Olimpo Informatico

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Ciao.
Volevo avvisarvi che gira un probabile dialer.
In Internet mi piace molto leggere i blog, ed è già la seconda volta in pochi giorni che, accedendo a dei blog su piattaforma splinder, mi becco un'infezione.

Credo che sia un dialer perchè succede questo:
- la connessione a Internet cade (anche se ADSL)
- compare una finestrella di dialogo che invita a riconnettersi
- sul desktop compare un'icona di questo tipo

- se si clicca sopra l'icona due volte compare questa finestra:

La cosa più seccante è che Avast rileva l'infezione solo lanciando la scansione manualmente. Evil or Very Mad

Lo scopo di questo topic è informare che tale virus circola e in second'ordine chiedere se qualcuno può dare un'occhiata al mio log di Hijackthis. Appena Avast ha finito la scansione lo posto.

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Errata corrige:
AVAST NON RILEVA NULLA; ma qualcosa c'è di sicuro.
Evil or Very Mad

bdoriano

Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Fai una scansione con Norman Malware Cleaner.
Riavvia il computer in modalità normale
Segui le istruzioni di questo topic per eseguire combofix.
Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di Norman Malware Cleaner su WikiSend e posta il Forum Link che ti viene assegnato
- Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Grazie, bdoriano.

Innanzitutto, alcune info preliminari.
Uso Windows XP Home Edition - Versione 2002 - Service Pack 2.
Come Antivirus ho Avast 4.8 Home Edition.
Come firewall ho ZoneAlarm 7.0.

Ho eliminato - buttandolo nel cestino e poi svuotando il cestino stesso - un file che certamente ha a che fare con l'infezione, perchè l'icona "Accesso" sul desktop puntava a quel file. Il percorso era "C:\Documents and Settings\XP\Impostazioni locali\Temp\vtdjiucr.exe

Dopo una scansione in modalità provvisoria Avast dice che non ci sono infezioni - ma lo diceva anche prima che buttassi nel cestino il file di cui sopra Evil or Very Mad

Sotto posto il log di Hijackthis. Poi faccio il resto.

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Logfile of HijackThis v1.99.1
Scan saved at 13.21.08, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.add-hhh.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [3COM] C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
O4 - HKCU\..\Run: [slide.exe] c:\programmi\slide\slide.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163442790500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Net Music Media Bar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Log di Norman Malware Cleaner:

NFix_2008-06-14_13-59-29.log

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Log di Combofix:

ComboFix 08-06-12.2 - XP 2008-06-14 14.50.44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.266 [GMT 2:00]
Eseguito da: C:\Documents and Settings\XP\Desktop\BOMBOFIX.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-05-14 al 2008-06-14 )))))))))))))))))))))))))))))))))))
.

2008-06-11 10:35 . 2008-04-14 17:51 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:35 . 2008-04-14 17:51 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 17:37 . 2008-06-06 17:37 <DIR> d-------- C:\Programmi\Trust
2008-06-06 17:36 . 2008-06-06 17:36 646,400 --a------ C:\WINDOWS\system32\drivers\CnxEtU.sys
2008-06-06 17:36 . 2008-06-06 17:36 163,840 --a------ C:\WINDOWS\system32\CnxHwIo.dll
2008-06-06 17:36 . 2008-06-06 17:36 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll
2008-06-06 17:36 . 2008-06-06 17:36 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll
2008-06-06 17:36 . 2008-06-06 17:36 108,771 --a------ C:\WINDOWS\system32\drivers\CnxTgN.sys
2008-06-06 17:36 . 2008-06-06 17:36 60,288 --a------ C:\WINDOWS\system32\drivers\CnxEtP.sys
2008-05-26 15:57 . 2008-05-26 15:57 <DIR> d-------- C:\Programmi\Alwil Software
2008-05-26 15:09 . 2008-05-26 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg8
2008-05-26 11:32 . 2008-06-14 14:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-26 11:32 . 2008-05-26 11:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-25 17:09 . 2008-05-25 17:09 322 --a------ C:\WINDOWS\DBTxLZ6.ini
2008-05-25 17:08 . 2008-05-25 17:08 323 --a------ C:\WINDOWS\DBTxLZ5.ini
2008-05-25 17:07 . 2008-05-25 17:07 322 --a------ C:\WINDOWS\DBTxLZ4.ini
2008-05-25 17:05 . 2008-05-25 17:05 322 --a------ C:\WINDOWS\DBTxLZ3.ini
2008-05-25 17:01 . 2008-05-25 17:01 322 --a------ C:\WINDOWS\DBTxLZ2.ini
2008-05-20 13:49 . 2008-05-20 20:11 92,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-20 13:49 . 2008-05-20 20:11 2,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-20 12:21 . 2008-05-20 12:45 <DIR> d-------- C:\VEXPLITE
2008-05-20 12:21 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-19 20:56 . 2008-05-19 20:56 66,048 --a------ C:\mbr.exe
2008-05-19 13:42 . 2008-05-19 16:42 250 --a------ C:\WINDOWS\gmer.ini
2008-05-19 13:41 . 2008-05-19 13:42 <DIR> d-------- C:\gmer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 16:16 1,786,880 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-06-08 16:14 --------- d-----w C:\Documents and Settings\XP\Dati applicazioni\Canon
2008-06-08 15:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\pdf995
2008-05-19 14:34 --------- d-----w C:\Programmi\Slide
2008-05-19 14:34 --------- d-----w C:\Documents and Settings\XP\Dati applicazioni\Slide
2008-05-09 13:54 --------- d-----w C:\Documents and Settings\XP\Dati applicazioni\AVGTOOLBAR
2008-05-08 18:55 --------- d-----w C:\Programmi\File comuni\Adobe
2008-05-08 18:49 --------- d-----w C:\Documents and Settings\XP\Dati applicazioni\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 10:45 --------- d-----w C:\Programmi\File comuni\Real
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-19_21.13.25,70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 18:59:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 12:41:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 15:51:57 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 12:58:24 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 12:58:25 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 12:58:25 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 12:58:25 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 12:58:25 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:57:16 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 12:58:25 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 12:58:26 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 12:58:26 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 12:58:26 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 12:58:28 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 12:58:28 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 12:58:28 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:57:30 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 12:58:29 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 12:58:30 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 12:58:30 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 16:28:32 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 12:58:32 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 12:58:32 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 12:58:32 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 12:58:32 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 12:58:32 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:48:14 215,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 12:58:32 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 12:58:32 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 12:58:33 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 12:58:33 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 1996-01-11 22:00:00 543,584 ----a-w C:\WINDOWS\system\DAO2516.DLL
+ 1996-01-11 22:00:00 995,136 ----a-w C:\WINDOWS\system\MSAJT200.DLL
+ 1996-10-16 09:12:10 11,232 ----a-w C:\WINDOWS\system\MSJETERR.DLL
+ 1996-10-16 09:12:10 15,936 ----a-w C:\WINDOWS\system\MSJETINT.DLL
+ 1995-09-14 22:00:00 45,568 ----a-w C:\WINDOWS\system\OC25ITA.DLL
+ 1996-10-16 09:10:02 5,120 ----a-w C:\WINDOWS\system\STKIT416.DLL
+ 1996-07-13 22:00:00 935,632 ----a-w C:\WINDOWS\system\VB40016.DLL
+ 1995-09-14 22:00:00 22,384 ----a-w C:\WINDOWS\system\VB4IT16.DLL
+ 1996-10-16 09:12:10 2,920 ----a-w C:\WINDOWS\system\VBAJET.DLL
+ 1996-10-16 09:12:10 86,848 ----a-w C:\WINDOWS\system\VBDB16.DLL
- 2008-03-01 12:58:24 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:29 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-03-01 12:58:24 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:29 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 12:58:25 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:29 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 12:58:25 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:29 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 12:58:25 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:29 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 12:58:25 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:29 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:57:16 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:42:21 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 12:58:25 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:29 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 12:58:26 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:29 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 12:58:26 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 12:58:26 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:29 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 12:58:28 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:30 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 12:58:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:30 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 12:58:28 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:30 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:57:30 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:42:39 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 12:58:29 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:30 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-19 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:50 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-03-01 12:58:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 12:58:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 16:28:32 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 20:16:32 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 12:58:32 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:31 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 12:58:32 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:31 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 12:58:32 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:31 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 12:58:32 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:31 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 12:58:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:31 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:42:50 1,292,800 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:14:42 1,292,800 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 12:58:32 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:31 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 12:58:32 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:31 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 12:58:33 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:31 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 12:58:33 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2008-03-01 12:58:25 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:29 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 12:58:25 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:29 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 12:58:25 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:29 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 12:58:25 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:29 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:57:16 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:42:21 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 12:58:25 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 12:58:26 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 12:58:26 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 12:58:26 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 12:58:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:30 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 12:58:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:30 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 12:58:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 12:58:29 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2003-03-18 20:20:00 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-19 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-03-01 12:58:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 12:58:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 16:28:32 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 20:16:32 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 12:58:32 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:31 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 12:58:32 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:31 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 12:58:32 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:31 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 12:58:32 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:31 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 12:58:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:31 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-11-17 14:14:32 16,176 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:29 18,808 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 12:58:32 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:31 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 12:58:32 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:31 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 12:58:33 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:31 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-14 12:41:37 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5a0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-12-16 12:57 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"3COM"="C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe" [2004-10-22 14:28 389120]
"slide.exe"="c:\programmi\slide\slide.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 13:48 69632 C:\WINDOWS\SOUNDMAN.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 16:46 172032]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"CnxDslTaskBar"="C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2008-06-06 17:36 462848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\FTP Commander\\Ftpcomm.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-09-05 10:25]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-05-20 12:27]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2008-06-06 17:36]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2008-06-06 17:36]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2008-06-06 17:36]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
S3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-10-06 18:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9afc0778-0746-11db-a2e6-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-11 09:02:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 14:52:35
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-06-14 14.54.09
ComboFix-quarantined-files.txt 2008-06-14 12:54:03
ComboFix2.txt 2008-05-19 19:15:01

23 Directory 72,313,532,416 byte disponibili
26 Directory 72,328,089,600 byte disponibili

308 --- E O F --- 2008-06-11 08:43:07

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Norman ha cancellato qualcosa, a quanto pare.

Se serve posto un log aggiornato di Hijackthis. Think

bdoriano

Infatti, Norman ha messo a posto alcune cosette. Smile

Facciamo un paio di scansioni online per vedere se c'è qualcos'altro:

Disabilita il tuo antivirus
Collegati a BitDefender (con IE) e fai la scansione completa.
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato TXT), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato.

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Allora, ci tengo a precisare che appena ho aperto IE (di solito navigo con Firefox), con antivirus disabilitato, è ripartita la solita solfa (disconnessione-finestrella che dice "vuoi ricollegarti?"-icona sul desktop)
Evil or Very Mad

per due volte, corrispondenti ai due avvii di IE
Evil or Very Mad

Comunque il risultato di BitDefender è: nessuna infezione. (IMPOSSIBILE, dico io)

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sun, Jun 15, 2008 - 14:08:38

Scan Info

Scanned Files: 217376

Infected Files: 0

Virus Detected: No virus found.

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Comunque ho scoperto che mi è stata cambiata - probabilmente dal dialer - la pagina iniziale di Internet Explorer

bdoriano

Quella pagina contiene uno o più dialer. Evil or Very Mad

Ogni volta che apri IE, te li riscarichi sul pc.
Ti devo chiedere scusa, perché non ho controllato approfonditamente il log di hijackthis che avevi postato. Embarassed

Procedi così:

Rifai i passaggi con Norman e Combofix
Modifica la pagina iniziale di internet explorer (dal Pannello di Controllo)
avvia Internet explorer e fai la scansione dal sito di Kaspersky

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

bdoriano, non devi chiedermi scusa... può capitare. fate già i miracoli cercando di aiutare tutti gli spaccaballe che vengono qui per qualsiasi trojan o worm.
Faccio tutto poi posto. Very Happy

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Norman Malware Cleaner log:

NFix_2008-06-15_15-50-57.log

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Combofix log:

ComboFix 08-06-12.2 - XP 2008-06-15 16.32.11.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.251 [GMT 2:00]
Eseguito da: C:\Documents and Settings\XP\Desktop\BOMBOFIX.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-05-15 al 2008-06-15 )))))))))))))))))))))))))))))))))))
.

