Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

controllo log COMBOFIX

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

controllo log COMBOFIX

Messaggioda manero478 » lun apr 18, 2011 10:12 pm

mi potete controllare questo log :

ComboFix 11-04-17.03 - Gilberto 18/04/2011 15:48:14.1.2 - x86
Eseguito da: c:\users\Gilberto\Downloads\ComboFix.exe
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\formatfactoryportable\FormatFactoryPortable.exe
C:\InfoSat.txt
c:\portablevirtualbox\PortableVirtualBox.exe
c:\users\Gilberto\AppData\Roaming\ImgBurn.exe
c:\users\Gilberto\AppData\Roaming\Local
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\(3).ddr
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(10).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(11).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(12).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(13).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(7).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(8).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(9).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Gilberto\AppData\Roaming\Microsoft\~DFK3ca46.tmp
c:\users\Gilberto\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Gilberto\AppData\Roaming\Microsoft\bass.dll
c:\users\Gilberto\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Gilberto\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Gilberto\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Gilberto\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Gilberto\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Gilberto\AppData\Roaming\OfferBox
c:\users\Gilberto\AppData\Roaming\OfferBox\config.dat
c:\users\Gilberto\AppData\Roaming\OfferBox\config.xml
c:\virtualdubmod\virtualdubmod.exe
c:\windows\system32\office.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Creati Da 2011-03-18 al 2011-04-18 )))))))))))))))))))))))))))))))))))
.
.
2011-04-18 13:56 . 2011-04-18 13:56 -------- d-----w- c:\users\Gilberto\AppData\Local\temp
2011-04-18 13:56 . 2011-04-18 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-15 12:59 . 2011-04-15 12:59 -------- d-----w- c:\users\Gilberto\AppData\Local\{B4CF318C-9CD8-4782-A007-96C0F1366962}
2011-04-15 00:02 . 2011-04-15 00:02 -------- d-----w- c:\users\Gilberto\AppData\Roaming\KeePass
2011-04-14 14:20 . 2011-04-14 14:20 -------- d-----w- c:\users\Gilberto\AppData\Local\{77600C73-A7B0-47EA-864A-87B79CC654C9}
2011-04-13 23:17 . 2004-06-11 13:33 290304 ----a-w- c:\windows\system32\subinacl.exe
2011-04-13 23:09 . 2011-04-13 23:09 -------- d-----w- c:\program files\Windows Resource Kits
2011-04-13 20:41 . 2011-04-13 20:41 -------- d-----w- C:\AnalyzeProduct
2011-04-13 00:02 . 2011-04-14 23:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-13 00:02 . 2011-04-13 00:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-12 18:34 . 2011-04-12 18:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-12 13:18 . 2011-04-12 13:18 118784 --sha-r- c:\windows\system32\sdrsvca.dll
2011-04-08 23:37 . 2011-04-08 23:37 -------- d-----w- c:\users\Gilberto\AppData\Roaming\QuickScan
2011-04-08 23:15 . 2011-04-08 23:15 -------- d-----w- c:\users\Gilberto\AppData\Roaming\f-secure
2011-04-08 23:15 . 2011-04-08 23:15 -------- d-----w- c:\programdata\F-Secure
2011-04-08 10:25 . 2011-04-08 10:25 -------- d-----w- c:\users\Gilberto\AppData\Roaming\ParetoLogic
2011-04-08 10:25 . 2011-04-08 10:25 -------- d-----w- c:\users\Gilberto\AppData\Roaming\DriverCure
2011-04-08 10:25 . 2011-04-08 10:37 -------- d-----w- c:\programdata\ParetoLogic
2011-04-07 21:15 . 2011-04-07 21:15 -------- d-----w- c:\program files\CCleaner
2011-04-07 18:52 . 2011-04-07 18:52 -------- d-----w- c:\users\Gilberto\AppData\Roaming\Malwarebytes
2011-04-07 18:52 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 18:52 . 2011-04-07 18:52 -------- d-----w- c:\programdata\Malwarebytes
2011-04-07 18:52 . 2011-04-09 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-07 18:52 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 00:21 . 2011-04-07 00:28 98304 ----a-w- c:\windows\Secure.dll
2011-04-06 23:26 . 2011-04-06 23:26 -------- d-----w- c:\users\Gilberto\AppData\Local\{8F8000AF-002A-4666-852C-6AACB59E3F19}
2011-04-06 21:11 . 2011-04-06 21:13 -------- d-----w- c:\program files\Protect Folder Plus
2011-04-04 11:31 . 2011-04-04 23:32 -------- d-----w- c:\users\Gilberto\AppData\Local\{A51DC558-8100-4EAC-8F26-519C0D102A53}
2011-04-01 20:51 . 2011-04-01 20:52 -------- d-----w- C:\GDPoker
2011-03-26 23:26 . 2011-03-26 23:26 -------- d-----w- c:\program files\Smart Projects
2011-03-26 15:18 . 2011-03-26 15:18 -------- d-----w- c:\program files\Auslogics
2011-03-25 11:42 . 2011-03-21 13:58 152064 ----a-w- c:\windows\system32\xvid.ax
2011-03-25 11:42 . 2011-03-19 15:04 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-25 11:41 . 2011-03-19 15:06 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-25 11:41 . 2011-03-25 11:41 -------- d-----w- c:\users\Gilberto\.bitrock
2011-03-24 14:32 . 2011-03-24 14:33 -------- d-----w- c:\program files\Portrait Professional Studio 9
2011-03-24 13:42 . 2011-03-24 13:42 -------- d-----w- c:\users\Gilberto\AppData\Roaming\Anthropics
2011-03-23 13:11 . 2011-03-23 13:11 -------- d-----w- c:\users\Gilberto\AppData\Local\{553B97A2-ABCC-4FAA-A3EF-78A79B1F8659}
2011-03-19 15:41 . 2011-03-19 15:45 -------- d-----w- c:\program files\MIDIRenderer
2011-03-19 14:56 . 2011-03-19 14:58 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 13:49 . 2011-01-20 23:03 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-15 15:19 . 2011-03-15 15:19 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-15 15:19 . 2011-03-15 15:19 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-15 15:19 . 2011-03-15 15:19 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-15 15:19 . 2011-03-15 15:19 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-15 15:19 . 2011-03-15 15:19 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-15 15:19 . 2011-03-15 15:19 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-15 15:19 . 2011-03-15 15:19 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-15 15:19 . 2011-03-15 15:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-15 15:19 . 2011-03-15 15:19 367104 ----a-w- c:\windows\system32\html.iec
2011-03-15 15:19 . 2011-03-15 15:19 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-15 15:19 . 2011-03-15 15:19 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-15 15:19 . 2011-03-15 15:19 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-15 15:19 . 2011-03-15 15:19 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-15 15:19 . 2011-03-15 15:19 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-15 15:19 . 2011-03-15 15:19 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-15 15:19 . 2011-03-15 15:19 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-15 15:19 . 2011-03-15 15:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-15 15:19 . 2011-03-15 15:19 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-03-15 15:19 . 2011-03-15 15:19 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-15 15:19 . 2011-03-15 15:19 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-15 15:19 . 2011-03-15 15:19 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-12 00:59 . 2011-03-11 22:10 673546 ----a-w- c:\windows\unins000.exe
2011-03-12 00:49 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-01 11:26 . 2011-03-01 11:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-24 09:56 . 2011-02-24 09:55 441064 ----a-w- c:\windows\Gd2x0401.zip
2011-02-23 15:50 . 2011-03-18 13:54 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-02-23 15:50 . 2011-03-18 13:54 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-02-23 11:01 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-13 00:09 . 2011-02-13 00:09 253952 ------w- c:\windows\Setup1.exe
2011-02-13 00:09 . 2011-02-13 00:09 74752 ----a-w- c:\windows\ST6UNST.EXE
2011-02-11 12:53 . 2011-02-11 12:53 69632 ----a-w- c:\windows\system32\realbap1.dll
2011-02-11 12:53 . 2011-02-11 12:53 45568 ----a-w- c:\windows\system32\realbsf1.dll
2011-02-11 00:30 . 2011-02-11 00:30 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-02-11 00:05 . 2011-02-03 17:28 81920 ----a-w- c:\users\Gilberto\AppData\Roaming\ezpinst.exe
2011-02-11 00:05 . 2011-02-03 17:28 47360 ----a-w- c:\users\Gilberto\AppData\Roaming\pcouffin.sys
2011-02-05 18:52 . 2011-01-26 13:54 7760687 ----a-w- c:\users\Gilberto\AppData\Roaming\SetupGFD.exe
2011-02-05 18:51 . 2011-01-26 13:54 5243208 ----a-w- c:\users\Gilberto\AppData\Roaming\AvsP.exe
2011-02-05 18:51 . 2011-01-26 13:53 4284535 ----a-w- c:\users\Gilberto\AppData\Roaming\ffdshow.exe
2011-02-05 18:50 . 2011-01-26 13:53 642685 ----a-w- c:\users\Gilberto\AppData\Roaming\xvid.exe
2011-02-05 18:50 . 2011-01-26 13:53 4182178 ----a-w- c:\users\Gilberto\AppData\Roaming\Avisynth.exe
2011-02-04 12:49 . 2011-03-12 13:03 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-02-04 12:49 . 2011-03-12 13:03 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-02-03 17:28 . 2011-02-03 17:28 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-02-03 05:54 . 2011-02-09 13:10 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-01 11:25 . 2011-02-01 11:25 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-01-27 18:20 . 2011-01-27 18:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-01-27 18:20 . 2011-01-27 18:20 375616 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-21 18:51 . 2011-01-20 23:32 1251944 ----a-w- c:\windows\RtlExUpd.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-06 281768]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=mapledxp.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2011-02-15 09:50 9224104 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-21 1343400]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 mapledxp;mapledxp;c:\windows\System32\drivers\mapledxp.SYS [2004-04-05 24720]
S2 CFSDrv;CFSDrv;c:\program files\Protect Folder Plus\CFSDrv.sys [2005-06-16 10240]
S2 CFSService;CFSService;c:\program files\Protect Folder Plus\CFSSvc.exe [2005-06-16 179712]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-02-04 196912]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 32672]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-05-11 1287296]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-11-23 91728]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-18 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-03-03 15:50]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:40]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:40]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1093936880-3266294500-1679983877-1000Core.job
- c:\users\Gilberto\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-20 22:40]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1093936880-3266294500-1679983877-1000UA.job
- c:\users\Gilberto\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-20 22:40]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: microsoft.com\update
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8e,04,fb,ce,73,e5,cb,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,83,5d,4e,ca,54,84,4f,92,7f,44,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,83,5d,4e,ca,54,84,4f,92,7f,44,\
.
[HKEY_USERS\S-1-5-21-1093936880-3266294500-1679983877-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0739A8BA-A3CA-1DDF-73F3-65D56926B178}*]
@Allowed: (Read) (RestrictedCode)
"oamjjnmncconoackeochpijadnfjac"=hex:64,61,6c,6c,6b,68,6d,6b,00,fc
"oailbhiankdoikaokjeipncnmogbdp"=hex:69,61,66,6d,6a,66,69,6a,70,6a,66,63,6f,66,
68,66,6d,66,00,00
"naclhcgddjoddjgihpjlgfdpldfi"=hex:69,61,66,6d,6a,66,66,6a,69,68,6f,70,6d,69,
69,66,6c,6e,00,00
"eaalbockbm"=hex:66,61,66,6a,6f,68,69,6a,6c,64,61,66,00,d8
"cajknb"=hex:6b,62,6b,6d,6d,6b,62,6e,69,61,62,62,63,61,62,64,68,67,65,70,67,63,
64,65,68,6e,61,6c,61,68,6f,63,67,70,65,61,63,66,6a,66,68,6f,68,6b,68,6d,70,\
.
[HKEY_USERS\S-1-5-21-1093936880-3266294500-1679983877-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BF15D7E-E274-656A-87A5-6AB6E4242F93}*]
@Allowed: (Read) (RestrictedCode)
"oabhfmbolhpdmooongpjbgjoeenoko"=hex:6a,61,6b,62,70,6f,62,6c,64,68,6a,6c,6d,65,
64,6c,6d,6e,6c,6f,00,00
"nalkpokecbdfmhjmdjnhjmoiahga"=hex:6a,61,6b,62,70,6f,62,6c,64,68,6a,6c,6d,65,
64,6c,6d,6e,6c,6f,00,00
"eajkfjoaoj"=hex:66,61,65,66,65,62,6e,6d,61,64,70,61,00,01
"caihpc"=hex:65,63,63,62,65,6b,68,69,69,6b,6d,67,6b,69,61,68,68,6d,62,65,61,68,
6c,63,6f,6d,67,6e,6c,66,6d,66,64,65,6c,70,6f,66,66,6c,69,6d,6f,6e,6a,6c,66,\
"oafhpodmpfdnphnnmcoicfianohejl"=hex:64,61,6b,62,6f,6f,70,6c,00,fc
.
[HKEY_USERS\S-1-5-21-1093936880-3266294500-1679983877-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE8707C6-2068-853A-FEBC-829BE8F93FB1}*]
@Allowed: (Read) (RestrictedCode)
"ialcedodmdloodnihd"=hex:6b,61,67,6a,67,6a,66,67,65,6d,6f,63,69,61,66,70,66,68,
62,67,67,68,00,00
"habeoeeipimkcofn"=hex:6b,61,67,6a,67,6a,66,67,65,6d,6f,63,69,61,66,70,66,68,
62,67,67,68,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-04-18 16:00:48
ComboFix-quarantined-files.txt 2011-04-18 14:00
.
Pre-Run: 192.838.893.568 byte disponibili
Post-Run: 192.780.533.760 byte disponibili
.
- - End Of File - - 487090262A4816BC0CAEBDC05B084323


Ed eventualmente dirmi se c'e' qualcosa da fare..
grazie
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Re: controllo log COMBOFIX

Messaggioda Ale2695 » mar apr 19, 2011 12:42 pm

[ciao]
Combofix ha eliminato un bel po' di roba sospetta... fai una scansione con Hijackthis e posta il log, almeno vediamo se e cosa c'è sopra ancora di preciso
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: controllo log COMBOFIX

Messaggioda hashcat » mar apr 19, 2011 1:51 pm

Controlla la presenza di questi file sul computer:
Codice: Seleziona tutto
dmboot.sys
dmio.sys
dmload.sys
sr.sys

In caso fossero presenti falli analizzare su virustotal.com se vengono rilevati infetti eliminali (salvali prima su una penna usb).

Se vuoi eseguire un controllo veloce che richiede la connessione ad internet scarica Hitman pro fai una scansione, non rimuovere nulla, al termine salva il log ed inseriscilo nel tuo prossimo messaggio:
Immagine
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm


Re: controllo log COMBOFIX

Messaggioda manero478 » mar apr 19, 2011 8:49 pm

hashcat ha scritto:dmboot.sys
dmio.sys
dmload.sys
sr.sys

c'e' solo dmio.sys .. ma su dei backup di driver fatti tempo fa' e comunque controllato ed e' OK
e dei srv.sys o sr2.sys

log Hitman pro

<?xml version="1.0"?>
-<Log filesProcessed="34758" timeSpentInSecs="603" date="2011-04-19T20:12:30" version="3.5.8.119" scan="Normal" computer="GILBERTO-PC">-<Item status="None" score="33.0" type="Suspicious"><File hash="72FB3D372CDB172052D1BFF85491C8C7C6799F2938A8D92E37AA2F3894D75AD6" path="C:\Program Files\Sony\Vegas Pro 10.0\ApplicationRegistration.exe"/></Item>-<Item status="None" score="33.0" type="Suspicious"><File hash="2DFA5B06396DB8E662D47C2CFA01DE8674AEB62EF3B1528969B2D7F76F938B71" path="C:\Program Files\Sony\Vegas Pro 10.0\External Control Drivers\faderport.dll"/></Item>-<Item status="None" score="33.0" type="Suspicious"><File hash="880515440074BAD80AC8F95086C679FEC272EA9AA2D9742C29A7E021EAA3CC33" path="C:\Program Files\Sony\Vegas Pro 10.0\External Control Drivers\spconsoleopt.dll"/></Item>-<Item status="None" score="33.0" type="Suspicious"><File hash="1BAE043D7D0679AA9330A84E2F3E833ADCC54299D992852981901205CCEC3878" path="C:\Program Files\Sony\Vegas Pro 10.0\External Control Drivers\spgenctrlopt.dll"/></Item>-<Item status="None" score="33.0" type="Suspicious"><File hash="3A11BD902EAB3001B357F5A803645DC94BED063CEE0343A44793A4C648D9C252" path="C:\Program Files\Sony\Vegas Pro 10.0\External Control Drivers\spmackiectrlopt.dll"/></Item>-<Item status="None" score="33.0" type="Suspicious"><File hash="1A7BE946E8BF5E6C9517E8B409FA1803928F5A50C070E1454D660BDC186FEF75" path="C:\Program Files\Sony\Vegas Pro 10.0\External Control Drivers\tranzport.dll"/></Item>-<Item status="None" score="33.0" type="Suspicious"><File hash="09097C744AC631BDCA0DD7246BCB3E48B19753337FA9B9C0E3F787049EB1756B" path="C:\Program Files\Sony\Vegas Pro 10.0\FileIO Plug-Ins\ac3plug\ac3market\ApplicationRegistration.exe"/></Item>-<Item status="None" score="33.0" type="Suspicious"><File hash="BC56554A16F3F94A5430AEE36538EAE75225F80B68A41BFEBEEDFC8BE43D3F8C" path="C:\Program Files\Sony\Vegas Pro 10.0\FileIO Plug-Ins\ac3plug\ac3market\sfmarket2.dll"/></Item>-<Item status="None" score="33.0" type="Suspicious"><File hash="A6A0F199C013D1EBD375A966F8CA648D4328D0B17E2D42863B0841A9E736773D" path="C:\Program Files\Sony\Vegas Pro 10.0\sfmarket2.dll"/></Item>-<Item status="None" score="33.0" type="Suspicious"><File hash="71D556B5FB992E2745699058AC8A919E26264B1BB00F345C7CD0197C34304639" path="C:\Program Files\Sony\Vegas Pro 10.0\sfpublish.dll"/></Item>-<Item status="None" score="23.0" type="Suspicious"><File hash="72931F25B4CADE844038D480C0EAF27A4BB896ECCDB4D307568634A50C40DE79" path="C:\Program Files\Sony\Vegas Pro 10.0\vegas100.exe"/>-<References><File path="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 10.0\Vegas Pro 10.0.lnk"/><File path="C:\Users\Gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Vegas Pro 10.0.lnk"/><File path="C:\Users\Public\Desktop\Vegas Pro 10.0.lnk"/><Key path="HKU\S-1-5-21-1093936880-3266294500-1679983877-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sony\Vegas Pro 10.0\vegas100.exe"/></References></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.affilodomination.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.letsbonus.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bleepingcomputer.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpxcenter.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.neudesicmediagroup.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:bwinit.122.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:c2.zedo.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:content.yieldmanager.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas8.emediate.eu"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:fl01.ct2.comclick.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:flycellcom.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftmachinetranslation.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:rts.pgmediaserve.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gilberto\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com"/></Item>-<Item status="None" score="107.0" type="Malware" malwareName="Malware">-<Scanners><Scanner name="Medium Risk Malware" id="Prevx"/></Scanners><File hash="F1030AEE7F817558C222395D0131D342AB9E7BE4E340DD4FC19AC96F3CE38858" path="C:\Users\Gilberto\Downloads\ausdiskdefragportable.exe"/></Item>-<Item status="None" score="106.0" type="Malware" malwareName="Trojan">-<Scanners><Scanner name="Trojan-Downloader.Win32.IstBar!IK" id="Ikarus"/></Scanners><File hash="16F2E44294A6A30B550A06BD32C5E67A8D9DFFDEEBF6F34C6B1D7F9D6601016A" path="C:\Users\Gilberto\Downloads\EliBaglA.exe"/></Item>-<Item status="None" score="115.0" type="Malware" malwareName="Malware">-<Scanners><Scanner name="Gen.Variant.Vundo!IK" id="Ikarus"/></Scanners><File hash="D1AE8078AC501BA9580976AE6126378E2440962EAED2DC165A929942CD4C8D02" path="C:\Windows\system32\sdrsvca.dll"/></Item></Log>


quando ho lanciato hijackthis mi ha chiesto dei diritti di amministratore.. infatti anche per aprire un semplice file RAR me lo ha chiesto
comunque questoi e' il LOG di hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:52, on 19/04/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gilberto\AppData\Local\Google\Chrome\Application\chrome.exe
H:\HijackThis2.02.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CFSService - Protect Folder Plus Team - C:\Program Files\Protect Folder Plus\CFSSvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe

--
End of file - 8483 bytes


.. c'e' anche il posto topic71258.html
sempre mio dove spiego alcuni problemi avuti..

grazie
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Re: controllo log COMBOFIX

Messaggioda manero478 » ven apr 22, 2011 12:45 am

MI AVETE LASCIATO
:((((((((((((((((((((((
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Re: controllo log COMBOFIX

Messaggioda eugenio19911 » ven apr 22, 2011 8:38 am

il log di hijackthis sembra pulito a questo punto potresti provare:
http://www.microsoft.com/security/scann ... fault.aspx il nuovo tool di casa Microsoft (un tool usa e getta che usa le definizioni di Microsoft Security Essential) per maggiori info c'è l'articolo su MegaLab: http://www.MegaLab.it/7267/microsoft-sa ... sa-e-getta
Successivamente potresti fare una scansione con emsisoft free:
http://www.emsisoft.it/it/software/antimalware/ oppure ashampoo antimalware: http://www.ashampoo.com/en/usd/lpa/gift/?c=ASH-FREE (sono equivalenti visto che usano gli stessi database anche se ashampoo è più veloce nella scansione, ma il link porta ad una promozione con licenza valida per 1 anno).
Se non dovessi avere nessun riscontro questi software si può procedere con una pulizia più aggressiva con norton power erase:
http://security.symantec.com/nbrt/npe.aspx?
Appunto Personale: Se ti venisse voglia di installare il pinguino o windows 8 fattela passare
Avatar utente
eugenio19911
Redattore
Redattore
 
Messaggi: 2158
Iscritto il: sab set 04, 2010 10:02 pm

Re: controllo log COMBOFIX

Messaggioda hashcat » ven apr 22, 2011 8:44 am

Elimina questi due oggetti:

Codice: Seleziona tutto
C:\Users\Gilberto\Downloads\ausdiskdefragportable.exe
C:\Windows\system32\sdrsvca.dll


Se il secondo fosse bloccato utilizza Unlocker o Fileassassin.

Per quanto riguarda hijackthis il log sembra pulito.

A questo punto prova a fare un po' di pulizia con:

  1. Ccleaner
  2. Atf cleaner
  3. Vipre Rescue
  4. Emsisoft free
  5. Kaspersky Virus Removal Tool
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: controllo log COMBOFIX

Messaggioda manero478 » sab apr 23, 2011 2:14 pm

************************
per Eugenio...
eseguito Microsoft Security Essential la prima opzione.. quella relativamente veloce... non ha rivelato nulla...

per hascat
""CODICE: SELEZIONA TUTTO
C:\Users\Gilberto\Downloads\ausdiskdefragportable.exe
C:\Windows\system32\sdrsvca.dll""
il file C:\Windows\system32\sdrsvca.dll non l'ho trovavo perche era nascosto.. poi quando vipre la scovato allora l'ho cercato trovato e cancellato
sono riuscito cambinado i diritti sul file.. perche non file assassin non lo cancellava.....

per il defragger ausdiskdefragportable.exe come mai dovrei cancellarlo?? e' recensito proprio in questo forum :
http://www.MegaLab.it/6876/auslogics-disk-defrag

eseguit1:
ccleaner... ok
ATF_clean .. ok
Vipre Rescue ....
log della parte finale :

Scan completed.
Scan time: 04:07:47
Rootkits: 6300 scanned, 0 found
Processes: 81 scanned, 0 found
Modules: 4297 scanned, 0 found
Folders: 19965 scanned, 0 found
Files: 130277 scanned, 17 found
Registry: 71479 scanned, 0 found
Total: 232399 scanned, 17 found
18 threat traces were detected.
Starting clean.
[CLEANING] Item: C:\AnalyzeProduct\ARC\I386\Post-Virus\Services.exe, ID: 4725250, Name: Trojan.Win32.Killav
Quarantine {80749582-1505-4506-B592-8F96AD1B1240} completed.
[CLEANING] Item: C:\Windows\System32\sdrsvca.dll, ID: 4738563, Name: Trojan.Win32.Kryptik.laq (v)
Quarantine {F254FC5A-E140-401E-9173-11BAA9C72D55} completed.
[CLEANING] Item: C:\AnalyzeProduct\ARC\I386\HOSTS\VersionCheck.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {6E0D8BC6-E670-499D-9B3F-FC850520193B} completed.
[CLEANING] Item: C:\AnalyzeProduct\ARC\I386\Post-Virus\Abilitare Icone start.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {27666484-E080-493E-8A96-1F65D8ACD132} completed.
[CLEANING] Item: C:\AnalyzeProduct\ARC\I386\Post-Virus\Abilitare il menu file +Opzioni Cartella dal Pannello di controllo.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {8C0F12B5-52D8-4BF3-ACB7-6E67EBCE9C98} completed.
[CLEANING] Item: C:\AnalyzeProduct\ARC\I386\Post-Virus\AbilitÓ Task manager.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {96FBD591-5F62-4F3E-B2FF-BCEBF1D3569F} completed.
[CLEANING] Item: C:\AnalyzeProduct\ARC\I386\Post-Virus\CMD_Abilitato.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {82AD79C3-7E0B-4C07-A8C6-DF5E96EF8780} completed.
[CLEANING] Item: C:\AnalyzeProduct\ARC\I386\Post-Virus\Disable_Auto.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {0FEA6E6B-BEE4-491F-8259-6051937F9CDB} completed.
[CLEANING] Item: C:\AnalyzeProduct\ARC\I386\Post-Virus\Open.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {48C12746-D0FD-4B95-86D6-7B2EC71ECDD7} completed.
[CLEANING] Item: C:\AnalyzeProduct\ARC\I386\Post-Virus\Optional\MSNNo.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {0AE5F2A6-07C5-4007-84B4-3EA174716BB3} completed.
[CLEANING] Item: C:\AnalyzeProduct\ARC\I386\Post-Virus\Optional\SystemeRestoreNO.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {D45117BB-3941-4B1E-8A4A-EAA7FC5D1D9A} completed.
[CLEANING] Item: C:\AnalyzeProduct\ARC\I386\Post-Virus\Pannello di Controllo suRisorse del Computer.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {64AC958D-79FE-4121-9304-575222C0C274} completed.
[CLEANING] Item: C:\AnalyzeProduct\ARC\I386\Post-Virus\Ripristina tutti i dischi locali.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {13F384ED-42A4-41CC-BD7B-4AC3DFD348C3} completed.
[CLEANING] Item: C:\Mirc invision Darksin ita\Addons\mIRC-6.31-ITA_TuttoIRC\mIRC.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {7C21327B-1647-4772-B0D0-9F4D9AF1F971} completed.
[CLEANING] Item: C:\Program Files\Portrait Professional Studio 9\PortraitProfessionalStudio.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
[CLEANING] Item: C:\Users\Gilberto\Desktop\Portrait Professional Studio 9.lnk, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {8C7076D5-1BEE-4CA0-AAEB-E7BB40E428B8} completed.
Quarantine {EB8A83E3-03A6-429A-8951-984C637833D2} completed.
Clean completed.
Clean time: 00:00:24
16 threats were cleaned.
C:\VIPRERESCUE>

tutti falsi positivi..

e questo e' il log xml per quel file :

<?xml version="1.0"?>
-<SBCSQuarantineRecordXML threatDefinitionVersion="9084" BufferOnly="false" Source="0" quarantineLocation="C:\VIPRERESCUE\Quarantine" scanGUID="{A6B8295B-041C-4297-B187-EF8F49A9EFF3}" dateTimeStampUTC="2011-04-23T01:23:34" quarantineId="{8C7076D5-1BEE-4CA0-AAEB-E7BB40E428B8}" optionalScan="0" author="" canQuarantine="true" adviseType="3" type="Malware" category="Trojan" level="2" name="Trojan.Win32.Generic!BT" threatId="4150696"><authorURL/><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData/>-<fixes>-<fix dispValue="C:\Program Files\Portrait Professional Studio 9\PortraitProfessionalStudio.exe" isTransient="false" actionType="1" traceType="4">-<originalAttributes><attr v="C:\Program Files\Portrait Professional Studio 9\PortraitProfessionalStudio.exe" n="path"/><attr v="6F4762810A1B0000" n="crc8"/><attr v="E43E25CC7AD26D7A30BFFEA9501C4D9B" n="md5"/><attr v="1" n="detectionType"/></originalAttributes>-<quarantineAttributes><attr v="{FAC3F05F-1E09-41A0-A1F5-A2B750A1487A}" n="quarantineName"/><attr v="true" n="isEncrypted"/></quarantineAttributes></fix>-<fix dispValue="C:\Users\Gilberto\Desktop\Portrait Professional Studio 9.lnk" isTransient="false" actionType="1" traceType="4">-<originalAttributes><attr v="C:\Users\Gilberto\Desktop\Portrait Professional Studio 9.lnk" n="path"/><attr v="1F0A87107F2B422BE6DC35EAC98B9A5D" n="md5"/></originalAttributes>-<quarantineAttributes><attr v="{73974007-44CC-4E49-99C4-3D02751C653B}" n="quarantineName"/><attr v="true" n="isEncrypted"/></quarantineAttributes></fix></fixes></SBCSQuarantineRecordXML>

ora come posso fare per recuperare almeno PortraitProfessionalStudio.exe
perche i file sono in quarantena .. ma sono criptati...

Emsisoft free... pulito
Kaspersky Virus Removal Tool.. pulito

spero posso recuperare quel file..
per il resto sembra tutto pulito..

resto in attesa...
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Re: controllo log COMBOFIX

Messaggioda manero478 » mer apr 27, 2011 1:17 pm

non mi e' mai capitato di essere ignorato in questo modo..
spero sia per il fatto delle feste pasquali...
/*
a parte recuperare qul file .. se possibile... (altrimenti lo reinstallo)
resta comunque il fatto che rimane l'errore 80070005, se provo a fare il WINDOWS UPDATE..
(per quello che ho letto in giro sembrerebbe che non ho i diritti di amministratore)
del resto riesco a fare tutto...
*/

buon proseguimento...
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Re: controllo log COMBOFIX

Messaggioda eugenio19911 » mer apr 27, 2011 2:19 pm

Sposta la cartella creata da vipre in c: rinominandola viprerescuescanner
Apri il Promp dei comandi di windows.

anche se hai windows xp il percorso potrà essere diverso dal mio
Codice: Seleziona tutto
c:\Users\Medesimo>
l'importante che arrivi ad ottenere
Codice: Seleziona tutto
c:\>
per far ciò digita [spazio]cd.. per ogni stinga per ogni \ che incontri escluso quello dell'unità c: e premi invio.
  1. digita: cd viprerescuescanner e premi invio.
  2. digita: viprerescuescanner.exe /restore 1
  3. esegui questo comando tante volte quanti sono gli oggetti in quarantena per ripristinarli
Dovresti ottenere una cosa del genere l'unica differenza che non avendo oggetti in quarantena da ripristinare mi da l'errore mentre se ne hai te li ripristinaImmagine

Ricordati che questo forum è gratuito e gli utenti mettono a disposizione le loro risorse e tempo gratuitamente [;)]
Appunto Personale: Se ti venisse voglia di installare il pinguino o windows 8 fattela passare
Avatar utente
eugenio19911
Redattore
Redattore
 
Messaggi: 2158
Iscritto il: sab set 04, 2010 10:02 pm

Re: controllo log COMBOFIX

Messaggioda manero478 » mer apr 27, 2011 6:17 pm

grazie eugenio19911

non semplice per ripristinarne uno specifico...
comunque ho fatto..
grazie ancora...

per il resto.. rimango in attesa...
ciao ciao
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Re: controllo log COMBOFIX

Messaggioda eugenio19911 » mer apr 27, 2011 9:18 pm

Anche se a questo punto comincio ha dubitare fortemente che sia un malware a inibirti windows update per toglierci gli ultimi dubbi puoi provare:
Una scansione con Prevx:
http://info.prevx.com/downloadcsi.asp
se neanche con questo dovessi avere un riscontro si può provare con:
http://security.symantec.com/nbrt/npe.aspx?lcid=1033
Spero non ti sarai offeso per il post precedente ma ho dovuto anche io imparare ad usare lo scan di vipre visto che non avendotelo consigliato io ho dovuto capire i meccanismi del programma giustamente inoltre durante le feste e possibile che alcuni post vengano un po' tralasciati sperando che una persona qualificata (o chi ti ha dato la suggerito il software) risponda magari al ritorno.
Aspetto aggiornamenti al riguardo [ciao] e buona serata.
Appunto Personale: Se ti venisse voglia di installare il pinguino o windows 8 fattela passare
Avatar utente
eugenio19911
Redattore
Redattore
 
Messaggi: 2158
Iscritto il: sab set 04, 2010 10:02 pm

Re: controllo log COMBOFIX

Messaggioda manero478 » mer apr 27, 2011 10:28 pm

ma no.. ma quale offeso....
io vi ringrazio comunque per quello che riuscite a fare [applauso+]

allora tutti e 2 hanno dato esito negativo..
non allego i log perche troppo grandi..

comunque prevx... sistema pulito

norton ... ha trovato qualche sospetto.. ma su prog conosciuti e addirittura su dll di avira antivirus..

quindi probabile nessun virus/maleware/spyware..
perche appunto comunque il pc va' bene a parte WINDOVS UPDATE..

per dovere di cronaca ;) ti dico anche che ho provato questo :
direttamente da microsoft :

http://social.answers.microsoft.com/For ... f=required

anche la ricostruzione della carte per windows update...

ma nulla di fatto...

non so' piu che inventarmi..
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Re: controllo log COMBOFIX

Messaggioda eugenio19911 » mer apr 27, 2011 10:37 pm

a questo punto punto penso che il mio aiuto finisce qui appurando che non si tratta di un malware ma un problema di altra natura.
Spero che qualcun altro possa aiutarti [ciao]
Appunto Personale: Se ti venisse voglia di installare il pinguino o windows 8 fattela passare
Avatar utente
eugenio19911
Redattore
Redattore
 
Messaggi: 2158
Iscritto il: sab set 04, 2010 10:02 pm

Re: controllo log COMBOFIX

Messaggioda manero478 » mer apr 27, 2011 11:13 pm

grazie eugenio...
:)
buona notte
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 7 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising