Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

mi controllate il LOG di Hijack grazie Opzioni
valetaz85
Inviato: Wednesday, November 07, 2012 4:27:05 PM
Rank: Newbie

Iscritto dal : 11/7/2012
Posts: 6
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.21.31, on 07/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\LogMeIn\x86\RaMaint.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\WINDOWS\system32\SISCMon.exe
C:\Programmi\charismathics\smart security interface 4.0\CSPregtool.exe
C:\sysintc\Simona\conf_Y\bin\swmenu.exe
C:\Programmi\Windows NT\Accessori\WORDPAD.EXE
c:\Programmi\Mozilla Firefox\firefox.exe
c:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
c:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programmi\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eType Setup403515.exe] "C:\DOCUME~1\Simona\IMPOST~1\Temp\eType Setup403515.exe" /XML="C:\DOCUME~1\Simona\IMPOST~1\Temp\5E.tmp" /STP=0:1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Atlante.lnk = C:\Programmi\Automa\Atlante300\exe\Atlante.exe
O4 - Startup: conf_Y.lnk = C:\sysintc\Simona\conf_Y\bin\swmenu.exe
O4 - Global Startup: SCMon.lnk = C:\WINDOWS\system32\SISCMon.exe
O4 - Global Startup: smart security registration status.lnk = C:\Programmi\charismathics\smart security interface 4.0\CSPregtool.exe
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232126163296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232126314656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85BBA8ED-612C-4F85-AA8E-43B3444197AE}: NameServer = 151.99.125.1,151.99.0.100
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SEP - C:\Programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\LogMeIn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Simona\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Documents and Settings\Simona\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe

--
End of file - 11346 bytes
Sponsor
Inviato: Wednesday, November 07, 2012 4:27:05 PM

 
shapiro
Inviato: Thursday, November 08, 2012 9:27:36 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao hai delle infezioni da adware ed altro che dovrebbero crearti anche problemi con apertura di pagine di pubblicita' ed altro

fai queste scansioni

scarica adwcleaner scegli l'opzione delete , a fine scansione verra' rilasciato un log che dovrai allegare

scarica combofix sul desktop

non installare la recovery console quando ti viene richiesto
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

valetaz85
Inviato: Friday, November 09, 2012 12:21:01 PM
Rank: Newbie

Iscritto dal : 11/7/2012
Posts: 6
fatto! grazie....
ti allego scansione di adwcleaner e poi il rapporto di combofix
grazie davvero!

# AdwCleaner v2.007 - Logfile creato il 09/11/2012 alle 10:35:23
# Aggiornamento 06/11/2012 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : Simona - MASTROROCCO
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\Simona\Desktop\e-invoice\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Documents and Settings\Simona\Dati applicazioni\pdfforge

***** [Registro] *****

Chiave Eliminata : HKCU\Software\AppDataLow\Software\pdfforge
Chiave Eliminata : HKCU\Software\AppDataLow\Software\Search Settings
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Chiave Eliminata : HKCU\Software\pdfforge
Chiave Eliminata : HKCU\Software\Search Settings
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Chiave Eliminata : HKLM\Software\pdfforge
Chiave Eliminata : HKLM\Software\Search Settings

***** [Browser Internet] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registro Pulito.

*************************

AdwCleaner[R1].txt - [1714 octets] - [09/11/2012 10:34:50]
AdwCleaner[S1].txt - [1673 octets] - [09/11/2012 10:35:23]

########## EOF - C:\AdwCleaner[S1].txt - [1733 octets] ##########



COMBOFIX RAPPORTO:
ComboFix 12-11-09.01 - Simona 09/11/2012 12.07.50.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1447 [GMT 1:00]
Eseguito da: c:\documents and settings\Simona\Desktop\e-invoice\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
* Creato nuovo punto di ripristino
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\AMMYY
c:\documents and settings\All Users\Dati applicazioni\AMMYY\hr
c:\documents and settings\All Users\Dati applicazioni\AMMYY\hr3
c:\documents and settings\All Users\Dati applicazioni\AMMYY\settings3.bin
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\unins000.exe
c:\documents and settings\Simona\WINDOWS
c:\windows\IsUn0410.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\TEMP\LAE1B4.tmp
c:\windows\TEMP\LAE1C8.tmp
c:\windows\TEMP\LAE258.tmp
c:\windows\TEMP\LAE91.tmp
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-09 al 2012-11-09 )))))))))))))))))))))))))))))))))))
.
.
2012-11-07 15:20 . 2012-11-07 15:20 388096 ----a-r- c:\documents and settings\Simona\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-07 15:20 . 2012-11-07 15:20 -------- d-----w- c:\programmi\Trend Micro
2012-11-07 15:02 . 2012-11-07 15:02 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2012-11-05 08:29 . 2012-11-05 08:29 -------- d-----w- c:\documents and settings\Simona\Dati applicazioni\GoforFiles
2012-11-05 08:13 . 2008-04-13 18:13 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2012-10-26 07:01 . 2012-10-26 07:01 -------- d-----w- c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PowerOffer
2012-10-26 07:01 . 2012-10-29 08:43 -------- d-----w- c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater
2012-10-26 07:01 . 2012-10-26 07:14 -------- d-----w- c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PosService
2012-10-26 07:01 . 2012-10-26 07:01 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2012-10-25 09:58 . 2012-11-07 14:59 -------- d-----w- c:\documents and settings\Simona\Dati applicazioni\EmoticoonsToolbar
2012-10-25 09:58 . 2012-10-26 07:00 -------- d-----w- c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\SoftwareUpdater
2012-10-25 09:58 . 2012-10-25 10:01 -------- d-----w- c:\programmi\MyPcCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 08:35 . 2011-11-17 11:35 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-06 08:35 . 2011-11-17 11:35 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-11-06 08:35 . 2011-11-17 11:35 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-06 08:35 . 2011-11-17 11:34 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-09 17:55 . 2012-04-12 08:06 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 17:55 . 2011-08-01 07:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 14:32 . 2012-06-27 07:30 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32 . 2010-07-28 07:01 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 12:51 . 2012-06-27 07:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-24 13:53 . 2004-08-19 05:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2007-02-28 16:06 2152448 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2007-02-28 16:06 2031104 ------w- c:\windows\system32\ntkrnlpa.exe
2012-10-24 17:50 . 2012-11-07 15:02 261600 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.


shapiro
Inviato: Friday, November 09, 2012 12:39:33 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

sicuro di aver copiato il log di combofix per intero? controlla meglio
valetaz85
Inviato: Friday, November 09, 2012 2:27:22 PM
Rank: Newbie

Iscritto dal : 11/7/2012
Posts: 6
hai ragione: sorry! :D

ComboFix 12-11-09.01 - Simona 09/11/2012 12.07.50.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1447 [GMT 1:00]
Eseguito da: c:\documents and settings\Simona\Desktop\e-invoice\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
* Creato nuovo punto di ripristino
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\AMMYY
c:\documents and settings\All Users\Dati applicazioni\AMMYY\hr
c:\documents and settings\All Users\Dati applicazioni\AMMYY\hr3
c:\documents and settings\All Users\Dati applicazioni\AMMYY\settings3.bin
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\unins000.exe
c:\documents and settings\Simona\WINDOWS
c:\windows\IsUn0410.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\TEMP\LAE1B4.tmp
c:\windows\TEMP\LAE1C8.tmp
c:\windows\TEMP\LAE258.tmp
c:\windows\TEMP\LAE91.tmp
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-09 al 2012-11-09 )))))))))))))))))))))))))))))))))))
.
.
2012-11-07 15:20 . 2012-11-07 15:20 388096 ----a-r- c:\documents and settings\Simona\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-07 15:20 . 2012-11-07 15:20 -------- d-----w- c:\programmi\Trend Micro
2012-11-07 15:02 . 2012-11-07 15:02 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2012-11-05 08:29 . 2012-11-05 08:29 -------- d-----w- c:\documents and settings\Simona\Dati applicazioni\GoforFiles
2012-11-05 08:13 . 2008-04-13 18:13 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2012-10-26 07:01 . 2012-10-26 07:01 -------- d-----w- c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PowerOffer
2012-10-26 07:01 . 2012-10-29 08:43 -------- d-----w- c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater
2012-10-26 07:01 . 2012-10-26 07:14 -------- d-----w- c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PosService
2012-10-26 07:01 . 2012-10-26 07:01 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2012-10-25 09:58 . 2012-11-07 14:59 -------- d-----w- c:\documents and settings\Simona\Dati applicazioni\EmoticoonsToolbar
2012-10-25 09:58 . 2012-10-26 07:00 -------- d-----w- c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\SoftwareUpdater
2012-10-25 09:58 . 2012-10-25 10:01 -------- d-----w- c:\programmi\MyPcCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 08:35 . 2011-11-17 11:35 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-06 08:35 . 2011-11-17 11:35 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-11-06 08:35 . 2011-11-17 11:35 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-06 08:35 . 2011-11-17 11:34 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-09 17:55 . 2012-04-12 08:06 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 17:55 . 2011-08-01 07:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 14:32 . 2012-06-27 07:30 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32 . 2010-07-28 07:01 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 12:51 . 2012-06-27 07:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-24 13:53 . 2004-08-19 05:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2007-02-28 16:06 2152448 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2007-02-28 16:06 2031104 ------w- c:\windows\system32\ntkrnlpa.exe
2012-10-24 17:50 . 2012-11-07 15:02 261600 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-19 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-28 16859648]
"AzMixerSel"="c:\programmi\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-16 53248]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PosService"="c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Simona\Menu Avvio\Programmi\Esecuzione automatica\
Atlante.lnk - c:\programmi\Automa\Atlante300\exe\Atlante.exe [2009-9-2 3211264]
conf_Y.lnk - c:\sysintc\Simona\conf_Y\bin\swmenu.exe [2011-4-8 200704]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
SCMon.lnk - c:\windows\system32\SISCMon.exe [2009-9-2 184320]
smart security registration status.lnk - c:\programmi\charismathics\smart security interface 4.0\CSPregtool.exe [2007-2-26 3686400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-11-06 08:35 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2007-07-11 13:07 421888 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 19:17 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp Update 3300C]
2002-01-31 08:38 32768 ----a-w- c:\sj650\hpupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\programmi\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2008-08-01 07:47 53248 ----a-w- c:\programmi\HP\ToolboxFX\bin\HPTLBXFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfsu_cm1312.exe"=
"c:\\Programmi\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfaxnc2.exe"=
"c:\\Programmi\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\teamportal\\programs\\core\\apache\\bin\\httpd.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Symantec\\Symantec Endpoint Protection\\12.1.671.4971.105\\Bin\\Smc.exe"=
"c:\\Programmi\\Symantec\\Symantec Endpoint Protection\\12.1.671.4971.105\\Bin\\snac.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymDS.sys [18/06/2011 8.26.54 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymEFA.sys [18/06/2011 8.26.54 756856]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20121029.013\BHDrvx86.sys [06/11/2012 15.57.42 995488]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys [18/06/2011 8.26.54 136312]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\programmi\LogMeIn\x86\LMIGuardianSvc.exe [26/09/2011 18.15.36 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [16/09/2011 15.10.50 12856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [13/08/2012 3.06.22 106656]
R3 euccicr;CryptoIdentity CCID Virtual Reader;c:\windows\system32\drivers\euccicr-x86.sys [02/09/2009 11.42.48 43776]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20121107.001\IDSXpx86.sys [08/11/2012 6.01.12 373728]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 netlimiter;netlimiter;\??\c:\windows\system32\drivers\netlimiter.sys --> c:\windows\system32\drivers\netlimiter.sys [?]
S2 PowerOffer Service;Pos Service;c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [26/10/2012 8.01.01 169472]
S2 ServUpdater;Serv Updater;c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [26/10/2012 8.01.01 156160]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [03/07/2012 12.52.02 160944]
S2 SoftwareUpd;Software Upd;c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [25/10/2012 10.58.43 161280]
S3 euccic;CryptoIdentity CCID;c:\windows\system32\drivers\euccic-x86.sys [02/09/2009 11.42.47 57088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [02/09/2009 19.11.17 47488]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [24/10/2004 23.04.00 7796]
S3 SyDvCtrl;SyDvCtrl;c:\programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys [18/06/2011 8.26.52 23984]
S4 SepMasterService;Symantec Endpoint Protection;c:\programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [25/07/2012 8.51.11 137224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:55]
.
2012-11-08 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
2012-11-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
Trusted Zone: unicreditcorporate.it\online
Trusted Zone: unicreditcorporate.it\unigeb
TCP: Interfaces\{85BBA8ED-612C-4F85-AA8E-43B3444197AE}: NameServer = 151.99.125.1,151.99.0.100
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Simona\Dati applicazioni\Mozilla\Firefox\Profiles\tfne6pr0.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - ExtSQL: 2012-10-29 11:31; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-29 11:31; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-29 13:25; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-07 15:37; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\All Users\Dati applicazioni\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Notify-SEP - c:\programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
MSConfigStartUp-swg - c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 12:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Ora fine scansione: 2012-11-09 12:14:28
ComboFix-quarantined-files.txt 2012-11-09 11:14
ComboFix2.txt 2011-05-26 10:37
ComboFix3.txt 2010-01-22 09:21
.
Pre-Run: 44.727.058.432 byte disponibili
Post-Run: 45.038.682.112 byte disponibili
.
- - End Of File - - 06E7DFDEDDF85657F708CAFFD1EFE5A8
shapiro
Inviato: Friday, November 09, 2012 7:29:36 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
segui il percorso e copia questi due file, mettili in una cartella zippata e inviameli in un P.M.

