Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
help!...no "Auto play"
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
claudiobyte
Eroe
Eroe


Registrato: 23/11/07 14:30
Messaggi: 47
MessaggioInviato: 18 Mag 2008 00:38    Oggetto: Rispondi citando
claudioAmministatore
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 18 Mag 2008 19:30    Oggetto: Rispondi citando
Think

Giusto per sicurezza, fai questa scansione con Norman MBR Remover.
Top
Profilo Invia messaggio privato
claudiobyte
Eroe
Eroe


Registrato: 23/11/07 14:30
Messaggi: 47
MessaggioInviato: 22 Mag 2008 17:05    Oggetto: Rispondi citando
eccolo!ciao e grazie.


NFix_2008-05-22_07-57-17.log
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 23 Mag 2008 09:40    Oggetto: Rispondi citando
Vedo che Norman ha sistemato alcune chiavi del registro disabilitate. Think

Giusto per sicurezza, rifai le operazioni per il controllo dell'MBR:
  • Clicca Start
  • Clicca Esegui...
  • Digita:
    Codice:
    cmd


  • Clicca su ok
  • si apre la finestra DOS, digita:
    Codice:
    CD \

    premi invio
  • digita:
    Codice:
    mbr -f

    premi invio
  • digita:
    Codice:
    exit

    premi invio

  • Riavvia il pc
  • Posta qui il contenuto del log C:\mbr.log
Top
Profilo Invia messaggio privato
claudiobyte
Eroe
Eroe


Registrato: 23/11/07 14:30
Messaggi: 47
MessaggioInviato: 25 Mag 2008 02:44    Oggetto: Rispondi citando
....purtroppo come prima

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: error reading MBR
kernel: MBR read successfully

Come se non bastasse mi sono beccato un ospite indesiderato di nome BAGLE,beccato sotto forma di screen saver,non risultava nulla dalla scansione fatta con Avira. I guai sono iniziati appena ho fatto il doppio clic,Avira e conpany installati sono morti insieme a vari Anti rootkit e Spybot, niente modalità provv.Il processo attivo era :WINTEMS.EXE, ho subito cercato in rete ed ho scoperto che attacca tutti gli antivirus comuni perchè ne conosce il nome, consigliavano vivamente COMBO FIX, però bisogna rinominarlo con nome di fantasia prima di salvarlo sul pc, così sono riuscito a rimuoverlo, usato poi anche in modalità provv, usando anche altri antivirus. Credo che a stò punto provvederò a una rasata totale. Vi posto il log di combofix
.....sono graditi i vostri pareri. ciao
ComboFix3_1211674676811.txt
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 26 Mag 2008 17:28    Oggetto: Rispondi citando
Si, combofix ha eliminato Bagle. Rimane da fare ancora qualche operazione di pulizia.

Crea un file di testo con le seguenti istruzioni:
Codice:
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink
Posta i logs aggiornati di combofix e di hijackthis

Per quanto riguarda le opzioni autoplay, presumo siano dovute al file di registro danneggiato. Think

Si potrebbe tentare con i tools per la pulizia/riparazione del registry.
Prova a pulire il file di registro con Eusing Free Registry Cleaner o Wise Registry Cleaner e Auslogics Registry Defrag
Top
Profilo Invia messaggio privato
claudiobyte
Eroe
Eroe


Registrato: 23/11/07 14:30
Messaggi: 47
MessaggioInviato: 29 Mag 2008 19:25    Oggetto: Rispondi
Ecco gli esiti. I programmi che hai segnalato li ho già usati,grazie.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.14.34, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204756783125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204756733546
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 6516 bytes

ComboFix 08-05-21.3 - claudio 2008-05-28 23.55.34.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.596 [GMT 2:00]
Eseguito da: C:\Documents and Settings\claudio\Desktop\CleanVirus\AV.mod.provv\cicciolo.exe
Command switches used :: C:\Documents and Settings\claudio\Desktop\CleanVirus\AV.mod.provv\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-28 al 2008-05-28 )))))))))))))))))))))))))))))))))))
.

2008-05-28 20:49 . 2008-05-28 20:49 0 --a------ C:\WINDOWS\listcmd.bin
2008-05-28 04:08 . 2008-02-26 13:48 297,984 --------- C:\WINDOWS\system32\dllcache\msctf.dll
2008-05-27 03:07 . 2008-05-27 03:07 214 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-26 02:53 . 2008-05-26 02:53 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-25 12:00 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-05-25 11:17 . 2008-05-25 11:18 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-05-25 02:40 . 2008-05-25 02:40 <DIR> d-------- C:\Programmi\Uniblue
2008-05-24 12:22 . 2008-05-24 12:22 2,656 --a------ C:\WINDOWS\system32\io02.sys
2008-05-23 20:42 . 2008-05-24 12:30 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-05-23 20:38 . 2008-05-23 20:38 <DIR> d-------- C:\Programmi\Greatis
2008-05-17 01:16 . 2008-05-17 01:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-17 01:16 . 2008-05-17 01:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-16 15:20 . 2008-05-16 15:21 <DIR> d-------- C:\Programmi\Apple Software Update
2008-05-12 16:00 . 2008-05-12 16:00 <DIR> d-------- C:\Programmi\QuickTime
2008-05-12 16:00 . 2008-05-12 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-05-12 15:51 . 2008-05-12 15:51 <DIR> d-------- C:\Programmi\Bonjour
2008-05-12 15:50 . 2008-05-12 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-05-12 15:38 . 2008-05-12 15:38 <DIR> d-------- C:\Programmi\XericDesign
2008-05-12 14:01 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-12 14:00 . 2008-05-28 20:52 <DIR> d-------- C:\VEXPLITE
2008-05-11 19:20 . 2008-05-23 04:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-05-08 00:13 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-05-08 00:13 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-05-07 02:43 . 2008-05-07 02:43 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-05 21:10 . 2008-05-05 21:10 <DIR> d-------- C:\Documents and Settings\claudio\Dati applicazioni\Malwarebytes
2008-05-05 21:10 . 2008-05-05 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-05-01 09:16 . 2008-05-01 09:16 <DIR> d--h----- C:\Documents and Settings\claudio\InstallAnywhere
2008-04-29 08:16 . 2008-04-29 08:22 <DIR> d-------- C:\Programmi\Your Uninstaller 2008
2008-04-29 08:16 . 2008-04-29 08:16 <DIR> d-------- C:\Documents and Settings\claudio\Dati applicazioni\URSoft
2008-04-29 07:31 . 2008-04-29 07:31 <DIR> d-------- C:\Programmi\DVDFab Platinum 4 Ghosthunter release

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 21:33 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\dvdcss
2008-05-28 18:16 --------- d-----w C:\Programmi\Astonsoft
2008-05-28 18:15 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-27 17:29 --------- d-----w C:\Programmi\AdunanzA
2008-05-26 07:51 --------- d-----w C:\Programmi\SUPERAntiSpyware
2008-05-25 23:18 --------- d-----w C:\Programmi\Trend Micro
2008-05-25 09:19 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-25 09:15 --------- d-----w C:\Programmi\ClamWin
2008-05-23 16:45 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\Vso
2008-05-18 17:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-05-17 23:46 --------- d-----w C:\Programmi\Live_TV
2008-05-15 15:16 --------- d-----w C:\Programmi\a-squared Free
2008-05-08 17:25 --------- d-----w C:\Programmi\Spyware Doctor
2008-05-07 23:54 --------- d-----w C:\Programmi\SlySoft
2008-05-06 22:44 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SlySoft
2008-05-01 09:34 --------- d-----w C:\Programmi\ImgBurn
2008-05-01 09:10 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\ImgBurn
2008-04-29 20:33 --------- d-----w C:\Programmi\Wise Disk Cleaner
2008-04-29 20:33 --------- d-----w C:\Programmi\Hard Drive Inspector
2008-04-29 05:31 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-29 05:31 47,360 ----a-w C:\Documents and Settings\claudio\Dati applicazioni\pcouffin.sys
2008-04-29 05:25 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\DVDFab
2008-04-28 18:58 --------- d-----w C:\Programmi\LiveKillCleanMessenger
2008-04-28 18:53 --------- d-----w C:\Programmi\ERUNT
2008-04-28 07:14 --------- d-----w C:\Programmi\RogueRemover FREE
2008-04-24 17:36 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\AltrixSoft
2008-04-21 12:45 --------- d-----w C:\Programmi\Multi_Media_Italy
2008-04-20 23:19 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\PC Tools
2008-04-15 23:47 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\GlarySoft
2008-04-15 23:46 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\Thinstall
2008-04-14 23:10 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\Talkback
2008-04-13 05:14 --------- d-----w C:\Programmi\Free Window Registry Repair
2008-04-13 03:52 --------- d-----w C:\Programmi\RunScanner
2008-04-06 21:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-04-06 20:00 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\U3
2008-04-06 16:51 504,832 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-04-06 16:50 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\U3
2008-04-06 02:43 --------- d-----w C:\Programmi\FDF
2008-04-04 23:42 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\Printer Info Cache
2008-04-02 20:49 --------- d-----w C:\Programmi\Microsoft Works
2008-04-02 20:47 --------- d-----w C:\Programmi\Microsoft.NET
2008-04-02 19:24 --------- d-----w C:\Programmi\Wise Registry Cleaner 3
2008-04-01 23:59 --------- d-----w C:\Programmi\HD Tune
2008-04-01 21:54 --------- d-----w C:\Programmi\File comuni\BinarySense
2008-04-01 09:32 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\BinarySense
2008-03-30 03:02 --------- d-----w C:\Programmi\Sandboxie
2008-03-30 03:02 --------- d-----w C:\Programmi\RegCleaner
2008-03-30 03:02 --------- d-----w C:\Programmi\NT Registry Optimizer
2008-03-30 03:02 --------- d-----w C:\Programmi\a-squared HiJackFree
2008-03-28 03:58 --------- d-----w C:\Programmi\BurnAware Free Edition
2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 08:20 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 183,072 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 07:57 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 23:39 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-15 23:39 290,816 ------w C:\WINDOWS\Setup1.exe
2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-03-10 06:41 43,590,976 ----a-w C:\WINDOWS\avsvideoconverter.exe
2008-03-06 15:04 155,648 ----a-w C:\WINDOWS\system32\libssl32.dll
2008-03-06 00:29 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
.

------- Sigcheck -------

2008-04-06 18:51 504832 1dbd3966123ac2f6ade783f7f17f8c7f C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-05-23 19:45 245760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-03-01 14:58 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:39]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-05-23 19:45]
R3 SbieDrv;SbieDrv;C:\Programmi\Sandboxie\SbieDrv.sys [2008-03-05 11:29]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-05-24 12:30]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-09 22:56]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - SYSMONLOG
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-27 10:49:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-28 21:00:00 C:\WINDOWS\Tasks\Verifica e correzione automatica.job"
- C:\Programmi\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 23:56:52
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\B.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\B.tmp"
.
Ora fine scansione: 2008-05-28 23.58.09
ComboFix-quarantined-files.txt 2008-05-28 21:58:06
ComboFix2.txt 2008-05-25 21:05:24
ComboFix3.txt 2008-05-24 09:45:22
ComboFix4.txt 2008-05-23 19:06:46
ComboFix5.txt 2008-05-23 17:40:33

14 Directory 32,229,113,856 byte disponibili
17 Directory 32,221,155,328 byte disponibili

198 --- E O F --- 2008-05-28 17:56:01


Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a Precedente  1, 2
Pagina 2 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi