Olimpo Informatico

flavly · Comune mortale Registrato: 05/07/08 15:53 Messaggi: 1

Ciao a tutti sono nuova....sono capitata qui x caso e ho letto dei vostri interventi...siete molto utili, complimenti....allora io ho un problema col pc...il mio antivirus ha trovato 4 trojan-gen , 3 è riuscito ad eliminarli ,mentre uno che si trova nella cartella di Windows1installer nn riesce proprio ad eliminarlo e ad ogni nuova scansione me lo ritrova...ho seguito un pò i vistri consigli e ho installato Norman Malware cleaner e poi combofix...ora vi posto il log creato con entrambi...poi che devo fare???grazie mille a chiunque possa aiutarmi...ciao

ComboFix 08-07-04.6 - CRISTIANO & FLAVIA 2008-07-05 15.37.16.1 - NTFSx86
Microsoft® Windows Vista? Home Basic 6.0.6000.0.1252.1.1040.18.309 [GMT 2:00]
Eseguito da: C:\Users\CRISTIANO & FLAVIA\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-06-05 al 2008-07-05 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 13:28 --------- d-----w C:\Users\CRISTIANO & FLAVIA\AppData\Roaming\Skype
2008-07-05 13:27 --------- d-----w C:\Users\CRISTIANO & FLAVIA\AppData\Roaming\skypePM
2008-06-28 15:02 --------- d-----w C:\Users\CRISTIANO & FLAVIA\AppData\Roaming\eMule
2008-06-28 13:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-28 06:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 06:32 --------- d-----w C:\Program Files\Common Files\Nikon
2008-06-28 06:31 0 ---h--w C:\Users\All Users\PKP_DLds.DAT
2008-06-28 06:31 0 ---h--w C:\ProgramData\PKP_DLds.DAT
2008-06-28 06:29 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
2008-06-28 06:29 20 ---h--w C:\ProgramData\PKP_DLec.DAT
2008-06-12 11:27 --------- d-----w C:\Program Files\Windows Mail
2008-06-01 15:49 --------- d-----w C:\ProgramData\IM
2008-06-01 15:48 --------- d-----w C:\ProgramData\IncrediMail
2008-06-01 15:48 --------- d-----w C:\Program Files\IncrediMail
2008-05-23 06:21 --------- d-----w C:\ProgramData\Avira
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-23 20:00 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-23 20:00 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-05 11:24 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 19:51 1232896]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"PcSync"="D:\DOWNLOAD\nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-05-27 08:53 243072]
"eMuleAutoStart"="D:\emule nuovo\emule.exe" [2008-05-11 13:19 5423104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"PCSuiteTrayApplication"="D:\DOWNLOAD\nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 13:36 229376]
"avast!"="D:\PROGRA~1\AVASTA~1\ashDisp.exe" [2008-05-16 01:19 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-01-04 20:09:43 487424]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7B2DDE6D-3BCD-4F9D-AEAC-33F3489F131B}D:\\emule\\emule.exe"= UDP:D:\emule\emule.exe:eMule
"UDP Query User{D4B9BB13-17D7-44B3-9483-EE530D1123FA}D:\\emule\\emule.exe"= TCP:D:\emule\emule.exe:eMule
"TCP Query User{C41EFA30-04A0-4148-B878-4935142ED420}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{3262460F-B1E1-4CE9-AE54-C811456A6C57}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{15C086D8-D429-4267-80FE-A6788BD5B022}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{776E36E0-E151-4285-B82B-30CED1AA2EA7}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{52C51258-B309-460C-9386-10C850645BC1}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{6BC2AD90-BFB1-4C4F-9FB8-C46B8B9F0EFB}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{531D3A7C-57F3-429B-9EBD-E92546DBDB4D}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{640FD72C-C63E-4172-BAAD-E0A821624271}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{97785950-8A4A-4A59-B7D8-725D5BC5FAD1}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{F8C0FAD0-208F-45D1-840F-7D288C5D3CBC}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{1CC4B1AF-782A-44D9-9776-AE3B25039759}D:\\emule\\nuovo\\emule.exe"= UDP:D:\emule\nuovo\emule.exe:eMule
"UDP Query User{3239E72E-F86F-421D-8337-8CEDE323AD52}D:\\emule\\nuovo\\emule.exe"= TCP:D:\emule\nuovo\emule.exe:eMule
"TCP Query User{4D9B4051-E469-4740-826F-8CD6D2458D3A}D:\\emule nuovo\\emule.exe"= UDP:D:\emule nuovo\emule.exe:eMule
"UDP Query User{70BE40A6-7F4A-4906-B6F9-3641861E4CFC}D:\\emule nuovo\\emule.exe"= TCP:D:\emule nuovo\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-11-30 12:14]
R3 PAC207;Trust WB-1400T Webcam;C:\Windows\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-05 13:40:14 C:\Windows\Tasks\User_Feed_Synchronization-{45964C6E-4796-4D93-9031-6790FF90FA44}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 15:39:38
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

C:\Users\CRISTIANO & FLAVIA\AppData\Local\Temp\~DFAB5C.tmp 16384 bytes
C:\Users\CRISTIANO & FLAVIA\AppData\Local\Temp\~DFAC8E.tmp 512 bytes

Scansione completata con successo
Files nascosti: 2

**************************************************************************
.
Ora fine scansione: 2008-07-05 15.40.27
ComboFix-quarantined-files.txt 2008-07-05 13:40:21

Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
15 Directory 754,995,200 byte disponibili

104 --- E O F --- 2008-07-04 12:26:19

ed ora norman:
Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/06/30 19:19:50

Norman Scanner Engine Version: 5.92.08
Nvcbin.def Version: 5.92.00, Date: 2008/06/30 19:19:50, Variants: 1812814

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6000(Safe mode)
Logged on user: PC-CASA\CRISTIANO & FLAVIA

Scan started: 05/07/2008 14:17:45

Scanning running processes and process memory...

Number of processes/threads found: 829
Number of processes/threads scanned: 829
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 21s

Scanning file system...

Scanning: C:\*.*

Scanning: D:\*.*

Scanning: E:\*.*

Running post-scan cleanup routine:

Number of files found: 127628
Number of archives unpacked: 2307
Number of files scanned: 127553
Number of files not scanned: 75
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1h 3m 58s

bdoriano

Ciao flavly e benvenuta, Ciao

Stranamente, i logs che hai postato non sembrano evidenziare minacce di sorta. Think

Appena puoi, fai questa scansione con SystemScan e posta il log su WikiSend e posta il Forum Link che ti viene assegnato.

PS: se vuoi, puoi presentarti qui