|
|||||||
|
|
|
 |
|
|
Strumenti |
03-02-2009, 18:45
|
#1 | |
|
Senior Member
Iscritto dal: Nov 2006
Città: MIlano
Messaggi: 446
|
apertura continua nuovi browser firefox 3, sono infetto?
ciao ragazzi, ho un problema che sembra affliggere altri utenti ma non sono riuscito a porvi rimedio.
il problema sostanzialmente è che durante la navigazione mi si aprono altri browser (non pop up o finestre!) di firefox 3 contenenti messaggi pubbicitari (ad esempio in questo momento ne ho iconizzati 3, con i seguenti link hxxp://www.better.it/scommesse/bette...ntry=ZXB120x60 hxxp://best-store.net/click.php?ok=1...66&b=110&c=173 hxxp://www.perfspot.com/join.asp?p=80247&t=CD579) ho il blocco pop up attivo e ho eliminato tutte le eccezioni per provare a vedere se cambiava qualcosa, ma nulla ho provato a fare la scansione sia con antivir che con spybot dalla modalità provvisioria come amministratore dopo aver eliminato il ripristino di sistema, come suggerito nella guida per la disinfestazione, ma non mi è stato segnalato alcun problema a questo punto, seguendo altre discussioni, ho scaricato hijack che mi ha riportato questo file log Quote:
O4 - HKCU\..\Run: [ccbfvd] "d:\documents and settings\mario\impostazioni locali\dati applicazioni\ccbfvd.exe" ccbfvd dovrebbe essere dannosa, è corretto? (prima volta che uso questo programma) ringrazio già chi avrà il buon cuore di aiutarmi, informandolo che non so cosa significhi fixare o come si rimuovono librerie, file di registro o altro per disinfestarmi, scusate ma, non avendo mai avuto problemi di sorta, sono un niubbone in materia! ciau! ps: configurazione, se può servire: win xp sp3, avira antivir, zone alarm, spybot. Ultima modifica di Chill-Out : 03-02-2009 alle 19:06. |
|
|
|
|
03-02-2009, 19:11
|
#2 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
1 Disattiva il Ripristino Configurazione Sistema:
Windows XP
2 Esegui HJT clicca su Do a system scan only e metti il segno di spunta nella casella bianca a sx delle sottoindicate voci e clicca su Fix cheked: Quote:
4 Fai girare questo tool: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Doppio click su combofix.exe e segui le istruzioni Allegare il log C:\combofix.txt N.B.: Durante la scansione verranno creati alcuni file sul desktop e poi eliminati - spariranno tutte le icone del desktop - il firewall potrebbe avvisare che verranno rimossi alcuni driver (consentire) ComboFix deve essere eseguito a macchina dedicata - disconnessi dalla rete, disabilitando momentaneamente i realtime dei software di sicurezza Riepilogo log da allegare: Combofix Nuovo log HJT NB: i log vanno allegati secondo le modalità che trovi nelle Regole di sezione in firma Ciao
__________________
Try again and you will be luckier.
|
|
|
|
|
|
03-02-2009, 21:04
|
#3 |
|
Senior Member
Iscritto dal: Nov 2006
Città: MIlano
Messaggi: 446
|
innanzitutto ti ringrazio, ho seguito, spero correttamente, la procedura che mi hai postato e attualmente, dopo una mezz'ora di navigazione, il problema non si è più presentato.
dato che ora è tutto ok non inserisco i nuovi log generati, nel caso sia necessario o il problema si ripresenti (ma spero proprio di no) li posterò. grazie ancora, ciau! |
|
|
|
|
03-02-2009, 21:34
|
#4 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
Come preferisci, considera però che i log sono lo strumento per poter valutare la situazione 
__________________
Try again and you will be luckier.
|
|
|
|
|
|
03-02-2009, 22:43
|
#5 |
|
Senior Member
Iscritto dal: Nov 2006
Città: MIlano
Messaggi: 446
|
ok, eccoli allora:
combofix Codice:
ComboFix 09-02-02.04 - mario 2009-02-03 20:40:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2047.1573 [GMT 1:00]
Eseguito da: d:\documents and settings\mario\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\mario\Impostazioni locali\Dati applicazioni\ccbfvd.dat
d:\documents and settings\mario\Impostazioni locali\Dati applicazioni\ccbfvd.exe
d:\documents and settings\mario\Impostazioni locali\Dati applicazioni\ccbfvd_nav.dat
d:\documents and settings\mario\Impostazioni locali\Dati applicazioni\ccbfvd_navps.dat
d:\windows\IE4 Error Log.txt
d:\windows\system32\CmdLineExt.dll
L:\Autorun.inf
L:\resycled
l:\resycled\boot.com
.
((((((((((((((((((((((((( Files Creati Da 2009-01-03 al 2009-02-03 )))))))))))))))))))))))))))))))))))
.
2009-02-03 18:22 . 2009-02-03 18:22 <DIR> d-------- d:\programmi\Trend Micro
2009-02-01 16:25 . 2009-02-01 16:25 <DIR> d-------- D:\Webshots Data
2009-02-01 14:03 . 2006-12-14 19:47 782,336 -ra------ d:\windows\system32\tmpA7.tmp
2009-02-01 02:28 . 2009-02-01 02:28 <DIR> d-------- d:\windows\Sun
2009-01-31 13:19 . 2009-01-31 13:19 <DIR> d-------- d:\programmi\Spybot - Search & Destroy
2009-01-31 13:19 . 2009-01-31 13:24 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-30 20:17 . 2009-01-30 20:17 <DIR> d-------- d:\programmi\Lavasoft
2009-01-30 20:17 . 2009-01-30 20:18 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-01-30 15:13 . 2006-12-14 19:47 782,336 -ra------ d:\windows\system32\tmp1AC.tmp
2009-01-28 18:08 . 2009-01-28 18:10 <DIR> d-------- d:\programmi\Live-Player
2009-01-27 01:52 . 2009-01-27 01:52 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\DAEMON Tools Pro
2009-01-27 01:52 . 2009-01-27 01:52 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\DAEMON Tools
2009-01-27 01:51 . 2009-01-27 01:53 <DIR> d-------- d:\programmi\DAEMON Tools Lite
2009-01-27 01:51 . 2009-01-27 01:51 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-01-27 01:48 . 2009-01-27 01:53 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\DAEMON Tools Lite
2009-01-27 01:40 . 2006-12-14 19:47 782,336 -ra------ d:\windows\system32\tmp23C.tmp
2009-01-26 20:25 . 2006-12-14 19:47 782,336 -ra------ d:\windows\system32\tmp179.tmp
2009-01-26 20:17 . 2009-01-26 20:17 <DIR> d-------- d:\programmi\OpenAL
2009-01-26 20:17 . 2006-12-14 19:47 782,336 -ra------ d:\windows\system32\tmp154.tmp
2009-01-26 17:23 . 2008-04-13 18:53 14,720 --a------ d:\windows\system32\drivers\kbdhid.sys
2009-01-26 17:23 . 2008-04-13 18:53 14,720 --a--c--- d:\windows\system32\dllcache\kbdhid.sys
2009-01-25 18:41 . 2009-01-25 18:43 <DIR> d-------- d:\programmi\HattrickOrganizer
2009-01-25 14:43 . 2009-01-25 14:43 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-01-21 11:23 . 2009-01-21 11:23 <DIR> d-------- d:\windows\USB Vibration
2009-01-21 11:23 . 2009-01-21 11:23 <DIR> d-------- d:\programmi\USB Vibration
2009-01-21 11:23 . 2005-11-24 10:49 73,728 --a------ d:\windows\system32\dancemat.exe
2009-01-21 11:23 . 2006-10-23 11:42 31,899 --a------ d:\windows\system32\drivers\hid8101.sys
2009-01-21 01:02 . 2009-01-31 04:39 125 --a------ d:\windows\cdplayer.ini
2009-01-19 17:33 . 2009-01-19 17:33 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\vlc
2009-01-19 16:39 . 2008-10-16 21:04 6,066,176 -----c--- d:\windows\system32\dllcache\ieframe.dll
2009-01-19 16:39 . 2007-04-17 10:32 2,455,488 -----c--- d:\windows\system32\dllcache\ieapfltr.dat
2009-01-19 16:39 . 2007-03-08 06:11 1,032,192 -----c--- d:\windows\system32\dllcache\ieframe.dll.mui
2009-01-19 16:39 . 2008-10-16 21:04 459,264 -----c--- d:\windows\system32\dllcache\msfeeds.dll
2009-01-19 16:39 . 2008-10-16 21:04 383,488 -----c--- d:\windows\system32\dllcache\ieapfltr.dll
2009-01-19 16:39 . 2008-10-16 21:04 267,776 -----c--- d:\windows\system32\dllcache\iertutil.dll
2009-01-19 16:39 . 2008-10-16 21:04 63,488 -----c--- d:\windows\system32\dllcache\icardie.dll
2009-01-19 16:39 . 2008-10-16 21:04 52,224 -----c--- d:\windows\system32\dllcache\msfeedsbs.dll
2009-01-19 16:39 . 2008-10-16 14:11 13,824 -----c--- d:\windows\system32\dllcache\ieudinit.exe
2009-01-19 00:31 . 2009-01-30 02:54 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\dvdcss
2009-01-18 20:07 . 2009-01-24 17:50 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2009-01-18 19:44 . 2009-01-18 19:44 <DIR> d-------- d:\programmi\Hattrick Control
2009-01-18 19:32 . 2009-01-18 19:33 <DIR> d-------- d:\programmi\EasyRecovery Professional
2009-01-18 12:54 . 2009-01-18 12:54 <DIR> d-------- d:\programmi\MSXML 4.0
2009-01-18 12:29 . 2009-01-18 12:29 <DIR> d-------- d:\programmi\File comuni\Skype
2009-01-18 12:29 . 2009-02-03 20:08 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\skypePM
2009-01-18 12:29 . 2009-01-18 12:29 56 --ah----- d:\windows\system32\ezsidmv.dat
2009-01-18 03:04 . 2009-02-03 14:30 69 --a------ d:\windows\NeroDigital.ini
2009-01-17 16:27 . 2009-01-17 16:27 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\Symantec
2009-01-17 16:03 . 2009-01-17 16:03 <DIR> d-------- d:\programmi\Norton Ghost
2009-01-17 16:03 . 2009-01-17 16:03 <DIR> d-------- d:\programmi\File comuni\Symantec Shared
2009-01-17 16:03 . 2009-01-17 16:10 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Symantec
2009-01-17 16:03 . 2007-03-28 20:29 131,944 --a------ d:\windows\system32\drivers\symsnap.sys
2009-01-17 16:03 . 2007-03-28 20:49 128,104 --a------ d:\windows\system32\drivers\WimFltr.sys
2009-01-17 16:03 . 2007-03-28 20:29 37,864 --a------ d:\windows\system32\drivers\v2imount.sys
2009-01-17 16:03 . 2007-03-28 20:23 14,072 --a------ d:\windows\system32\drivers\vproeventmonitor.sys
2009-01-17 16:01 . 2003-06-19 01:31 17,920 --a------ d:\windows\system32\mdimon.dll
2009-01-17 16:01 . 2009-01-17 16:01 424 --a------ d:\windows\ODBC.INI
2009-01-17 16:00 . 2009-01-17 16:00 <DIR> d-------- d:\programmi\Microsoft Works
2009-01-17 15:59 . 2009-01-17 16:00 <DIR> d-------- d:\windows\SHELLNEW
2009-01-17 15:59 . 2009-01-17 15:59 <DIR> d-------- d:\programmi\Microsoft.NET
2009-01-17 15:49 . 2009-01-18 19:18 <DIR> d-------- d:\programmi\TUGZip
2009-01-17 15:49 . 2007-03-12 23:34 162,304 --a------ d:\windows\system32\ztvunrar36.dll
2009-01-17 15:49 . 2007-03-12 23:34 77,312 --a------ d:\windows\system32\ztvunace26.dll
2009-01-17 15:49 . 2007-03-12 23:34 69,632 --a------ d:\windows\system32\ztvcabinet.dll
2009-01-17 15:46 . 2009-01-17 15:46 <DIR> d-------- d:\programmi\Webshots
2009-01-17 15:46 . 2009-01-17 15:46 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\Webshots
2009-01-17 15:45 . 2009-01-17 15:45 <DIR> d-------- d:\programmi\PowerOff
2009-01-17 15:43 . 2009-01-17 15:43 <DIR> d-------- d:\programmi\File comuni\Ahead
2009-01-17 15:43 . 2009-01-17 15:43 <DIR> d-------- d:\programmi\Ahead
2009-01-17 15:43 . 2004-07-26 16:16 1,568,768 --------- d:\windows\system32\ImagX7.dll
2009-01-17 15:43 . 2004-07-26 16:16 476,320 --------- d:\windows\system32\ImagXpr7.dll
2009-01-17 15:43 . 2004-07-26 16:16 471,040 --------- d:\windows\system32\ImagXRA7.dll
2009-01-17 15:43 . 2004-07-26 16:16 262,144 --------- d:\windows\system32\ImagXR7.dll
2009-01-17 15:43 . 2001-07-09 10:50 155,648 --a------ d:\windows\system32\NeroCheck.exe
2009-01-17 15:43 . 2004-03-02 16:37 125,184 --------- d:\windows\system32\drivers\imagesrv.sys
2009-01-17 15:43 . 2000-06-26 10:45 106,496 --a------ d:\windows\system32\TwnLib20.dll
2009-01-17 15:43 . 2004-03-02 16:37 5,504 --------- d:\windows\system32\drivers\imagedrv.sys
2009-01-17 15:41 . 2009-01-17 15:41 <DIR> d-------- d:\programmi\Google
2009-01-17 15:39 . 2009-01-17 15:39 <DIR> d-------- d:\programmi\Java
2009-01-17 15:39 . 2009-01-17 15:39 <DIR> d-------- d:\programmi\File comuni\Java
2009-01-17 15:39 . 2007-09-24 23:31 69,632 --a------ d:\windows\system32\javacpl.cpl
2009-01-17 15:38 . 2009-01-17 15:38 <DIR> d-------- d:\programmi\Microsoft Silverlight
2009-01-17 15:36 . 2009-01-17 15:36 <DIR> d-------- d:\programmi\CCleaner
2009-01-17 15:33 . 2009-01-17 15:33 <DIR> d-------- d:\programmi\Real
2009-01-17 15:33 . 2009-01-17 15:33 <DIR> d-------- d:\programmi\File comuni\xing shared
2009-01-17 15:33 . 2009-01-17 15:33 <DIR> d-------- d:\programmi\File comuni\Real
2009-01-17 15:32 . 2005-06-15 03:00 102,400 --a------ d:\windows\system32\tsccvid.dll
2009-01-17 15:31 . 2009-01-18 21:04 <DIR> d-------- d:\programmi\eXtreme Movie Manager
2009-01-17 15:31 . 2000-05-21 23:00 1,009,336 --a------ d:\windows\system32\Mschrt20.ocx
2009-01-17 15:21 . 2009-01-17 15:26 <DIR> d-------- d:\programmi\File comuni\Adobe
2009-01-17 15:09 . 2009-01-17 15:57 <DIR> d-------- d:\programmi\NOS
2009-01-17 15:09 . 2009-01-17 15:57 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\NOS
2009-01-17 15:07 . 2009-01-17 15:07 <DIR> d-------- d:\programmi\iTunes
2009-01-17 15:07 . 2009-01-17 15:07 <DIR> d-------- d:\programmi\iPod
2009-01-17 15:07 . 2009-01-17 15:07 <DIR> d-------- d:\programmi\Bonjour
2009-01-17 15:07 . 2009-01-21 13:39 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\Apple Computer
2009-01-17 15:07 . 2009-01-17 15:07 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-17 15:07 . 2007-03-28 20:12 109,360 --a------ d:\windows\system32\GEARAspi.dll
2009-01-17 15:07 . 2007-03-28 20:12 15,664 --a------ d:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-17 15:06 . 2009-01-17 15:07 <DIR> d-------- d:\programmi\QuickTime
2009-01-17 15:06 . 2009-01-17 15:07 <DIR> d-------- d:\programmi\File comuni\Apple
2009-01-17 15:06 . 2009-01-17 15:06 <DIR> d-------- d:\programmi\Apple Software Update
2009-01-17 15:06 . 2009-01-17 15:07 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-01-17 15:06 . 2009-01-17 15:06 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Apple
2009-01-17 14:49 . 2009-01-17 15:00 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\VoipStunt
2009-01-17 14:48 . 2009-01-17 14:48 <DIR> d-------- d:\programmi\VoipStunt.com
2009-01-17 14:47 . 2009-01-18 12:29 <DIR> d-------- d:\programmi\Skype
2009-01-17 14:47 . 2009-02-03 20:39 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\Skype
2009-01-17 14:47 . 2009-01-17 14:47 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Skype
2009-01-17 14:45 . 2009-01-17 14:45 <DIR> d-------- d:\programmi\RealVNC
2009-01-17 14:45 . 2007-10-09 22:02 19,968 --a------ d:\windows\system32\vncmirror.dll
2009-01-17 14:45 . 2007-10-09 22:02 3,072 --a------ d:\windows\system32\drivers\vncmirror.sys
2009-01-17 14:43 . 2009-01-17 14:44 <DIR> d-------- d:\programmi\TVUPlayer
2009-01-17 14:43 . 2009-01-17 14:43 <DIR> d-------- d:\documents and settings\mario\LocalLow
2009-01-17 14:41 . 2009-01-28 20:21 <DIR> d-------- d:\programmi\TVAnts
2009-01-17 14:37 . 2009-01-25 14:43 <DIR> d-------- d:\programmi\SopCast
2009-01-17 14:31 . 2009-01-17 14:31 <DIR> d-------- d:\programmi\DNA
2009-01-17 14:31 . 2009-01-17 14:51 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\DNA
2009-01-17 14:31 . 2009-02-01 03:29 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\BitTorrent
2009-01-17 14:27 . 2009-01-17 14:27 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\eMule AdunanzA
2009-01-17 14:15 . 2009-01-17 14:15 <DIR> d-------- d:\programmi\Avira
2009-01-17 14:15 . 2009-01-17 14:15 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Avira
2009-01-17 14:10 . 2009-02-03 20:32 17,405,984 --ahs---- d:\windows\system32\drivers\fidbox.dat
2009-01-17 14:10 . 2009-02-03 20:32 209,348 --ahs---- d:\windows\system32\drivers\fidbox.idx
2009-01-17 14:07 . 2009-01-17 14:07 <DIR> d-------- d:\programmi\Zone Labs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 12:00 50,076 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_02_02_03_55_51_small.dmp.zip
2009-02-02 12:00 43,724 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_02_02_03_55_46_small.dmp.zip
2009-02-01 15:13 53,530 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_02_01_16_05_23_small.dmp.zip
2009-01-30 19:18 12,632 ----a-w d:\windows\system32\lsdelete.exe
2009-01-28 18:46 51,824 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_01_28_19_38_42_small.dmp.zip
2009-01-28 18:46 46,986 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_01_28_19_38_39_small.dmp.zip
2009-01-27 00:48 717,296 ----a-w d:\windows\system32\drivers\sptd.sys
2009-01-24 17:42 55,862 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_01_24_18_35_24_small.dmp.zip
2009-01-24 17:42 41,654 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_01_24_18_35_20_small.dmp.zip
2009-01-21 10:23 --------- d--h--w d:\programmi\InstallShield Installation Information
2009-01-21 09:24 20,480 ----a-w d:\windows\Internet Logs\xDB3.tmp
2009-01-21 01:10 2,828,288 ----a-w d:\windows\Internet Logs\xDB1.tmp
2009-01-21 01:10 1,522,176 ----a-w d:\windows\Internet Logs\xDB2.tmp
2009-01-17 11:52 --------- d-----w d:\programmi\File comuni\InstallShield
2009-01-16 17:49 --------- d-----w d:\programmi\NeoSmart Technologies
2009-01-16 17:15 --------- d-----w d:\programmi\PC Inspector File Recovery
2009-01-16 16:33 --------- d-----w d:\programmi\microsoft frontpage
2009-01-16 16:30 --------- d-----w d:\programmi\Servizi in linea
2008-12-11 10:57 333,952 ----a-w d:\windows\system32\drivers\srv.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Remote Control Editor"="d:\programmi\File comuni\TerraTec\Remote\TTTVRC.exe" [2008-11-04 1105920]
"Skype"="d:\programmi\Skype\Phone\Skype.exe" [2008-11-07 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"NVIDIA nTune"="d:\programmi\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 532480]
"nwiz"="nwiz.exe" [2008-12-26 d:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
d:\documents and settings\mario\Menu Avvio\Programmi\Esecuzione automatica\
Webshots.lnk - d:\programmi\Webshots\Launcher.exe [2009-01-17 157008]
d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - d:\programmi\Logitech\SetPoint\SetPoint.exe [2009-01-17 692224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 d:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 13:28 266497 d:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-01-17 14:31 342848 d:\programmi\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 11:40 687560 d:\programmi\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2005-11-22 17:38 221184 d:\programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 d:\programmi\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 d:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
--a------ 2007-03-28 20:41 2037352 d:\programmi\Norton Ghost\Agent\VProTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-12-26 00:08 86016 d:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 d:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 d:\programmi\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2008-04-04 11:38 88584 d:\programmi\Logitech\Gaming Software\LWEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 d:\programmi\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-01-17 15:33 185896 d:\programmi\File comuni\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-07-09 09:05 919016 d:\programmi\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-17 11:32 17920 d:\windows\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-17 11:32 18944 d:\windows\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 d:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 d:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)
"vsmon"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programmi\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=
"d:\\Programmi\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"d:\\Programmi\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"d:\\Programmi\\DNA\\btdna.exe"=
"k:\\BitTorrent\\bittorrent.exe"=
"d:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"d:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"d:\\Programmi\\iTunes\\iTunes.exe"=
"d:\\Programmi\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=
"d:\\Programmi\\Skype\\Phone\\Skype.exe"=
R3 Cinergy_HT_PCI_MKII;Cinergy HT PCI (MKII) service;d:\windows\system32\drivers\Cinergy_HT_PCI_MKII.sys [2009-01-17 221184]
S3 hid8101;hid8101;d:\windows\system32\drivers\hid8101.sys [2009-01-21 31899]
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-30 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-ccbfvd - d:\documents and settings\mario\impostazioni locali\dati applicazioni\ccbfvd.exe
MSConfigStartUp-DAEMON Tools - d:\programmi\DAEMON Tools\daemon.exe
MSConfigStartUp-MSMSGS - d:\programmi\Messenger\msmsgs.exe
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\mario\Dati applicazioni\Mozilla\Firefox\Profiles\2nhp00h5.default\
FF - plugin: d:\documents and settings\mario\Dati applicazioni\Mozilla\Firefox\Profiles\2nhp00h5.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 20:42:23
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2009-02-03 20:43:43
ComboFix-quarantined-files.txt 2009-02-03 19:43:41
Pre-Run: 22,498,557,952 byte disponibili
Post-Run: 22,486,355,968 byte disponibili
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
288 --- E O F --- 2009-01-21 11:42:42
Codice:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20.44.24, on 03/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Programmi\Lavasoft\Ad-Aware\aawservice.exe D:\WINDOWS\system32\spoolsv.exe D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe D:\WINDOWS\system32\ctfmon.exe D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Programmi\Bonjour\mDNSResponder.exe D:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Programmi\Norton Ghost\Agent\VProSvc.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\System32\wbem\wmiapsrv.exe D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe D:\WINDOWS\explorer.exe D:\Programmi\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - D:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Programmi\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Remote Control Editor] "D:\Programmi\File comuni\TerraTec\Remote\TTTVRC.exe" O4 - HKCU\..\Run: [Skype] "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Webshots.lnk = D:\Programmi\Webshots\Launcher.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Programmi\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programmi\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - D:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - D:\Programmi\iPod\bin\iPodService.exe O23 - Service: Norton Ghost - Symantec Corporation - D:\Programmi\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe -- End of file - 5574 bytes ciau! |
|
|
|
|
04-02-2009, 00:34
|
#6 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
I log sono ok, presta attenzione potresti avere supporti removibili USB infetti, ti suggerisco inoltre la lettura di questo 3D http://www.hwupgrade.it/forum/showthread.php?t=1726383
Ciao 
__________________
Try again and you will be luckier.
|
|
|
|
|
04-02-2009, 12:10
|
#7 |
|
Senior Member
Iscritto dal: Nov 2006
Città: MIlano
Messaggi: 446
|
ciao, ho dato una letta alla discussione linkata, davvero un ottimo spunto per migliorare la sicurezza del mio pc!
per quanto riguarda le periferiche usb in pratica ho solo un hd esterno, che è stato sempre collegato durante tutto il processo di disinfestazione e quindi spero sia ok grazie ancora, ciau! |
|
|
|
|
04-02-2009, 12:53
|
#8 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 03:01.