2008-06-15 13:03 . 2008-06-15 14:08 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-06-11 10:35 . 2008-04-14 17:51 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:35 . 2008-04-14 17:51 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 17:37 . 2008-06-06 17:37 <DIR> d-------- C:\Programmi\Trust
2008-06-06 17:36 . 2008-06-06 17:36 646,400 --a------ C:\WINDOWS\system32\drivers\CnxEtU.sys
2008-06-06 17:36 . 2008-06-06 17:36 163,840 --a------ C:\WINDOWS\system32\CnxHwIo.dll
2008-06-06 17:36 . 2008-06-06 17:36 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll
2008-06-06 17:36 . 2008-06-06 17:36 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll
2008-06-06 17:36 . 2008-06-06 17:36 108,771 --a------ C:\WINDOWS\system32\drivers\CnxTgN.sys
2008-06-06 17:36 . 2008-06-06 17:36 60,288 --a------ C:\WINDOWS\system32\drivers\CnxEtP.sys
2008-05-26 15:57 . 2008-05-26 15:57 <DIR> d-------- C:\Programmi\Alwil Software
2008-05-26 15:09 . 2008-05-26 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg8
2008-05-26 11:32 . 2008-06-15 16:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-26 11:32 . 2008-05-26 11:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-25 17:09 . 2008-05-25 17:09 322 --a------ C:\WINDOWS\DBTxLZ6.ini
2008-05-25 17:08 . 2008-05-25 17:08 323 --a------ C:\WINDOWS\DBTxLZ5.ini
2008-05-25 17:07 . 2008-05-25 17:07 322 --a------ C:\WINDOWS\DBTxLZ4.ini
2008-05-25 17:05 . 2008-05-25 17:05 322 --a------ C:\WINDOWS\DBTxLZ3.ini
2008-05-25 17:01 . 2008-05-25 17:01 322 --a------ C:\WINDOWS\DBTxLZ2.ini
2008-05-20 13:49 . 2008-05-20 20:11 92,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-20 13:49 . 2008-05-20 20:11 2,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-20 12:21 . 2008-05-20 12:45 <DIR> d-------- C:\VEXPLITE
2008-05-20 12:21 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-19 20:56 . 2008-05-19 20:56 66,048 --a------ C:\mbr.exe
2008-05-19 13:42 . 2008-05-19 16:42 250 --a------ C:\WINDOWS\gmer.ini
2008-05-19 13:41 . 2008-05-19 13:42 <DIR> d-------- C:\gmer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 16:16 1,786,880 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-06-08 16:14 --------- d-----w C:\Documents and Settings\XP\Dati applicazioni\Canon
2008-06-08 15:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\pdf995
2008-05-19 14:34 --------- d-----w C:\Programmi\Slide
2008-05-19 14:34 --------- d-----w C:\Documents and Settings\XP\Dati applicazioni\Slide
2008-05-09 13:54 --------- d-----w C:\Documents and Settings\XP\Dati applicazioni\AVGTOOLBAR
2008-05-08 18:55 --------- d-----w C:\Programmi\File comuni\Adobe
2008-05-08 18:49 --------- d-----w C:\Documents and Settings\XP\Dati applicazioni\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 10:45 --------- d-----w C:\Programmi\File comuni\Real
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot_2008-06-14_14.53.51,95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-15 11:03:48 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-06-15 11:03:48 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-06-15 11:03:49 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-06-15 11:03:54 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-06-15 11:03:55 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-06-15 11:03:51 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-06-14 12:41:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 14:29:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-02-16 09:42:29 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-06-14 13:05:47 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-06-15 14:29:20 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_59c.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-12-16 12:57 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"3COM"="C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe" [2004-10-22 14:28 389120]
"slide.exe"="c:\programmi\slide\slide.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 13:48 69632 C:\WINDOWS\SOUNDMAN.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 16:46 172032]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"CnxDslTaskBar"="C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2008-06-06 17:36 462848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\FTP Commander\\Ftpcomm.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-09-05 10:25]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-05-20 12:27]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2008-06-06 17:36]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2008-06-06 17:36]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2008-06-06 17:36]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
S3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-10-06 18:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9afc0778-0746-11db-a2e6-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-11 09:02:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 16:34:08
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-06-15 16.35.51
ComboFix-quarantined-files.txt 2008-06-15 14:35:44
ComboFix2.txt 2008-06-14 12:54:10
ComboFix3.txt 2008-05-19 19:15:01

23 Directory 72,386,461,696 byte disponibili
26 Directory 72,376,360,960 byte disponibili

148 --- E O F --- 2008-06-11 08:43:07

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Ecco il log di Kaspersky (lo posto qui, perchè è corto).
Al momento non riscontro più problemi.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 15, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 15, 2008 14:57:52
Records in database: 867406
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 41847
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:47:39

No malware has been detected. The scan area is clean.

The selected area was scanned.

bdoriano

Infatti, sembra tutto a posto. Razz

Se riscontri altri problemi, facci sapere. Wink

ulrikke · Eroe in grazia degli dei Registrato: 18/09/06 21:28 Messaggi: 106

Thanks!!!! Very Happy