Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Hijackthis

2 pages: [1] 2
Hijackthis Opzioni
Topic Precedente · Topic Sucessivo
smeraldia
Inviato: Friday, January 22, 2010 4:06:58 PM
Rank: AiutAmico

Iscritto dal : 1/22/2010
Posts: 62
ciaoamici, per favore un occhiata al mio log se possibile, un può lento il pc e poi non e mai stato controllato questo log.
grazie,smeraldia.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.50.51, on 22/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ChgService.exe
C:\WINDOWS\system32\RegService.exe
C:\Programmi\PC Tools Disk Suite\DSService.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programmi\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HSDPA USB Modem\USB Modem.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.giustizia.it/giustizia/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mywebsites.pro
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [MSSE] "c:\Programmi\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249906866726
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249951163015
O17 - HKLM\System\CCS\Services\Tcpip\..\{56D3A37B-F5D2-4F67-8854-AA4A058FEC9E}: NameServer = 193.70.152.25 193.70.192.25
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\system32\ChgService.exe
O23 - Service: Communication Modem Device Manager II - Unknown owner - C:\WINDOWS\system32\RegService.exe
O23 - Service: PC Tools Disk Suite (DiskSuiteService) - PC Tools Software - C:\Programmi\PC Tools Disk Suite\DSService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe

--
End of file - 4640 bytes
Torna in alto
 
Sponsor
Inviato: Friday, January 22, 2010 4:06:58 PM

 
Torna in alto
 
r16
Inviato: Friday, January 22, 2010 4:48:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
Torna in alto
 
smeraldia
Inviato: Friday, January 22, 2010 6:54:01 PM
Rank: AiutAmico

Iscritto dal : 1/22/2010
Posts: 62
Malwarebytes' Anti-Malware 1.44
Versione del database: 3614
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

22/01/2010 18.46.52
mbam-log-2010-01-22 (18-46-52).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 169577
Tempo trascorso: 1 hour(s), 31 minute(s), 44 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
smeraldia
Inviato: Friday, January 22, 2010 6:57:29 PM
Rank: AiutAmico

Iscritto dal : 1/22/2010
Posts: 62
grazie, molto gentile, ma se guardi il log io già avevo Malwarebytes quidi ho fatto di nuovo la sacnsione.
di nuovo grazie,smeraldia.
Torna in alto
 
r16
Inviato: Saturday, January 23, 2010 1:43:38 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
smeraldia ha scritto:
grazie, molto gentile, ma se guardi il log io già avevo Malwarebytes quidi ho fatto di nuovo la sacnsione.
di nuovo grazie,smeraldia.

Avrai anche ragione.
Ma per quanto cerchi di sforzare gli occhi, non vedo Malwarebytes installato ne log di HJT. Think
Se mi indichi dove lo vedi, mi fai una cortesia. Anxious

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
smeraldia
Inviato: Saturday, January 23, 2010 2:34:19 PM
Rank: AiutAmico

Iscritto dal : 1/22/2010
Posts: 62
Chiedo scusa, avevo visto che Malwarebytes non c'e sul' log, ma dopo...sono una vera frana...ho fato tutto come mi hai detto,ma dopo ho visto che l'antivirus "AviraVir desktop"( che io avevo disinstallato, adesso ho Microsoft security essentials) era attivo durante la scansione con combofix, non capisco perchè ( non posso capire visto che ignorante forte in materia pc) comunque ecco il log:
ComboFix 10-01-22.03 - SANDA 23/01/2010 14.12.45.1.2 - x86
Eseguito da: c:\documents and settings\SANDA\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bcmwl5.inf
c:\windows\system32\Desktop_.ini

.
((((((((((((((((((((((((( Files Creati Da 2009-12-23 al 2010-01-23 )))))))))))))))))))))))))))))))))))
.

2010-01-22 12:50 . 2010-01-22 12:50 52224 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-22 12:50 . 2010-01-23 10:12 117760 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-22 12:46 . 2010-01-22 12:46 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-01-22 12:44 . 2010-01-22 12:44 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-01-22 00:47 . 2010-01-22 00:47 -------- d-----w- c:\programmi\File comuni\Java
2010-01-22 00:47 . 2010-01-22 00:47 503808 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2af0a5ea-n\msvcp71.dll
2010-01-22 00:47 . 2010-01-22 00:47 499712 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2af0a5ea-n\jmc.dll
2010-01-22 00:47 . 2010-01-22 00:47 348160 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2af0a5ea-n\msvcr71.dll
2010-01-22 00:47 . 2010-01-22 00:47 61440 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-783231f4-n\decora-sse.dll
2010-01-22 00:47 . 2010-01-22 00:47 12800 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-783231f4-n\decora-d3d.dll
2010-01-22 00:46 . 2010-01-22 00:46 -------- d-----w- c:\programmi\Java
2010-01-20 16:56 . 2010-01-20 16:56 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\PCToolsFirewallPlus
2010-01-20 16:54 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-20 16:54 . 2010-01-07 11:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-20 16:53 . 2010-01-12 08:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-01-20 16:53 . 2010-01-07 10:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-01-20 16:53 . 2010-01-07 10:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-01-20 16:53 . 2010-01-13 07:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-01-20 16:51 . 2010-01-20 16:58 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2010-01-20 14:21 . 2010-01-20 14:22 -------- d-----w- c:\programmi\IZArc
2010-01-19 21:06 . 2010-01-19 21:06 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-19 20:30 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 20:30 . 2010-01-19 21:07 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-19 20:30 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 16:49 . 2010-01-19 16:50 -------- d-----w- c:\programmi\Microsoft Security Essentials
2010-01-16 18:14 . 2010-01-16 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-16 18:13 . 2010-01-16 18:13 -------- d-----w- c:\programmi\File comuni\PC Tools
2010-01-16 18:12 . 2010-01-16 18:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IncrediMail
2010-01-16 18:02 . 2010-01-16 18:11 -------- d-----w- c:\programmi\File comuni\PC Tools(5)
2010-01-16 18:02 . 2010-01-16 18:06 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\PCToolsFirewallPlus(4)
2010-01-16 17:27 . 2010-01-16 18:12 -------- d-----w- c:\programmi\File comuni\PC Tools(4)
2010-01-16 17:00 . 2010-01-16 18:13 -------- d-----w- c:\programmi\File comuni\PC Tools(3)
2010-01-16 17:00 . 2010-01-16 17:03 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\PCToolsFirewallPlus(3)
2010-01-16 16:56 . 2010-01-16 18:13 -------- d-----w- c:\programmi\Mozilla Firefox(2)
2010-01-16 01:49 . 2010-01-16 01:49 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\PCToolsFirewallPlus(2)
2010-01-16 01:46 . 2010-01-16 18:13 -------- d-----w- c:\programmi\File comuni\PC Tools(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 12:10 . 2009-12-21 23:08 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-22 12:46 . 2009-09-22 16:56 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\SUPERAntiSpyware.com
2010-01-22 00:46 . 2009-12-05 10:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-22 00:38 . 2009-01-16 09:24 86132 ----a-w- c:\windows\system32\perfc010.dat
2010-01-22 00:38 . 2009-01-16 09:24 493298 ----a-w- c:\windows\system32\perfh010.dat
2010-01-20 11:54 . 2009-09-13 10:51 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-14 10:12 . 2009-12-14 17:30 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-05 09:53 . 2009-01-16 09:24 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2009-01-16 09:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2009-01-16 09:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-25 17:34 . 2009-12-21 23:06 -------- d-----w- c:\programmi\PC Tools Disk Suite
2009-12-21 23:06 . 2009-12-21 23:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-12-16 13:24 . 2009-01-16 02:08 -------- d-----w- c:\programmi\Acer
2009-12-16 13:23 . 2009-01-16 01:29 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-13 14:00 . 2009-10-29 20:52 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-13 12:38 . 2009-12-13 12:38 -------- d-----w- c:\programmi\TrendMicro
2009-12-12 19:27 . 2009-12-12 19:27 -------- d-----w- c:\programmi\New Folder
2009-12-07 13:58 . 2009-11-04 15:58 -------- d-----w- c:\programmi\Foxit Software
2009-12-05 19:44 . 2009-12-05 10:06 152576 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-05 19:38 . 2009-12-05 10:05 79488 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-27 23:45 . 2009-11-27 23:47 185856 ----a-w- c:\windows\system32\framedyn.dll
2009-11-27 23:45 . 2009-11-27 23:46 5415 ----a-w- c:\windows\system32\Choice.com
2009-11-25 18:05 . 2009-11-25 18:05 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\DeviceDoctorSoftware
2009-11-23 12:54 . 2009-12-24 10:35 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-21 15:54 . 2009-01-16 09:24 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 23:23 . 2009-09-23 18:40 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-03 12:38 . 2009-10-25 10:57 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"MSSE"="c:\programmi\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [20/01/2010 17.54.19 233136]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7.56.04 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7.56.02 74480]
R2 DiskSuiteService;PC Tools Disk Suite;c:\programmi\PC Tools Disk Suite\DSService.exe [22/12/2009 0.06.01 869696]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [24/12/2009 11.35.43 88040]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [10/08/2009 13.33.03 145408]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [20/01/2010 17.53.06 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [20/01/2010 17.53.06 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [20/01/2010 17.53.02 115216]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [02/09/2009 18.31.31 135168]
S2 Communication Modem Device Manager II;Communication Modem Device Manager II;c:\windows\system32\RegService.exe [10/08/2009 13.57.40 135168]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [02/09/2009 18.31.33 103424]
S3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\drivers\cmusbser.sys [10/08/2009 13.57.42 103552]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [20/11/2009 18.45.25 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [20/11/2009 18.45.25 102656]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7.56.06 7408]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 16:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.giustizia.it/giustizia/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: giustizia.it\www
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com
FF - ProfilePath - c:\documents and settings\SANDA\Dati applicazioni\Mozilla\Firefox\Profiles\r7xbnaek.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
Notify-avldr - avldr.dll
SafeBoot-PskSvcRetail



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1260)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-01-23 14:20:09
ComboFix-quarantined-files.txt 2010-01-23 13:20

Pre-Run: 134.878.818.304 byte disponibili
Post-Run: 134.954.860.544 byte disponibili

- - End Of File - - 43743974E05EA47A9EC5C45D237C8E20
Torna in alto
 
smeraldia
Inviato: Saturday, January 23, 2010 2:38:14 PM
Rank: AiutAmico

Iscritto dal : 1/22/2010
Posts: 62
Di nuovo mille grazie.
Torna in alto
 
r16
Inviato: Saturday, January 23, 2010 3:55:12 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\windows\system32\drivers\avgntflt.sys
c:\windows\system32\zllictbl.dat
c:\windows\system32\drivers\sfi.dat


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix


Poi:
Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected
Vedi se ci sono miglioramenti.
Torna in alto
 
smeraldia
Inviato: Saturday, January 23, 2010 5:01:19 PM
Rank: AiutAmico

Iscritto dal : 1/22/2010
Posts: 62
perdona la mia ignoranza, tutto questo deve essere fatto in conessione o no?...poi ( che vergona) cosa sono i ADS? ti ringrazio della tua pazienza e spero che mi vada tutto bene....una pauraPray
smeraldia.
Torna in alto
 
r16
Inviato: Saturday, January 23, 2010 8:37:10 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Lo fai sconnessa da internet.
Non devi avere paura. (facile dirsi, più che a farsi Drool )
Basta che tu esegua con attenzione le indicazioni, e vedrai che tutto andrà bene.
Poi, non devi nemmeno vergognarti, (ci mancherebbe altro!) per le cose che non sai.
Allora dovrei vergognarmi anch'io, perchè ti garantisco, che sono ancora molte le cose che non sò.
Gli ADS, sono dei file infetti invisibili all'utente, e che dei software specifici, riescono a individuare, ed eliminare.
Non preoccuparti di niente, quando esegui Hijackthis , per eliminarli, non ci saranno danni per i tuoi programmi.
Verranno eliminati solo i file infetti.
Torna in alto
 
smeraldia
Inviato: Sunday, January 24, 2010 12:00:29 AM
Rank: AiutAmico

Iscritto dal : 1/22/2010
Posts: 62
Grazie caro r16. sei molto gentile e comprensivo, domani sarà il grande giorno....spero che tutto va bene....la paura c'e e come, sono cose che io non conosco e quindi tutto quello che non conosco mi fa paura, speriamo bene.Anxious
grazie, grazie, smeraldia.
Torna in alto
 
smeraldia
Inviato: Sunday, January 24, 2010 12:53:25 AM
Rank: AiutAmico

Iscritto dal : 1/22/2010
Posts: 62
ComboFix 10-01-22.03 - SANDA 24/01/2010 0.41.06.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.623 [GMT 1:00]
Eseguito da: c:\documents and settings\SANDA\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\SANDA\Desktop\CFscript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {001300D4-0000-0000-1000-00007454927C}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-12-23 al 2010-01-23 )))))))))))))))))))))))))))))))))))
.

2010-01-23 13:55 . 2010-01-23 13:55 -------- d-----w- c:\programmi\Microsoft Security Essentials
2010-01-22 12:50 . 2010-01-22 12:50 52224 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-22 12:50 . 2010-01-23 10:12 117760 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-22 12:46 . 2010-01-22 12:46 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-01-22 12:44 . 2010-01-22 12:44 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-01-22 00:47 . 2010-01-22 00:47 -------- d-----w- c:\programmi\File comuni\Java
2010-01-22 00:47 . 2010-01-22 00:47 503808 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2af0a5ea-n\msvcp71.dll
2010-01-22 00:47 . 2010-01-22 00:47 499712 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2af0a5ea-n\jmc.dll
2010-01-22 00:47 . 2010-01-22 00:47 348160 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2af0a5ea-n\msvcr71.dll
2010-01-22 00:47 . 2010-01-22 00:47 61440 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-783231f4-n\decora-sse.dll
2010-01-22 00:47 . 2010-01-22 00:47 12800 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-783231f4-n\decora-d3d.dll
2010-01-22 00:46 . 2010-01-22 00:46 -------- d-----w- c:\programmi\Java
2010-01-20 16:56 . 2010-01-20 16:56 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\PCToolsFirewallPlus
2010-01-20 16:54 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-20 16:54 . 2010-01-07 11:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-20 16:53 . 2010-01-12 08:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-01-20 16:53 . 2010-01-07 10:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-01-20 16:53 . 2010-01-07 10:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-01-20 16:53 . 2010-01-13 07:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-01-20 16:51 . 2010-01-20 16:58 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2010-01-20 14:21 . 2010-01-20 14:22 -------- d-----w- c:\programmi\IZArc
2010-01-19 21:06 . 2010-01-19 21:06 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-19 20:30 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 20:30 . 2010-01-19 21:07 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-19 20:30 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-16 18:14 . 2010-01-16 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-16 18:13 . 2010-01-16 18:13 -------- d-----w- c:\programmi\File comuni\PC Tools
2010-01-16 18:12 . 2010-01-16 18:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IncrediMail
2010-01-16 18:02 . 2010-01-16 18:11 -------- d-----w- c:\programmi\File comuni\PC Tools(5)
2010-01-16 18:02 . 2010-01-16 18:06 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\PCToolsFirewallPlus(4)
2010-01-16 17:27 . 2010-01-16 18:12 -------- d-----w- c:\programmi\File comuni\PC Tools(4)
2010-01-16 17:00 . 2010-01-16 18:13 -------- d-----w- c:\programmi\File comuni\PC Tools(3)
2010-01-16 17:00 . 2010-01-16 17:03 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\PCToolsFirewallPlus(3)
2010-01-16 16:56 . 2010-01-16 18:13 -------- d-----w- c:\programmi\Mozilla Firefox(2)
2010-01-16 01:49 . 2010-01-16 01:49 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\PCToolsFirewallPlus(2)
2010-01-16 01:46 . 2010-01-16 18:13 -------- d-----w- c:\programmi\File comuni\PC Tools(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 23:36 . 2009-12-21 23:08 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-22 12:46 . 2009-09-22 16:56 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\SUPERAntiSpyware.com
2010-01-22 00:46 . 2009-12-05 10:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-22 00:38 . 2009-01-16 09:24 86132 ----a-w- c:\windows\system32\perfc010.dat
2010-01-22 00:38 . 2009-01-16 09:24 493298 ----a-w- c:\windows\system32\perfh010.dat
2010-01-20 11:54 . 2009-09-13 10:51 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-14 10:12 . 2009-12-14 17:30 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-05 09:53 . 2009-01-16 09:24 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2009-01-16 09:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2009-01-16 09:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-25 17:34 . 2009-12-21 23:06 -------- d-----w- c:\programmi\PC Tools Disk Suite
2009-12-21 23:06 . 2009-12-21 23:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-12-16 13:24 . 2009-01-16 02:08 -------- d-----w- c:\programmi\Acer
2009-12-16 13:23 . 2009-01-16 01:29 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-13 14:00 . 2009-10-29 20:52 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-13 12:38 . 2009-12-13 12:38 -------- d-----w- c:\programmi\TrendMicro
2009-12-12 19:27 . 2009-12-12 19:27 -------- d-----w- c:\programmi\New Folder
2009-12-07 13:58 . 2009-11-04 15:58 -------- d-----w- c:\programmi\Foxit Software
2009-12-05 19:44 . 2009-12-05 10:06 152576 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-05 19:38 . 2009-12-05 10:05 79488 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-27 23:45 . 2009-11-27 23:47 185856 ----a-w- c:\windows\system32\framedyn.dll
2009-11-27 23:45 . 2009-11-27 23:46 5415 ----a-w- c:\windows\system32\Choice.com
2009-11-25 18:05 . 2009-11-25 18:05 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\DeviceDoctorSoftware
2009-11-23 12:54 . 2009-12-24 10:35 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-21 15:54 . 2009-01-16 09:24 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 23:23 . 2009-09-23 18:40 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-03 12:38 . 2009-10-25 10:57 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-23_13.17.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-23 23:15 . 2010-01-23 23:15 16384 c:\windows\Temp\Perflib_Perfdata_274.dat
+ 2010-01-23 13:55 . 2010-01-23 13:55 47104 c:\windows\Installer\724b04.msi
+ 2010-01-23 13:55 . 2010-01-23 13:55 259072 c:\windows\Installer\724afc.msi
+ 2010-01-23 13:55 . 2010-01-23 13:55 211968 c:\windows\Installer\724af7.msi
+ 2010-01-23 13:55 . 2010-01-23 13:55 301056 c:\windows\Installer\724af2.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"MSSE"="c:\programmi\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [20/01/2010 17.54.19 233136]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7.56.04 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7.56.02 74480]
R2 DiskSuiteService;PC Tools Disk Suite;c:\programmi\PC Tools Disk Suite\DSService.exe [22/12/2009 0.06.01 869696]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [24/12/2009 11.35.43 88040]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\drivers\cmusbser.sys [10/08/2009 13.57.42 103552]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [10/08/2009 13.33.03 145408]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [20/01/2010 17.53.06 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [20/01/2010 17.53.06 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [20/01/2010 17.53.02 115216]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [02/09/2009 18.31.31 135168]
S2 Communication Modem Device Manager II;Communication Modem Device Manager II;c:\windows\system32\RegService.exe [10/08/2009 13.57.40 135168]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [02/09/2009 18.31.33 103424]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [20/11/2009 18.45.25 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [20/11/2009 18.45.25 102656]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7.56.06 7408]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 16:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.giustizia.it/giustizia/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: giustizia.it\www
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com
FF - ProfilePath - c:\documents and settings\SANDA\Dati applicazioni\Mozilla\Firefox\Profiles\r7xbnaek.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 00:45
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1284)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-01-24 00:47:40
ComboFix-quarantined-files.txt 2010-01-23 23:47
ComboFix2.txt 2010-01-23 13:20

Pre-Run: 134.942.420.992 byte disponibili
Post-Run: 134.901.268.480 byte disponibili

- - End Of File - - 19D7A138055107C14B89948E61A48521
Torna in alto
 
smeraldia
Inviato: Sunday, January 24, 2010 9:09:27 PM
Rank: AiutAmico

Iscritto dal : 1/22/2010
Posts: 62
ciao, ho un altro problema ( mica ti liberi cosi facilmente di me) quando disconetto tutto, rimane un antivirus che io usavo tempo fa, ma solo"AntiVirDestktop" e quindi Combofix mi averte che devo chiudere...ma niente non l'ho so dove trovarlo, non c'e nei programi istallati, magari mi puoi dire dove andare a cercare?#-
ho fatto il secondo log di Combofix:
ComboFix 10-01-22.03 - SANDA 24/01/2010 19.14.35.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.609 [GMT 1:00]
Eseguito da: c:\documents and settings\SANDA\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\SANDA\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {001300D4-0000-0000-1000-00007454927C}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-12-24 al 2010-01-24 )))))))))))))))))))))))))))))))))))
.

2010-01-24 15:48 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 15:48 . 2010-01-24 15:48 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-24 15:48 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 13:55 . 2010-01-23 13:55 -------- d-----w- c:\programmi\Microsoft Security Essentials
2010-01-22 12:50 . 2010-01-22 12:50 52224 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-22 12:50 . 2010-01-24 16:11 117760 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-22 12:46 . 2010-01-22 12:46 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-01-22 12:44 . 2010-01-22 12:44 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-01-22 00:47 . 2010-01-22 00:47 -------- d-----w- c:\programmi\File comuni\Java
2010-01-22 00:47 . 2010-01-22 00:47 503808 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2af0a5ea-n\msvcp71.dll
2010-01-22 00:47 . 2010-01-22 00:47 499712 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2af0a5ea-n\jmc.dll
2010-01-22 00:47 . 2010-01-22 00:47 348160 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2af0a5ea-n\msvcr71.dll
2010-01-22 00:47 . 2010-01-22 00:47 61440 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-783231f4-n\decora-sse.dll
2010-01-22 00:47 . 2010-01-22 00:47 12800 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-783231f4-n\decora-d3d.dll
2010-01-22 00:46 . 2010-01-22 00:46 -------- d-----w- c:\programmi\Java
2010-01-20 16:56 . 2010-01-20 16:56 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\PCToolsFirewallPlus
2010-01-20 16:54 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-20 16:54 . 2010-01-07 11:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-20 16:53 . 2010-01-12 08:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-01-20 16:53 . 2010-01-07 10:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-01-20 16:53 . 2010-01-07 10:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-01-20 16:53 . 2010-01-13 07:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-01-20 16:51 . 2010-01-20 16:58 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2010-01-20 14:21 . 2010-01-20 14:22 -------- d-----w- c:\programmi\IZArc
2010-01-16 18:14 . 2010-01-16 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-16 18:13 . 2010-01-16 18:13 -------- d-----w- c:\programmi\File comuni\PC Tools
2010-01-16 18:12 . 2010-01-16 18:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IncrediMail
2010-01-16 18:02 . 2010-01-16 18:11 -------- d-----w- c:\programmi\File comuni\PC Tools(5)
2010-01-16 18:02 . 2010-01-16 18:06 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\PCToolsFirewallPlus(4)
2010-01-16 17:27 . 2010-01-16 18:12 -------- d-----w- c:\programmi\File comuni\PC Tools(4)
2010-01-16 17:00 . 2010-01-16 18:13 -------- d-----w- c:\programmi\File comuni\PC Tools(3)
2010-01-16 17:00 . 2010-01-16 17:03 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\PCToolsFirewallPlus(3)
2010-01-16 16:56 . 2010-01-16 18:13 -------- d-----w- c:\programmi\Mozilla Firefox(2)
2010-01-16 01:49 . 2010-01-16 01:49 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\PCToolsFirewallPlus(2)
2010-01-16 01:46 . 2010-01-16 18:13 -------- d-----w- c:\programmi\File comuni\PC Tools(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 16:57 . 2009-12-21 23:08 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-24 14:25 . 2009-01-16 09:24 86132 ----a-w- c:\windows\system32\perfc010.dat
2010-01-24 14:25 . 2009-01-16 09:24 493298 ----a-w- c:\windows\system32\perfh010.dat
2010-01-22 12:46 . 2009-09-22 16:56 -------- d-----w- c:\documents and settings\SANDA\Dati applicazioni\SUPERAntiSpyware.com
2010-01-22 00:46 . 2009-12-05 10:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-20 11:54 . 2009-09-13 10:51 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-14 10:12 . 2009-12-14 17:30 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-05 09:53 . 2009-01-16 09:24 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2009-01-16 09:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2009-01-16 09:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-25 17:34 . 2009-12-21 23:06 -------- d-----w- c:\programmi\PC Tools Disk Suite
2009-12-21 23:06 . 2009-12-21 23:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-12-16 13:24 . 2009-01-16 02:08 -------- d-----w- c:\programmi\Acer
2009-12-16 13:23 . 2009-01-16 01:29 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-13 14:00 . 2009-10-29 20:52 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-13 12:38 . 2009-12-13 12:38 -------- d-----w- c:\programmi\TrendMicro
2009-12-12 19:27 . 2009-12-12 19:27 -------- d-----w- c:\programmi\New Folder
2009-12-07 13:58 . 2009-11-04 15:58 -------- d-----w- c:\programmi\Foxit Software
2009-12-05 19:44 . 2009-12-05 10:06 152576 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-05 19:38 . 2009-12-05 10:05 79488 ----a-w- c:\documents and settings\SANDA\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-27 23:45 . 2009-11-27 23:47 185856 ----a-w- c:\windows\system32\framedyn.dll
2009-11-27 23:45 . 2009-11-27 23:46 5415 ----a-w- c:\windows\system32\Choice.com
2009-11-23 12:54 . 2009-12-24 10:35 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-21 15:54 . 2009-01-16 09:24 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 23:23 . 2009-09-23 18:40 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-03 12:38 . 2009-10-25 10:57 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-23_13.17.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-24 16:35 . 2010-01-24 16:35 16384 c:\windows\Temp\Perflib_Perfdata_274.dat
- 2009-01-16 09:24 . 2010-01-22 00:38 72852 c:\windows\system32\perfc009.dat
+ 2009-01-16 09:24 . 2010-01-24 14:25 72852 c:\windows\system32\perfc009.dat
+ 2010-01-23 13:55 . 2010-01-23 13:55 47104 c:\windows\Installer\724b04.msi
- 2009-01-16 09:24 . 2010-01-22 00:38 445264 c:\windows\system32\perfh009.dat
+ 2009-01-16 09:24 . 2010-01-24 14:25 445264 c:\windows\system32\perfh009.dat
+ 2010-01-23 13:55 . 2010-01-23 13:55 259072 c:\windows\Installer\724afc.msi
+ 2010-01-23 13:55 . 2010-01-23 13:55 211968 c:\windows\Installer\724af7.msi
+ 2010-01-23 13:55 . 2010-01-23 13:55 301056 c:\windows\Installer\724af2.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"MSSE"="c:\programmi\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [20/01/2010 17.54.19 233136]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7.56.04 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7.56.02 74480]
R2 DiskSuiteService;PC Tools Disk Suite;c:\programmi\PC Tools Disk Suite\DSService.exe [22/12/2009 0.06.01 869696]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [24/12/2009 11.35.43 88040]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [10/08/2009 13.33.03 145408]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [20/01/2010 17.53.06 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [20/01/2010 17.53.06 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [20/01/2010 17.53.02 115216]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [02/09/2009 18.31.31 135168]
S2 Communication Modem Device Manager II;Communication Modem Device Manager II;c:\windows\system32\RegService.exe [10/08/2009 13.57.40 135168]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [02/09/2009 18.31.33 103424]
S3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\drivers\cmusbser.sys [10/08/2009 13.57.42 103552]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [20/11/2009 18.45.25 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [20/11/2009 18.45.25 102656]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7.56.06 7408]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 16:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.giustizia.it/giustizia/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: giustizia.it\www
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\documents and settings\SANDA\Dati applicazioni\Mozilla\Firefox\Profiles\r7xbnaek.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 19:18
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2232)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-01-24 19:20:14
ComboFix-quarantined-files.txt 2010-01-24 18:20
ComboFix2.txt 2010-01-23 23:47
ComboFix3.txt 2010-01-23 13:20

Pre-Run: 134.694.203.392 byte disponibili
Post-Run: 134.662.356.992 byte disponibili

- - End Of File - - 8542E6AAB811C30202DEB2F738CFE7C8
ciao, atendo il tuo consiglio e ti ringrazio di nuovo,smeraldia.
Torna in alto
 
r16
Inviato: Sunday, January 24, 2010 9:33:50 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prova a eliminare i residui di Avira, seguendo le indicazioni di questo link:
http://www.geekissimo.com/2008/08/05/cosa-fare-quando-avira-antivir-non-si-disinstalla/
Non continuare a fare scansioni con Combofix.
Il log è pulito.
Torna in alto
 
smeraldia
Inviato: Monday, January 25, 2010 12:17:09 PM
Rank: AiutAmico

Iscritto dal : 1/22/2010
Posts: 62
La prima cosa che ho fatto,o cercato di pulire con registry cleaner di avira, ma niente...non l'ho so piu cosa devo fare per levare questo maledeto "AntiVir desktop", per favore aiutamiPray
grazie, smeraldia.
Torna in alto
 
r16
Inviato: Monday, January 25, 2010 8:50:21 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Chiariamo una cosa:
Quel "Antivir Desktop", non è un virus.
E' solo un rimasuglio di una vecchia versione di Avira.
Fra l'altro non è l'unico.
Infatti ci sono "Rimasugli anche di Zone Allarm.
Per cui, continuare a fare scansioni per eliminare un qualcosa di NON pericoloso, mi sembra azzardato.
Altra cosa: "Antivir Desktop", viene rilevato solo da Combofix, oppure anche dall'antivirus che hai installato?
Perchè se lo rileva solo Combofix, potrebbe essere un "bug" dello stesso Combofix.
Vorrei sapere se si sono risolti i problemi, che avevi a inizio post.
Torna in alto
 
smeraldia
Inviato: Tuesday, January 26, 2010 12:36:04 AM
Rank: AiutAmico

Iscritto dal : 1/22/2010
Posts: 62
Ciao,
Sia antivir destkopt che zone control sono sul' pc da un può di tempo, il centro sicurezza del mio pc risulta:
"protezione virus attivato: sono stati rilevati piu programi nel computer ed almeno uno risulta aggiornato e con la funzione di ricerca virus attivata", poi se disativi l'antivirus rimane ( sempre sul' centro sicurezza) attivo, tanto vero che combofix mi a avertita che c'e attivo l'antivirus che e un rischio, con il firewall uguale, rimane attivo zone alarme. Credi che va bene? Io, che non capisco niente mi spavento che entrano in conflitto i antivirus...ecc. Problemi io non avvevo con il pc, era un puo lentino e adesso e uguale, anzi non voglio sbagliare mi sembra un puo piu lentino e poi non avevo mai controllato il log di Hijackthis.
grazie, grazie, smeraldia.

P.S.
In fondo non mi hai detto come e il log di Hijackthis, se va bene o no, se devo togliere quache cosa o no? La cancellazione con registry cleaner di Avira l'ho fatta quando ho tolto Avira e non ci sono chiavi da cancellare.
smeraldia.
Torna in alto
 
r16
Inviato: Tuesday, January 26, 2010 3:03:17 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica AppRemover:
http://www.appremover.com/
Salvalo sul desktop.
Eseguilo.
Nella prima schermata clicca "Next"
Alla seconda ti compare l'elenco di software che devi eliminare.
Vedi se c'è Avira, oppure Zone Allarm, oppure, qualche software che pensavi non ci fosse, e invece c'è.
Seleziona i software che vuoi eliminare.
Un'altro click su "Next",
E poi Next ancora.
Riavvia il pc.
Torna in alto
 
smeraldia
Inviato: Tuesday, January 26, 2010 7:21:42 PM
Rank: AiutAmico

Iscritto dal : 1/22/2010
Posts: 62
Grazie, ma non e servito a niente...non c'e niente oltre Microsoft security essentials e il pc firewall.....ti ringrazio di nuovo, ma credo che non c'e piu niente d'affare.....sarai stuffffffo di me e dei miei asurdi problemi, grazie tante.
ciao,smeraldia.
P.S.
Dopo la scansione:
Windows Script Host
nessun interprete di script per file con estensione ".vbs".
Che cosa devo fare?
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Hijackthis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.