Condividi:        

aiuto per log combofix

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

aiuto per log combofix

Postdi lolaputer » 08/07/09 17:28

Ciao,siccome avevo qualche comportamento strano sul pc,ho fatto una scansione con combofix ma nel log non ci capisco molto....qualcuno può aiutarmi?grazie
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Sponsor
 

Re: aiuto per log combofix

Postdi lolaputer » 08/07/09 18:52

Nessuno?
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Re: aiuto per log combofix

Postdi shel » 08/07/09 19:04

ciao

magari se posti il log sara' possibile verificare se sono presenti minacce
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiuto per log combofix

Postdi lolaputer » 08/07/09 19:26

si certo,grazie,come faccio?
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Re: aiuto per log combofix

Postdi lolaputer » 08/07/09 19:29

così?

ComboFix 09-07-07.A9 - Lola 08/07/2009 17.49.54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.641 [GMT 2:00]
Eseguito da: c:\documents and settings\Lola\Desktop\Combofix\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090707-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lola\Dati applicazioni\drivers\downld
c:\windows\system32\i

.
((((((((((((((((((((((((( Files Creati Da 2009-06-08 al 2009-07-08 )))))))))))))))))))))))))))))))))))
.

2009-07-07 13:10 . 2009-07-07 13:10 -------- d-----w- c:\programmi\Lavasoft
2009-07-07 13:03 . 2009-07-07 13:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-07-07 11:58 . 2009-07-07 11:58 -------- d-----w- c:\programmi\VirusTotalUploader
2009-07-04 16:12 . 2009-07-04 16:17 -------- d-----w- c:\documents and settings\Lola\Dati applicazioni\DeepBurner
2009-07-04 16:00 . 2009-07-04 16:10 -------- d-----w- c:\programmi\DeepBurner
2009-07-03 07:43 . 2009-07-03 07:43 -------- d-----w- c:\documents and settings\Lola\Dati applicazioni\Ashampoo
2009-07-03 07:43 . 2009-07-03 07:43 -------- d-----w- c:\documents and settings\Lola\Impostazioni locali\Dati applicazioni\ashampoo
2009-07-03 07:43 . 2009-07-03 07:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ashampoo
2009-07-03 07:43 . 2009-07-03 07:43 -------- d-----w- c:\programmi\Ashampoo
2009-06-28 09:12 . 2009-06-28 09:12 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-06-28 09:12 . 2009-06-28 09:12 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-06-21 16:46 . 2008-04-13 17:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-06-21 16:46 . 2008-04-13 17:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-21 16:46 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-06-21 16:41 . 2009-06-21 16:43 -------- d-----w- c:\programmi\DIFX
2009-06-21 16:39 . 2009-07-04 15:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-06-17 14:46 . 2009-06-17 14:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-06-17 14:46 . 2009-06-17 14:46 -------- d-----w- c:\programmi\QuickTime Alternative
2009-06-17 13:09 . 2009-06-17 13:09 -------- d-----w- c:\programmi\RADVideo
2009-06-15 22:37 . 2009-06-15 22:37 15872 ----a-w- c:\windows\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys
2009-06-15 22:37 . 2009-06-15 22:46 62 ----a-w- c:\windows\hcs.dat
2009-06-15 22:37 . 2004-08-03 23:56 11776 ----a-w- c:\windows\system32\reghmf.exe
2009-06-15 22:37 . 2009-06-15 22:37 -------- d-----w- c:\programmi\HFolders
2009-06-15 22:37 . 2007-02-12 15:55 692224 ----a-w- c:\windows\system32\hsys30.dll
2009-06-15 22:22 . 2009-06-15 22:22 -------- d-----w- c:\programmi\Axon Data
2009-06-15 19:57 . 2009-05-03 10:22 73392 ----a-w- c:\windows\system32\fsproflt.exe
2009-06-15 19:57 . 2008-06-05 17:37 43792 ----a-w- c:\windows\system32\drivers\FSPFltd.sys
