Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
sono infetto ?
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
kingover
Mortale devoto
Mortale devoto


Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo

MessaggioInviato: 25 Apr 2008 11:45    Oggetto: SONO INFETTO ??? Rispondi citando

Ciao mi sono appena iscritto e vi posto subito il mio problema (del resto credo identico a quello di Blacky2003) segnalato da AVG 7.5 free edition:

partition table (MBR) change
kernel32.dll change
user32.dll change
shell32.dll change
ntoskrnl.exe change

ho eseguito hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.42.42, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Motorola Phone Tools\mPhonetools.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eloisa\Documenti\antivir\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://kronge.netfirms.com/mob/lan
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C7BE6D6-CE2D-41D9-9BF6-03DC83F938E2}: NameServer = 193.70.152.25 193.70.192.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FFD2C9E-1E8C-4D82-8B78-E4F46EAE4699}: NameServer = 193.70.152.15,193.70.152.25
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - http://www.windoweb.it/desktop_foto/foto_amore/foto_amore_05x.jpg

--
End of file - 7146 bytes

COSA DEVO FARE?
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 25 Apr 2008 14:19    Oggetto: Rispondi citando

Ciao kingover, Ciao

AVG ti ha solo avvisato che sono stati modificati alcuni files di sistema (probabilmente per gli aggiornamenti di Windows).

Comunque, per un controllo approfondito, fai queste pulizie generiche:

PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
kingover
Mortale devoto
Mortale devoto


Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo

MessaggioInviato: 27 Apr 2008 19:11    Oggetto: esecuzione della procedura suggerita Rispondi citando

Ciao bdoriano ho fatto quanto mi hai suggerito...

NFix_2008-04-27_17-43-51.log

...che faccio ora?
Saluti e ringraziamenti anticipati.
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 27 Apr 2008 19:24    Oggetto: Rispondi citando

Manca un passaggio:
bdoriano ha scritto:
Segui le istruzioni di questo topic per postare il log di combofix.
Top
Profilo Invia messaggio privato
kingover
Mortale devoto
Mortale devoto


Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo

MessaggioInviato: 27 Apr 2008 19:33    Oggetto: ultimo passaggio Rispondi citando

Hai ragionissima...

ComboFix 08-04-26.5 - Eloisa 2008-04-27 19.22.33.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.612 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Eloisa\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\spoolsv.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-03-27 al 2008-04-27 )))))))))))))))))))))))))))))))))))
.

2008-04-25 10:17 . 2008-04-25 10:17 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\Uniblue
2008-04-25 10:16 . 2008-04-25 10:16 <DIR> d-------- C:\Programmi\Uniblue
2008-04-25 09:39 . 2008-04-25 09:39 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-22 19:40 . 2008-04-22 19:40 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-04-14 15:36 . 2008-04-14 15:36 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-04-13 16:12 . 2008-04-13 16:12 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\skypePM
2008-04-13 16:12 . 2008-04-13 16:12 32 --a------ C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-04-13 16:07 . 2008-04-13 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-04-13 15:59 . 2008-04-13 15:59 <DIR> d-------- C:\Programmi\Spyware Doctor
2008-04-13 15:59 . 2008-04-13 15:59 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\PC Tools
2008-04-13 15:59 . 2008-04-13 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-13 15:59 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-13 15:59 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-13 15:59 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-13 15:59 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-13 15:44 . 2008-04-13 15:44 <DIR> d-------- C:\Programmi\Picasa2
2008-04-13 15:44 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-13 15:44 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-13 15:41 . 2008-04-13 15:41 <DIR> d-------- C:\Programmi\Norton Security Scan
2008-04-13 15:33 . 2008-04-13 15:33 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\Talkback
2008-04-13 15:14 . 2008-04-13 15:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-04-13 15:14 . 2008-04-13 15:31 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-04-13 15:14 . 2008-04-13 15:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-04-13 15:14 . 2008-04-13 15:31 1,406 --a------ C:\WINDOWS\system32\Help.ico

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 15:28 --------- d-----w C:\Programmi\Minilyrics
2008-02-29 17:51 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2007-12-30 18:16 92,064 ----a-w C:\Documents and Settings\Eloisa\mqdmmdm.sys
2007-12-30 18:16 9,232 ----a-w C:\Documents and Settings\Eloisa\mqdmmdfl.sys
2007-12-30 18:16 79,328 ----a-w C:\Documents and Settings\Eloisa\mqdmserd.sys
2007-12-30 18:16 66,656 ----a-w C:\Documents and Settings\Eloisa\mqdmbus.sys
2007-12-30 18:16 6,208 ----a-w C:\Documents and Settings\Eloisa\mqdmcmnt.sys
2007-12-30 18:16 5,936 ----a-w C:\Documents and Settings\Eloisa\mqdmwhnt.sys
2007-12-30 18:16 4,048 ----a-w C:\Documents and Settings\Eloisa\mqdmcr.sys
2007-12-30 18:16 25,600 ----a-w C:\Documents and Settings\Eloisa\usbsermptxp.sys
2007-12-30 18:16 22,768 ----a-w C:\Documents and Settings\Eloisa\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 12:02 68856]
"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 17:22 1916928]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 20:00 15360]
"Uranium"="C:\Programmi\FreeSoft\Uranium\Uranium.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-04-24 11:45 1885464]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:56 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-08 15:40 1838592]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 20:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 16:37 219136]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DSLMON.lnk - C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe [2006-11-04 19:28:15 929861]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2kadiras]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9xadiras]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-09-09 11:20 88203 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-06-11 19:51 53248 C:\Programmi\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
C:\Acer\Empowering Technology\ePower\Boot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a------ 2003-09-16 14:28 20480 C:\Programmi\Launch Manager\CtrlVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2005-07-25 13:36 32768 C:\Programmi\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-04-19 15:08 69632 C:\Programmi\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2005-07-25 10:45 241664 C:\Programmi\Launch Manager\OSDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2006-04-20 09:23 86016 C:\Programmi\Launch Manager\Wbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"IDriverT"=3 (0x3)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"AcerMemUsageCheckService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\InterVideo\\DVD5\\WinDVD.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
S3 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" [2007-08-14 13:38]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 15:11]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 20:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c49930a-8c90-11dc-99d2-f618678d69a6}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68ee9e6e-b959-11dc-99f0-0016ce727e80}]
\Shell\AutoRun\command - F:\ClickMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b73bc50-62db-11dc-99b0-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfdb83aa-57ca-11db-981c-0016ce727e80}]
\Shell\AutoRun\command - F:\i.exe
\Shell\explore\Command - F:\i.exe
\Shell\open\Command - F:\i.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebd00a41-dc70-11dc-9a0f-0016ce727e80}]
\Shell\Auto\command - G:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2007-11-17 17:41:52 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmi\RegistrySmart\RegistrySmart.ex
- C:\Programmi\RegistrySmart.Eloisa.Runs RegistrySmart to optimize your registry.
"2008-04-27 17:12:02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-13 13:41:56 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 19:23:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-04-27 19.24.17
ComboFix-quarantined-files.txt 2008-04-27 17:24:16

18 Directory 17,277,714,432 byte disponibili
21 Directory 17,476,976,640 byte disponibili

171 --- E O F --- 2008-02-24 18:09:17
...............................................................................

Ancora grazie....
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 28 Apr 2008 17:30    Oggetto: Rispondi citando

Hai 5 periferiche USB (chiavette e/o Hard Disk) infette... Think

  1. Crea un file di testo con le seguenti istruzioni:
    Codice:
    registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c49930a-8c90-11dc-99d2-f618678d69a6}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68ee9e6e-b959-11dc-99f0-0016ce727e80}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b73bc50-62db-11dc-99b0-4d6564696130}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfdb83aa-57ca-11db-981c-0016ce727e80}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebd00a41-dc70-11dc-9a0f-0016ce727e80}]

  2. Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

    Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink
  3. Posta il logs aggiornato di combofix.
  4. Disabilita il tuo antivirus
  5. Collegati a BitDefender (con IE) e fai la scansione completa.
  6. Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
    Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
kingover
Mortale devoto
Mortale devoto


Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo

MessaggioInviato: 02 Mag 2008 10:04    Oggetto: posto il log aggiornato... Rispondi citando

ComboFix 08-04-26.5 - Eloisa 2008-05-02 9.55.59.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.607 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Eloisa\Desktop\Varie recenti\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eloisa\Desktop\CFscript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-02 al 2008-05-02 )))))))))))))))))))))))))))))))))))
.

2008-04-25 10:17 . 2008-04-25 10:17 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\Uniblue
2008-04-25 10:16 . 2008-04-25 10:16 <DIR> d-------- C:\Programmi\Uniblue
2008-04-25 09:39 . 2008-04-25 09:39 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-22 19:40 . 2008-04-22 19:40 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-04-14 15:36 . 2008-04-14 15:36 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-04-13 15:59 . 2008-04-13 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-13 15:44 . 2008-04-13 15:44 <DIR> d-------- C:\Programmi\Picasa2
2008-04-13 15:41 . 2008-04-13 15:41 <DIR> d-------- C:\Programmi\Norton Security Scan
2008-04-13 15:33 . 2008-04-13 15:33 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\Talkback
2008-04-13 15:14 . 2008-04-13 15:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-04-13 15:14 . 2008-04-13 15:31 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-04-13 15:14 . 2008-04-13 15:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-04-13 15:14 . 2008-04-13 15:31 1,406 --a------ C:\WINDOWS\system32\Help.ico

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 15:28 --------- d-----w C:\Programmi\Minilyrics
2007-12-30 18:16 92,064 ----a-w C:\Documents and Settings\Eloisa\mqdmmdm.sys
2007-12-30 18:16 9,232 ----a-w C:\Documents and Settings\Eloisa\mqdmmdfl.sys
2007-12-30 18:16 79,328 ----a-w C:\Documents and Settings\Eloisa\mqdmserd.sys
2007-12-30 18:16 66,656 ----a-w C:\Documents and Settings\Eloisa\mqdmbus.sys
2007-12-30 18:16 6,208 ----a-w C:\Documents and Settings\Eloisa\mqdmcmnt.sys
2007-12-30 18:16 5,936 ----a-w C:\Documents and Settings\Eloisa\mqdmwhnt.sys
2007-12-30 18:16 4,048 ----a-w C:\Documents and Settings\Eloisa\mqdmcr.sys
2007-12-30 18:16 25,600 ----a-w C:\Documents and Settings\Eloisa\usbsermptxp.sys
2007-12-30 18:16 22,768 ----a-w C:\Documents and Settings\Eloisa\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-27_19.24.07,31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 16:59:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-01 18:47:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-01-14 06:46:34 172,032 ----a-w C:\WINDOWS\system32\tifmicon.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 16:37 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2kadiras]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9xadiras]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-09-09 11:20 88203 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-06-11 19:51 53248 C:\Programmi\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
C:\Acer\Empowering Technology\ePower\Boot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a------ 2003-09-16 14:28 20480 C:\Programmi\Launch Manager\CtrlVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2005-07-25 13:36 32768 C:\Programmi\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-04-19 15:08 69632 C:\Programmi\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2005-07-25 10:45 241664 C:\Programmi\Launch Manager\OSDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2006-04-20 09:23 86016 C:\Programmi\Launch Manager\Wbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"IDriverT"=3 (0x3)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"AcerMemUsageCheckService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\InterVideo\\DVD5\\WinDVD.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 15:11]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 20:00]
S4 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" [2007-08-14 13:38]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-02 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmi\RegistrySmart\RegistrySmart.ex
- C:\Programmi\RegistrySmart.Eloisa.Runs RegistrySmart to optimize your registry.
"2008-05-02 07:12:04 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-13 13:41:56 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 09:57:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-02 9.57.21
ComboFix-quarantined-files.txt 2008-05-02 07:57:20
ComboFix3.txt 2008-04-27 17:24:20
ComboFix2.txt 2008-04-28 19:35:32

18 Directory 17,652,318,208 byte disponibili
21 Directory 17,650,024,448 byte disponibili

136 --- E O F --- 2008-02-24 18:09:17
Top
Profilo Invia messaggio privato
kingover
Mortale devoto
Mortale devoto


Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo

MessaggioInviato: 02 Mag 2008 12:17    Oggetto: Ultimo atto? Rispondi citando

scan con Karspersky.html Question
Top
Profilo Invia messaggio privato
kingover
Mortale devoto
Mortale devoto


Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo

MessaggioInviato: 02 Mag 2008 15:38    Oggetto: scan con bitdefender Rispondi citando

scan con bitdefender.html
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 02 Mag 2008 21:16    Oggetto: Rispondi citando

Una precisazione, chiedo sempre prima il log di bitdefender e poi quello di kaspersky perché bitdefender elimina i virus riconosciuti, mentre kaspersky li identifica e basta.
Invertendo l'ordine dei logs, mi tocca fare un confronto per togliere le voci eliminate da bitdefender.

Crea un file di testo con le seguenti istruzioni:
Codice:
File::
C:\Documents and Settings\Eloisa\Documenti\Varie\Varie recenti\Varie SSE\X Decimo\from tranky\LOGISTICA\MONETA\pub_6687 il CSS.zip
C:\Recycled\Dc8\abracadabrasetup.exe
C:\Recycled\Dc14\Androkids.exe
C:\Recycled\Dc35\Bongo Boogie.exe
C:\Recycled\Dc52\dripdrop.exe
C:\Recycled\Dc112.0\Spin Around v1.0 Setup.exe

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink
Posta il log aggiornato di combofix.
Top
Profilo Invia messaggio privato
kingover
Mortale devoto
Mortale devoto


Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo

MessaggioInviato: 04 Mag 2008 00:04    Oggetto: Ti prego dimmi che ho finalmente partorito.... Rispondi citando

ComboFix 08-04-26.5 - Eloisa 2008-05-03 23.59.14.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.624 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Eloisa\Desktop\Varie recenti\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eloisa\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Eloisa\Documenti\Varie\Varie recenti\Varie SSE\X Decimo\from tranky\LOGISTICA\MONETA\pub_6687 il CSS.zip
C:\Recycled\Dc112.0\Spin Around v1.0 Setup.exe
C:\Recycled\Dc14\Androkids.exe
C:\Recycled\Dc35\Bongo Boogie.exe
C:\Recycled\Dc52\dripdrop.exe
C:\Recycled\Dc8\abracadabrasetup.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Eloisa\Documenti\Varie\Varie recenti\Varie SSE\X Decimo\from tranky\LOGISTICA\MONETA\pub_6687 il CSS.zip

.
((((((((((((((((((((((((( Files Creati Da 2008-04-03 al 2008-05-03 )))))))))))))))))))))))))))))))))))
.

2008-05-02 11:04 . 2008-05-02 11:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-02 11:04 . 2008-05-02 11:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-05-02 10:05 . 2008-05-02 10:05 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-25 10:17 . 2008-04-25 10:17 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\Uniblue
2008-04-25 10:16 . 2008-04-25 10:16 <DIR> d-------- C:\Programmi\Uniblue
2008-04-25 09:39 . 2008-04-25 09:39 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-22 19:40 . 2008-04-22 19:40 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-04-14 15:36 . 2008-04-14 15:36 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-04-13 15:59 . 2008-04-13 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-13 15:44 . 2008-04-13 15:44 <DIR> d-------- C:\Programmi\Picasa2
2008-04-13 15:41 . 2008-04-13 15:41 <DIR> d-------- C:\Programmi\Norton Security Scan
2008-04-13 15:33 . 2008-04-13 15:33 <DIR> d-------- C:\Documents and Settings\Eloisa\Dati applicazioni\Talkback
2008-04-13 15:14 . 2008-04-13 15:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-04-13 15:14 . 2008-04-13 15:31 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-04-13 15:14 . 2008-04-13 15:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-04-13 15:14 . 2008-04-13 15:31 1,406 --a------ C:\WINDOWS\system32\Help.ico

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 15:28 --------- d-----w C:\Programmi\Minilyrics
2007-12-30 18:16 92,064 ----a-w C:\Documents and Settings\Eloisa\mqdmmdm.sys
2007-12-30 18:16 9,232 ----a-w C:\Documents and Settings\Eloisa\mqdmmdfl.sys
2007-12-30 18:16 79,328 ----a-w C:\Documents and Settings\Eloisa\mqdmserd.sys
2007-12-30 18:16 66,656 ----a-w C:\Documents and Settings\Eloisa\mqdmbus.sys
2007-12-30 18:16 6,208 ----a-w C:\Documents and Settings\Eloisa\mqdmcmnt.sys
2007-12-30 18:16 5,936 ----a-w C:\Documents and Settings\Eloisa\mqdmwhnt.sys
2007-12-30 18:16 4,048 ----a-w C:\Documents and Settings\Eloisa\mqdmcr.sys
2007-12-30 18:16 25,600 ----a-w C:\Documents and Settings\Eloisa\usbsermptxp.sys
2007-12-30 18:16 22,768 ----a-w C:\Documents and Settings\Eloisa\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-27_19.24.07,31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-02 08:06:04 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-05-02 08:06:04 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-05-02 08:06:04 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-05-02 08:06:14 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-05-02 08:06:16 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-05-02 08:06:06 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-04-27 16:59:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-03 21:52:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2004-01-14 06:46:34 172,032 ----a-w C:\WINDOWS\system32\tifmicon.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 16:37 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2kadiras]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9xadiras]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-09-09 11:20 88203 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-06-11 19:51 53248 C:\Programmi\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
C:\Acer\Empowering Technology\ePower\Boot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a------ 2003-09-16 14:28 20480 C:\Programmi\Launch Manager\CtrlVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2005-07-25 13:36 32768 C:\Programmi\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-04-19 15:08 69632 C:\Programmi\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2005-07-25 10:45 241664 C:\Programmi\Launch Manager\OSDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2006-04-20 09:23 86016 C:\Programmi\Launch Manager\Wbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"IDriverT"=3 (0x3)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"AcerMemUsageCheckService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\InterVideo\\DVD5\\WinDVD.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 15:11]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 20:00]
S4 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" [2007-08-14 13:38]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-02 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmi\RegistrySmart\RegistrySmart.ex
- C:\Programmi\RegistrySmart.Eloisa.Runs RegistrySmart to optimize your registry.
"2008-05-02 13:12:02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-02 13:35:36 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 00:00:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-04 0.00.30
ComboFix-quarantined-files.txt 2008-05-03 22:00:30
ComboFix4.txt 2008-04-27 17:24:20
ComboFix3.txt 2008-04-28 19:35:32
ComboFix2.txt 2008-05-02 07:57:22

18 Directory 18,582,142,976 byte disponibili
21 Directory 18,590,597,120 byte disponibili

165 --- E O F --- 2008-02-24 18:09:17 Rolling Eyes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 04 Mag 2008 10:07    Oggetto: Rispondi citando

Sembra tutto ok.
Riscontri altri problemi?
Top
Profilo Invia messaggio privato
kingover
Mortale devoto
Mortale devoto


Registrato: 25/04/08 10:51
Messaggi: 9
Residenza: Palermo

MessaggioInviato: 06 Mag 2008 18:12    Oggetto: chiarimenti last minute... Rispondi citando

....mi rincuora sentirtelo dire...a parte una certa lentezza nell'eseguire facili operazioni in contemporanea (quelle che se non erro dovrebbero essere svolte dalla R.A.M) non capisco perchè l'hard disk che uso solo come "contenitore dati" mi compare da risorse del computer con una scritta in blu e non in nero (unico)...ed inoltre avviando avg mi dice sempre: Partition table (MBR), kernel32dll, user32dll, shell32dll, ntoskrnl.exe...................."change" non dovrebbe restare vuota?!?
Comunque se mi assicuri che è tutto a norma così mi fido di chi mostra, come gentilmente hai fatto finora tu, sicuramente maggiore competenza del sottoscritto...mortale devoto..
Confused Surprised
ancora grazie
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 06 Mag 2008 22:18    Oggetto: Rispondi

Un controllino in più, male non fa. Razz

Per sicurezza, fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi