Ok allora ho rifatto tutte le scansioni... AVG scansione completa non ha rilevato nulla... ora ti allego i log di malwarebytes, combifix e hijackthis...
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.orgVersione database: 4151
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28/05/2010 17.16.04
mbam-log-2010-05-28 (17-16-04).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 177171
Tempo trascorso: 41 minuti, 56 secondi
Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0
Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)
Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)
Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)
Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)
Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)
Cartelle infette:
(Non sono stati rilevati elementi nocivi)
File infetti:
(Non sono stati rilevati elementi nocivi)
ComboFix 10-05-26.04 - Katia 28/05/2010 17.18.52.3.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3063.2237 [GMT 2:00]
Eseguito da: c:\documents and settings\Katia\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2010-04-28 al 2010-05-28 )))))))))))))))))))))))))))))))))))
.
2010-05-27 21:20 . 2010-05-27 21:20 388096 ----a-r- c:\documents and settings\Katia\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-05-27 21:20 . 2010-05-27 21:20 -------- d-----w- c:\programmi\TrendMicro
2010-05-27 16:24 . 2010-05-27 16:15 398336 ----a-w- c:\windows\system32\CF3458.exe
2010-05-27 16:08 . 2010-05-27 16:08 -------- d-----w- c:\programmi\CCleaner
2010-05-25 20:00 . 2010-05-25 20:00 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-05-25 18:34 . 2010-05-25 18:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-25 18:34 . 2010-05-25 18:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-25 18:34 . 2010-05-25 18:34 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-25 18:34 . 2010-05-25 18:34 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 18:34 . 2010-05-25 18:34 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-25 17:00 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-25 17:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-25 14:33 . 2010-05-25 14:33 -------- d-----w- c:\documents and settings\Katia\Dati applicazioni\SUPERAntiSpyware.com
2010-05-25 14:18 . 2010-05-25 14:18 -------- d-----w- c:\documents and settings\Katia\Impostazioni locali\Dati applicazioni\Sunbelt Software
2010-05-23 23:05 . 2010-05-23 23:05 -------- d-----w- c:\documents and settings\Katia\Dati applicazioni\TrojanHunter
2010-05-23 22:57 . 2010-05-23 22:57 -------- d-----w- c:\programmi\TrojanHunter 5.3
2010-05-23 21:13 . 2010-05-23 21:13 -------- d-----w- c:\programmi\AVG
2010-05-23 21:13 . 2010-05-23 21:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-05-23 04:51 . 2010-05-23 04:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-05-23 04:51 . 2010-05-23 04:51 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-05-22 20:31 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-20 23:19 . 2010-05-20 23:19 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-05-19 21:39 . 2010-05-19 21:39 -------- d-----w- c:\documents and settings\Katia\Dati applicazioni\IObit
2010-05-05 19:33 . 2010-05-05 19:33 8461760 ----a-w- c:\documents and settings\Katia\Dati applicazioni\Azureus\tmp\AZU24261.tmp\Vuze_4.4.0.2_win32.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 07:05 . 2006-08-18 11:55 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-05-21 07:05 . 2006-08-18 11:55 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-05-12 09:21 . 2009-10-03 04:45 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-25 16:59 . 2010-04-25 16:59 -------- d-----w- c:\programmi\Windows Media Connect 2
2010-04-16 19:12 . 2010-04-16 19:12 -------- d-----w- c:\programmi\Query Juris Data
2010-04-16 15:39 . 2010-04-16 15:39 -------- d-----w- c:\programmi\SpywareBlaster
2010-03-10 06:15 . 2006-08-18 11:54 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-02-28 12:48 . 2009-02-28 12:48 2109296 ----a-w- c:\programmi\p2p-torrent-toolbar-free.exe
2009-02-28 11:46 . 2009-02-28 11:46 7446471 ----a-w- c:\programmi\Azureus_3.0.4.2_windows.zip
2009-02-28 10:13 . 2009-02-28 10:13 143411048 ----a-w- c:\programmi\windows live mess.exe
2009-02-22 09:50 . 2009-02-22 09:50 1046656 ----a-w- c:\programmi\Google_Updater.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-05-27_18.21.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 01:14 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 01:14 . 2010-01-23 07:11 46080 c:\windows\system32\tzchange.exe
+ 2010-04-25 17:00 . 2009-05-26 09:01 18808 c:\windows\system32\spmsg.dll
- 2010-04-25 17:00 . 2009-05-26 11:41 18808 c:\windows\system32\spmsg.dll
+ 2010-05-27 21:20 . 2010-05-27 21:20 1093632 c:\windows\Installer\29e743.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2009-04-16 24264488]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-20 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-09 16861184]
"SMSERIAL"="c:\programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
LUMIX Simple Viewer.lnk - c:\programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2009-11-25 57344]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Ares\\Ares.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [22/05/2010 22.31.09 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/05/2010 20.34.37 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/05/2010 20.34.45 242896]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [25/05/2010 20.33.52 308064]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [19/11/2007 15.21.10 205381]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [19/11/2007 15.19.00 25240]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [19/11/2007 15.20.18 76440]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c994db746006ee;Servizio di Google Update (gupdate1c994db746006ee);c:\programmi\Google\Update\GoogleUpdate.exe [22/02/2009 11.51.02 133104]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [19/11/2007 15.20.24 20632]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [19/11/2007 15.20.32 21656]
S4 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [28/02/2009 13.32.23 464264]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [28/02/2009 13.32.36 234888]
.
Contenuto della cartella 'Scheduled Tasks'
2010-05-28 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 03:49]
2010-05-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 20:18]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-22 09:51]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-22 09:51]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.altalex.com/uInternet Connection Wizard,ShellNext =
hxxp://webact.symantec.com/webact-redir ... ang=sym:IT.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-28 17:22
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(1060)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-05-28 17:24:44
ComboFix-quarantined-files.txt 2010-05-28 15:24
ComboFix2.txt 2010-05-27 19:41
ComboFix3.txt 2010-05-27 18:23
Pre-Run: 181.075.607.552 byte disponibili
Post-Run: 181.042.446.336 byte disponibili
- - End Of File - - 386511070336D4D9F246BFC59D91E40B
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 18.05.35, on 28/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.altalex.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://webact.symantec.com/webact-redir ... ang=sym:ITR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Servizio di Google Update (gupdate1c994db746006ee) (gupdate1c994db746006ee) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
--
End of file - 5691 bytes
Forum
Login
Iscriviti
FAQ
Cerca
