Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

cid

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

cid

Messaggioda pmarco66 » mer nov 04, 2009 9:33 pm

da qualche giorno si e' rallentato il computer e si aprono in continuazione pagine web di cid con messaggi promozionali.
cosa posso fare?
grazie
Avatar utente
pmarco66
Aficionado
Aficionado
 
Messaggi: 132
Iscritto il: mer ago 20, 2008 1:21 pm

Re: cid

Messaggioda Amantide » mer nov 04, 2009 9:38 pm

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: cid

Messaggioda pmarco66 » mer nov 04, 2009 10:12 pm

ComboFix 09-11-04.02 - Marco 04/11/2009 21.58.12.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.962 [GMT 1:00]
Eseguito da: c:\documents and settings\Marco\Desktop\roma.exe
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\timedefw32ex.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-10-04 al 2009-11-04 )))))))))))))))))))))))))))))))))))
.

2009-11-04 20:30 . 2009-11-04 20:30 152576 ----a-w- c:\documents and settings\Marco\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 19:45 . 2009-11-04 19:45 -------- d-----w- c:\windows\LastGood
2009-11-03 08:49 . 2009-11-03 08:49 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-03 08:49 . 2009-11-03 08:49 93360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-03 08:49 . 2009-11-03 08:49 554280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-24 23:08 . 2009-10-24 23:08 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 23:08 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-14 16:47 . 2009-10-14 16:47 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-10-14 16:45 . 2009-10-14 16:45 -------- d-----w- c:\windows\SQL9_KB970892_ENU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 21:03 . 2009-06-18 08:52 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\DNA
2009-11-04 19:43 . 2009-11-01 18:20 761856 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Cast ping base frag\Five Beep.exe
2009-11-04 19:43 . 2009-06-05 20:33 -------- d-----w- c:\programmi\Symantec AntiVirus
2009-11-04 19:43 . 2009-06-18 08:52 -------- d-----w- c:\programmi\DNA
2009-11-04 06:32 . 2008-04-14 03:00 536414 ----a-w- c:\windows\system32\perfh010.dat
2009-11-04 06:32 . 2008-04-14 03:00 102124 ----a-w- c:\windows\system32\perfc010.dat
2009-11-03 10:56 . 2009-06-06 07:12 5688 ----a-w- C:\My Folder_2.zip
2009-11-03 09:14 . 2009-06-28 05:45 -------- d-----w- c:\programmi\Live-Player
2009-11-03 08:54 . 2009-11-01 18:19 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\showsize
2009-11-03 08:48 . 2009-06-19 06:53 822904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-03 08:48 . 2009-06-19 06:53 1638104 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-03 08:48 . 2009-06-19 06:53 788368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-03 08:48 . 2009-06-19 06:53 1179232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-03 00:04 . 2009-07-05 06:38 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\BitTorrent
2009-11-01 18:20 . 2009-11-01 18:20 229376 ----a-w- c:\documents and settings\Marco\Dati applicazioni\showsize\biasjugsloud.exe
2009-11-01 18:20 . 2009-11-01 18:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Cast ping base frag
2009-11-01 18:20 . 2009-11-01 18:20 757760 ----a-w- c:\documents and settings\Marco\Dati applicazioni\showsize\uoxyiaay.exe
2009-11-01 18:19 . 2009-11-01 18:19 -------- d-----w- c:\programmi\showsize
2009-11-01 18:19 . 2009-11-01 18:19 -------- d-----w- c:\programmi\TorrentSpeeder
2009-10-30 14:35 . 2009-06-05 20:59 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-28 14:35 . 2009-06-06 07:12 12418 ----a-w- C:\My Folder.zip
2009-10-22 09:16 . 2009-11-04 19:45 5939712 ----a-w- c:\windows\system32\SET71.tmp
2009-10-15 19:31 . 2009-06-06 07:12 9928 ----a-w- C:\My Folder_3.zip
2009-10-14 16:50 . 2009-06-05 20:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-10-14 16:47 . 2009-06-18 08:32 -------- d-----w- c:\programmi\Microsoft SQL Server
2009-10-04 14:05 . 2009-10-04 14:05 17632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-04 14:05 . 2009-10-04 14:05 68640 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-04 14:05 . 2009-10-04 14:05 303976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-04 14:04 . 2009-06-19 06:53 640760 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-10-04 14:03 . 2009-06-05 19:21 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-04 12:25 . 2009-06-12 08:42 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\Any Video Converter
2009-09-27 17:40 . 2009-06-05 20:02 17177 ----a-w- c:\windows\system32\nvModes.dat
2009-09-25 20:20 . 2009-09-25 20:20 435720 ----a-w- c:\documents and settings\Marco\Dati applicazioni\Real\Update\setup3.08\setup.exe
2009-09-23 12:55 . 2009-06-12 11:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-14 21:19 . 2009-09-13 17:31 -------- d-----w- c:\programmi\FlashCAD_Composer
2009-09-11 14:17 . 2008-04-14 03:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 06:58 . 2009-08-13 15:27 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-06 19:37 . 2009-06-05 20:52 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\NeroVision
2009-09-04 21:03 . 2008-04-14 03:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 04:59 . 2009-06-05 20:31 131544 ----a-w- c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-29 07:56 . 2008-04-14 03:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2008-04-14 03:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

