Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Combofix! Help Me!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Combofix! Help Me!

Messaggioda Ale2695 » lun nov 16, 2009 6:00 pm

Allora, ho scaricato Combofix per controllare il mio pc da Softonic, lo avvio, e mi avvisa di disattivare l'antivirus (Avira PE Freeware). Io lo disabilito, ma lui dice che è ancora in attività, ma mi lascia andare avanti. Ad un certo punto mi dice che è impossibile rinominare Combofix.exe in Combofix[1].exe e mi annulla il processo interrompendolo. Mi aiutate? A, c'è un altra cosa: ho notato che il mio computer ha difficoltà a memorizzare i cookie, infatti non riesco ad accedere a MegaLab.it da Firefox, mentre da IE 8 sì.
Ultima modifica di Ale2695 il lun nov 16, 2009 7:00 pm, modificato 3 volte in totale.
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: Aiuto non riesco ad avviare Combofix!!!

Messaggioda ste_95 » lun nov 16, 2009 6:03 pm

Prova a salvare l'eseguibile di ComboFix e non ad aprirlo direttamente dal browser. [;)]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Aiuto non riesco ad avviare Combofix!!!

Messaggioda Ale2695 » lun nov 16, 2009 6:05 pm

Ora ci provo, lo sto scaricando con Firefox che me lo salva in automatico, ti faccio sapere...
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: Aiuto non riesco ad avviare Combofix!!!

Messaggioda Roberto88 » lun nov 16, 2009 6:09 pm

Ale2695 ha scritto:Ora ci provo, lo sto scaricando con Firefox che me lo salva in automatico, ti faccio sapere...

tasto destro sul link del download e clicchi su salva oggetto con nome (o qualcosa di simile) e salvalo con nome di fantasia
con combofix potresti far così: disattiva l'avvio automatico dell'antivirus, riavvia poi lancialo
within the truth of evil and good there's more than you see
....much more than you should
Avatar utente
Roberto88
Bronze Member
Bronze Member
 
Messaggi: 968
Iscritto il: mar nov 11, 2008 11:17 pm

Re: Aiuto non riesco ad avviare Combofix!!!

Messaggioda Ale2695 » lun nov 16, 2009 6:22 pm

Ok,Combofix sono riuscito a farlo funzionare, mi potete controllare il log, perché ha rimosso qualche cosa:
ComboFix 09-11-16.05 - Ale2695 16/11/2009 18.16.47..2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1492 [GMT 1:00]
Eseguito da: c:\documents and settings\Ale2695\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll
c:\windows\TEMP\logishrd\LVPrcInj02.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-10-16 al 2009-11-16 )))))))))))))))))))))))))))))))))))
.

