Olimpo Informatico

[david.mi]

salve,utilizzo un processore intel celeron CPU E1200 @1.60GHz 1,69 GHz, 2.99 GB di Ram con windows xp professional sp3.
Ho un problema con security tool,ho letto i post a riguardo ed ho instellato e salveto il log di combofix che allegherò di seguito.
Ho utilizzato combofix in modalità provvisoria perchè security tool mi bloccava l'apertura di qualsiasi processo.
Dopo aver riavviato il pc security tool sembre scomparso,ivio comunque il log con la speranze che qualcuno possa verificare l'eliminazione del problema.
Vi ringrazio anticipatamente ed attendo vostre notizie.
david.mi

ComboFix 10-02-25.02 - david 26/02/2010 21.25.35.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3062.2752 [GMT 1:00]
Eseguito da: c:\documents and settings\david\Documenti\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {7C8021EB-FFFF-FFFF-0600-BD00ACEF1200}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\18357125
c:\documents and settings\All Users\Dati applicazioni\18357125\18357125.exe
c:\documents and settings\All Users\Dati applicazioni\sysReserve.ini
c:\documents and settings\Bonza\Menu Avvio\Programmi\Security Tool.lnk
c:\documents and settings\david\Desktop\Security Tool.lnk
c:\documents and settings\david\Documenti\locate.com
c:\documents and settings\david\Menu Avvio\Programmi\Security Tool.lnk
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-01-26 al 2010-02-26 )))))))))))))))))))))))))))))))))))
.

2010-02-25 20:44 . 2010-02-25 20:44 -------- d-----w- c:\programmi\Enigma Software Group
2010-02-20 13:36 . 2010-02-20 13:36 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2010-02-19 22:28 . 2010-02-19 22:28 192600 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-02-19 13:36 . 2010-02-19 13:36 -------- d-----w- c:\documents and settings\david\Impostazioni locali\Dati applicazioni\Rockstar Games
2010-02-19 11:49 . 2010-02-19 11:57 -------- d-----w- c:\programmi\Babylon
2010-02-17 13:39 . 2010-02-17 13:39 -------- d-----w- c:\documents and settings\david\Dati applicazioni\Malwarebytes
2010-02-17 13:39 . 2010-02-25 21:28 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-17 13:39 . 2010-02-17 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-12 20:59 . 2010-02-12 20:59 -------- d-----w- c:\programmi\Adobe Media Player
2010-02-12 20:55 . 2010-02-12 20:55 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-02-12 16:29 . 2010-02-26 20:14 -------- d-----w- c:\programmi\File comuni\Akamai
2010-02-06 15:58 . 2010-02-06 15:58 -------- d-----w- c:\programmi\FreshDevices

