|
| Precedente :: Successivo |
| Autore |
Messaggio |
kingover
Mortale devoto
Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo
|
 Inviato: 25 Apr 2008 11:45 Oggetto: SONO INFETTO ??? |
 |
|
Ciao mi sono appena iscritto e vi posto subito il mio problema (del resto credo identico a quello di Blacky2003) segnalato da AVG 7.5 free edition:
partition table (MBR) change
kernel32.dll change
user32.dll change
shell32.dll change
ntoskrnl.exe change
ho eseguito hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.42.42, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Motorola Phone Tools\mPhonetools.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eloisa\Documenti\antivir\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://kronge.netfirms.com/mob/lan
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C7BE6D6-CE2D-41D9-9BF6-03DC83F938E2}: NameServer = 193.70.152.25 193.70.192.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FFD2C9E-1E8C-4D82-8B78-E4F46EAE4699}: NameServer = 193.70.152.15,193.70.152.25
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - http://www.windoweb.it/desktop_foto/foto_amore/foto_amore_05x.jpg
--
End of file - 7146 bytes
COSA DEVO FARE? |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 25 Apr 2008 14:19 Oggetto: |
|
|
Ciao kingover, 
AVG ti ha solo avvisato che sono stati modificati alcuni files di sistema (probabilmente per gli aggiornamenti di Windows).
Comunque, per un controllo approfondito, fai queste pulizie generiche:
PS: se vuoi, puoi presentarti qui |
|
| Top |
|
|
kingover
Mortale devoto
Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo
|
| Inviato: 27 Apr 2008 19:11 Oggetto: esecuzione della procedura suggerita |
|
|
Ciao bdoriano ho fatto quanto mi hai suggerito...
NFix_2008-04-27_17-43-51.log
...che faccio ora?
Saluti e ringraziamenti anticipati. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 27 Apr 2008 19:24 Oggetto: |
|
|
Manca un passaggio:
| bdoriano ha scritto: | | Segui le istruzioni di questo topic per postare il log di combofix. |
|
|
| Top |
|
|
kingover
Mortale devoto
Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo
|
| Inviato: 27 Apr 2008 19:33 Oggetto: ultimo passaggio |
|
|
Hai ragionissima...
ComboFix 08-04-26.5 - Eloisa 2008-04-27 19.22.33.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.612 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Eloisa\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-03-27 al 2008-04-27 )))))))))))))))))))))))))))))))))))
.
2008-04-25 10:17 . 2008-04-25 10:17 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\Uniblue
2008-04-25 10:16 . 2008-04-25 10:16 <DIR> d-------- C:\Programmi\Uniblue
2008-04-25 09:39 . 2008-04-25 09:39 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-22 19:40 . 2008-04-22 19:40 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-04-14 15:36 . 2008-04-14 15:36 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-04-13 16:12 . 2008-04-13 16:12 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\skypePM
2008-04-13 16:12 . 2008-04-13 16:12 32 --a------ C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-04-13 16:07 . 2008-04-13 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-04-13 15:59 . 2008-04-13 15:59 <DIR> d-------- C:\Programmi\Spyware Doctor
2008-04-13 15:59 . 2008-04-13 15:59 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\PC Tools
2008-04-13 15:59 . 2008-04-13 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-13 15:59 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-13 15:59 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-13 15:59 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-13 15:59 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-13 15:44 . 2008-04-13 15:44 <DIR> d-------- C:\Programmi\Picasa2
2008-04-13 15:44 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-13 15:44 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-13 15:41 . 2008-04-13 15:41 <DIR> d-------- C:\Programmi\Norton Security Scan
2008-04-13 15:33 . 2008-04-13 15:33 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\Talkback
2008-04-13 15:14 . 2008-04-13 15:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-04-13 15:14 . 2008-04-13 15:31 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-04-13 15:14 . 2008-04-13 15:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-04-13 15:14 . 2008-04-13 15:31 1,406 --a------ C:\WINDOWS\system32\Help.ico
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 15:28 --------- d-----w C:\Programmi\Minilyrics
2008-02-29 17:51 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2007-12-30 18:16 92,064 ----a-w C:\Documents and Settings\Eloisa\mqdmmdm.sys
2007-12-30 18:16 9,232 ----a-w C:\Documents and Settings\Eloisa\mqdmmdfl.sys
2007-12-30 18:16 79,328 ----a-w C:\Documents and Settings\Eloisa\mqdmserd.sys
2007-12-30 18:16 66,656 ----a-w C:\Documents and Settings\Eloisa\mqdmbus.sys
2007-12-30 18:16 6,208 ----a-w C:\Documents and Settings\Eloisa\mqdmcmnt.sys
2007-12-30 18:16 5,936 ----a-w C:\Documents and Settings\Eloisa\mqdmwhnt.sys
2007-12-30 18:16 4,048 ----a-w C:\Documents and Settings\Eloisa\mqdmcr.sys
2007-12-30 18:16 25,600 ----a-w C:\Documents and Settings\Eloisa\usbsermptxp.sys
2007-12-30 18:16 22,768 ----a-w C:\Documents and Settings\Eloisa\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 12:02 68856]
"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 17:22 1916928]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 20:00 15360]
"Uranium"="C:\Programmi\FreeSoft\Uranium\Uranium.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-04-24 11:45 1885464]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:56 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-08 15:40 1838592]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 20:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 16:37 219136]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DSLMON.lnk - C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe [2006-11-04 19:28:15 929861]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2kadiras]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9xadiras]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-09-09 11:20 88203 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-06-11 19:51 53248 C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
C:\Acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a------ 2003-09-16 14:28 20480 C:\Programmi\Launch Manager\CtrlVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2005-07-25 13:36 32768 C:\Programmi\Launch Manager\LaunchAp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-04-19 15:08 69632 C:\Programmi\Launch Manager\HotkeyApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2005-07-25 10:45 241664 C:\Programmi\Launch Manager\OSDCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2006-04-20 09:23 86016 C:\Programmi\Launch Manager\Wbutton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"IDriverT"=3 (0x3)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"AcerMemUsageCheckService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\InterVideo\\DVD5\\WinDVD.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
S3 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" [2007-08-14 13:38]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 15:11]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 20:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c49930a-8c90-11dc-99d2-f618678d69a6}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68ee9e6e-b959-11dc-99f0-0016ce727e80}]
\Shell\AutoRun\command - F:\ClickMe.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b73bc50-62db-11dc-99b0-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfdb83aa-57ca-11db-981c-0016ce727e80}]
\Shell\AutoRun\command - F:\i.exe
\Shell\explore\Command - F:\i.exe
\Shell\open\Command - F:\i.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebd00a41-dc70-11dc-9a0f-0016ce727e80}]
\Shell\Auto\command - G:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2007-11-17 17:41:52 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmi\RegistrySmart\RegistrySmart.ex
- C:\Programmi\RegistrySmart.Eloisa.Runs RegistrySmart to optimize your registry.
"2008-04-27 17:12:02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-13 13:41:56 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 19:23:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-04-27 19.24.17
ComboFix-quarantined-files.txt 2008-04-27 17:24:16
18 Directory 17,277,714,432 byte disponibili
21 Directory 17,476,976,640 byte disponibili
171 --- E O F --- 2008-02-24 18:09:17
...............................................................................
Ancora grazie.... |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 28 Apr 2008 17:30 Oggetto: |
|
|
Hai 5 periferiche USB (chiavette e/o Hard Disk) infette... 
- Crea un file di testo con le seguenti istruzioni:
| Codice: | registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c49930a-8c90-11dc-99d2-f618678d69a6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68ee9e6e-b959-11dc-99f0-0016ce727e80}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b73bc50-62db-11dc-99b0-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfdb83aa-57ca-11db-981c-0016ce727e80}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebd00a41-dc70-11dc-9a0f-0016ce727e80}] |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. 
Posta il logs aggiornato di combofix.
Disabilita il tuo antivirus
Collegati a BitDefender (con IE) e fai la scansione completa.
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato. |
|
| Top |
|
|
kingover
Mortale devoto
Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo
|
| Inviato: 02 Mag 2008 10:04 Oggetto: posto il log aggiornato... |
|
|
ComboFix 08-04-26.5 - Eloisa 2008-05-02 9.55.59.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.607 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Eloisa\Desktop\Varie recenti\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eloisa\Desktop\CFscript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-04-02 al 2008-05-02 )))))))))))))))))))))))))))))))))))
.
2008-04-25 10:17 . 2008-04-25 10:17 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\Uniblue
2008-04-25 10:16 . 2008-04-25 10:16 <DIR> d-------- C:\Programmi\Uniblue
2008-04-25 09:39 . 2008-04-25 09:39 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-22 19:40 . 2008-04-22 19:40 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-04-14 15:36 . 2008-04-14 15:36 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-04-13 15:59 . 2008-04-13 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-13 15:44 . 2008-04-13 15:44 <DIR> d-------- C:\Programmi\Picasa2
2008-04-13 15:41 . 2008-04-13 15:41 <DIR> d-------- C:\Programmi\Norton Security Scan
2008-04-13 15:33 . 2008-04-13 15:33 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\Talkback
2008-04-13 15:14 . 2008-04-13 15:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-04-13 15:14 . 2008-04-13 15:31 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-04-13 15:14 . 2008-04-13 15:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-04-13 15:14 . 2008-04-13 15:31 1,406 --a------ C:\WINDOWS\system32\Help.ico
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 15:28 --------- d-----w C:\Programmi\Minilyrics
2007-12-30 18:16 92,064 ----a-w C:\Documents and Settings\Eloisa\mqdmmdm.sys
2007-12-30 18:16 9,232 ----a-w C:\Documents and Settings\Eloisa\mqdmmdfl.sys
2007-12-30 18:16 79,328 ----a-w C:\Documents and Settings\Eloisa\mqdmserd.sys
2007-12-30 18:16 66,656 ----a-w C:\Documents and Settings\Eloisa\mqdmbus.sys
2007-12-30 18:16 6,208 ----a-w C:\Documents and Settings\Eloisa\mqdmcmnt.sys
2007-12-30 18:16 5,936 ----a-w C:\Documents and Settings\Eloisa\mqdmwhnt.sys
2007-12-30 18:16 4,048 ----a-w C:\Documents and Settings\Eloisa\mqdmcr.sys
2007-12-30 18:16 25,600 ----a-w C:\Documents and Settings\Eloisa\usbsermptxp.sys
2007-12-30 18:16 22,768 ----a-w C:\Documents and Settings\Eloisa\usbsermpt.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-27_19.24.07,31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 16:59:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-01 18:47:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-01-14 06:46:34 172,032 ----a-w C:\WINDOWS\system32\tifmicon.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 16:37 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2kadiras]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9xadiras]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-09-09 11:20 88203 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-06-11 19:51 53248 C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
C:\Acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a------ 2003-09-16 14:28 20480 C:\Programmi\Launch Manager\CtrlVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2005-07-25 13:36 32768 C:\Programmi\Launch Manager\LaunchAp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-04-19 15:08 69632 C:\Programmi\Launch Manager\HotkeyApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2005-07-25 10:45 241664 C:\Programmi\Launch Manager\OSDCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2006-04-20 09:23 86016 C:\Programmi\Launch Manager\Wbutton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"IDriverT"=3 (0x3)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"AcerMemUsageCheckService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\InterVideo\\DVD5\\WinDVD.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 15:11]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 20:00]
S4 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" [2007-08-14 13:38]
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-02 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmi\RegistrySmart\RegistrySmart.ex
- C:\Programmi\RegistrySmart.Eloisa.Runs RegistrySmart to optimize your registry.
"2008-05-02 07:12:04 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-13 13:41:56 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 09:57:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-05-02 9.57.21
ComboFix-quarantined-files.txt 2008-05-02 07:57:20
ComboFix3.txt 2008-04-27 17:24:20
ComboFix2.txt 2008-04-28 19:35:32
18 Directory 17,652,318,208 byte disponibili
21 Directory 17,650,024,448 byte disponibili
136 --- E O F --- 2008-02-24 18:09:17 |
|
| Top |
|
|
kingover
Mortale devoto
Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo
|
|
| Top |
|
|
kingover
Mortale devoto
Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo
|
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 02 Mag 2008 21:16 Oggetto: |
|
|
Una precisazione, chiedo sempre prima il log di bitdefender e poi quello di kaspersky perché bitdefender elimina i virus riconosciuti, mentre kaspersky li identifica e basta.
Invertendo l'ordine dei logs, mi tocca fare un confronto per togliere le voci eliminate da bitdefender.
Crea un file di testo con le seguenti istruzioni:
| Codice: | File::
C:\Documents and Settings\Eloisa\Documenti\Varie\Varie recenti\Varie SSE\X Decimo\from tranky\LOGISTICA\MONETA\pub_6687 il CSS.zip
C:\Recycled\Dc8\abracadabrasetup.exe
C:\Recycled\Dc14\Androkids.exe
C:\Recycled\Dc35\Bongo Boogie.exe
C:\Recycled\Dc52\dripdrop.exe
C:\Recycled\Dc112.0\Spin Around v1.0 Setup.exe |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix. |
|
| Top |
|
|
kingover
Mortale devoto
Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo
|
| Inviato: 04 Mag 2008 00:04 Oggetto: Ti prego dimmi che ho finalmente partorito.... |
|
|
ComboFix 08-04-26.5 - Eloisa 2008-05-03 23.59.14.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.624 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Eloisa\Desktop\Varie recenti\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eloisa\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\Eloisa\Documenti\Varie\Varie recenti\Varie SSE\X Decimo\from tranky\LOGISTICA\MONETA\pub_6687 il CSS.zip
C:\Recycled\Dc112.0\Spin Around v1.0 Setup.exe
C:\Recycled\Dc14\Androkids.exe
C:\Recycled\Dc35\Bongo Boogie.exe
C:\Recycled\Dc52\dripdrop.exe
C:\Recycled\Dc8\abracadabrasetup.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Eloisa\Documenti\Varie\Varie recenti\Varie SSE\X Decimo\from tranky\LOGISTICA\MONETA\pub_6687 il CSS.zip
.
((((((((((((((((((((((((( Files Creati Da 2008-04-03 al 2008-05-03 )))))))))))))))))))))))))))))))))))
.
2008-05-02 11:04 . 2008-05-02 11:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-02 11:04 . 2008-05-02 11:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-05-02 10:05 . 2008-05-02 10:05 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-25 10:17 . 2008-04-25 10:17 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\Uniblue
2008-04-25 10:16 . 2008-04-25 10:16 <DIR> d-------- C:\Programmi\Uniblue
2008-04-25 09:39 . 2008-04-25 09:39 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-22 19:40 . 2008-04-22 19:40 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-04-14 15:36 . 2008-04-14 15:36 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-04-13 15:59 . 2008-04-13 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-13 15:44 . 2008-04-13 15:44 <DIR> d-------- C:\Programmi\Picasa2
2008-04-13 15:41 . 2008-04-13 15:41 <DIR> d-------- C:\Programmi\Norton Security Scan
2008-04-13 15:33 . 2008-04-13 15:33 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\Talkback
2008-04-13 15:14 . 2008-04-13 15:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-04-13 15:14 . 2008-04-13 15:31 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-04-13 15:14 . 2008-04-13 15:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-04-13 15:14 . 2008-04-13 15:31 1,406 --a------ C:\WINDOWS\system32\Help.ico
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 15:28 --------- d-----w C:\Programmi\Minilyrics
2007-12-30 18:16 92,064 ----a-w C:\Documents and Settings\Eloisa\mqdmmdm.sys
2007-12-30 18:16 9,232 ----a-w C:\Documents and Settings\Eloisa\mqdmmdfl.sys
2007-12-30 18:16 79,328 ----a-w C:\Documents and Settings\Eloisa\mqdmserd.sys
2007-12-30 18:16 66,656 ----a-w C:\Documents and Settings\Eloisa\mqdmbus.sys
2007-12-30 18:16 6,208 ----a-w C:\Documents and Settings\Eloisa\mqdmcmnt.sys
2007-12-30 18:16 5,936 ----a-w C:\Documents and Settings\Eloisa\mqdmwhnt.sys
2007-12-30 18:16 4,048 ----a-w C:\Documents and Settings\Eloisa\mqdmcr.sys
2007-12-30 18:16 25,600 ----a-w C:\Documents and Settings\Eloisa\usbsermptxp.sys
2007-12-30 18:16 22,768 ----a-w C:\Documents and Settings\Eloisa\usbsermpt.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-27_19.24.07,31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-02 08:06:04 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-05-02 08:06:04 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-05-02 08:06:04 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-05-02 08:06:14 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-05-02 08:06:16 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-05-02 08:06:06 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-04-27 16:59:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-03 21:52:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2004-01-14 06:46:34 172,032 ----a-w C:\WINDOWS\system32\tifmicon.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 16:37 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2kadiras]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9xadiras]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-09-09 11:20 88203 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-06-11 19:51 53248 C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
C:\Acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a------ 2003-09-16 14:28 20480 C:\Programmi\Launch Manager\CtrlVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2005-07-25 13:36 32768 C:\Programmi\Launch Manager\LaunchAp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-04-19 15:08 69632 C:\Programmi\Launch Manager\HotkeyApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2005-07-25 10:45 241664 C:\Programmi\Launch Manager\OSDCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2006-04-20 09:23 86016 C:\Programmi\Launch Manager\Wbutton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"IDriverT"=3 (0x3)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"AcerMemUsageCheckService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\InterVideo\\DVD5\\WinDVD.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 15:11]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 20:00]
S4 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" [2007-08-14 13:38]
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-02 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmi\RegistrySmart\RegistrySmart.ex
- C:\Programmi\RegistrySmart.Eloisa.Runs RegistrySmart to optimize your registry.
"2008-05-02 13:12:02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-02 13:35:36 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 00:00:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-05-04 0.00.30
ComboFix-quarantined-files.txt 2008-05-03 22:00:30
ComboFix4.txt 2008-04-27 17:24:20
ComboFix3.txt 2008-04-28 19:35:32
ComboFix2.txt 2008-05-02 07:57:22
18 Directory 18,582,142,976 byte disponibili
21 Directory 18,590,597,120 byte disponibili
165 --- E O F --- 2008-02-24 18:09:17  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 04 Mag 2008 10:07 Oggetto: |
|
|
Sembra tutto ok.
Riscontri altri problemi? |
|
| Top |
|
|
kingover
Mortale devoto
Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo
|
| Inviato: 06 Mag 2008 18:12 Oggetto: chiarimenti last minute... |
|
|
....mi rincuora sentirtelo dire...a parte una certa lentezza nell'eseguire facili operazioni in contemporanea (quelle che se non erro dovrebbero essere svolte dalla R.A.M) non capisco perchè l'hard disk che uso solo come "contenitore dati" mi compare da risorse del computer con una scritta in blu e non in nero (unico)...ed inoltre avviando avg mi dice sempre: Partition table (MBR), kernel32dll, user32dll, shell32dll, ntoskrnl.exe...................."change" non dovrebbe restare vuota?!?
Comunque se mi assicuri che è tutto a norma così mi fido di chi mostra, come gentilmente hai fatto finora tu, sicuramente maggiore competenza del sottoscritto...mortale devoto..
 
ancora grazie |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
