www.MegaLab.it

[CASTELLO]

RAGAZZI SONO NUOVO DEL FORUM , HO UN PROBLEMA CON IEXPLORE.EXE CHE COMPARE NEL TASK MANAGER, SONO 10 GG CHE CON SCANSIONI ANTIVIRUS (NORTON,ANTIVIRAL,ECC) CERCO DI ELIMINARE IL VIRUS O CASA CHE SIA.MI POTETE AIUTARE? HO ISTALLATO antivir e spywareterminator

[Roberto88]

con ComboFix hai già provato??
cerca di scrivere in minuscolo
dai un'occhiata qui per altre possibili soluzioni

P.S.
come direbbe ste_95:
Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto

[LOG]qui va inserito il log[/LOG]

[lorenaino]

ciao,dopo aver usato il "tuttofare" Combofix,puoi fare anche 2 scansioni complete con Malwarebytes' Anti-Malware free e Superantispyware free:

http://download.cnet.com/3001-8022_4-10 ... l-10804572

http://www.superantispyware.com/downloa ... PYWAREFREE

[CASTELLO]

ComboFix 09-12-11.04 - Linda 12/12/2009 10.36.15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1014.594 [GMT 1:00]
Eseguito da: c:\documents and settings\Linda\Desktop\FANTASIA.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ccrpTmr6.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-11-12 al 2009-12-12 )))))))))))))))))))))))))))))))))))
.

2009-12-11 15:30 . 2009-12-11 15:30 -------- d-----w- c:\programmi\Crawler
2009-12-11 15:30 . 2009-12-11 15:30 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2009-12-11 15:30 . 2009-12-11 15:30 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2009-12-11 15:30 . 2009-12-11 15:30 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-11 15:30 . 2009-12-11 15:33 -------- d-----w- c:\documents and settings\Linda\Dati applicazioni\Spyware Terminator
2009-12-11 15:30 . 2009-12-11 15:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-12-11 15:30 . 2009-12-11 15:34 -------- d-----w- c:\programmi\Spyware Terminator
2009-12-11 15:27 . 2009-12-11 15:27 117760 ----a-w- c:\documents and settings\Linda\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-11 15:26 . 2009-12-11 15:26 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-12-11 14:43 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-11 14:43 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-11 14:43 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-11 14:43 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-11 14:43 . 2009-12-11 14:43 -------- d-----w- c:\programmi\Avira
2009-12-11 14:43 . 2009-12-11 14:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-11 12:53 . 2009-12-11 12:53 -------- d-----w- c:\programmi\TrendMicro
2009-12-10 08:53 . 2009-12-10 08:53 -------- d-----w- c:\documents and settings\Linda\ErrorLogs
2009-12-09 19:49 . 2009-12-09 19:49 -------- d-----w- c:\programmi\Uniblue
2009-12-09 19:48 . 2009-12-09 19:48 -------- d-----w- c:\windows\system32\it-IT
2009-12-09 19:46 . 2009-12-11 14:40 720240 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-09 19:46 . 2009-12-09 19:46 -------- d-----w- c:\programmi\Reference Assemblies
2009-12-09 19:42 . 2009-12-09 19:42 -------- d-----r- C:\AHCache
2009-12-09 14:13 . 2009-12-11 14:41 -------- d-----w- c:\programmi\a-squared Free
2009-12-09 12:26 . 2009-12-09 12:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-12-09 12:26 . 2009-12-11 15:26 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-12-09 12:26 . 2009-12-11 15:26 -------- d-----w- c:\documents and settings\Linda\Dati applicazioni\SUPERAntiSpyware.com
2009-12-03 09:40 . 2009-12-03 09:40 -------- d-----w- c:\windows\Sun
2009-12-01 15:43 . 2008-05-02 09:41 3493888 ---ha-w- c:\documents and settings\Linda\Dati applicazioni\U3\temp\Launchpad Removal.exe
2009-11-24 08:53 . 2001-08-09 22:53 1046288 ----a-w- c:\windows\system32\msjet35.dll
2009-11-24 08:53 . 2001-08-10 00:01 252176 ----a-w- c:\windows\system32\Msrd2x35.dll
2009-11-24 08:53 . 2001-08-09 22:54 415504 ----a-w- c:\windows\system32\msrepl35.dll
2009-11-24 08:53 . 2001-08-09 22:50 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
2009-11-24 08:53 . 2001-08-09 22:50 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
2009-11-24 08:53 . 1998-04-25 00:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-11-23 15:22 . 2009-11-23 15:22 -------- d-----w- C:\UnicoOnLine
2009-11-23 15:22 . 2009-11-23 15:22 -------- d--h--w- c:\programmi\Zero G Registry
2009-11-23 15:22 . 2009-11-23 15:22 -------- d--h--w- c:\documents and settings\Linda\InstallAnywhere
2009-11-23 15:20 . 2009-11-23 15:20 -------- d-----w- c:\programmi\Java
2009-11-23 15:20 . 2009-11-23 15:20 -------- d-----w- c:\programmi\File comuni\Java
2009-11-23 15:20 . 2009-11-23 15:20 -------- d-----w- c:\documents and settings\Linda\Impostazioni locali\Dati applicazioni\Sun
2009-11-18 10:03 . 1998-11-13 11:07 307712 ----a-w- c:\windows\IsUn0410.exe
2009-11-17 17:45 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-17 17:43 . 2009-11-17 17:43 -------- d-----w- c:\programmi\lex
2009-11-17 17:31 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-17 17:31 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-16 12:14 . 2009-11-16 12:14 -------- d-----w- c:\programmi\iXi Tools
2009-11-16 08:45 . 2009-11-16 08:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-11-13 12:26 . 2009-11-13 12:26 -------- d-----w- c:\documents and settings\Linda\Impostazioni locali\Dati applicazioni\Symantec
2009-11-13 12:05 . 2009-11-13 12:04 35888 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-11-13 12:04 . 2009-12-11 14:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2009-11-13 12:02 . 2009-11-13 12:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 09:38 . 2007-12-19 13:06 14496 ----a-w- c:\documents and settings\Linda\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-09 19:49 . 2009-11-04 10:48 -------- d-----w- c:\documents and settings\Linda\Dati applicazioni\Uniblue
2009-12-09 19:46 . 2001-08-31 11:00 57758 ----a-w- c:\windows\system32\perfc010.dat
2009-12-09 19:46 . 2001-08-31 11:00 432600 ----a-w- c:\windows\system32\perfh010.dat
2009-12-01 16:11 . 2007-12-19 13:11 -------- d-----w- c:\documents and settings\Linda\Dati applicazioni\U3
2009-11-18 16:28 . 2009-11-17 17:45 -------- d-----w- c:\programmi\Lexmark X1100 Series
2009-11-13 15:25 . 2009-10-05 12:19 -------- d-----w- c:\programmi\Cobian Backup 8
2009-11-11 10:19 . 2009-11-07 14:08 108 ----a-w- c:\documents and settings\All Users\Dati applicazioni\6O2o1v6.dat
2009-11-05 08:15 . 2009-11-04 10:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-11-04 11:02 . 2009-11-04 11:00 -------- d-----w- c:\programmi\PHPNukeIT
2009-11-04 11:00 . 2009-11-04 11:00 -------- d-----w- c:\programmi\Conduit
2009-10-31 10:03 . 2007-12-19 14:10 737280 ----a-w- c:\windows\iun6002.exe
2009-10-29 14:21 . 2009-10-29 13:55 -------- d-----w- c:\programmi\3 Internet
2009-10-26 17:11 . 2009-10-26 17:10 -------- d-----w- c:\programmi\CrossLoop
2009-10-14 15:49 . 2009-10-14 15:49 -------- d-----w- c:\programmi\DIFX
2009-10-09 07:53 . 2007-12-19 13:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-05 12:11 . 2009-10-05 12:11 7078 ----a-r- c:\documents and settings\Linda\Dati applicazioni\Microsoft\Installer\{8AEA05BE-B7D9-4BE1-9FEA-B277152FFA80}\_69525f90.exe
2009-10-05 12:11 . 2009-10-05 12:11 2238 ----a-r- c:\documents and settings\Linda\Dati applicazioni\Microsoft\Installer\{8AEA05BE-B7D9-4BE1-9FEA-B277152FFA80}\_18be6784.exe
2009-10-05 12:11 . 2009-10-05 12:11 1078 ----a-r- c:\documents and settings\Linda\Dati applicazioni\Microsoft\Installer\{8AEA05BE-B7D9-4BE1-9FEA-B277152FFA80}\_4ae13d6c.exe
2009-10-05 12:11 . 2009-10-05 12:11 1078 ----a-r- c:\documents and settings\Linda\Dati applicazioni\Microsoft\Installer\{8AEA05BE-B7D9-4BE1-9FEA-B277152FFA80}\_2cd672ae.exe
2009-10-05 12:11 . 2009-10-05 12:11 1078 ----a-r- c:\documents and settings\Linda\Dati applicazioni\Microsoft\Installer\{8AEA05BE-B7D9-4BE1-9FEA-B277152FFA80}\_294823.exe
.

Codice: Seleziona tutto

<pre>
c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\programmi\Cobian Backup 8\Cobian .exe
c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
</pre>

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-25 39408]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-12-11 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2005-09-12 479232]
"Lexmark X1100 Series"="c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_16\bin\jusched.exe" [2008-05-28 75256]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-12-11 2166784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acer WLAN 11g USB Dongle.lnk - c:\programmi\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Look@LAN\\LookAtLan.exe"=
"c:\\Programmi\\Look@LAN\\LookAtHost.exe"=
"c:\\Programmi\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Programmi\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Programmi\\Java\\jre1.5.0_16\\bin\\javaw.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8.43.30 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8.43.28 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [11/12/2009 16.30.17 142592]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8.43.30 7408]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {119CC475-891D-4E36-A603-3B4E024E6A45} = 151.99.125.2,151.99.125.3
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\Toolbar\ctbr.dll
DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} - hxxp://www.inps.it/Servizi/ParlaConNoi/ ... IPhona.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-HijackThis - c:\docume~1\Linda\IMPOST~1\Temp\Directory temporanea 1 per HiJackThis.zip\HijackThis.exe



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
.
Ora fine scansione: 2009-12-12 10:42:12
ComboFix-quarantined-files.txt 2009-12-12 09:42

Pre-Run: 51.828.482.048 byte disponibili
Post-Run: 52.783.185.920 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5854770626733510EA52CEE9557D8B13