2009-11-15 18:03 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2009-11-15 18:02 . 2009-11-15 18:02 -------- d-----w- c:\programmi\Logitech
2009-11-15 17:59 . 2009-11-15 17:59 -------- d-----w- c:\programmi\File comuni\Logitech
2009-11-15 17:58 . 2009-11-15 17:58 -------- d-----w- c:\documents and settings\Ale2695\Impostazioni locali\Dati applicazioni\Downloaded Installations
2009-11-15 17:29 . 2009-11-15 17:29 -------- d-----w- c:\windows\ie8updates
2009-11-15 17:22 . 2009-08-29 07:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-15 17:22 . 2009-08-29 07:56 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-15 17:22 . 2009-08-29 07:56 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-15 17:22 . 2009-08-29 07:56 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-15 17:22 . 2009-08-29 07:56 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-15 17:22 . 2009-08-29 07:56 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-15 17:15 . 2009-11-15 17:15 -------- d-----w- c:\documents and settings\Ale2695\Dati applicazioni\temp
2009-11-15 14:35 . 2009-11-15 14:35 -------- d-sh--w- c:\documents and settings\Ale2695\IECompatCache
2009-11-15 14:34 . 2009-11-15 14:34 -------- d-sh--w- c:\documents and settings\Ale2695\PrivacIE
2009-11-15 14:30 . 2009-11-15 14:30 -------- d-sh--w- c:\documents and settings\Ale2695\IETldCache
2009-11-15 12:47 . 2009-11-15 12:48 -------- dc-h--w- c:\windows\ie8
2009-11-15 12:47 . 2009-11-15 12:48 -------- d-----w- c:\windows\system32\it-IT
2009-11-15 12:35 . 2009-11-15 12:35 -------- d-----w- c:\programmi\Microsoft CAPICOM 2.1.0.2
2009-11-15 11:47 . 2009-11-15 17:31 -------- d-----w- c:\documents and settings\Ale2695\Impostazioni locali\Dati applicazioni\ApplicationHistory
2009-11-15 11:47 . 2009-11-15 11:47 136 ----a-w- c:\documents and settings\Ale2695\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-11-15 11:47 . 2006-12-30 18:27 4569 -c--a-w- c:\windows\system32\dllcache\secupd.dat
2009-11-15 11:47 . 2006-12-30 18:27 4569 ------w- c:\windows\system32\secupd.dat
2009-11-15 11:46 . 2009-11-15 11:46 -------- d-----w- c:\programmi\MSXML 4.0
2009-11-15 11:40 . 2009-11-15 11:40 -------- d-----w- c:\documents and settings\Ale2695\Dati applicazioni\PCToolsFirewallPlus
2009-11-15 11:37 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-15 11:37 . 2009-09-23 15:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-15 11:37 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-15 11:36 . 2009-11-16 17:22 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-15 11:36 . 2009-11-15 11:37 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-11-15 11:36 . 2009-10-30 10:09 70280 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-11-15 11:36 . 2009-10-16 15:09 55208 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2009-11-15 11:36 . 2009-08-14 12:44 32552 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-11-15 11:36 . 2009-10-16 15:55 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-11-15 11:36 . 2009-11-15 11:41 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2009-11-15 11:24 . 2009-11-15 11:24 -------- d-----w- c:\documents and settings\Ale2695\Impostazioni locali\Dati applicazioni\Identities
2009-11-15 11:23 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-11-15 11:22 . 2009-11-15 11:22 -------- d-----w- c:\windows\Logs
2009-11-15 11:12 . 2009-11-15 11:12 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\McAfee
2009-11-15 11:10 . 2009-11-15 11:10 -------- d-----w- c:\programmi\VS Revo Group
2009-11-15 11:08 . 2007-08-02 12:00 25600 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-11-15 11:07 . 2009-11-15 11:07 -------- d-----w- c:\programmi\File comuni\McAfee
2009-11-15 11:07 . 2009-11-15 11:40 -------- d-----w- c:\programmi\McAfee
2009-11-15 11:07 . 2009-11-15 11:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-11-15 10:03 . 2009-11-15 10:06 -------- d-----w- c:\documents and settings\Ale2695\Dati applicazioni\HpUpdate
2009-11-15 10:03 . 2009-11-15 10:03 -------- d-----w- c:\windows\Hewlett-Packard
2009-11-15 09:55 . 2009-11-15 09:58 -------- d-----w- c:\programmi\File comuni\HP
2009-11-15 09:52 . 2009-11-15 10:03 -------- d-----w- c:\programmi\Hewlett-Packard
2009-11-15 09:51 . 2009-11-15 09:51 -------- d-----w- c:\programmi\File comuni\Hewlett-Packard
2009-11-15 09:50 . 2009-11-15 09:51 -------- d-----w- c:\windows\system32\URTTemp
2009-11-15 09:49 . 2004-12-14 17:06 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-15 09:46 . 2009-11-15 10:04 -------- d-----w- c:\programmi\HP
2009-11-15 09:44 . 2009-11-15 09:44 -------- d-----w- c:\programmi\CCleaner
2009-11-15 09:44 . 2009-11-15 10:00 69099 ----a-w- c:\windows\hpoins05.dat
2009-11-15 09:44 . 2004-12-14 17:06 19696 ------w- c:\windows\hpomdl05.dat
2009-11-15 09:42 . 2009-10-07 08:47 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2009-11-15 09:42 . 2009-10-07 08:24 34068 ----a-w- c:\windows\system32\Repository.reg
2009-11-15 09:42 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-11-15 09:42 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
2009-11-15 09:42 . 2008-02-06 02:21 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-11-15 09:42 . 2008-02-06 02:18 195096 ----a-r- c:\windows\system32\lvci11701196.dll
2009-11-15 09:41 . 2009-10-07 08:43 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2009-11-15 09:41 . 2009-10-07 08:49 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2009-11-15 09:41 . 2009-10-07 08:49 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2009-11-14 17:04 . 2009-11-14 17:04 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-11-14 17:03 . 2009-11-15 18:12 -------- d-----w- c:\windows\system32\LogFiles
2009-11-14 17:03 . 2009-11-14 17:03 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-11-14 17:03 . 2009-11-14 17:03 -------- d-----w- C:\2869b75e6c968bf2fa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 17:21 . 2009-11-15 09:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-16 17:21 . 2009-11-15 09:41 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-11-15 18:04 . 2009-11-14 16:49 -------- d-----w- c:\programmi\File comuni\LogiShrd
2009-11-15 18:02 . 2009-11-14 16:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logishrd
2009-11-15 14:35 . 2007-08-02 12:00 63180 ----a-w- c:\windows\system32\perfc010.dat
2009-11-15 14:35 . 2007-08-02 12:00 425432 ----a-w- c:\windows\system32\perfh010.dat
2009-11-15 12:49 . 2009-11-14 16:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-11-15 11:04 . 2009-11-14 16:21 -------- d-----w- c:\programmi\EA SPORTS
2009-11-15 09:40 . 2009-11-14 15:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-11-14 16:59 . 2009-11-14 15:58 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-14 16:59 . 2009-11-14 16:57 -------- d-----w- c:\programmi\CyberLink
2009-11-14 16:57 . 2009-11-14 15:33 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-11-14 16:56 . 2009-11-14 16:56 -------- d-----w- c:\programmi\File comuni\Adobe
2009-11-14 16:53 . 2009-11-14 15:31 68448 ----a-w- c:\documents and settings\Ale2695\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-14 16:52 . 2009-11-14 16:51 -------- d-----w- c:\programmi\Windows Live
2009-11-14 16:52 . 2009-11-14 16:52 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2009-11-14 16:51 . 2009-11-14 16:51 -------- d-----w- c:\programmi\Microsoft
2009-11-14 16:51 . 2009-11-14 16:51 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-11-14 16:50 . 2009-11-14 16:50 -------- d-----w- c:\documents and settings\Ale2695\Dati applicazioni\Leadertech
2009-11-14 16:49 . 2009-11-14 16:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logitech
2009-11-14 16:45 . 2009-11-14 16:45 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-11-14 16:44 . 2009-11-14 16:15 -------- d-----w- c:\programmi\Microsoft Works
2009-11-14 16:15 . 2009-11-14 16:15 -------- d-----w- c:\programmi\MSBuild
2009-11-14 16:04 . 2009-11-14 16:04 0 ----a-w- c:\windows\nsreg.dat
2009-11-14 16:02 . 2009-11-14 16:02 -------- d-----w- c:\programmi\Avira
2009-11-14 16:02 . 2009-11-14 16:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-11-14 15:58 . 2009-11-14 15:58 -------- d-----w- c:\programmi\Realtek
2009-11-14 15:54 . 2009-11-14 15:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-11-14 15:54 . 2009-11-14 15:52 -------- d-----w- c:\programmi\File comuni\Ahead
2009-11-14 15:53 . 2009-11-14 15:53 1962544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-11-14 15:52 . 2009-11-14 15:52 -------- d-----w- c:\programmi\Nero
2009-11-14 15:52 . 2009-11-14 15:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-11-14 15:46 . 2009-11-14 15:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-14 15:42 . 2007-08-02 12:00 506880 ----a-w- c:\windows\system32\winlogon.exe
2009-11-14 15:33 . 2009-11-14 15:33 315392 ----a-w- c:\windows\HideWin.exe
2009-11-14 15:33 . 2009-11-14 15:33 -------- d-----w- c:\programmi\DIFX
2009-11-14 15:32 . 2009-11-14 15:32 -------- d-----w- c:\documents and settings\Ale2695\Dati applicazioni\InstallShield
2009-11-14 15:26 . 2009-11-14 15:26 -------- d-----w- c:\programmi\microsoft frontpage
2009-11-14 15:25 . 2009-11-14 15:25 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-14 15:25 . 2009-11-14 15:25 -------- d-----w- c:\programmi\Servizi in linea
2009-11-14 15:23 . 2009-11-14 15:23 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-14 12:40 . 2009-10-14 12:40 296280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Logishrd\LQCVFX\Filters\VMSEF.dll
2009-10-14 12:37 . 2009-10-14 12:37 6781272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Logishrd\LQCVFX\Filters\MMSEF.dll
2009-10-07 08:25 . 2009-11-15 18:03 266828 ----a-w- c:\windows\system32\drivers\LVAFT.cfg
2009-10-07 00:46 . 2009-10-07 00:46 25752 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2009-10-07 00:25 . 2009-10-07 00:25 85302 ----a-w- c:\windows\system32\drivers\LVFeL102.cfg
2009-10-07 00:25 . 2009-10-07 00:25 69592 ----a-w- c:\windows\system32\drivers\LVFaL100.cfg
2009-10-07 00:25 . 2009-10-07 00:25 227172 ----a-w- c:\windows\system32\drivers\LVFeL100.cfg
2009-10-07 00:25 . 2009-10-07 00:25 146680 ----a-w- c:\windows\system32\drivers\LVFeL101.cfg
2009-10-07 00:23 . 2009-10-07 00:23 13584 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2009-09-25 05:48 . 2009-09-25 05:48 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:34 . 2007-08-02 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2007-08-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2007-08-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:14 . 2007-08-02 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

------- Sigcheck -------

[-] 2009-11-14 15:42 . BBB128D4D36D82A3588DE37966ACDAB0 . 506880 . . [5.1.2600.3160 built by: xpsp_sp2_qfe(pavang)] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-17 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-17 86016]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-10-28 2971608]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-17 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-08-02 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Ale2695^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk]
path=c:\documents and settings\Ale2695\Menu Avvio\Programmi\Esecuzione automatica\Logitech . Registrazione prodotti.lnk
backup=c:\windows\pss\Logitech . Registrazione prodotti.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ale2695^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\Ale2695\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido di HP Image Zone.lnk
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [15/11/2009 12.37.04 233136]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [15/11/2009 12.07.22 92296]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [15/11/2009 12.37.05 87784]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [15/11/2009 12.36.53 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [15/11/2009 12.36.53 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [15/11/2009 12.36.53 55208]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [15/11/2009 12.36.50 115216]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mbr
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-16 c:\windows\Tasks\User_Feed_Synchronization-{6320E425-A66C-4C3F-BAEB-FE58BEB9EC39}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://it.yahoo.com/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ale2695\Dati applicazioni\Mozilla\Firefox\Profiles\2rtjoo4z.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com/
FF - component: c:\programmi\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-16 18:22
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3108)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Nero\Nero 7\InCD\InCDsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\nvsvc32.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-16 18:27 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-16 17:27

Pre-Run: 140.240.715.776 byte disponibili
Post-Run: 140.483.682.304 byte disponibili

- - End Of File - - 244E86608078A660ACF4AC6A1D79BC7C
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 9 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising