Visualizzazione dei risultati da 1 a 4 su 4
  1. #1
    Utente di HTML.it
    Registrato dal
    Mar 2007
    Messaggi
    503

    ComboFix rileva infezioni

    Salve,

    scansionato con VirIt, Avira, Malwarebyte, nulla trovato, ma Combo si !
    Pls. potete controllare il Log?
    Grazie in anticipo !

    ComboFix 12-09-27.03 - Administrator 29/09/2012 13.07.08.7.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3535.2776 [GMT 2:00]
    Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {001310A0-0000-0000-0000-0000CD55927C}
    AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
    AV: AntiVir Desktop *Enabled/Updated* {00000010-0000-0000-0000-0000B8013D00}
    AV: AntiVir Desktop *Enabled/Updated* {00000010-0000-0000-0000-0000D8023D00}
    AV: AntiVir Desktop *Enabled/Updated* {7C926B08-FFFF-FFFF-00E0-FD7FB0F21200}
    AV: Avira Desktop *Disabled/Updated* {00000010-0000-0000-0000-0000B8013C00}
    AV: Avira Desktop *Enabled/Updated* {00000010-0000-0000-0000-0000B8013B00}
    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
    .
    .
    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    c:\documents and settings\All Users\Dati applicazioni\TEMP
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    La copia infetta di c:\windows\system32\msgsvc.dll è stata trovata e disinfettata
    ipristinata copia da - c:\windows\ERDNT\cache\msgsvc.dll
    .
    .
    ((((((((((((((((((((((((( Files Creati Da 2012-08-28 al 2012-09-29 )))))))))))))))))))))))))))))))))))
    .
    .
    2012-09-29 11:36 . 2012-09-29 11:37 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
    2012-09-29 07:24 . 2012-09-29 07:24 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\CrashRpt
    2012-09-24 19:16 . 2012-09-24 19:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Avira
    2012-09-24 19:15 . 2012-06-05 22:40 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-09-24 19:15 . 2012-06-05 22:40 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-09-24 19:15 . 2012-06-05 22:40 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2012-09-24 19:15 . 2012-09-24 19:15 -------- d-----w- c:\programmi\Avira
    2012-09-24 19:15 . 2012-09-24 19:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
    2012-09-24 18:26 . 2012-09-24 18:26 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-09-04 23:22 . 2012-09-26 12:30 -------- d-----w- c:\programmi\CCleaner
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    2012-09-28 13:00 . 2011-03-14 12:00 85144 ----a-w- c:\windows\system32\drivers\VIRAGTLT.sys
    2012-09-24 05:49 . 2011-04-20 19:40 32594 ----a-w- c:\windows\SCHEDLGU.TXT.TMP
    2012-09-20 18:28 . 2012-05-27 14:45 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-20 18:28 . 2012-05-27 14:45 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-07 15:04 . 2011-04-20 13:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-07 11:08 . 2012-09-07 11:08 266720 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2002-12-31 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "SpyShelter"="c:\programmi\SpyShelter Personal Free\SpyShelter.exe" [2012-02-17 3006776]
    "Freebie Notes"="c:\programmi\Power Soft\Freebie Notes\FreebieNotes.exe" [2010-10-30 3748688]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [2004-01-05 176128]
    "Six Engine"="c:\programmi\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
    "Persistence"="c:\windows\system32\igfxpers.ex e" [2011-08-05 166680]
    "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor .exe" [2007-12-10 323584]
    "mouseElf"="c:\progra~1\ERGOMO~1\MouseElf.EXE" [2005-07-15 208896]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.ex e" [2007-12-10 323584]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 142616]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 182552]
    "COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
    "RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
    "EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoin t.exe" [2011-10-07 1387288]
    "TkBellExe"="c:\programmi\Real\RealPlayer\update\r ealsched.exe" [2012-02-17 296056]
    "APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2012-04-18 421888]
    "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348664]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
    .
    c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
    PopTray.lnk - c:\programmi\PopTray\PopTray.exe [2006-9-16 1666048]
    .
    c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
    Acrobat Assistant.lnk - c:\programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2011-09-27 19:03 66328 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
    2003-09-03 06:14 49152 ----a-w- c:\windows\system32\Winlognotif.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
    "QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRA GTLT.sys [14/03/2011 14.00.02 85144]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.s ys [24/09/2012 21.15.42 36000]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [06/01/2011 17.37.02 494968]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [06/01/2011 17.37.04 31704]
    R1 Spyshelter;Spyshelter;c:\programmi\SpyShelter Personal Free\SpyShelter.sys [28/06/2012 23.52.13 167224]
    R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [24/09/2012 21.15.43 86224]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [16/01/2012 16.31.34 12184]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [22/08/2011 15.44.24 1526080]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programmi\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [20/04/2011 16.27.08 2314240]
    R3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\drivers\IntcDAud.sys [20/04/2011 16.20.41 260864]
    R3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [21/11/2011 18.42.19 618112]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi \TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [26/04/2011 15.30.20 10064]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [27/05/2012 16.45.41 250288]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [20/04/2011 16.19.30 1691480]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 8.56.24 114144]
    S4 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [14/03/2011 13.54.14 86016]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenuto della cartella 'Scheduled Tasks'
    .
    2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-05-27 18:28]
    .
    2012-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34]
    .
    2012-09-04 c:\windows\Tasks\DriverEasy Scheduled Scan.job
    - c:\programmi\Easeware\DriverEasy\DriverEasy.exe [2012-01-09 10:36]
    .
    2012-09-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-261903793-1801674531-500.job
    - c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-01-30 16:45]
    .
    2012-08-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-261903793-1801674531-500.job
    - c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-01-30 16:45]
    .
    .
    ------- Scansione supplementare -------
    .
    uStart Page = hxxp://www.google.it/
    IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    TCP: Interfaces\{B7C64984-57D6-4B3C-9193-29A7BBD0CC9A}: NameServer = 8.8.8.8,8.8.4.4
    FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\fpf11hmw.def ault\
    FF - prefs.js: browser.search.selectedEngine - Virgilio
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q =
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: network.http.pipelining - false
    FF - user.js: network.http.proxy.pipelining - false
    FF - user.js: network.http.pipelining.ssl - false
    FF - user.js: network.http.pipelining.maxrequests - 4
    .
    - - - - CHIAVI ORFANE RIMOSSE - - - -
    .
    HKU-Default-Run-MsnMsgr - c:\programmi\Windows Live\Messenger\MsnMsgr.Exe
    .
    .
    .
    ************************************************** ************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-29 13:37
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scansione processi nascosti ...
    .
    scansione entrate autostart nascoste ...
    .
    Scansione files nascosti ...
    .
    Scansione completata con successo
    Files nascosti: 0
    .
    ************************************************** ************************
    .
    --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .

  2. #2
    Utente di HTML.it
    Registrato dal
    Mar 2007
    Messaggi
    503
    --------------------- Dlls caricate dai processi in esecuzione ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1028)
    c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
    .
    - - - - - - - > 'lsass.exe'(1084)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'explorer.exe'(6676)
    c:\windows\system32\guard32.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    .
    - - - - - - - > 'csrss.exe'(916)
    c:\windows\system32\cmdcsr.dll
    .
    ------------------------ Altri processi in esecuzione ------------------------
    .
    c:\programmi\Avira\AntiVir Desktop\avguard.exe
    c:\programmi\Bonjour\mDNSResponder.exe
    c:\programmi\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\programmi\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\wscntfy.exe
    c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    c:\windows\RTHDCPL.EXE
    c:\programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
    .
    ************************************************** ************************
    .
    Ora fine scansione: 2012-09-29 13:58:46 - Il pc è stato riavviato
    ComboFix-quarantined-files.txt 2012-09-29 11:58
    .
    Pre-Run: 465.682.423.808 byte disponibili
    Post-Run: 465.666.711.552 byte disponibili
    .
    - - End Of File - - 5C16A3C922CC32B4D1B232BEC39B29AD

  3. #3
    Utente di HTML.it
    Registrato dal
    Mar 2007
    Messaggi
    503
    che faccio ?

  4. #4
    Utente di HTML.it
    Registrato dal
    Mar 2007
    Messaggi
    503
    Infetto sembra il mio pc.

    Non è che, se ricevo la risposta si infetta il mittente.

    Ciao !

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  
Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.