------- Sigcheck -------

[-] 2008-09-01 . 7109E7E75CC8BB2B3C05E03CD80AA446 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-06-18 321344]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2005-10-07 176128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2004-04-22 66656]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-04-22 124128]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"Microsoft Works Update Detection"="c:\programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"LaCie Hard Drive Configuration"="c:\programmi\LaCie\SAFE Hard Drive\SAFE Hard Drive Configuration.exe" [2007-01-18 3624960]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-12 68592]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-03 788368]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-06-18 198160]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Base frag grid bows"="c:\documents and settings\All Users\Dati applicazioni\Cast ping base frag\Five Beep.exe" [2009-11-04 761856]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 137216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\DC++\\DCPlusPlus.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programmi\\FlashCAD_Composer\\FlashCAD.exe"=
"c:\\Programmi\\Leica\\Axyz\\LTM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/06/2009 12.07.37 64288]
R2 LaCie Safe Hard Drive Enabler;LaCie Safe Hard Drive Enabler;c:\programmi\LaCie\SAFE Hard Drive\SafeService.exe [12/06/2009 8.39.05 61440]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12.17.32 1179232]
S2 gupdate1c9eb85a923ffba;Servizio di Google Update (gupdate1c9eb85a923ffba);c:\programmi\Google\Update\GoogleUpdate.exe [12/06/2009 18.46.04 133104]
S3 SavRoam;SAVRoam;c:\programmi\Symantec AntiVirus\SavRoam.exe [22/04/2004 11.45.44 173288]
S3 SsInstal;Brain Boxes Limited Service;c:\windows\system32\drivers\SsInstal.sys [17/10/2006 14.05.42 59904]
S3 SsPort;Brain Boxes Serial Port Service;c:\windows\system32\drivers\SsPort.sys [17/10/2006 14.07.14 84992]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 08:48]

2009-11-04 c:\windows\Tasks\BBBA041D96F1AFC1.job
- c:\docume~1\marco\datiap~1\showsize\biasjugsloud.exe [2009-11-01 18:20]

2009-10-26 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8244831597.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-12 17:46]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-12 17:46]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fastweb.it/portale/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Third obj - c:\docume~1\Marco\DATIAP~1\showsize\New tray.exe
AddRemove-POKEFORAUDIO - c:\docume~1\Marco\DATIAP~1\showsize\New tray.exe



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
Ora fine scansione: 2009-11-04 22.08.16
ComboFix-quarantined-files.txt 2009-11-04 21:07

Pre-Run: 17.273.454.592 byte disponibili
Post-Run: 17.998.389.248 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Avatar utente
pmarco66
Aficionado
Aficionado
 
Messaggi: 132
Iscritto il: mer ago 20, 2008 1:21 pm


Re: cid

Messaggioda Amantide » mer nov 04, 2009 10:22 pm

Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.
Codice: Seleziona tutto
File::
c:\documents and settings\All Users\Dati applicazioni\Cast ping base frag\Five Beep.exe
c:\documents and settings\Marco\Dati applicazioni\showsize\biasjugsloud.exe
c:\documents and settings\Marco\Dati applicazioni\showsize\uoxyiaay.exe
c:\windows\Tasks\BBBA041D96F1AFC1.job

Folder::
c:\documents and settings\All Users\Dati applicazioni\Cast ping base frag
c:\documents and settings\Marco\Dati applicazioni\showsize
c:\programmi\showsize

Ora trascina il file CFScript.txt sull'icona di ComboFix. Aspetta il termine della scansione e posta il nuovo log di Combofix.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: cid

Messaggioda pmarco66 » mer nov 04, 2009 10:36 pm

ComboFix 09-11-04.02 - Marco 04/11/2009 22.35.41.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1050 [GMT 1:00]
Eseguito da: c:\documents and settings\Marco\Desktop\roma.exe
Opzioni usate :: c:\documents and settings\Marco\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\All Users\Dati applicazioni\Cast ping base frag\Five Beep.exe"
"c:\documents and settings\Marco\Dati applicazioni\showsize\biasjugsloud.exe"
"c:\documents and settings\Marco\Dati applicazioni\showsize\uoxyiaay.exe"
"c:\windows\Tasks\BBBA041D96F1AFC1.job"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\Cast ping base frag
c:\documents and settings\All Users\Dati applicazioni\Cast ping base frag\Five Beep.dat
c:\documents and settings\All Users\Dati applicazioni\Cast ping base frag\Five Beep.exe
c:\documents and settings\Marco\Dati applicazioni\showsize
c:\documents and settings\Marco\Dati applicazioni\showsize\0
c:\documents and settings\Marco\Dati applicazioni\showsize\biasjugsloud.exe
c:\documents and settings\Marco\Dati applicazioni\showsize\uoxyiaay.exe
c:\programmi\showsize
c:\windows\Tasks\BBBA041D96F1AFC1.job

.
((((((((((((((((((((((((( Files Creati Da 2009-10-04 al 2009-11-04 )))))))))))))))))))))))))))))))))))
.

2009-11-04 20:55 . 2009-11-04 21:08 -------- d-----w- C:\roma
2009-11-04 20:30 . 2009-11-04 20:30 152576 ----a-w- c:\documents and settings\Marco\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 19:45 . 2009-11-04 19:45 -------- d-----w- c:\windows\LastGood
2009-11-03 08:49 . 2009-11-03 08:49 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-03 08:49 . 2009-11-03 08:49 93360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-03 08:49 . 2009-11-03 08:49 554280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-03 08:49 . 2009-11-03 08:49 212480 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-03 08:49 . 2009-11-03 08:49 283944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-03 08:49 . 2009-11-03 08:49 242984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-03 08:49 . 2009-11-03 08:49 1223976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-01 19:49 . 2009-11-01 20:02 -------- d-----w- c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\Temp
2009-11-01 18:19 . 2009-11-01 18:19 -------- d-----w- c:\programmi\TorrentSpeeder
2009-10-24 23:09 . 2009-11-03 08:49 537576 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-10-24 23:08 . 2009-10-24 23:08 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 23:08 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-14 16:47 . 2009-10-14 16:47 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-10-14 16:45 . 2009-10-14 16:45 -------- d-----w- c:\windows\SQL9_KB970892_ENU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 21:33 . 2009-06-18 08:52 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\DNA
2009-11-04 19:43 . 2009-06-05 20:33 -------- d-----w- c:\programmi\Symantec AntiVirus
2009-11-04 19:43 . 2009-06-18 08:52 -------- d-----w- c:\programmi\DNA
2009-11-04 06:32 . 2008-04-14 03:00 536414 ----a-w- c:\windows\system32\perfh010.dat
2009-11-04 06:32 . 2008-04-14 03:00 102124 ----a-w- c:\windows\system32\perfc010.dat
2009-11-03 10:56 . 2009-06-06 07:12 5688 ----a-w- C:\My Folder_2.zip
2009-11-03 09:14 . 2009-06-28 05:45 -------- d-----w- c:\programmi\Live-Player
2009-11-03 08:48 . 2009-06-19 06:53 822904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-03 08:48 . 2009-06-19 06:53 1638104 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-03 08:48 . 2009-06-19 06:53 788368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-03 08:48 . 2009-06-19 06:53 1179232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-03 00:04 . 2009-07-05 06:38 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\BitTorrent
2009-10-30 14:35 . 2009-06-05 20:59 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-28 14:35 . 2009-06-06 07:12 12418 ----a-w- C:\My Folder.zip
2009-10-22 09:16 . 2009-11-04 19:45 5939712 ----a-w- c:\windows\system32\SET71.tmp
2009-10-15 19:31 . 2009-06-06 07:12 9928 ----a-w- C:\My Folder_3.zip
2009-10-14 16:50 . 2009-06-05 20:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-10-14 16:47 . 2009-06-18 08:32 -------- d-----w- c:\programmi\Microsoft SQL Server
2009-10-04 14:05 . 2009-10-04 14:05 17632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-04 14:05 . 2009-10-04 14:05 68640 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-04 14:05 . 2009-10-04 14:05 303976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-04 14:04 . 2009-06-19 06:53 640760 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-10-04 14:03 . 2009-06-05 19:21 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-04 12:25 . 2009-06-12 08:42 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\Any Video Converter
2009-09-27 17:40 . 2009-06-05 20:02 17177 ----a-w- c:\windows\system32\nvModes.dat
2009-09-25 20:20 . 2009-09-25 20:20 435720 ----a-w- c:\documents and settings\Marco\Dati applicazioni\Real\Update\setup3.08\setup.exe
2009-09-23 12:55 . 2009-06-12 11:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-14 21:19 . 2009-09-13 17:31 -------- d-----w- c:\programmi\FlashCAD_Composer
2009-09-11 14:17 . 2008-04-14 03:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 06:58 . 2009-08-13 15:27 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-06 19:37 . 2009-06-05 20:52 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\NeroVision
2009-09-04 21:03 . 2008-04-14 03:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 04:59 . 2009-06-05 20:31 131544 ----a-w- c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-29 07:56 . 2008-04-14 03:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2008-04-14 03:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

------- Sigcheck -------

[-] 2008-09-01 . 7109E7E75CC8BB2B3C05E03CD80AA446 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-06-18 321344]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2005-10-07 176128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2004-04-22 66656]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-04-22 124128]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"Microsoft Works Update Detection"="c:\programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"LaCie Hard Drive Configuration"="c:\programmi\LaCie\SAFE Hard Drive\SAFE Hard Drive Configuration.exe" [2007-01-18 3624960]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-12 68592]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-03 788368]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-06-18 198160]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 137216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\DC++\\DCPlusPlus.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programmi\\FlashCAD_Composer\\FlashCAD.exe"=
"c:\\Programmi\\Leica\\Axyz\\LTM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/06/2009 12.07.37 64288]
R2 LaCie Safe Hard Drive Enabler;LaCie Safe Hard Drive Enabler;c:\programmi\LaCie\SAFE Hard Drive\SafeService.exe [12/06/2009 8.39.05 61440]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12.17.32 1179232]
S2 gupdate1c9eb85a923ffba;Servizio di Google Update (gupdate1c9eb85a923ffba);c:\programmi\Google\Update\GoogleUpdate.exe [12/06/2009 18.46.04 133104]
S3 SavRoam;SAVRoam;c:\programmi\Symantec AntiVirus\SavRoam.exe [22/04/2004 11.45.44 173288]
S3 SsInstal;Brain Boxes Limited Service;c:\windows\system32\drivers\SsInstal.sys [17/10/2006 14.05.42 59904]
S3 SsPort;Brain Boxes Serial Port Service;c:\windows\system32\drivers\SsPort.sys [17/10/2006 14.07.14 84992]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 08:48]

2009-10-26 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8244831597.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-12 17:46]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-12 17:46]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fastweb.it/portale/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Base frag grid bows - c:\documents and settings\All Users\Dati applicazioni\Cast ping base frag\Five Beep.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 22:40
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
Ora fine scansione: 2009-11-04 22.42.03
ComboFix-quarantined-files.txt 2009-11-04 21:42
ComboFix2.txt 2009-11-04 21:08

Pre-Run: 18.012.049.408 byte disponibili
Post-Run: 17.996.316.672 byte disponibili
Avatar utente
pmarco66
Aficionado
Aficionado
 
Messaggi: 132
Iscritto il: mer ago 20, 2008 1:21 pm

Re: cid

Messaggioda Amantide » mer nov 04, 2009 10:57 pm

OK, il CiD ora dovrebbe essere rimosso.

Queste cartelle invece sai cosa sono? Se non sai di cosa si tratta, anche queste sono da eliminare:

Codice: Seleziona tutto
C:\roma
c:\windows\LastGood
c:\programmi\TorrentSpeeder


Elimina anche questo file c:\windows\system32\SET71.tmp

Al posto di Ad-Aware ti consiglio di installare Malwarebytes Antimalware ed effettuare la scansione completa per sicurezza.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: cid

Messaggioda pmarco66 » mer nov 04, 2009 11:04 pm

scusa ma il file c:\windows\system32\SET71.tmp
lo devo togliere sempre con combofix oppure manualmente?
dopo la scansione devo loggare il post
grazie
Avatar utente
pmarco66
Aficionado
Aficionado
 
Messaggi: 132
Iscritto il: mer ago 20, 2008 1:21 pm

Re: cid

Messaggioda pmarco66 » mer nov 04, 2009 11:08 pm

dove trovo Malwarebytes Antimalware?
Avatar utente
pmarco66
Aficionado
Aficionado
 
Messaggi: 132
Iscritto il: mer ago 20, 2008 1:21 pm

Re: cid

Messaggioda Amantide » mer nov 04, 2009 11:13 pm

pmarco66 ha scritto:scusa ma il file c:\windows\system32\SET71.tmplo devo togliere sempre con combofix oppure manualmente?

Puoi farlo manualmente, forse dovrai abilitare la visualizzazione dei file nascosti per poterlo individuare.

pmarco66 ha scritto:dopo la scansione devo loggare il post

Possibilmente si.

pmarco66 ha scritto:dove trovo Malwarebytes Antimalware?


http://download.cnet.com/Malwarebytes-A ... tag=button

E qui la guida:

http://www.MegaLab.it/3634/guida-comple ... ti-malware
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: cid

Messaggioda pmarco66 » mer nov 04, 2009 11:28 pm

ComboFix 09-11-04.02 - Marco 04/11/2009 23.29.07.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1046 [GMT 1:00]
Eseguito da: c:\documents and settings\Marco\Desktop\roma.exe
Opzioni usate :: c:\documents and settings\Marco\Desktop\CFScript.txt.txt
.

((((((((((((((((((((((((( Files Creati Da 2009-10-04 al 2009-11-04 )))))))))))))))))))))))))))))))))))
.

2009-11-04 21:34 . 2009-11-04 21:42 -------- d-----w- C:\roma10843r
2009-11-04 20:55 . 2009-11-04 21:08 -------- d-----w- C:\roma
2009-11-04 20:30 . 2009-11-04 20:30 152576 ----a-w- c:\documents and settings\Marco\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 19:45 . 2009-11-04 19:45 -------- d-----w- c:\windows\LastGood
2009-11-03 08:49 . 2009-11-03 08:49 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-03 08:49 . 2009-11-03 08:49 93360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-03 08:49 . 2009-11-03 08:49 554280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-03 08:49 . 2009-11-03 08:49 212480 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-03 08:49 . 2009-11-03 08:49 283944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-03 08:49 . 2009-11-03 08:49 242984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-03 08:49 . 2009-11-03 08:49 1223976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-01 19:49 . 2009-11-01 20:02 -------- d-----w- c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\Temp
2009-11-01 18:19 . 2009-11-01 18:19 -------- d-----w- c:\programmi\TorrentSpeeder
2009-10-24 23:09 . 2009-11-03 08:49 537576 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-10-24 23:08 . 2009-10-24 23:08 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 23:08 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-14 16:47 . 2009-10-14 16:47 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-10-14 16:45 . 2009-10-14 16:45 -------- d-----w- c:\windows\SQL9_KB970892_ENU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 22:33 . 2009-06-18 08:52 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\DNA
2009-11-04 19:43 . 2009-06-05 20:33 -------- d-----w- c:\programmi\Symantec AntiVirus
2009-11-04 19:43 . 2009-06-18 08:52 -------- d-----w- c:\programmi\DNA
2009-11-04 06:32 . 2008-04-14 03:00 536414 ----a-w- c:\windows\system32\perfh010.dat
2009-11-04 06:32 . 2008-04-14 03:00 102124 ----a-w- c:\windows\system32\perfc010.dat
2009-11-03 10:56 . 2009-06-06 07:12 5688 ----a-w- C:\My Folder_2.zip
2009-11-03 09:14 . 2009-06-28 05:45 -------- d-----w- c:\programmi\Live-Player
2009-11-03 08:48 . 2009-06-19 06:53 822904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-03 08:48 . 2009-06-19 06:53 1638104 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-03 08:48 . 2009-06-19 06:53 788368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-03 08:48 . 2009-06-19 06:53 1179232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-03 00:04 . 2009-07-05 06:38 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\BitTorrent
2009-10-30 14:35 . 2009-06-05 20:59 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-28 14:35 . 2009-06-06 07:12 12418 ----a-w- C:\My Folder.zip
2009-10-15 19:31 . 2009-06-06 07:12 9928 ----a-w- C:\My Folder_3.zip
2009-10-14 16:50 . 2009-06-05 20:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-10-14 16:47 . 2009-06-18 08:32 -------- d-----w- c:\programmi\Microsoft SQL Server
2009-10-04 14:05 . 2009-10-04 14:05 17632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-04 14:05 . 2009-10-04 14:05 68640 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-04 14:05 . 2009-10-04 14:05 303976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-04 14:04 . 2009-06-19 06:53 640760 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-10-04 14:03 . 2009-06-05 19:21 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-04 12:25 . 2009-06-12 08:42 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\Any Video Converter
2009-09-27 17:40 . 2009-06-05 20:02 17177 ----a-w- c:\windows\system32\nvModes.dat
2009-09-25 20:20 . 2009-09-25 20:20 435720 ----a-w- c:\documents and settings\Marco\Dati applicazioni\Real\Update\setup3.08\setup.exe
2009-09-23 12:55 . 2009-06-12 11:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-14 21:19 . 2009-09-13 17:31 -------- d-----w- c:\programmi\FlashCAD_Composer
2009-09-11 14:17 . 2008-04-14 03:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 06:58 . 2009-08-13 15:27 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-06 19:37 . 2009-06-05 20:52 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\NeroVision
2009-09-04 21:03 . 2008-04-14 03:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 04:59 . 2009-06-05 20:31 131544 ----a-w- c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-29 07:56 . 2008-04-14 03:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2008-04-14 03:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

