MegaLab.it

Inviato: **gio set 03, 2009 4:47 pm**

ciao a tutti,premetto che questo log e' stato messo in un mio post precedente,ma ho ritenuto giusto aprire un altro topic.ho fatto una scansione con combofix e volevo chiedervi se potevate dare un'occhiata.mi sembra che abbia eliminato qualcosa,ma vorrei un parere da chi e' piu' esperto.

ComboFix 09-08-31.04 - Willy 01/09/2009 19.04.34.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1012.582 [GMT 2:00]
Eseguito da: c:\documents and settings\Willy\Documenti\Comix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ogacheckcontrol.dll
c:\windows\system32\osmultiplexcore.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-08-01 al 2009-09-01 )))))))))))))))))))))))))))))))))))
.

2009-08-30 20:30 . 2009-08-30 20:30 -------- d-----w- c:\programmi\InCode Solutions
2009-08-26 07:42 . 2009-08-24 17:04 2707456 ----a-w- c:\documents and settings\Willy\Dati applicazioni\Mozilla\Firefox\Profiles\vkhuwlab.default\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
2009-08-25 17:44 . 2009-08-25 17:44 -------- d-----w- c:\documents and settings\Willy\Impostazioni locali\Dati applicazioni\JockerSoft
2009-08-25 17:39 . 2009-08-25 17:39 -------- d-----w- c:\programmi\Elaborate Bytes
2009-08-25 17:20 . 2009-08-25 17:20 -------- d-----w- c:\programmi\JockerSoft
2009-08-24 08:34 . 2009-08-24 08:34 -------- d-----w- c:\windows\Sun
2009-08-23 20:37 . 2009-08-23 20:37 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-19 14:28 . 2009-08-19 14:28 -------- d-----w- c:\windows\system32\NtmsData
2009-08-18 19:52 . 2009-08-19 10:05 2048 ----a-w- c:\windows\system32\dtmssystem.dll
2009-08-15 14:01 . 2009-08-15 14:01 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-15 14:01 . 2009-08-15 14:01 -------- d-----w- c:\programmi\MSBuild
2009-08-15 14:01 . 2009-08-15 14:01 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-15 14:00 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 14:00 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 14:00 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-15 14:00 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-15 14:00 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 14:00 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 14:00 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-15 14:00 . 2009-08-15 14:01 -------- d-----w- C:\3a055dbf1ed45c6b41b2e8
2009-08-15 13:51 . 2008-04-13 21:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-14 19:34 . 2009-08-14 19:34 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-08-14 13:56 . 2009-08-14 13:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Enkord
2009-08-13 13:54 . 2009-08-13 13:54 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\Coyotes Tale
2009-08-13 13:52 . 2009-08-13 13:57 -------- d-----w- C:\games
2009-08-12 15:41 . 2009-08-12 15:41 -------- d-----w- C:\Hotspot Shield
2009-08-12 15:40 . 2009-08-12 15:41 -------- d-----w- c:\programmi\Hotspot Shield
2009-08-10 16:13 . 2009-08-10 16:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2009-08-09 17:05 . 2009-08-09 17:05 -------- d-----w- c:\documents and settings\Willy\Impostazioni locali\Dati applicazioni\RapidWare
2009-08-08 13:44 . 2009-08-15 14:28 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\.ABC
2009-08-08 13:42 . 2009-08-31 20:51 -------- d-----w- c:\programmi\ABC
2009-08-05 16:54 . 2009-08-29 17:36 152576 ----a-w- c:\documents and settings\Willy\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-04 18:59 . 2009-08-04 18:59 0 ----a-w- c:\windows\nsreg.dat
2009-08-04 18:59 . 2009-08-04 18:59 -------- d-----w- c:\documents and settings\Willy\Impostazioni locali\Dati applicazioni\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 17:07 . 2009-06-02 16:46 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\Free Download Manager
2009-09-01 16:44 . 2008-08-21 09:17 85070 ----a-w- c:\windows\system32\perfc010.dat
2009-09-01 16:44 . 2008-08-21 09:17 490898 ----a-w- c:\windows\system32\perfh010.dat
2009-08-31 20:59 . 2009-05-23 12:17 -------- d-----w- c:\programmi\PeerGuardian2
2009-08-30 21:00 . 2009-06-14 21:18 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\Spyware Terminator
2009-08-26 10:41 . 2009-06-14 21:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-08-25 13:16 . 2009-04-12 18:52 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\Thinstall
2009-08-24 14:39 . 2009-05-23 09:53 51152 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-24 11:54 . 2008-04-13 21:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-08-23 20:37 . 2009-06-14 21:18 -------- d-----w- c:\programmi\Spyware Terminator
2009-08-23 20:25 . 2008-04-13 21:00 202763 ----a-w- c:\windows\system32\uxtheme(2)(2).dll
2009-08-19 14:36 . 2009-04-05 15:02 60984 ----a-w- c:\documents and settings\Willy\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-19 10:39 . 2009-05-30 22:11 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-11 08:00 . 2009-04-12 18:51 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\U3
2009-08-05 16:55 . 2009-07-30 21:58 -------- d-----w- c:\programmi\Java
2009-08-05 08:59 . 2008-04-13 21:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 17:06 . 2009-08-01 17:06 -------- d-----w- c:\programmi\Network Stumbler
2009-07-30 22:01 . 2009-07-30 22:00 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\JonDo
2009-07-30 21:57 . 2009-07-30 21:57 152576 ----a-w- c:\documents and settings\Willy\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-30 19:52 . 2009-04-13 00:24 1696 ----a-w- c:\documents and settings\Willy\Dati applicazioni\Thinstall\Allok AVI to DVD SVCD VCD Converter 3.9.0219\%ProgramFilesDir%\Allok AVI to DVD SVCD VCD Converter\savedata.dll
2009-07-27 21:33 . 2009-07-27 21:33 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\GPass-4
2009-07-27 21:07 . 2009-07-27 21:07 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\GPass
2009-07-25 03:23 . 2009-07-30 21:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-17 19:01 . 2008-04-13 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 20:49 . 2009-07-12 20:49 -------- d-----w- c:\programmi\Makayama
2009-07-12 10:21 . 2008-04-13 21:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 16:01 . 2009-07-09 16:01 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\Auslogics
2009-07-09 15:39 . 2009-07-09 15:39 -------- d-----w- c:\programmi\Auslogics
2009-07-09 15:33 . 2009-07-09 15:33 -------- d-----w- c:\programmi\erunt
2009-07-08 16:22 . 2009-07-08 16:22 -------- d-----w- c:\programmi\Microsoft ActiveSync
2009-07-05 19:57 . 2009-07-05 19:57 -------- d-----w- c:\programmi\Bluetack
2009-07-05 16:51 . 2009-05-30 16:50 -------- d-----w- c:\programmi\Sandboxie
2009-07-02 02:34 . 2009-07-02 02:34 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-06-29 15:55 . 2007-08-13 16:54 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2008-04-13 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2008-04-13 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2008-04-13 21:00 735744 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-04-13 21:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-04-13 21:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-04-13 21:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2008-04-13 21:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-04-13 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 16:53 . 2009-06-24 16:51 564 ---ha-w- c:\windows\SbiePst.dat
2009-06-24 11:18 . 2008-04-13 21:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2008-04-13 21:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-13 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:43 . 2008-04-13 21:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-14 21:18 . 2009-06-14 21:18 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2009-06-14 21:18 . 2009-06-14 21:18 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2009-06-14 21:18 . 2009-06-14 21:18 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-10 14:13 . 2008-04-13 21:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2008-04-13 21:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2008-04-13 21:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-08 13:12 . 2009-06-08 13:12 69632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2009-06-03 19:09 . 2008-05-07 05:10 1296384 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-12 15:40 218160 ----a-w- c:\programmi\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\programmi\Eraser\Eraser.exe" [2007-12-22 916240]
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]
"Free Download Manager"="c:\programmi\Free Download Manager\fdm.exe" [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\programmi\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-08-13 2532576]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-06-14 2174464]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Batt.lnk - c:\documents and settings\Willy\Desktop\Batt.reg [2009-6-13 3609]
InterVideo WinCinema Manager.lnk - c:\programmi\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
ninja.lnk - c:\programmi\Ninja\ninja.exe [2009-5-19 695296]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\PeerGuardian2\\pg2.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [14/06/2009 23.18.29 142592]
R2 HssSrv;Hotspot Shield Routing Service;c:\programmi\Hotspot Shield\HssWPR\hsssrv.exe [06/08/2009 20.58.38 331824]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [05/05/2008 18.01.02 254976]
R3 SbieDrv;SbieDrv;c:\programmi\Sandboxie\SbieDrv.sys [28/05/2009 15.32.24 108032]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 21.13.20 28592]
S3 HssTrayService;Hotspot Shield Tray Service;c:\programmi\Hotspot Shield\bin\HssTrayService.exe [11/08/2009 1.19.16 57640]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [05/04/2009 17.03.02 96856]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 22.22.06 34064]
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-StartupDelayer0 - c:\programmi\JockerSoft\Startup Delayer\StartupDelayer.exe -file=c:\documents and settings\Willy\Documenti\stup2.xml
HKCU-Run-StartupDelayer1 - c:\programmi\JockerSoft\Startup Delayer\StartupDelayer.exe -file=c:\documents and settings\Willy\Documenti\stup3.xml
HKCU-Run-fsm - (no file)
HKLM-Run-M3000Mnt - M3000Rmv.dll

.
------- Scansione supplementare -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 9&m=aoa150
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 9&m=aoa150
uInternet Settings,ProxyServer = ftp=localhost:3128;http=localhost:3128;https=localhost:3128
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {09F404CE-8D9B-4AEA-A509-CE9ACB7CEF0C} = 208.67.222.222,208.67.220.220
TCP: {96196001-E86F-40B4-9D34-57F4B772EF9A} = 208.67.222.222,208.67.220.220
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Willy\Dati applicazioni\Mozilla\Firefox\Profiles\vkhuwlab.default\
FF - prefs.js: browser.startup.homepage - http://www.yahoo.it
FF - plugin: c:\programmi\Opera\program\plugins\npfdm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 19:09
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1166905992-2747808145-1403386008-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Ora fine scansione: 2009-09-01 19.11.51
ComboFix-quarantined-files.txt 2009-09-01 17:11

Pre-Run: 101.886.697.472 byte disponibili
Post-Run: 101.863.809.024 byte disponibili

210 --- E O F --- 2009-08-24 12:01

grazie a tutti

ciaociao

[ciao]

Inviato: **gio set 03, 2009 6:35 pm**

I due file eliminati non riguardano virus: uno era una DLL dell' Office Genuine Advantage, l'altra non sò.

Hai qualche problema particolare?

Inviato: **ven set 04, 2009 4:41 pm**

ciao TheHacker66,nessun problema in particolare.tutto e' nato perche il mio netbook,un acer aspire one con hd da 160 gb,1 gb di ram e xp home,durante l'avvio spegne di colpo lo schermo per poi riavviarlo subito dopo rallentando di molto il caricamento dell'antivirus e dell'antispyware,poi non so se questo e' normale,nel senso se capita anche in altri netbook acer

ciaociao

[uhm]

MegaLab.it

scansione combofix

scansione combofix

Re: scansione combofix

Re: scansione combofix