Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

help

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

help

Messaggioda comodoforever » sab mag 08, 2010 6:49 pm

il mio pc è infetto, ho come ant avast ed firewall comodo, comodo rileva le attività dannose e le blocca il file incriminato è megarun.exe ,aiuto
Avatar utente
comodoforever
Senior Member
Senior Member
 
Messaggi: 233
Iscritto il: mar apr 06, 2010 6:11 pm

Re: help

Messaggioda stevens » sab mag 08, 2010 6:51 pm

scarica hijackthis

1) crea una cartella dedicata e scompattalo al suo interno
2) lancia il programma
3) nel menu' di destra clicca su "do a system scan and save a log file"
4) il programma ti rilascerà un file di report in formato txt, salvalo e postalo sul forum
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: help

Messaggioda comodoforever » sab mag 08, 2010 7:00 pm

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link by Dr.Web - http://www.drweb.com/online/drweb-online-en.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Servizio di Google Update (gupdate1c9f1abde683926) (gupdate1c9f1abde683926) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe

--
End of file - 6096 bytes
Avatar utente
comodoforever
Senior Member
Senior Member
 
Messaggi: 233
Iscritto il: mar apr 06, 2010 6:11 pm


Re: help

Messaggioda comodoforever » sab mag 08, 2010 7:00 pm

ho bloccato il file infetto con comodo sia in memoria che sul file vero e proprio
Avatar utente
comodoforever
Senior Member
Senior Member
 
Messaggi: 233
Iscritto il: mar apr 06, 2010 6:11 pm

Re: help

Messaggioda stevens » sab mag 08, 2010 7:18 pm

se vuoi assistenza dovresti postare il log per intero, manca la parte iniziale
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: help

Messaggioda comodoforever » sab mag 08, 2010 7:22 pm

il file infetto c'è ma è bliccato da comodo quindi non si vede .Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.22.49, on 08/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link by Dr.Web - http://www.drweb.com/online/drweb-online-en.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Servizio di Google Update (gupdate1c9f1abde683926) (gupdate1c9f1abde683926) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe

--
End of file - 6063 bytes
Avatar utente
comodoforever
Senior Member
Senior Member
 
Messaggi: 233
Iscritto il: mar apr 06, 2010 6:11 pm

Re: help

Messaggioda stevens » sab mag 08, 2010 7:33 pm

disattiva il tuo antivirus

scarica combofix sul desktop ed eseguilo
(non installare la recovery console)
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: help

Messaggioda comodoforever » dom mag 09, 2010 7:25 am

Ecco :ComboFix 10-05-07.07 - Karmen 08/05/2010 20.45.55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.447.106 [GMT 2:00]
Eseguito da: d:\Documents and Settings\Karmen\Documenti\Download\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Karmen\Dati applicazioni\inst.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-04-08 al 2010-05-08 )))))))))))))))))))))))))))))))))))
.