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 20:02 . 2009-05-31 17:23 68056 ----a-w- c:\documents and settings\gaia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-20 14:08 . 2009-07-07 16:29 68056 ----a-w- c:\documents and settings\Bonza\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-20 13:55 . 2009-05-23 15:59 68056 ----a-w- c:\documents and settings\david\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-20 13:47 . 2009-05-23 17:24 -------- d-----w- c:\programmi\File comuni\Adobe
2010-02-19 13:37 . 2009-05-23 15:59 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-19 13:12 . 2009-08-13 18:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-02-18 18:14 . 2010-02-18 18:36 3068928 ----a-w- c:\windows\Internet Logs\xDB32.tmp
2010-02-16 21:16 . 2009-07-24 09:35 -------- d-----w- c:\programmi\iStar
2010-02-12 23:49 . 2009-07-14 15:05 -------- d-----w- c:\programmi\PHPNukeIT
2010-02-02 19:22 . 2009-05-26 05:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-02-02 19:22 . 2009-05-25 09:15 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-01-26 17:42 . 2010-01-26 17:42 -------- d-----w- c:\programmi\MSECache
2010-01-22 22:03 . 2010-01-22 23:14 621056 ----a-w- c:\windows\Internet Logs\xDB31.tmp
2010-01-20 22:34 . 2009-07-05 17:56 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-20 22:25 . 2010-01-20 22:34 2942464 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2010-01-15 12:05 . 2010-01-15 12:06 2947072 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2010-01-14 13:54 . 2009-09-02 17:32 6519165 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-10 16:23 . 2010-01-10 16:23 -------- d-----w- c:\programmi\Veoh Networks
2009-12-31 16:50 . 2004-08-30 20:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 08:37 . 2009-08-30 12:23 -------- d-----w- c:\programmi\PokerStars.IT
2009-12-29 11:30 . 2009-12-29 11:30 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-29 11:30 . 2009-12-29 11:30 -------- d--h--r- c:\documents and settings\david\Dati applicazioni\SecuROM
2009-12-29 11:21 . 2009-12-29 11:21 -------- d-----w- c:\documents and settings\david\Dati applicazioni\InstallShield
2009-12-21 19:06 . 2004-08-30 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2009-05-23 15:30 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-30 20:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 06:09 . 2009-12-12 11:51 2359296 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-12-12 06:09 . 2009-12-12 11:51 1723392 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-12-10 17:25 . 2009-11-13 09:22 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-09 23:42 . 2004-08-30 20:00 80490 ----a-w- c:\windows\system32\perfc010.dat
2009-12-09 23:42 . 2004-08-30 20:00 482036 ----a-w- c:\windows\system32\perfh010.dat
2009-12-09 22:16 . 2009-12-09 22:34 809472 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-12-09 22:16 . 2009-12-09 22:34 1720832 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-12-09 10:07 . 2004-08-30 20:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2004-08-19 15:34 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 13:50 . 2009-12-08 13:52 3244032 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-12-04 18:22 . 2004-08-30 20:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 17:39 . 2009-12-04 17:41 2841600 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-11-30 23:30 . 2009-12-01 14:53 2680832 ----a-w- c:\windows\Internet Logs\xDB28.tmp
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
2010-02-12 23:49 2349080 ----a-w- c:\programmi\PHPNukeIT\tbPHP0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP0.dll" [2010-02-12 2349080]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}"= "c:\programmi\PHPNukeIT\tbPHP0.dll" [2010-02-12 2349080]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-27 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-27 137752]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-06-06 148888]
"UCam_Menu"="c:\programmi\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\programmi\CyberLink\YouCam\YouCamTray.exe" [2009-06-11 162912]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [30/08/2004 21.00.00 14336]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [05/06/2009 16.52.39 157696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-02-25 c:\windows\Tasks\User_Feed_Synchronization-{7D169EC5-96C7-4632-9418-C880CF468166}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-02-26 c:\windows\Tasks\User_Feed_Synchronization-{FCDA867F-7229-4F22-BCE5-DA99B6BACEAE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = www.google.it/
mStart Page = hxxp://it.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\giada\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
TCP: {E6FDD435-EFA6-45B4-A4FE-B2E75785DD1A} = 208.67.222.222,208.67.220.220
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-RGSC - c:\programmi\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-eMuleAutoStart - k:\programmi\eMule\emule.exe
Notify-WgaLogon - (no file)
AddRemove-eMule - k:\programmi\eMule\Uninstall.exe
AddRemove-HijackThis - c:\documents and settings\david\Documenti\HijackThis.exe



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Programmi/File comuni/Akamai/rswin_3647.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Programmi/File comuni/Akamai/rswin_3647.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2010-02-26 21:37:55
ComboFix-quarantined-files.txt 2010-02-26 20:37

Pre-Run: 37.774.942.208 byte disponibili
Post-Run: 42.678.919.168 byte disponibili

- - End Of File - - 9632C05C5EC3871A99A30569A57FA7B7

[R16]

Ciao.
Sembra eliminato.
Fai un'ulteriore scansione con Malwarebytes.
Ti consiglio di disistallare la versione che hai installato. (mi sembra danneggiata).
Installa questa:
http://forum.zeusnews.com/viewtopic.php?p=297823#297823
Esegui una scansione completa.
Ricorda di AGGIORNARLO prima della scansione.
Carica il log di, MBAM, su WikiSend (o FreeFileHosting) e posta il Forum Link che ti viene assegnato.
link

[david.mi]

rislta...grande!