsvc.exe [2007-10-10 57344]
R3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthDriver.sys [2008-08-05 58136]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-12-28 3768]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2007-12-28 513152]
*Newly Created Service* - VIRITSVCLITE
.
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = about:blank
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-05 23:27:20
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PMJ151LA]
"ImagePath"="%SystemRoot%\PMJ151LA.BIN"
.
Ora fine scansione: 2008-11-05 23.28.05
ComboFix-quarantined-files.txt 2008-11-05 22:28:03
ComboFix2.txt 2008-11-05 15:06:38
Pre-Run: 68.539.478.016 byte disponibili
Post-Run: 68,541,751,296 byte disponibili
119
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
05/11/2008 - 23:31:38
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 49142.
Files Totali: 49142.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 49142.
Files Totali: 49142.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
e per chiudere se serve il log di hjt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.48.27, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vpc32.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Mauro\IMPOST~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: acrobat assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222182782356O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{5FA7AE4C-6C0C-4B7F-8F00-16656305F801}: NameServer = 85.37.17.16 85.38.28.68
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas
www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 5834 bytes
fammi sapere se continuiamo