2010-05-08 17:59:44 . 2010-05-08 17:59:44 388096 ----a-r- C:\Documents and Settings\Karmen\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-08 17:59:42 . 2010-05-08 17:59:42 -------- d-----w- C:\Programmi\Trend Micro
2010-05-08 17:40:42 . 2010-05-08 17:40:42 -------- d-----w- C:\Documents and Settings\Karmen\Dati applicazioni\Malwarebytes
2010-05-08 17:40:35 . 2010-04-29 13:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-05-08 17:40:34 . 2010-05-08 17:40:34 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2010-05-08 17:40:32 . 2010-04-29 13:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-05-08 17:40:31 . 2010-05-08 17:40:39 -------- d-----w- C:\Programmi\Malwarebytes' Anti-Malware
2010-05-08 17:34:13 . 2010-05-08 17:34:13 -------- d--h--w- C:\WINDOWS\PIF
2010-04-11 13:18:50 . 2010-04-11 13:18:51 25185 ----a-w- C:\Documents and Settings\Karmen\Menu Avvio.zip
2010-04-11 09:58:09 . 2010-05-02 10:02:36 -------- d-----w- C:\VritualRoot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 20:59:36 . 2010-04-04 16:44:47 165032 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2010-05-06 20:39:23 . 2010-04-04 16:45:25 46672 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-05-06 20:39:00 . 2010-04-04 16:45:26 164048 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2010-05-06 20:34:27 . 2010-04-04 16:45:25 23376 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-05-06 20:33:59 . 2010-04-04 16:45:23 100432 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-05-06 20:33:55 . 2010-04-04 16:45:22 94800 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2010-05-06 20:33:47 . 2010-04-04 16:45:26 19024 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-05-06 20:33:29 . 2010-04-04 16:45:22 28880 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-05-05 12:48:24 . 2010-04-02 10:10:25 -------- d-----w- C:\Programmi\COMODO
2010-04-16 18:24:57 . 2009-06-20 13:31:40 -------- d-----w- C:\Programmi\Google
2010-04-14 16:47:23 . 2010-04-04 16:44:47 38848 ----a-w- C:\WINDOWS\system32\avastSS.scr
2010-04-14 11:39:10 . 2010-03-03 15:54:42 277240 ----a-w- C:\WINDOWS\system32\guard32.dll
2010-04-14 11:39:09 . 2010-03-03 15:54:16 86800 ----a-w- C:\WINDOWS\system32\drivers\inspect.sys
2010-04-14 11:39:08 . 2010-03-03 15:54:14 25240 ----a-w- C:\WINDOWS\system32\drivers\cmdhlp.sys
2010-04-14 11:39:08 . 2010-03-03 15:54:12 15464 ----a-w- C:\WINDOWS\system32\drivers\cmderd.sys
2010-04-14 11:39:07 . 2010-03-23 16:40:00 225344 ----a-w- C:\WINDOWS\system32\drivers\cmdGuard.sys
2010-04-04 16:44:39 . 2010-04-04 16:44:39 -------- d-----w- C:\Programmi\Alwil Software
2010-04-04 16:44:39 . 2010-04-04 16:44:39 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
2010-04-04 09:57:56 . 2008-08-03 08:53:12 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2010-04-02 10:18:48 . 2010-04-02 10:05:40 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Comodo
2010-04-02 10:05:53 . 2010-04-02 10:05:53 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Comodo Downloader
2010-03-28 08:55:12 . 2001-08-31 13:00:00 84330 ----a-w- C:\WINDOWS\system32\perfc010.dat
2010-03-28 08:55:12 . 2001-08-31 13:00:00 489598 ----a-w- C:\WINDOWS\system32\perfh010.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-20 13:31:43 39408]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 14:44:08 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 01:33:00 53248]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2006-08-16 03:10:55 503808]
"COMODO Internet Security"="C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" [2010-04-14 11:37:46 2029456]
"avast5"="C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 20:59:42 2815192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16:38 39792 ----a-w- C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 20:32:00 208952 ----a-w- C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 14:21:30 54832 ----a-w- C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-03 20:32:16 455168 ----a-w- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-03 20:32:16 455168 ----a-w- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-07 14:24:52 71216 ------w- C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Firefly Studios\\Stronghold 2-Demo\\Stronghold2Demo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [04/04/2010 18.45.26 164048]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\system32\drivers\cmdGuard.sys [23/03/2010 18.40.00 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\WINDOWS\system32\drivers\cmdhlp.sys [03/03/2010 17.54.14 25240]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [04/04/2010 18.45.26 19024]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBAMSWISSARMY
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-08 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-20 13:31:40 . 2009-06-20 13:31:40]

2010-05-08 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2009-06-20 13:34:41 . 2009-06-20 13:34:37]

2010-05-08 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2009-06-20 13:34:41 . 2009-06-20 13:34:37]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://google.it/
uSearchURL,(Default) = hxxp://it.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scan link by Dr.Web - http://www.drweb.com/online/drweb-online-en.html
FF - ProfilePath - C:\Documents and Settings\Karmen\Dati applicazioni\Mozilla\Firefox\Profiles\q9uuhtp5.default\
FF - component: C:\Programmi\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Programmi\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: C:\Programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-MSMSGS - C:\Programmi\Messenger\msmsgs.exe
Avatar utente
comodoforever
Senior Member
Senior Member
 
Messaggi: 233
Iscritto il: mar apr 06, 2010 6:11 pm

Re: help

Messaggioda stevens » dom mag 09, 2010 10:36 am

combofix non rileva niente....prova ad analizzarlo qui e sul sito di virustotal

controlla anche le proprieta' del file (societa' ecc...ecc...]
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: help

Messaggioda MIKI.68 » dom mag 09, 2010 11:05 am

mega run.exe secondo me non è un virus, inoltre comodo blocca un processo o un programma pericoloso o indesiderato e non i virus....posta una immagine del task manager cliccando sul tab "processi".
Il Vero problema è tra il monitor e la tastiera..
http://miki68news.blogspot.com/
Avatar utente
MIKI.68
Aficionado
Aficionado
 
Messaggi: 102
Iscritto il: mer apr 21, 2010 2:27 pm
Località: Bari

Re: help

Messaggioda comodoforever » dom mag 09, 2010 11:11 am

credo che abbia vinto questo battaglia con malwarebytes e comunque si era un programma malevolo.. grazie di tutto comunqu [^] e
Avatar utente
comodoforever
Senior Member
Senior Member
 
Messaggi: 233
Iscritto il: mar apr 06, 2010 6:11 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising