Olimpo Informatico

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Rieccomi!!

Sembra che dovunque io vada i virus mi seguano....
Stavolta il problema l'ho riscontrato al mio portatile, un Toshiba Satellite 3000x-11 con Windows Xp Service Pack 2. Nello specifico, lentezza esasperante, cpu che lavora sempre (o quasi) al 100%, impostazioni cambiate da sole....
Mi sono portata avanti con il lavoro.....

- Ho disinstallato e cancellato programmi e file inutili per liberare spazio
- Ho dato una bella pulita con CCleaner
- Fatto una scansione con HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.54.00, on 03/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\WINDOWS\System32\CePMTray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\EzButton\CP888M1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\MARZIA\Documenti\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\System32\CePMTray .exe
C:\PROGRA~1\EzButton\CP888M1 .exe
C:\Programmi\Apoint2K\Apoint .exe
C:\WINDOWS\System32\hkcmd .exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Mostra immagine originale - res://C:\Programmi\Libero 6x\liberoaccel.exe/227
O8 - Extra context menu item: Mostra tutte le immagini originali - res://C:\Programmi\Libero 6x\liberoaccel.exe/250
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.excite.it
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206897287305
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206897089050
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 3875 bytes

- Fatto una scansione con Norman Malware Cleaner
NFix_2008-07-03_23-19-41.log

- Eseguito Combofix
ComboFix 08-06-30.2 - MARZIA 2008-07-03 23:48:05.2 - FAT32x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.144 [GMT 2:00]
Eseguito da: C:\Documents and Settings\MARZIA\Documenti\My downloaded files\Combo Fix\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-06-03 al 2008-07-03 )))))))))))))))))))))))))))))))))))
.

2008-07-03 22:59 . 2008-07-03 22:59 <DIR> d-------- C:\Programmi\CCleaner
2008-06-30 21:55 . 2008-06-30 21:56 <DIR> d-------- C:\Program Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 20:33 14,348 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-07-03 20:33 14,348 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-07-03 20:29 14,348 ----a-w C:\WINDOWS\system32\CePMTray.exe
2008-05-02 20:50 14,348 ----a-w C:\WINDOWS\system32\lxsupmon .exe
2006-10-21 16:50 122,520 ----a-w C:\Documents and Settings\MARZIA\Dati applicazioni\GDIPFONTCACHEV1.DAT
2003-04-02 20:48 63,488 --sha-w C:\Programmi\Thumbs.db
2004-11-06 16:35 0 --sha-w C:\WINDOWS\crwug.dat
.

bdoriano

Apri il Blocco note e crea un file di testo con le seguenti istruzioni:

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Ecco il log di Combofix:

ComboFix 08-06-30.2 - MARZIA 2008-07-05 17.12.27.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.66 [GMT 2:00]
Eseguito da: C:\Documents and Settings\MARZIA\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\MARZIA\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\lxsupmon .exe
.

((((((((((((((((((((((((( Files Creati Da 2008-06-05 al 2008-07-05 )))))))))))))))))))))))))))))))))))
.

2008-07-04 22:37 . 2008-07-04 22:37 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-04 22:14 . 2008-07-04 22:14 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 22:14 . 2008-07-04 22:14 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 22:14 . 2008-07-04 22:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-04 22:13 . 2008-07-04 22:13 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-04 22:13 . 2008-07-04 22:13 <DIR> d-------- C:\Programmi\AVG
2008-07-04 22:13 . 2008-07-04 22:13 <DIR> d-------- C:\Documents and Settings\MARZIA\Dati applicazioni\AVGTOOLBAR
2008-07-04 22:13 . 2008-07-04 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-07-04 22:12 . 2008-07-04 22:14 8,192 --a------ C:\Documents and Settings\PROPRI~1
2008-07-04 22:09 . 2008-07-04 22:09 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-04 22:09 . 2008-07-04 22:09 <DIR> d-------- C:\Documents and Settings\MARZIA\Dati applicazioni\Malwarebytes
2008-07-04 22:09 . 2008-07-04 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-07-04 22:09 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-04 22:09 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-04 22:08 . 2008-07-04 22:08 <DIR> d-------- C:\Programmi\Auslogics
2008-07-04 22:08 . 2008-07-04 22:08 <DIR> d-------- C:\Documents and Settings\MARZIA\Dati applicazioni\Auslogics
2008-07-04 22:08 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-07-04 22:08 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-07-04 22:07 . 2008-07-04 22:07 <DIR> d-------- C:\Programmi\Wise Registry Cleaner 3
2008-07-03 22:59 . 2008-07-03 22:59 <DIR> d-------- C:\Programmi\CCleaner
2008-06-30 21:55 . 2008-06-30 21:56 <DIR> d-------- C:\Program Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-10-21 16:50 122,520 ----a-w C:\Documents and Settings\MARZIA\Dati applicazioni\GDIPFONTCACHEV1.DAT
2003-04-02 20:48 63,488 --sha-w C:\Programmi\Thumbs.db
2004-11-06 16:35 0 --sha-w C:\WINDOWS\crwug.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-03_23.50.21.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-03 21:14:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-05 15:05:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-03 20:29:02 14,348 ----a-w C:\WINDOWS\system32\CePMTray.exe
+ 2001-12-24 05:01:20 106,496 ----a-w C:\WINDOWS\system32\cepmtray.exe
- 2008-07-03 20:33:08 14,348 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2004-08-19 13:39:36 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2004-08-19 13:39:36 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2008-07-04 20:14:08 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2008-07-03 20:33:12 14,348 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2002-01-29 20:25:20 106,496 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.EXE" [2001-04-12 04:47 842240]
"CP888M1"="C:\PROGRA~1\EzButton\CP888M1.EXE" [2001-11-29 11:19 94208]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 22:13 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLS"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 22:14]
R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2005-10-06 10:38]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 22:13]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 22:13]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 22:14]
R2 cpwnt;cpwnt;C:\WINDOWS\system32\drivers\cpwnt.sys [1997-05-30 00:00]
R2 DPortIO;Dritek Port I/O Driver;C:\WINDOWS\system32\Drivers\DPortIO.sys [2001-04-12 16:04]
R3 {40867A83-9E92-474c-A921-20AA73EAE42F};AIM 3.0 CH-7007;C:\WINDOWS\system32\drivers\A303.sys [2002-02-15 15:07]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;C:\WINDOWS\system32\drivers\Vch.sys [2002-02-15 15:07]
S2 CPUSB;CPUsb.Sys driver;C:\WINDOWS\system32\Drivers\CPUSB.sys [2002-10-24 03:00]
S3 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" [2006-11-05 19:02]
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2005-10-06 10:38]
S3 gUSBSTOi;gUSBSTOi;C:\DOCUME~1\MARZIA\IMPOST~1\Temp\gUSBSTOi.sys []
S3 le10;Micronet SP125A Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\le10nds.sys [1999-07-01 10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83e5b1f0-46de-11dd-a0f0-8abced3cacae}]
\Shell\AutoRun\command - E:\start.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2007-11-02 14:35:04 C:\WINDOWS\Tasks\WebReg .job"
- C:\Programmi\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 17:16:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-05 17.17.24
ComboFix-quarantined-files.txt 2008-07-05 15:17:14
ComboFix2.txt 2008-07-03 21:50:38

13 Directory 4,653,285,376 byte disponibili
17 Directory 4,648,910,848 byte disponibili

128

Ed ecco quello di BitDefenser:

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sat, Jul 05, 2008 - 19:52:48

--------------------------------------------------------------------------------

Scan Info

Scanned Files
62106

Infected Files
0

Virus Detected

No virus found.

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

Purtroppo ho problemi con l'adsl Evil or Very Mad

e non riesco a fare la scansione online su Kaspersky... non c'è modo di scaricare i files e copiarli da un pc altro?? Idea

bdoriano

Ok, allora fai questa scansione con Kaspersky off-line. Wink

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Ok!! Grazie mille bdoriano!!
Domattina provvedo allo "scaricamento" dal computer dell'ufficio Wink

Buonanotte!!!

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Ho effettuato la scansione con Kaspersky offline ed, effettivamente, mi ha trovato diversi files infetti!!! Evil or Very Mad

Allego il link del file:
link Wink

bdoriano

Dovrebbe anche averteli cancellati... Razz

Purtroppo, il log è troppo lungo per controllarlo tutto velocemente. Rolling Eyes

Puoi disinstallare il Kaspersky Tool.
Non mi ricordo se già te l'ho fatto fare, eventualmente, segui le istruzioni di questo topic per usare MBAM. Carica il log su WikiSend e posta il Forum Link che ti viene assegnato.

Rifai anche la scansione con ComboFix.

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Ecco il link di MBAM su wikisend:

mbam-log-7-10-2008 (20-28-31).txt

Ed ecco il log di Combofix:

ComboFix 08-06-30.2 - MARZIA 2008-07-10 20.30.51.4 - FAT32x86
Eseguito da: C:\Documents and Settings\MARZIA\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-06-10 al 2008-07-10 )))))))))))))))))))))))))))))))))))
.

2008-07-09 19:33 . 2008-03-05 11:41 148,496 --a------ C:\WINDOWS\system32\drivers\01223150.sys
2008-07-09 19:33 . 2008-07-09 19:34 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-09 19:33 . 2008-07-09 19:34 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-09 19:27 . 2008-07-09 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-07-08 21:56 . 2008-04-23 06:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-07 22:02 . 2008-07-07 22:02 <DIR> d-------- C:\WINDOWS\Sun
2008-07-07 21:59 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-07 21:57 . 2008-07-07 21:57 <DIR> d-------- C:\Programmi\Java
2008-07-07 21:56 . 2008-07-07 21:56 <DIR> d-------- C:\Programmi\File comuni\Java
2008-07-05 19:11 . 2008-07-05 19:11 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-04 22:37 . 2008-07-04 22:37 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-04 22:14 . 2008-07-04 22:14 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 22:14 . 2008-07-04 22:14 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 22:14 . 2008-07-04 22:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-04 22:13 . 2008-07-04 22:13 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-04 22:13 . 2008-07-04 22:13 <DIR> d-------- C:\Programmi\AVG
2008-07-04 22:13 . 2008-07-04 22:13 <DIR> d-------- C:\Documents and Settings\MARZIA\Dati applicazioni\AVGTOOLBAR
2008-07-04 22:13 . 2008-07-04 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-07-04 22:12 . 2008-07-04 22:14 8,192 --a------ C:\Documents and Settings\PROPRI~1
2008-07-04 22:09 . 2008-07-04 22:09 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-04 22:09 . 2008-07-04 22:09 <DIR> d-------- C:\Documents and Settings\MARZIA\Dati applicazioni\Malwarebytes
2008-07-04 22:09 . 2008-07-04 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-07-04 22:09 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-04 22:09 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-04 22:08 . 2008-07-04 22:08 <DIR> d-------- C:\Programmi\Auslogics
2008-07-04 22:08 . 2008-07-04 22:08 <DIR> d-------- C:\Documents and Settings\MARZIA\Dati applicazioni\Auslogics
2008-07-04 22:08 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-07-04 22:08 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-07-04 22:07 . 2008-07-04 22:07 <DIR> d-------- C:\Programmi\Wise Registry Cleaner 3
2008-07-03 22:59 . 2008-07-03 22:59 <DIR> d-------- C:\Programmi\CCleaner
2008-06-30 21:55 . 2008-06-30 21:56 <DIR> d-------- C:\Program Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-10-21 16:50 122,520 ----a-w C:\Documents and Settings\MARZIA\Dati applicazioni\GDIPFONTCACHEV1.DAT
2003-04-02 20:48 63,488 --sha-w C:\Programmi\Thumbs.db
2004-11-06 16:35 0 --sha-w C:\WINDOWS\crwug.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-03_23.50.21.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-05 17:13:20 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-07-05 17:13:22 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-07-05 17:13:26 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-07-05 17:14:52 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-07-05 17:15:22 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-07-05 17:14:12 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-07-03 21:14:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 17:42:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2006-12-22 08:49:36 765,952 ------w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-02-27 13:20:24 124,928 ------w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2006-10-17 09:58:06 346,624 ------w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2006-10-17 09:57:50 214,528 ------w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-02-27 13:20:24 132,608 ------w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2006-10-17 09:58:20 61,952 ------w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2007-02-27 08:20:46 56,832 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-02-27 13:20:24 153,088 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-02-27 13:20:26 230,400 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-02-21 08:00:54 161,792 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-04-03 04:36:20 2,453,952 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dat
+ 2007-04-03 14:29:14 383,488 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2007-02-27 13:20:26 384,000 ------w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-02-27 13:20:56 6,054,400 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2007-02-27 13:20:56 44,544 ------w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-02-27 13:20:56 266,752 ------w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2007-02-27 08:20:48 13,824 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2007-02-21 08:00:58 623,616 ------w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-02-27 13:20:58 27,136 ------w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-02-27 13:21:00 458,752 ------w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2007-02-27 13:21:00 51,712 ------w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2007-02-27 13:21:30 3,581,952 ------w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-02-27 13:21:30 477,696 ------w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-02-27 13:21:30 193,024 ------w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-02-27 13:21:40 670,720 ------w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-02-27 13:21:40 102,400 ------w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2006-10-17 09:58:08 44,544 ------w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2007-02-27 13:21:42 105,984 ------w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-02-27 13:21:44 1,150,464 ------w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-02-27 13:21:44 232,960 ------w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-02-27 13:21:48 822,784 ------w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-07-01 20:47:40 2,560 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-07-08 20:07:18 2,560 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-07-01 20:47:40 34,304 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-07-08 20:07:18 34,304 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-07-01 20:47:40 8,192 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-07-08 20:07:18 8,192 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-07-01 20:47:40 3,584 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-07-08 20:07:18 3,584 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-07-01 20:47:40 16,384 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-07-08 20:07:18 16,384 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-07-01 20:47:40 22,528 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-07-08 20:07:18 22,528 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-07-01 20:47:40 45,056 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-07-08 20:07:18 45,056 ----a-r C:\WINDOWS\Installer\{911B0410-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-07-08 19:46:18 16,708 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{8C656BE4-C1E7-454D-A596-C4F2F5C6AA57}.bin
- 2007-02-27 13:20:24 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-07-03 20:29:02 14,348 ----a-w C:\WINDOWS\system32\CePMTray.exe
+ 2001-12-24 05:01:20 106,496 ----a-w C:\WINDOWS\system32\cepmtray.exe
- 2008-07-03 20:33:08 14,348 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2004-08-19 13:39:36 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
- 2007-02-27 13:20:24 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2004-08-19 13:39:36 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
- 2006-10-17 09:58:06 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2006-10-17 09:57:50 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-02-27 13:20:24 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-02-27 13:20:24 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-02-27 13:20:26 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-04-03 04:36:20 2,453,952 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dat
- 2007-04-03 14:29:14 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-02-27 13:20:26 384,000 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-02-27 13:20:56 6,054,400 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-02-27 13:20:56 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-02-27 13:20:56 266,752 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-02-27 13:20:58 27,136 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-02-27 13:21:00 458,752 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-02-27 13:21:00 51,712 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-02-27 13:21:30 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-02-27 13:21:30 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-02-27 13:21:40 670,720 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-02-27 13:21:40 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2006-10-17 09:58:08 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-02-27 13:21:42 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-02-27 13:21:44 1,150,464 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:30 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-12-22 08:49:36 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2007-02-27 13:21:44 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:30 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-02-27 13:21:48 822,784 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:30 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-07-04 20:14:08 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2006-10-17 09:58:06 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2006-10-17 09:57:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-02-27 13:20:24 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-07-03 20:33:12 14,348 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2002-01-29 20:25:20 106,496 ----a-w C:\WINDOWS\system32\hkcmd.exe
- 2006-10-17 09:58:20 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-02-27 08:20:46 56,832 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-02-27 13:20:24 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-02-27 13:20:26 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-02-21 08:00:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:52 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-04-03 04:36:20 2,453,952 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-04-03 14:29:14 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-02-27 13:20:26 384,000 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-02-27 13:20:56 6,054,400 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-02-27 13:20:56 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-02-27 13:20:56 266,752 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-02-27 08:20:48 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-03-24 23:28:40 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 23:28:44 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 00:37:02 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-02-27 13:20:58 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 06:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 14:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-02-27 13:21:00 458,752 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-02-27 13:21:00 51,712 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-02-27 13:21:30 3,581,952 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 20:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-02-27 13:21:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-02-27 13:21:30 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-02-27 13:21:40 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
+ 2007-07-30 17:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
- 2007-02-27 13:21:40 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2006-10-17 09:58:08 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-02-27 13:21:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-02-27 13:21:44 1,150,464 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-02-27 13:21:44 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-03-15 16:17:20 337,280 ------w C:\WINDOWS\system32\WgaTray.exe
+ 2008-04-23 15:17:42 909,864 ----a-w C:\WINDOWS\system32\WGATray.exe
- 2007-02-27 13:21:48 822,784 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:30 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CP888M1"="C:\PROGRA~1\EzButton\CP888M1.EXE" [2001-11-29 11:19 94208]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 22:13 1177368]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"is-015RU"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-015RU\is-015RU.exe" [2008-06-07 15:26 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLS"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 22:14]
R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2005-10-06 10:38]
R1 is-015RUdrv;is-015RUdrv;C:\WINDOWS\system32\drivers\01223150.sys [2008-03-05 11:41]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 22:13]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 22:13]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 22:14]
R2 cpwnt;cpwnt;C:\WINDOWS\system32\drivers\cpwnt.sys [1997-05-30 00:00]
R2 DPortIO;Dritek Port I/O Driver;C:\WINDOWS\system32\Drivers\DPortIO.sys [2001-04-12 16:04]
R3 {40867A83-9E92-474c-A921-20AA73EAE42F};AIM 3.0 CH-7007;C:\WINDOWS\system32\drivers\A303.sys [2002-02-15 15:07]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;C:\WINDOWS\system32\drivers\Vch.sys [2002-02-15 15:07]
S2 CPUSB;CPUsb.Sys driver;C:\WINDOWS\system32\Drivers\CPUSB.sys [2002-10-24 03:00]
S2 is-015RU;is-015RU;"C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-015RU\is-015RU.exe" -r []
S3 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" [2006-11-05 19:02]
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2005-10-06 10:38]
S3 gUSBSTOi;gUSBSTOi;C:\DOCUME~1\MARZIA\IMPOST~1\Temp\gUSBSTOi.sys []
S3 le10;Micronet SP125A Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\le10nds.sys [1999-07-01 10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83e5b1f0-46de-11dd-a0f0-8abced3cacae}]
\Shell\AutoRun\command - E:\start.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2007-11-02 14:35:04 C:\WINDOWS\Tasks\WebReg .job"
- C:\Programmi\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 20:34:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-10 20.36.11
ComboFix-quarantined-files.txt 2008-07-10 18:35:56
ComboFix3.txt 2008-07-03 21:50:38
ComboFix2.txt 2008-07-05 15:17:28

13 Directory 4,292,263,936 byte disponibili
17 Directory 4,353,507,328 byte disponibili

323 --- E O F --- 2008-07-08 20:20:29

La scansione con Kaspersky di ieri dovrebbe aver eliminato i files infetti ma, tra i processi del task manager, leggo ancora dei nomi sospetti Crying or Very sad

bdoriano

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Non mi ricordo esattamente ma era qualcosa tipo "cp8881"....
Ma magari sono io che scambio per minaccia qualcosa di normalissimo Wink

!!
Comunque provo a fare anche quest'altra scansione, per sicurezza!
Grazie mille!!

bdoriano

Non ne sono sicuro, ma potrebbe essere il driver audio... Think

Ma aspettiamo di vedere l'ultima scansione. Wink

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Scusa per il ritardo... ho fatto la scansione solo ieri Embarassed

Ecco il risultato:
15_07_2008_22_08_report.zip

Spero stavolta sia pulito.... Wink

bdoriano

Scusa il ritardo, mi stavo dimenticando di te. Razz

Ho controllato il log e non ho trovato nulla di sospetto a parte un vecchio rimasuglio, che ti faccio cancellare subito.

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca Ok
Inserisci queste righe nel riquadro bianco:

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

... infatti lo sospettavo!! Wink

Ora provo a fare questa scansione.. avrai mie notizie quanto prima Smile

Per il resto i sembra proprio che il pc vada bene adesso, è più veloce, non mi appaiono più messaggi strani all'accensione....

Invece mi preoccupa l'altro pc (quello del caso "risolto"...): non fa niente di strano, ma quasi tutti i programmi che uso, una volta chiusi, mi rimangono aperti tra i processi del task manager... Chissà perchè?
Ma forse non dovrei scriverlo in questo topic, sennò facciamo confusione... Embarassed

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Buongiorno!!
Ho fatto l'ultima scansione con Avenger; ecco il risultato:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKLM\system\currentcontrolset\services\gUSBSTOi" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

PS: Ho controllato: il processo dal nome strano di cui ti parlavo l'altra volta era "CP888M1.exe".

Ciao!!! Wink

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

....Non è che ti sei scordato di nuovo di me, vero?!?!
Crying or Very sad

.....

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Uff... mi sa tanto che ti sei scordato davvero di me!!!
Sad

bdoriano

Ecchime.

Il file CP888M1.exe si riferisce ai tasti speciali di alcuni portatili. Nulla di grave. Wink

Non ho capito se riscontri ancora problemi (e quali) con il pc. Think