c:\windows\system32\eLock2BurnerLockDriver.sys

c:\windows\system32\eLock2FSCTLDriver.sys

dimmi se queste porte le hai aperte tu

9999:UDP

2804:TCP



Apri n file di testo e incolla questo testo


Code:
file::
c:\programmi\Spybot - Search & Destroy\TeaTimer.exe

folder::
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PowerOffer
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PosService
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\SoftwareUpdater
c:\documents and settings\Simona\Dati applicazioni\EmoticoonsToolbar

registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

driver::
PowerOffer Service
ServUpdater
SoftwareUpd


salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log
valetaz85
Inviato: Monday, November 12, 2012 9:45:42 AM
Rank: Newbie

Iscritto dal : 11/7/2012
Posts: 6
ciao. le porte le ho aperte io. sono collegata ad un server.
non riesco a trovare i file che mi hai indicato.ho seguito il percorso ma non ci sono.
ecco il rapporto di combofix

ComboFix 12-11-09.01 - Simona 12/11/2012 9.20.30.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1298 [GMT 1:00]
Eseguito da: c:\documents and settings\Simona\Desktop\e-invoice\ComboFix.exe
Opzioni usate :: c:\documents and settings\Simona\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
* Creato nuovo punto di ripristino
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\programmi\Spybot - Search & Destroy\TeaTimer.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Simona\Dati applicazioni\EmoticoonsToolbar
c:\documents and settings\Simona\Dati applicazioni\EmoticoonsToolbar\settings.ini
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PosService
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PosService\7z.dll
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PosService\AppLib.Zip.dll
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PosService\Pos.InstallLog
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PosService\Pos.InstallState
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PosService\settings.ini
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PosService\settings\settings.ini
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PowerOffer
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PowerOffer\InstallHelper.exe
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PowerOffer\System.Data.SQLite.dll
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\PowerOffer\Wait.exe
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater\7z.dll
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater\AppLib.Zip.dll
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallLog
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallState
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater\settings.ini
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\ServUpdater\settings\settings.ini
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\SoftwareUpdater
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\SoftwareUpdater\settings.ini
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\SoftwareUpdater\settings\settings.ini
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.InstallLog
c:\documents and settings\Simona\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.InstallState
c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_POWEROFFER_SERVICE
-------\Legacy_SERVUPDATER
-------\Legacy_SOFTWAREUPD
-------\Service_PowerOffer Service
-------\Service_ServUpdater
-------\Service_SoftwareUpd
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-12 al 2012-11-12 )))))))))))))))))))))))))))))))))))
.
.
2012-10-26 07:01 . 2012-10-26 07:01 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2012-10-25 09:58 . 2012-10-25 10:01 -------- d-----w- c:\programmi\MyPcCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 08:35 . 2011-11-17 11:35 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-06 08:35 . 2011-11-17 11:35 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-11-06 08:35 . 2011-11-17 11:35 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-06 08:35 . 2011-11-17 11:34 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-09 17:55 . 2012-04-12 08:06 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 17:55 . 2011-08-01 07:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 14:32 . 2012-06-27 07:30 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32 . 2010-07-28 07:01 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 12:51 . 2012-06-27 07:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-24 13:53 . 2004-08-19 05:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2007-02-28 16:06 2152448 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2007-02-28 16:06 2031104 ------w- c:\windows\system32\ntkrnlpa.exe
2012-10-24 17:50 . 2012-11-09 13:53 261600 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-19 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-28 16859648]
"AzMixerSel"="c:\programmi\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-16 53248]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Simona\Menu Avvio\Programmi\Esecuzione automatica\
Atlante.lnk - c:\programmi\Automa\Atlante300\exe\Atlante.exe [2009-9-2 3211264]
conf_Y.lnk - c:\sysintc\Simona\conf_Y\bin\swmenu.exe [2011-4-8 200704]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
SCMon.lnk - c:\windows\system32\SISCMon.exe [2009-9-2 184320]
smart security registration status.lnk - c:\programmi\charismathics\smart security interface 4.0\CSPregtool.exe [2007-2-26 3686400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-11-06 08:35 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2007-07-11 13:07 421888 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 19:17 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp Update 3300C]
2002-01-31 08:38 32768 ----a-w- c:\sj650\hpupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\programmi\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2008-08-01 07:47 53248 ----a-w- c:\programmi\HP\ToolboxFX\bin\HPTLBXFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfsu_cm1312.exe"=
"c:\\Programmi\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfaxnc2.exe"=
"c:\\Programmi\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\teamportal\\programs\\core\\apache\\bin\\httpd.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Symantec\\Symantec Endpoint Protection\\12.1.671.4971.105\\Bin\\Smc.exe"=
"c:\\Programmi\\Symantec\\Symantec Endpoint Protection\\12.1.671.4971.105\\Bin\\snac.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymDS.sys [18/06/2011 8.26.54 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymEFA.sys [18/06/2011 8.26.54 756856]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20121029.013\BHDrvx86.sys [06/11/2012 15.57.42 995488]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys [18/06/2011 8.26.54 136312]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\programmi\LogMeIn\x86\LMIGuardianSvc.exe [26/09/2011 18.15.36 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [16/09/2011 15.10.50 12856]
R2 SepMasterService;Symantec Endpoint Protection;c:\programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [25/07/2012 8.51.11 137224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [13/08/2012 3.06.22 106656]
R3 euccicr;CryptoIdentity CCID Virtual Reader;c:\windows\system32\drivers\euccicr-x86.sys [02/09/2009 11.42.48 43776]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20121107.001\IDSXpx86.sys [08/11/2012 6.01.12 373728]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 netlimiter;netlimiter;\??\c:\windows\system32\drivers\netlimiter.sys --> c:\windows\system32\drivers\netlimiter.sys [?]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [03/07/2012 12.52.02 160944]
S3 euccic;CryptoIdentity CCID;c:\windows\system32\drivers\euccic-x86.sys [02/09/2009 11.42.47 57088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [02/09/2009 19.11.17 47488]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [24/10/2004 23.04.00 7796]
S3 SyDvCtrl;SyDvCtrl;c:\programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys [18/06/2011 8.26.52 23984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:55]
.
2012-11-08 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
2012-11-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
Trusted Zone: unicreditcorporate.it\online
Trusted Zone: unicreditcorporate.it\unigeb
TCP: Interfaces\{85BBA8ED-612C-4F85-AA8E-43B3444197AE}: NameServer = 151.99.125.1,151.99.0.100
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Simona\Dati applicazioni\Mozilla\Firefox\Profiles\yjn016mn.default-1352469851062\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - ExtSQL: 2012-10-29 11:31; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-29 11:31; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-29 13:25; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-09 10:37; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\All Users\Dati applicazioni\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-12 09:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3524)
c:\windows\system32\ieframe.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\LogMeIn\x86\RaMaint.exe
c:\programmi\LogMeIn\x86\LogMeIn.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Ora fine scansione: 2012-11-12 09:35:55 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-11-12 08:35
ComboFix2.txt 2012-11-09 11:14
ComboFix3.txt 2011-05-26 10:37
ComboFix4.txt 2010-01-22 09:21
.
Pre-Run: 45.000.945.664 byte disponibili
Post-Run: 44.878.426.112 byte disponibili
.
- - End Of File - - CFE223788FA6ADBA986A28927DEB5D0D


grazie!

shapiro
Inviato: Monday, November 12, 2012 10:19:47 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164



Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,

valetaz85
Inviato: Monday, November 12, 2012 11:26:41 AM
Rank: Newbie

Iscritto dal : 11/7/2012
Posts: 6
shapiro
Inviato: Monday, November 12, 2012 11:41:39 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


ci sono un paio di file sospetti (forse sospetti) vediamo se mbam li intercetta

Scarica e installa malwarebytes
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .
valetaz85
Inviato: Tuesday, November 13, 2012 9:07:23 AM
Rank: Newbie

Iscritto dal : 11/7/2012
Posts: 6
grazie

Malwarebytes Anti-Malware (Prova) 1.65.1.1000
www.malwarebytes.org

Versione database: v2012.11.12.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Simona :: MASTROROCCO [amministratore]

Protezione: Attivata

12/11/2012 13.20.28
mbam-log-2012-11-12 (13-20-28).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|K:\|N:\|Y:\|Z:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 1090806
Tempo impiegato: 13 ore, 22 minuti, 47 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 52
D:\y del 01072011\Archivio Rvl\Download\SoftonicDownloader_per_combofix.exe (PUP.OfferBundler.ST) -> Spostato in quarantena ed eliminato con successo.
D:\y del 01072011\BACKUP-INAZ\SQLBASE\Copia di EPAGHE 24.01.08\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 01072011\BACKUP-INAZ\SQLBASE\Copia di EPAGHE 24.01.08\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 01072011\BACKUP-INAZ\SQLBASE\Copia di EPAGHE 24.01.08\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 01072011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 01072011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 01072011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 01072011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 01072011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 01072011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 01072011\BACKUP-INAZ\SQLBASE\EPAGHE07\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 01072011\BACKUP-INAZ\SQLBASE\EPAGHE07\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 01072011\BACKUP-INAZ\SQLBASE\EPAGHE07\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 06.07.2011\Archivio Rvl\Download\SoftonicDownloader_per_combofix.exe (PUP.OfferBundler.ST) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\Archivio Rvl\Download\SoftonicDownloader_per_combofix.exe (PUP.OfferBundler.ST) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\BACKUP-INAZ\SQLBASE\Copia di EPAGHE 24.01.08\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\BACKUP-INAZ\SQLBASE\Copia di EPAGHE 24.01.08\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\BACKUP-INAZ\SQLBASE\Copia di EPAGHE 24.01.08\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE07\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE07\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\Y DEL 20.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE07\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\Archivio Rvl\Download\SoftonicDownloader_per_combofix.exe (PUP.OfferBundler.ST) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\BACKUP-INAZ\SQLBASE\Copia di EPAGHE 24.01.08\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\BACKUP-INAZ\SQLBASE\Copia di EPAGHE 24.01.08\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\BACKUP-INAZ\SQLBASE\Copia di EPAGHE 24.01.08\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE07\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE07\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
D:\y del 23.06.2011\BACKUP-INAZ\SQLBASE\EPAGHE07\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
Y:\BACKUP-INAZ\SQLBASE\Copia di EPAGHE 24.01.08\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
Y:\BACKUP-INAZ\SQLBASE\Copia di EPAGHE 24.01.08\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
Y:\BACKUP-INAZ\SQLBASE\Copia di EPAGHE 24.01.08\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
Y:\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
Y:\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
Y:\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
Y:\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
Y:\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
Y:\BACKUP-INAZ\SQLBASE\EPAGHE\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
Y:\BACKUP-INAZ\SQLBASE\EPAGHE07\EPAGHE\EPAGHE\EPAGHE\139.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
Y:\BACKUP-INAZ\SQLBASE\EPAGHE07\EPAGHE\EPAGHE\EPAGHE\151.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.
Y:\BACKUP-INAZ\SQLBASE\EPAGHE07\EPAGHE\EPAGHE\EPAGHE\186.LOG (Extension.Mismatch) -> Spostato in quarantena ed eliminato con successo.

(fine)
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.