Pagina 1 di 1

ciao,potete aiutarmi con il log di combofix!

MessaggioInviato: gio lug 14, 2011 5:45 pm
da partyboy78
ciao...ho il computer che mi va lento...mi ha bloccato dei programmi,mi ha modificato la scritta delle icone sul desktop che si vede sfocata...tutto dopo che non ho fatto gli ultimi aggiornamenti windows!!avevo in nod 32,adesso ho il norton 360..gli altri antivirus li ho cancellati ma deve esserci ancora qualcosa dentro! il norton mi ha trovato 1 virus...ma non so il nome! se potete aiutarmi! grazie

ComboFix 11-07-13.03 - Beppe 13/07/2011 23.02.07.14.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.187 [GMT 2:00]
Eseguito da: c:\documents and settings\Beppe\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Sistema Antivirus NOD32 2.51 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: VIRUSfighter ver. 5.99 *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Trend Micro PC-cillin Internet Security *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-06-13 al 2011-07-13 )))))))))))))))))))))))))))))))))))
.
.
2011-07-13 15:51 . 2011-07-13 15:51 -------- d-----w- C:\N360_BACKUP
2011-07-12 09:39 . 2011-07-13 07:12 -------- d-----w- c:\programmi\TuneUp Utilities 2011
2011-07-12 09:39 . 2011-07-12 09:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2011-07-12 09:39 . 2011-07-12 09:39 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-07-12 09:35 . 2011-07-08 07:44 142296 ----a-w- c:\programmi\Mozilla Firefox\components\browsercomps.dll
2011-07-12 09:35 . 2010-01-01 08:00 2106216 ----a-w- c:\programmi\Mozilla Firefox\D3DCompiler_43.dll
2011-07-12 09:35 . 2010-01-01 08:00 1998168 ----a-w- c:\programmi\Mozilla Firefox\d3dx9_43.dll
2011-07-12 09:34 . 2011-07-12 09:34 -------- d-----w- c:\programmi\File comuni\Java
2011-07-12 09:34 . 2011-05-04 02:52 476904 ----a-w- c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-12 09:34 . 2011-05-04 02:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-12 09:23 . 2011-07-12 09:23 -------- d-----w- c:\programmi\Defraggler
2011-07-12 08:26 . 2011-07-12 08:26 -------- d-----w- c:\documents and settings\Beppe\Dati applicazioni\URSoft
2011-07-12 08:22 . 2006-08-24 11:44 477696 ----a-w- c:\windows\system32\drivers\ZD1211BU.sys
2011-07-12 08:22 . 2005-06-08 16:44 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys
2011-07-12 08:22 . 2004-10-25 11:40 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys
2011-07-12 08:22 . 2004-01-14 09:30 17151 ----a-w- c:\windows\system32\ZDPNDIS5.SYS
2011-07-12 08:22 . 2004-01-14 09:25 81920 ----a-w- c:\windows\system32\ZDPN50.DLL
2011-07-12 08:22 . 2005-06-08 16:44 29184 ----a-w- c:\windows\system32\drivers\BRGSp50a64.sys
2011-07-12 08:22 . 2005-03-18 13:35 31744 ----a-w- c:\windows\system32\drivers\ZDPSp50a64.sys
2011-07-12 08:22 . 2003-03-14 10:24 24576 ----a-w- c:\windows\system32\ZyDelReg.exe
2011-07-12 08:22 . 2005-07-12 12:44 15872 ----a-w- c:\windows\system32\InsDrvZD64.DLL
2011-07-12 08:22 . 2004-03-23 14:38 28672 ----a-w- c:\windows\system32\InsDrvZD.dll
2011-07-12 08:18 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-12 08:18 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-07-12 08:18 . 2011-07-12 09:01 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2011-07-12 08:18 . 2011-07-12 08:18 -------- d-----w- c:\programmi\Symantec
2011-07-12 08:18 . 2011-07-12 08:18 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-12 08:18 . 2011-07-12 08:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-12 08:16 . 2011-07-13 08:00 -------- d-----w- c:\windows\system32\drivers\N360
2011-07-12 08:16 . 2011-07-12 08:16 -------- d-----w- c:\programmi\Norton 360
2011-07-12 08:16 . 2011-07-12 08:16 -------- d-----w- c:\programmi\Windows Sidebar
2011-07-12 08:15 . 2011-07-12 08:15 -------- d-----w- c:\programmi\NortonInstaller
2011-07-12 07:58 . 2011-07-12 07:58 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-07-12 07:49 . 2011-07-12 07:49 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\URSoft
2011-07-12 07:49 . 2011-07-12 07:49 -------- d-----w- c:\programmi\Your Uninstaller 2010
2011-07-12 07:41 . 2011-07-12 07:41 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-06-16 19:16 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 00:25 . 2010-04-15 21:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2008-09-05 14:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2001-08-31 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2001-08-31 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05 . 2001-08-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05 . 2001-08-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05 . 2001-08-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-09-05 14:26 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2001-08-31 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-07-08 07:44 . 2011-07-12 09:35 142296 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 07:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-31 15:09 136176 ----atw- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-11 01:08 2512392 ----a-w- c:\windows\system32\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SoundMan"=SOUNDMAN.EXE
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\PokerTH-0.8.1\\pokerth.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55556:UDP"= 55556:UDP:UDP
"55555:TCP"= 55555:TCP:TCP
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [13/07/2011 9.19.14 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [13/07/2011 9.19.14 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [01/07/2011 0.11.24 810616]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [13/07/2011 9.19.14 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [13/07/2011 9.19.14 116784]
R2 N360;Norton 360;c:\programmi\Norton 360\Engine\4.3.0.5\ccsvchst.exe [13/07/2011 9.15.55 126392]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [05/09/2008 16.13.18 45440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/07/2011 10.42.19 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110712.034\IDSXpx86.sys [13/07/2011 9.26.24 355256]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [05/09/2008 16.13.18 56960]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 2oNLdNc;2oNLdNc;c:\windows\system32\drivers\2oNLdNc.sys [09/11/2009 23.53.39 25216]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [19/01/2009 17.47.21 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [19/01/2009 17.47.24 8320]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 utmwnjq0;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utmwnjq0.sys --> c:\windows\system32\Drivers\utmwnjq0.sys [?]
S4 TmPfw;Trend Micro Personal Firewall; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-07-13 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\programmi\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1580436667-839522115-1004Core.job
- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-05-31 15:09]
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1580436667-839522115-1004UA.job
- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-05-31 15:09]
.
2011-07-13 c:\windows\Tasks\User_Feed_Synchronization-{5E3EABF5-93D7-4BDA-8F12-80749F258036}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it-it.facebook.com/
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Beppe\Dati applicazioni\Mozilla\Firefox\Profiles\7voelaok.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-nod32kui - c:\programmi\Eset\nod32kui.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Uniblue SpyEraser - c:\programmi\Uniblue\SpyEraser\SpyEraser.exe
MSConfigStartUp-UpdateReminder - c:\programmi\Eset\UpdateReminder.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-13 23:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\programmi\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\programmi\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1580436667-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14AAE74F-4F5F-FEBF-DAFC-B1CB01EE3EC6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jampjofbegkldelcjhga"=hex:62,61,61,6f,00,00
"jampjofbegkldelcjhca"=hex:62,61,61,6f,00,00
"iaminnjjpkmjblnilj"=hex:6b,61,62,6f,6b,67,66,6e,66,63,6c,69,64,63,61,70,69,6f,
61,69,70,6a,00,00
"hakkdpdcoenamjpe"=hex:6b,61,62,6f,6b,67,66,6e,67,63,66,70,70,62,6d,61,65,68,
6d,67,65,66,00,01
"haaafelfimnghdga"=hex:6e,61,66,6b,6d,64,6c,61,6e,65,6e,6a,6b,62,67,61,6a,61,
67,64,63,68,6c,6d,64,68,61,63,00,00
"jadaooidikecgjmpdike"=hex:64,62,65,6b,66,64,66,68,6d,65,6d,6e,69,62,61,6a,67,
66,64,6c,6c,64,63,6f,6e,65,6d,6d,70,62,63,6c,6b,65,65,6d,6b,6c,61,6e,00,cc
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{14AAE74F-4F5F-FEBF-DAFC-B1CB01EE3EC6}\InProcServer32*]
"kagjpofehomokngghkgkof"=hex:62,61,67,6f,00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="5012CD33B5DCB3F68A5843F75B4C954E6526B990DB3441BAF11BCD9A75967F86F29777F62FEBBA637A54ADDA9DD089CAE0925AF2FEB88F637B601B17A132267E385EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5CC038D530D6EB345255C75C65A0330DE5A557BB793E012E06CC7D55FA1235C1F009983E8142A601B952A93F65430332A4200439008BC9B6F1FC8CDB0D8BD469C3EC93B2047F7954059FAEFB1B85282BEA76B54F448E302083D8BA1A49988604565822E06F3C22320DA34662310A62D8B84D25F5FE350E021C6227C99B915B7989C8706A02DD8BF855F6C219D563952ED17BEDF670E05F835DCCD87DF74588C7826E0DC27CC0459CA3E75B993C9A4A333C8A1171DE65C5E2B17DB896CEF56883292DE7B326B1812400782CB09B2BAC86C3B873588D8D0671C31292CD1C5A78522C1F5AD9C7F6982B3B5DB5032D848BD5F7785CF14C93899384591AAEDA1B5B6C7D0F9DA52E44035F66015903308BDB66A97178D8672B5B44A75764198BD6D6A1CFFECFDCABC6E08658FEDEFC6818B511737D59FCB5F82E8EA543E941B39E54541EA27396179C76F5A9AA738D9BF553C12EAAF1A00C93D6953A8808AEDB7AE2FAA4636FC0C7D8281A398925A6136695F8F9BC9B5A470BCC0E66C501BC1063B29E655B8D1C1E8382702B53668D9F9A0149B829929447DF2FC0EDD07A9B61C69ADEA5DE7D3D7896B40FE2F790DD923D3C5E139AF60F6F053D0CD82F7C4F648715ED6DEE4F8D40018F1B8B175E03436A14F073704CDBA7655B60739DF42FB17B3E918946FAC85C260C509308EEBF0DAFF852093BFCE15B5D94C24D0A36E6E56C5A238C505B00BA5DC47E2DD244AACC937D68C6C4D3DA793F944D3B99F37622194D13CBAD2D18CD71F709CD35C8AB668DD9AA648402D7774EAB2DD42449B10BB2A261DEB314C98BA109662FA0C583BF086A245D2A1CB9CAC3CFA2F63332C048DE0727A46A17A2ECA07E2252BB6CC044E4AF76EF9899B8F1CC99054287911F07394D0C3D0E9F81EF95035B75DE4ECAE1774C559F65575EE88B453B19952B9BF8CE6A4E0E8FFA1E159A66C52298E25B0C88880A335C178A3614B4C324032ADAD0A1F7423F92DD7EE3C09A29A0A9067F39D24F6EB6FAFA6FE070EC2FD12C9AD4492736CDBFF1DD80650938DFFE87789A6307B3F578F48C92731B95A44EA06ED59DCA846940377455266CF7D890DB5BE00AC866A20CAEB8D0FE88FB5B91A4FA7C8E69E925B4250180B8D3B999EA8437DC2F31C08DC7C44E58961B1222D12FF9BC61568F22D7AEC55CB39F01366713F7EBD94BBDE2488583ABD12D6BD80B6A085FDED54418257EE8942EA3F25CA5CBEC4014187E626CF1EEA1CC8B42"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(552)
c:\windows\system32\imon.dll
.
Ora fine scansione: 2011-07-13 23:21:56
ComboFix-quarantined-files.txt 2011-07-13 21:21
.
Pre-Run: 10.963.111.936 byte disponibili
Post-Run: 10.949.443.584 byte disponibili
.
- - End Of File - - 24C553183FF321167B978CFFE942A4A6

Re: ciao,potete aiutarmi con il log di combofix!

MessaggioInviato: gio lug 14, 2011 6:18 pm
da crazy.cat
Prova a fare la scansione con malwarebytes e posta il log di quella.
Nel log di combofix si vedono tante cose strane...
(ma quanti antivirus hai provato?)

Re: ciao,potete aiutarmi con il log di combofix!

MessaggioInviato: gio lug 14, 2011 7:27 pm
da Hpmezzo
NOD32, Norton, VirusFighter ecc ecc... crazy cosa è questo : f:\NTGLM7X.sys?
http://www.pc1news.com/virus/file-pavbo ... 58208.html ==> pavboot.sys
Da quanto ho capito su internet sono rogue o delle traccie:
\c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.SYS c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
Ti consiglio di scaricare questo tools per eliminare le entry di alcuni rogue (sempre se è presente nella lista):
http://www.softpedia.com/get/Antivirus/ ... irus.shtml
Poi un log HiJackThis magari se lo posti non fa male! [:)]
Fai una scansione come consigliato da crazy.cat. [weponed]

Re: ciao,potete aiutarmi con il log di combofix!

MessaggioInviato: ven lug 15, 2011 4:22 am
da crazy.cat
Hpmezzo ha scritto:NPoi un log HiJackThis magari se lo posti non fa male! [:)]

f:\NTGLM7X.sys? --- boh
pavboot.sys --- panda
Da quanto ho capito su internet sono rogue o delle traccie: --- direi che è superantispyware

Re: ciao,potete aiutarmi con il log di combofix!

MessaggioInviato: ven lug 15, 2011 6:33 am
da Hpmezzo
crazy.cat ha scritto:
Hpmezzo ha scritto:NPoi un log HiJackThis magari se lo posti non fa male! [:)]

direi che è superantispyware

Cioè che c'è un rogue che si chiama cosi , oppure intendi dire il software per scansionare il sistema SUPERantispyware?
Non ho mai sentito parlare di questo rogue sinceramente.
http://www.virustotal.com/file-scan/rep ... 1305359154
Report Virus total per pavboot.sys è il driver di panda quindi è sicuro...Ma hai molte tracce di antivirus...Un consiglio prova a scaricarti i removal tool degli stessi per eliminare definitivamente ogni traccia. (dai file alle singole voci di registro).

Re: ciao,potete aiutarmi con il log di combofix!

MessaggioInviato: ven lug 15, 2011 6:56 am
da crazy.cat
questo intendo
Hpmezzo ha scritto:oppure intendi dire il software per scansionare il sistema SUPERantispyware?.

Re: ciao,potete aiutarmi con il log di combofix!

MessaggioInviato: ven lug 15, 2011 8:12 am
da Hpmezzo
A ecco quindi consigli una bella scansione con SUPERAntispyware e Malwarebytes. Scaricali di qui :
http://download.cnet.com/Malwarebytes-A ... tag=button
http://www.superantispyware.com/downloa ... PYWAREFREE
Ti consiglierei anche di effettuare una scansione con Kaspersky Removal Tools
http://www.kaspersky.com/virus-removal-tools
Facci sapere! Ciao =)