2009-06-10 19:07 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 15:52 . 2009-05-22 13:17 -------- d--h--w- c:\documents and settings\Lola\Dati applicazioni\drivers
2009-07-08 15:46 . 2009-06-06 13:55 -------- d-----w- c:\programmi\Crawler
2009-07-08 08:35 . 2009-01-26 08:41 572804 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-08 08:35 . 2009-01-26 08:41 48654368 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-07 18:10 . 2009-07-07 18:11 1721856 ----a-w- c:\windows\Internet Logs\xDB79.tmp
2009-07-07 17:09 . 2009-03-22 09:15 -------- d-----w- c:\programmi\dBpowerAMP
2009-07-07 16:22 . 2009-02-13 08:37 -------- d-----w- c:\programmi\eMule
2009-07-07 13:06 . 2009-07-07 13:07 2481152 ----a-w- c:\windows\Internet Logs\xDB78.tmp
2009-07-07 13:06 . 2009-07-07 13:07 132096 ----a-w- c:\windows\Internet Logs\xDB77.tmp
2009-07-07 13:03 . 2009-02-06 15:00 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-07-07 12:55 . 2009-01-25 23:35 -------- d-----w- c:\programmi\Spyware Terminator
2009-07-07 12:55 . 2009-01-25 23:35 -------- d-----w- c:\documents and settings\Lola\Dati applicazioni\Spyware Terminator
2009-07-07 12:24 . 2009-01-27 09:18 -------- d-----w- c:\programmi\Microsoft Picture It! PhotoPub
2009-07-07 11:51 . 2009-07-07 11:52 2474496 ----a-w- c:\windows\Internet Logs\xDB76.tmp
2009-07-07 11:51 . 2009-07-07 11:52 574976 ----a-w- c:\windows\Internet Logs\xDB75.tmp
2009-07-07 07:52 . 2009-07-07 07:53 111616 ----a-w- c:\windows\Internet Logs\xDB73.tmp
2009-07-07 07:52 . 2009-07-07 07:53 2469376 ----a-w- c:\windows\Internet Logs\xDB74.tmp
2009-07-06 21:06 . 2009-07-07 07:01 693248 ----a-w- c:\windows\Internet Logs\xDB72.tmp
2009-07-04 19:06 . 2009-07-04 19:07 2466304 ----a-w- c:\windows\Internet Logs\xDB71.tmp
2009-07-04 19:06 . 2009-07-04 19:07 105472 ----a-w- c:\windows\Internet Logs\xDB70.tmp
2009-07-04 16:50 . 2009-07-04 16:51 185856 ----a-w- c:\windows\Internet Logs\xDB6E.tmp
2009-07-04 16:50 . 2009-07-04 16:51 2465792 ----a-w- c:\windows\Internet Logs\xDB6F.tmp
2009-07-03 20:35 . 2009-07-04 06:40 117248 ----a-w- c:\windows\Internet Logs\xDB6C.tmp
2009-07-03 20:35 . 2009-07-04 06:40 2447872 ----a-w- c:\windows\Internet Logs\xDB6D.tmp
2009-07-03 17:18 . 2009-07-03 17:20 2443264 ----a-w- c:\windows\Internet Logs\xDB6B.tmp
2009-07-03 17:03 . 2009-04-20 17:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-07-03 17:00 . 2009-07-03 17:01 160768 ----a-w- c:\windows\Internet Logs\xDB6A.tmp
2009-07-03 07:35 . 2009-07-03 07:36 52736 ----a-w- c:\windows\Internet Logs\xDB69.tmp
2009-07-01 22:42 . 2009-07-03 06:47 269312 ----a-w- c:\windows\Internet Logs\xDB68.tmp
2009-06-30 09:51 . 2009-07-01 12:03 45056 ----a-w- c:\windows\Internet Logs\xDB66.tmp
2009-06-30 09:51 . 2009-07-01 12:03 2419712 ----a-w- c:\windows\Internet Logs\xDB67.tmp
2009-06-30 08:42 . 2009-06-30 09:27 400384 ----a-w- c:\windows\Internet Logs\xDB65.tmp
2009-06-28 18:11 . 2009-06-29 06:39 707072 ----a-w- c:\windows\Internet Logs\xDB64.tmp
2009-06-28 09:38 . 2009-01-18 21:30 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-28 09:22 . 2009-06-28 09:23 84992 ----a-w- c:\windows\Internet Logs\xDB63.tmp
2009-06-28 08:49 . 2009-01-26 18:58 -------- d-----w- c:\programmi\Total Uninstall
2009-06-28 07:16 . 2009-01-25 23:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-06-27 22:50 . 2009-06-28 06:35 452096 ----a-w- c:\windows\Internet Logs\xDB62.tmp
2009-06-27 12:47 . 2009-03-22 17:21 -------- d-----w- c:\documents and settings\Lola\Dati applicazioni\foobar2000
2009-06-25 16:17 . 2009-06-26 16:29 212992 ----a-w- c:\windows\Internet Logs\xDB61.tmp
2009-06-23 21:02 . 2009-06-24 07:06 840192 ----a-w- c:\windows\Internet Logs\xDB5F.tmp
2009-06-23 21:02 . 2009-06-24 07:06 2369536 ----a-w- c:\windows\Internet Logs\xDB60.tmp
2009-06-21 16:46 . 2009-06-21 16:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-21 16:46 . 2009-06-21 16:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-18 21:23 . 2009-06-19 07:13 98816 ----a-w- c:\windows\Internet Logs\xDB5E.tmp
2009-06-17 21:20 . 2009-06-17 21:21 430080 ----a-w- c:\windows\Internet Logs\xDB5D.tmp
2009-06-16 21:38 . 2009-06-17 09:06 19968 ----a-w- c:\windows\Internet Logs\xDB5B.tmp
2009-06-16 21:38 . 2009-06-17 09:06 2319872 ----a-w- c:\windows\Internet Logs\xDB5C.tmp
2009-06-16 19:26 . 2009-06-16 19:28 196096 ----a-w- c:\windows\Internet Logs\xDB59.tmp
2009-06-16 19:26 . 2009-06-16 19:28 2319872 ----a-w- c:\windows\Internet Logs\xDB5A.tmp
2009-06-15 20:09 . 2009-06-15 20:10 98816 ----a-w- c:\windows\Internet Logs\xDB58.tmp
2009-06-15 12:05 . 2009-06-15 12:06 128000 ----a-w- c:\windows\Internet Logs\xDB57.tmp
2009-06-15 07:40 . 2009-01-25 22:24 -------- d-----w- c:\documents and settings\Lola\Dati applicazioni\AdobeUM
2009-06-14 18:43 . 2009-06-15 07:11 2951168 ----a-w- c:\windows\Internet Logs\xDB55.tmp
2009-06-14 18:43 . 2009-06-15 07:11 2286592 ----a-w- c:\windows\Internet Logs\xDB56.tmp
2009-06-13 18:17 . 2009-06-13 19:36 437760 ----a-w- c:\windows\Internet Logs\xDB53.tmp
2009-06-13 18:17 . 2009-06-13 19:36 2283008 ----a-w- c:\windows\Internet Logs\xDB54.tmp
2009-06-13 08:51 . 2009-06-13 16:35 330240 ----a-w- c:\windows\Internet Logs\xDB51.tmp
2009-06-13 08:51 . 2009-06-13 16:35 2281984 ----a-w- c:\windows\Internet Logs\xDB52.tmp
2009-06-10 17:59 . 2009-06-10 18:00 1214976 ----a-w- c:\windows\Internet Logs\xDB50.tmp
2009-06-08 08:00 . 2009-06-08 18:34 643584 ----a-w- c:\windows\Internet Logs\xDB4E.tmp
2009-06-08 08:00 . 2009-06-08 18:34 2252800 ----a-w- c:\windows\Internet Logs\xDB4F.tmp
2009-06-07 21:27 . 2009-06-08 06:51 75776 ----a-w- c:\windows\Internet Logs\xDB4C.tmp
2009-06-07 21:27 . 2009-06-08 06:51 2251776 ----a-w- c:\windows\Internet Logs\xDB4D.tmp
2009-06-06 18:09 . 2009-06-07 16:46 81920 ----a-w- c:\windows\Internet Logs\xDB4B.tmp
2009-06-06 16:31 . 2009-06-06 16:34 2250240 ----a-w- c:\windows\Internet Logs\xDB4A.tmp
2009-06-06 16:31 . 2009-06-06 16:34 17920 ----a-w- c:\windows\Internet Logs\xDB49.tmp
2009-06-06 16:28 . 2009-06-06 16:29 120832 ----a-w- c:\windows\Internet Logs\xDB48.tmp
2009-06-06 13:40 . 2009-06-06 13:41 128000 ----a-w- c:\windows\Internet Logs\xDB47.tmp
2009-06-05 18:01 . 2009-06-06 07:06 39424 ----a-w- c:\windows\Internet Logs\xDB46.tmp
2009-06-05 10:23 . 2009-03-13 08:32 -------- d-----w- c:\programmi\File comuni\AVSMedia
2009-06-05 10:23 . 2009-03-13 08:32 -------- d-----w- c:\programmi\AVSMedia
2009-06-05 09:53 . 2009-06-05 09:54 331776 ----a-w- c:\windows\Internet Logs\xDB45.tmp
2009-06-04 19:43 . 2009-06-04 19:10 -------- d-----w- c:\programmi\Lupas Rename 2000
2009-06-04 12:57 . 2009-06-04 12:58 88064 ----a-w- c:\windows\Internet Logs\xDB43.tmp
2009-06-04 12:57 . 2009-06-04 12:58 2207744 ----a-w- c:\windows\Internet Logs\xDB44.tmp
2009-06-03 21:22 . 2009-06-04 06:28 528384 ----a-w- c:\windows\Internet Logs\xDB42.tmp
2009-06-03 21:09 . 2009-06-03 21:08 -------- d-----w- c:\programmi\Tclock
2009-06-02 19:15 . 2009-06-03 06:44 169984 ----a-w- c:\windows\Internet Logs\xDB40.tmp
2009-06-02 19:15 . 2009-06-03 06:44 2186752 ----a-w- c:\windows\Internet Logs\xDB41.tmp
2009-06-02 16:28 . 2009-06-02 16:28 -------- d-----w- c:\programmi\Photo Story 3 for Windows
2009-06-01 17:30 . 2009-06-01 17:30 -------- d-----w- c:\documents and settings\Lola\Dati applicazioni\Image Zone Express
2009-05-31 19:50 . 2009-06-01 11:58 166400 ----a-w- c:\windows\Internet Logs\xDB3E.tmp
2009-05-31 19:50 . 2009-06-01 11:58 2168832 ----a-w- c:\windows\Internet Logs\xDB3F.tmp
2009-05-31 12:15 . 2009-05-23 15:42 921600 ----a-w- c:\windows\system32\Snow_Village_3D_Screensaver.scr
2009-05-31 12:13 . 2009-05-31 12:14 688640 ----a-w- c:\windows\Internet Logs\xDB3C.tmp
2009-05-31 12:13 . 2009-05-31 12:14 2172416 ----a-w- c:\windows\Internet Logs\xDB3D.tmp
2009-05-31 12:12 . 2009-05-23 15:42 35322368 ----a-w- c:\windows\system32\Snow Village 3D Screensaver.exe
2009-05-31 12:11 . 2009-05-23 15:42 -------- d-----w- c:\programmi\Snow Village 3D Screensaver
2009-05-30 20:09 . 2009-05-30 20:09 -------- d-----w- c:\programmi\Ancient Castle 3D Screensaver
2009-05-30 19:58 . 2009-05-30 19:59 1438208 ----a-w- c:\windows\Internet Logs\xDB3B.tmp
2009-05-30 19:57 . 2009-05-30 18:07 -------- d-----w- c:\programmi\3Planesoft Screensaver Manager
2009-05-30 19:57 . 2009-05-30 18:07 -------- d-----w- c:\programmi\Dutch Windmills 3D Screensaver
2009-05-30 12:33 . 2009-05-30 12:33 -------- d-----w- c:\programmi\Cuckoo Clock 3D Screensaver
2009-05-28 08:37 . 2009-05-28 08:33 -------- d-----w- c:\programmi\Vector Magic
2009-05-28 07:43 . 2009-03-31 13:23 -------- d-----w- c:\documents and settings\Lola\Dati applicazioni\AVS Video Converter
2009-05-27 08:51 . 2009-05-27 09:02 485376 ----a-w- c:\windows\Internet Logs\xDB39.tmp
2009-05-27 08:51 . 2009-05-27 09:02 2101760 ----a-w- c:\windows\Internet Logs\xDB3A.tmp
2009-05-25 21:18 . 2009-05-26 07:32 188416 ----a-w- c:\windows\Internet Logs\xDB38.tmp
2009-05-25 10:29 . 2009-05-25 18:10 80896 ----a-w- c:\windows\Internet Logs\xDB36.tmp
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-01-25 1783808]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Promemoria del Calendario di Microsoft Works.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Promemoria del Calendario di Microsoft Works.lnk
backup=c:\windows\pss\Promemoria del Calendario di Microsoft Works.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\StreamerOne\\StreamerOne.exe"=
"c:\\Programmi\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Programmi\\Lavasoft\\Ad-Aware\\AAWService.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/01/2009 23.30.13 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/01/2009 23.04.19 114768]
R1 HMFAxCore56d706f6725c732df006697fd5ec3381;HMFAxCore56d706f6725c732df006697fd5ec3381;c:\windows\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys [16/06/2009 0.37.16 15872]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [26/01/2009 1.35.48 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26/01/2009 17.39.55 20560]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [16/04/2009 18.33.16 603904]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [31/07/2006 20.44.24 580992]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-08 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://arianna.libero.it/hpweb.html
IE: Crawler Search - tbr:iemenu
IE: Save Flash - c:\programmi\Flash Saving Plugin\FlashSButton.dll/210
IE: Save Page As PDF ... - file://c:\programmi\Nitro PDF\PDF Download\nitroweb.htm
IE: Save YouTube Video - c:\programmi\Flash Saving Plugin\FlashSButton.dll/217
IE: {{28EA46FA-BFA8-40E5-85AF-8C83A55BD45A} - https://signin.ebay.it/ws/eBayISAPI.dll?SignIn
IE: {{4C8CB16D-A55F-407A-8BCA-DEB98904BA7A} - http://www.primarygames.com/games.htm
IE: {{68A46607-2E28-41FF-BD46-43FE35E90A27} - https://bancopostaonline.poste.it/bpol/ ... amovimenti
IE: {{87E9763D-900C-4FD3-A05E-CAE7FF667814} - http://wpop13.libero.it/email.php?ssonc=1292889082
IE: {{8BF0FE12-930C-491A-8AC9-14F697B060D3} - http://www.ebay.it/
IE: {{AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F758FE6D-9949-4D78-B748-97781F55AF19} - hxxp://rivideo.mediaset.it/_res/cab/TXTDMCab.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 17:53
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-07-08 17.55.06
ComboFix-quarantined-files.txt 2009-07-08 15:55

Pre-Run: 156.268.257.280 byte disponibili
Post-Run: 156.252.311.552 byte disponibili

254 --- E O F --- 2009-06-10 18:44
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Re: aiuto per log combofix

Postdi lolaputer » 09/07/09 18:58

perchè nessuno mi dice niente? :cry:
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Re: aiuto per log combofix

Postdi shel » 09/07/09 20:51

Ora apri una pagina del blocco note e copia incolla quanto segue :


killAll
file::



c:\windows\Internet Logs\xDB79.tmp
:\windows\Internet Logs\xDB78.tmp
c:\windows\Internet Logs\xDB77.tmp
c:\windows\Internet Logs\xDB76.tmp
c:\windows\Internet Logs\xDB75.tmp
c:\windows\Internet Logs\xDB73.tmp
c:\windows\Internet Logs\xDB74.tmp
c:\windows\Internet Logs\xDB72.tmp
c:\windows\Internet Logs\xDB71.tmp
c:\windows\Internet Logs\xDB70.tmp
c:\windows\Internet Logs\xDB6E.tmp
c:\windows\Internet Logs\xDB6F.tmp
c:\windows\Internet Logs\xDB6C.tmp
c:\windows\Internet Logs\xDB6D.tmp
c:\windows\Internet Logs\xDB6B.tmp
c:\windows\Internet Logs\xDB6A.tmp
c:\windows\Internet Logs\xDB69.tmp
c:\windows\Internet Logs\xDB68.tmp
c:\windows\Internet Logs\xDB66.tmp
c:\windows\Internet Logs\xDB67.tmp
c:\windows\Internet Logs\xDB65.tmp
c:\windows\Internet Logs\xDB64.tmp
c:\windows\Internet Logs\xDB63.tmp
c:\windows\Internet Logs\xDB62.tmp
c:\windows\Internet Logs\xDB61.tmp
c:\windows\Internet Logs\xDB5F.tmp
c:\windows\Internet Logs\xDB60.tmp
c:\windows\Internet Logs\xDB5E.tmp
c:\windows\Internet Logs\xDB5B.tmp
c:\windows\Internet Logs\xDB5C.tmp
c:\windows\Internet Logs\xDB59.tmp
c:\windows\Internet Logs\xDB5A.tmp
c:\windows\Internet Logs\xDB58.tmp
c:\windows\Internet Logs\xDB57.tmp
c:\windows\Internet Logs\xDB55.tmp
c:\windows\Internet Logs\xDB56.tmp
c:\windows\Internet Logs\xDB53.tmp
c:\windows\Internet Logs\xDB54.tmp
c:\windows\Internet Logs\xDB51.tmp
c:\windows\Internet Logs\xDB52.tmp
c:\windows\Internet Logs\xDB50.tmp
c:\windows\Internet Logs\xDB4E.tmp
c:\windows\Internet Logs\xDB4F.tmp
c:\windows\Internet Logs\xDB4C.tmp
c:\windows\Internet Logs\xDB4D.tmp
c:\windows\Internet Logs\xDB4B.tmp
c:\windows\Internet Logs\xDB4A.tmp
c:\windows\Internet Logs\xDB49.tmp
c:\windows\Internet Logs\xDB48.tmp
c:\windows\Internet Logs\xDB47.tmp
c:\windows\Internet Logs\xDB46.tmp
c:\windows\Internet Logs\xDB45.tmp
c:\windows\Internet Logs\xDB43.tmp
c:\windows\Internet Logs\xDB44.tmp
c:\windows\Internet Logs\xDB42.tmp
c:\windows\Internet Logs\xDB40.tmp
c:\windows\Internet Logs\xDB41.tmp
c:\windows\Internet Logs\xDB3E.tmp
c:\windows\Internet Logs\xDB3F.tmp
c:\windows\Internet Logs\xDB3C.tmp
c:\windows\Internet Logs\xDB3D.tmp
c:\windows\Internet Logs\xDB3B.tmp
c:\windows\Internet Logs\xDB39.tmp
c:\windows\Internet Logs\xDB3A.tmp
c:\windows\Internet Logs\xDB38.tmp
c:\windows\Internet Logs\xDB36.tmp


salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ...
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiuto per log combofix

Postdi lolaputer » 10/07/09 07:22

Ho fatto tutto esattamente così,infatti in "C: Qoobox" c'è il CFScript che gli ho dato,ma si pianta per ore e ore sulla schermata blu "attendere scansione file infetti,dovrebbe impiegare 10 minuti ecc....."cos' l'ho trovato stamattina.
Eppure era tutto disattivato,avast, zone alarm,spyware terminator.....
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Re: aiuto per log combofix

Postdi Luke57 » 10/07/09 07:41

Ciao, ma adesso come va? Eri affetta dal bagle, ti funzionano i programmi di sicurezza?
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto per log combofix

Postdi lolaputer » 10/07/09 08:26

ciao e grazie,ma daaai non ci credo! funziona e funzionava tutto benissimo,c'era solo ashampoo burning studio che non mi si apriva più e ad-aware che mi si piantava nella scansione sempre allo stesso punto, ma avast non mi aveva trovato niente,nè Spybot,nè Spyware Terminator,nè una scansione online con Kapersky! Guarda che quello che mi hai detto di fare tu Combofix non l'ha fatto! E adesso cosa devo fare?
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Re: aiuto per log combofix

Postdi Luke57 » 10/07/09 08:38

Ciao, come non ci credi ;) ?
Metti su google questo percorso (cartella eliminata da combofix poi lo vedi che cosa viene fuori, a parte Lola):
c:\documents and settings\Lola\Dati applicazioni\drivers\downld

Se non noti malfunzionamenti, penso che dovresti essere a posto (la scansione con lo script te l'ha suggerita Shel)
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto per log combofix

Postdi lolaputer » 10/07/09 08:53

Ma no l'ho detto per ridere,è che sono stupefatta perchè era proprio un dubbietto,ripeto andava "quasi" tutto benissimo! Ma cos'è che devo fare con Google? Senti ho fatto anche una scansione veloce con Malwarebytes e non mi ha trovato nulla.Come posso essere sicura di essere pulita? Poi: Dopo (credo) Combofix il ripristino configurazione sistema che io tenevo disabilitato per entrambi i miei hard disk,è ora per entrambi su "monitoraggio". Posso ri-disabilitarlo? Per togliere ogni traccia di Combofix è sufficente cancellare l'eseguibile e le due cartellein "C" ? Perchè ora la scansione di Ad-aware mi si pianta sulla cartella di quarantena Qoobox che Combofix ha creato in C! Gmer non mi ha trovato niente di "rosso"
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Re: aiuto per log combofix

Postdi lolaputer » 10/07/09 09:03

porca puzzola! Non ci ho messo "kill all files" nello script di shell! Ora esco disabilito tutto e riprovo combofix,sfido che non sapeva cosa farci con sta lista....Ciao,non mi mollate! :)
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Re: aiuto per log combofix

Postdi lolaputer » 10/07/09 11:16

Macchè niente da fare,Combofix con lo script si pianta all'inizio come ieri sera,invece,senza,finisce regolarmente la scansione.Mi potete rispondere alle mie domande sopra? grazie
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Re: aiuto per log combofix

Postdi shel » 10/07/09 11:32

ciao

prova cosi'


Scarica Avenger

http://swandog46.geekstogo.com/avenger.zip

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe
Ora incolla queste righe nella box bianca che si è aperta:

files to delete:
c:\windows\Internet Logs\xDB79.tmp
:\windows\Internet Logs\xDB78.tmp
c:\windows\Internet Logs\xDB77.tmp
c:\windows\Internet Logs\xDB76.tmp
c:\windows\Internet Logs\xDB75.tmp
c:\windows\Internet Logs\xDB73.tmp
c:\windows\Internet Logs\xDB74.tmp
c:\windows\Internet Logs\xDB72.tmp
c:\windows\Internet Logs\xDB71.tmp
c:\windows\Internet Logs\xDB70.tmp
c:\windows\Internet Logs\xDB6E.tmp
c:\windows\Internet Logs\xDB6F.tmp
c:\windows\Internet Logs\xDB6C.tmp
c:\windows\Internet Logs\xDB6D.tmp
c:\windows\Internet Logs\xDB6B.tmp
c:\windows\Internet Logs\xDB6A.tmp
c:\windows\Internet Logs\xDB69.tmp
c:\windows\Internet Logs\xDB68.tmp
c:\windows\Internet Logs\xDB66.tmp
c:\windows\Internet Logs\xDB67.tmp
c:\windows\Internet Logs\xDB65.tmp
c:\windows\Internet Logs\xDB64.tmp
c:\windows\Internet Logs\xDB63.tmp
c:\windows\Internet Logs\xDB62.tmp
c:\windows\Internet Logs\xDB61.tmp
c:\windows\Internet Logs\xDB5F.tmp
c:\windows\Internet Logs\xDB60.tmp
c:\windows\Internet Logs\xDB5E.tmp
c:\windows\Internet Logs\xDB5B.tmp
c:\windows\Internet Logs\xDB5C.tmp
c:\windows\Internet Logs\xDB59.tmp
c:\windows\Internet Logs\xDB5A.tmp
c:\windows\Internet Logs\xDB58.tmp
c:\windows\Internet Logs\xDB57.tmp
c:\windows\Internet Logs\xDB55.tmp
c:\windows\Internet Logs\xDB56.tmp
c:\windows\Internet Logs\xDB53.tmp
c:\windows\Internet Logs\xDB54.tmp
c:\windows\Internet Logs\xDB51.tmp
c:\windows\Internet Logs\xDB52.tmp
c:\windows\Internet Logs\xDB50.tmp
c:\windows\Internet Logs\xDB4E.tmp
c:\windows\Internet Logs\xDB4F.tmp
c:\windows\Internet Logs\xDB4C.tmp
c:\windows\Internet Logs\xDB4D.tmp
c:\windows\Internet Logs\xDB4B.tmp
c:\windows\Internet Logs\xDB4A.tmp
c:\windows\Internet Logs\xDB49.tmp
c:\windows\Internet Logs\xDB48.tmp
c:\windows\Internet Logs\xDB47.tmp
c:\windows\Internet Logs\xDB46.tmp
c:\windows\Internet Logs\xDB45.tmp
c:\windows\Internet Logs\xDB43.tmp
c:\windows\Internet Logs\xDB44.tmp
c:\windows\Internet Logs\xDB42.tmp
c:\windows\Internet Logs\xDB40.tmp
c:\windows\Internet Logs\xDB41.tmp
c:\windows\Internet Logs\xDB3E.tmp
c:\windows\Internet Logs\xDB3F.tmp
c:\windows\Internet Logs\xDB3C.tmp
c:\windows\Internet Logs\xDB3D.tmp
c:\windows\Internet Logs\xDB3B.tmp
c:\windows\Internet Logs\xDB39.tmp
c:\windows\Internet Logs\xDB3A.tmp
c:\windows\Internet Logs\xDB38.tmp
c:\windows\Internet Logs\xDB36.tmp


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiuto per log combofix

Postdi lolaputer » 10/07/09 13:23

grazie,fatto.Al riavvio windows ha stentato molto a partire e sul desktop vuoto di
icone e barra è uscito il seguente messaggio d'errore:

windows disco non presente
exception processing message
C0000013 parameters 75b1bfzc 4 75b1bf7c 75b1bf7c

può essere che il secondo file del tuo testo manchi della "C"? Me ne sono accorta adesso.

Io ho chiuso il messaggio e si è avviato.Questo è il log di avenger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "c:\windows\Internet Logs\xDB79.tmp" deleted successfully.

Error: could not open file ":\windows\Internet Logs\xDB78.tmp"
Deletion of file ":\windows\Internet Logs\xDB78.tmp" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

File "c:\windows\Internet Logs\xDB77.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB76.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB75.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB73.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB74.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB72.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB71.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB70.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB6E.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB6F.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB6C.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB6D.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB6B.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB6A.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB69.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB68.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB66.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB67.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB65.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB64.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB63.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB62.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB61.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB5F.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB60.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB5E.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB5B.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB5C.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB59.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB5A.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB58.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB57.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB55.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB56.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB53.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB54.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB51.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB52.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB50.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB4E.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB4F.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB4C.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB4D.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB4B.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB4A.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB49.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB48.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB47.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB46.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB45.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB43.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB44.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB42.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB40.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB41.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB3E.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB3F.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB3C.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB3D.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB3B.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB39.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB3A.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB38.tmp" deleted successfully.
File "c:\windows\Internet Logs\xDB36.tmp" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Re: aiuto per log combofix

Postdi lolaputer » 10/07/09 13:33

Allora aggiunta la C al file mancante e dato solo lui ad avenger.Al riavvio stesso casino,stesso errore,cliccando "continua" due o tre volte windows si avvia e log avenger dice che ha cancellato pure lui.
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Re: aiuto per log combofix

Postdi shel » 10/07/09 15:03

ciao

si in effetti avevo dimenticato la c in questo

c:\windows\Internet Logs\xDB78.tmp

adessso non dovresti avere piu' problemi nemmeno con avenger.....ha eliminato tutto


esegui le pulizie

scarica CCleaner
http://www.ccleaner.com
Importante:
In fase d’installazione levare la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)



Controlla se i servizi sono attivati dopo la visita del bagle

Apri la lista dei Servizi
Start > Esegui >digitate SERVICES.MSC >Ok ed abilita, dove è necessario, questi servizi disabilitati: Avvisi, Centro sicurezza PC, Aggiornamenti automatici, Connessioni di rete, Zero Configuration reti senza fili e Windows Firewall/ Condivisione connessione Internet (ICS). (Per avviare un servizio, clic con il tasto destro su Proprietà >Automatico > Ok > Avvia > Ok).

Posta un log di hjt per un controllo e dovremmo aver finito
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiuto per log combofix

Postdi shel » 10/07/09 15:28

shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiuto per log combofix

Postdi lolaputer » 10/07/09 16:58

Allora,grazie di tutto.CCleaner l'ho sempre usato e lo uso ogni volta prima di spegnere il pc. Avast,Spybot,Ad-Aware,Spiware terminator,Zone Alarm,windows rimoz.malaware,tutto aggiornato continuamente,tutta roba evidentemente inutile che ho sul pc,anche la scansione online di Kasperky era pulita,l'avvio di msconfig me lo controllo ogni momento e non aprirei una mail sconosciuta neanche se mi pagassero,insomma non ho idea di dove mi sia presa sta schifezza e che cosa non debba più fare per non beccarmela più! L'errore misterioso di prima (che cercando in rete sembra una cosa abbastanza comune) è misteriosamente scomparso subito dopo che ho cancellato tutto,compresi i log,di combofix (da "esegui"),gmer,avenger ecc.sarà un caso,ma l'errore non l'ha fatto più al riavvio di solo questa cosa. L'unica cosa che mi preoccupa un pò è che il ripristino che io tengo disattivato è la seconda volta che me lo trovo abilitato,ed anche cartelle e file nascosti e di sistema io li tengo visibili e non lo erano più.I servizi è tutto ok non ho dovuto riabilitare nulla.Spero di essere pulita,grazie ancora,posto il log di hjt,ciao

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.45.07, on 10/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Windows NT\Accessori\wordpad.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Online Translator Toolbar - {322F8B64-3ADF-4377-A21F-829CE8404AEE} - C:\Programmi\Online Translator Toolbar for Internet Explorer\OnlineTranslator.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.patentinoonline.it/nis/materials/ScriptX.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2918123343
O16 - DPF: {F758FE6D-9949-4D78-B748-97781F55AF19} (TXTDM Control) - http://rivideo.mediaset.it/_res/cab/TXTDMCab.CAB
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6814 bytes
lolaputer
Utente Junior
 
Post: 36
Iscritto il: 29/06/07 17:19

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "aiuto per log combofix":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3
aiuto x mobili
Autore: MarioLombardi
Forum: Forum off-topic
Risposte: 8

Chi c’è in linea

Visitano il forum: Nessuno e 35 ospiti