------- Sigcheck -------

[-] 2008-09-01 . 7109E7E75CC8BB2B3C05E03CD80AA446 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-06-18 321344]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2005-10-07 176128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2004-04-22 66656]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-04-22 124128]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"Microsoft Works Update Detection"="c:\programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"LaCie Hard Drive Configuration"="c:\programmi\LaCie\SAFE Hard Drive\SAFE Hard Drive Configuration.exe" [2007-01-18 3624960]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-12 68592]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-03 788368]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-06-18 198160]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 137216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\DC++\\DCPlusPlus.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programmi\\FlashCAD_Composer\\FlashCAD.exe"=
"c:\\Programmi\\Leica\\Axyz\\LTM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/06/2009 12.07.37 64288]
R2 LaCie Safe Hard Drive Enabler;LaCie Safe Hard Drive Enabler;c:\programmi\LaCie\SAFE Hard Drive\SafeService.exe [12/06/2009 8.39.05 61440]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12.17.32 1179232]
S2 gupdate1c9eb85a923ffba;Servizio di Google Update (gupdate1c9eb85a923ffba);c:\programmi\Google\Update\GoogleUpdate.exe [12/06/2009 18.46.04 133104]
S3 SavRoam;SAVRoam;c:\programmi\Symantec AntiVirus\SavRoam.exe [22/04/2004 11.45.44 173288]
S3 SsInstal;Brain Boxes Limited Service;c:\windows\system32\drivers\SsInstal.sys [17/10/2006 14.05.42 59904]
S3 SsPort;Brain Boxes Serial Port Service;c:\windows\system32\drivers\SsPort.sys [17/10/2006 14.07.14 84992]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 08:48]

2009-10-26 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8244831597.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-12 17:46]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-12 17:46]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fastweb.it/portale/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 23:33
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-11-04 23.35.14
ComboFix-quarantined-files.txt 2009-11-04 22:35
ComboFix2.txt 2009-11-04 21:42
ComboFix3.txt 2009-11-04 21:08

Pre-Run: 18.010.759.168 byte disponibili
Post-Run: 17.998.675.968 byte disponibili
Avatar utente
pmarco66
Aficionado
Aficionado
 
Messaggi: 132
Iscritto il: mer ago 20, 2008 1:21 pm

Re: cid

Messaggioda Amantide » mer nov 04, 2009 11:37 pm

Pensavo che intendessi il log di Malwarebytes. Quello di Combofix non mi dice niente di nuovo a parte quelle cartelle sospette.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: cid

Messaggioda pmarco66 » mer nov 04, 2009 11:42 pm

ma quelle due cartelle sospette(roma è il nome che ho dato a combofix) le devo togliere a mano o sempre con combofix usando il file txt?
Avatar utente
pmarco66
Aficionado
Aficionado
 
Messaggi: 132
Iscritto il: mer ago 20, 2008 1:21 pm

Re: cid

Messaggioda Amantide » mer nov 04, 2009 11:56 pm

Si potrebbero anche eliminare manualmente, non li avevo inseriti nello script perché non sapevo se si trattava di qualche programma che hai installato ultimamente.

Per eliminarli con Combofix devi usare questo script:

Codice: Seleziona tutto
File::
c:\windows\system32\SET71.tmp

Folder::
C:\roma
c:\windows\LastGood
c:\programmi\TorrentSpeeder
C:\roma10843r
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: cid

Messaggioda pmarco66 » gio nov 05, 2009 12:10 am

grazie amantide
domani installo Malwarebytes e ti loggherò il post
per adesso grazie un bacione
forza abruzzo
Avatar utente
pmarco66
Aficionado
Aficionado
 
Messaggi: 132
Iscritto il: mer ago 20, 2008 1:21 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 13 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising