Olimpo Informatico

PRANDIER · Mortale devoto Registrato: 16/05/08 20:21 Messaggi: 6 Residenza: Mantova

Salve a tutti,
cerco di utilizzare la guida veloce del Pronto Soccorso di bdoriano.

SO Win XP Prof SP2

Sono connesso in rete e su questo PC problematico non ho programmi AV installati. Sul server ho Kaspersky IS 2007

Credo che la mia infezione che mi stò trascinando da un po' sia dovuta ad una chiavetta USB.

Alcuni giorni fa ho trovato il file Kxvo.exe e i relativi errori e seguendo i vostri consigli indiretti credevo di avere debellato tutto.

La scansione di KIS fatta in rete ha trovato qualche file infetto (un bat e qualche dll) che mi ritrovo ad ogni riavvio.

Cosa vi posto?

chemicalbit · Dio maturo Registrato: 01/04/05 18:59 Messaggi: 18597 Residenza: Milano

PRANDIER · Mortale devoto Registrato: 16/05/08 20:21 Messaggi: 6 Residenza: Mantova

Ok! eseguo non appena ha finito di eseguire Scandisk.
Da qualche giorno ho anche questo problemino: ad ogni avvio o riavvio fa il controllo di coerenza sul disco C: impiegandoci alcune ore (magari poi ti chiedo qualche info anche su questo) ...

chemicalbit · Dio maturo Registrato: 01/04/05 18:59 Messaggi: 18597 Residenza: Milano

Ma il sospetto d'infezione , da cosa deriva?
Non potrebbero essere problemicausati dal disco?

PRANDIER · Mortale devoto Registrato: 16/05/08 20:21 Messaggi: 6 Residenza: Mantova

Potrebbe essere è coinciso però con alcuni distacchi improvvisi di elettricità che hanno provocato degli errori all HD
Leggendo i vostri post sembrava essere un problema di quel tipo.

La genesi è questa:

mancanza di corrente > chiusura brutale > al riavvio diceva errore disco impossibile avviare windows > dopo ripetuti tentativi è riuscito a fare un controllo di coerenza lentissimo trovando degli errori su disco.

Sono riuscito ad entrare e dopo aver inserito utilizzato la chiavetta USB al successivo riavvio è apparso il messaggio Kxvo.exe la memoria non poteva essere read eccetera .....

Ho cercato sul forum Kxvo.exe ed ho seguito alcune procedure di rimozione.

Vuoi che partiamo dall'HD?

PRANDIER · Mortale devoto Registrato: 16/05/08 20:21 Messaggi: 6 Residenza: Mantova

Ecco il log Hijacksthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.40.43, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\ScanSoft\OmniPage15.0\Opware15.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ScanSoft\OmniPage15.0\OpAgent.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\NB ASUS\Desktop\HiJackThis_v2.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/home/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.100:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Opware15] "C:\Programmi\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Programmi\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [OpAgent] "C:\Programmi\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: Avvio Veloce di WinZip.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Programmi\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.zyxel.it/product/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097660041062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147117962093
O16 - DPF: {B54CEBFE-9BB6-11D5-BA31-204C4F4F5020} (SoleCd.clsSolecd) - file:///C:/Programmi/ilSoleCD/Solecd.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9130 bytes

Ecco i link di FileHosting
Sono due perchè ho fatto due scansioni (avevo dimenticato di accendere un'unità HD esterna)

http://www.freefilehosting.net/download/3ha4k

http://www.freefilehosting.net/download/3ha58

Ecco infine il log di Combofix

ComboFix 08-05-15.3 - NB ASUS 2008-05-17 13.59.40.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.582 [GMT 2:00]
Eseguito da: C:\Documents and Settings\NB ASUS\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fool0.dll
C:\WINDOWS\system32\ieso0.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-04-17 al 2008-05-17 )))))))))))))))))))))))))))))))))))
.

2008-05-15 21:06 . 2008-05-15 21:06 <DIR> d-------- C:\Programmi\Driver Magician Lite
2008-05-15 16:58 . 2008-05-15 16:59 <DIR> d-------- C:\Programmi\RegCleaner
2008-05-13 11:37 . 2008-05-13 11:37 98,304 -r-hs---- C:\WINDOWS\system32\fool2.dll
2008-05-07 12:27 . 2008-05-07 12:27 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-05 23:25 . 2008-05-05 23:25 <DIR> d-------- C:\winxp
2008-05-05 16:45 . 2008-05-05 16:45 <DIR> d-------- C:\Programmi\Cobian Backup 9
2008-05-05 16:38 . 2004-08-04 08:07 20,992 --a------ C:\WINDOWS\system32\drivers\vga.sys
2008-05-05 16:38 . 2008-05-05 16:37 20,992 --a------ C:\WINDOWS\system32\drivers\OLDA.tmp
2008-05-05 16:38 . 2004-08-04 08:07 20,992 --a------ C:\WINDOWS\system32\dllcache\vga.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 183,072 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:06 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 15:55 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:50 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:33 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:33 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2003-12-08 12:04 827,392 ----a-w C:\Programmi\NPSWF32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpAgent"="C:\Programmi\ScanSoft\OmniPage15.0\OpAgent.exe" [2005-07-06 01:02 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-13 20:09 65536]
"ASUS Live Update"="C:\Programmi\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54 172032]
"Power_Gear"="C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2002-11-29 11:14 73728]
"ATIPTA"="C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2003-12-03 09:04 110592]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2003-12-03 09:04 618496]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2003-09-19 11:12 1241088]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 12:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Acrobat Assistant 7.0"="C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"REGSHAVE"="C:\Programmi\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"Opware15"="C:\Programmi\ScanSoft\OmniPage15.0\Opware15.exe" [2005-07-06 00:58 69632]
"PDF3 Registry Controller"="C:\Programmi\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-12 10:16 106496]
"SoundMan"="SOUNDMAN.EXE" [2004-05-05 18:45 65024 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-03-05 17:55 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ASUS ChkMail.lnk - C:\Programmi\Asus\Asus ChkMail\ChkMail.exe [2004-02-05 06:44:16 40960]
Hotkey.lnk - C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe [2004-02-05 06:45:37 798208]
Avvio Veloce di WinZip.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2004-03-04 09:51:55 106560]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
Adobe Gamma Loader.exe.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2004-04-29 20:52:18 110592]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2004-04-29 20:52:18 110592]
AutoCAD Startup Accelerator.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2005-10-27 23:00:14 282624]
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-02-16 13:41:20 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Asus\\ASUS Live Update\\LiveUpdt.exe"=
"C:\\Programmi\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\Google\\Google SketchUp 6\\SketchUp.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13158:TCP"= 13158:TCP:NortonAV
"18318:TCP"= 18318:TCP:NortonAV
"16842:TCP"= 16842:TCP:NortonAV
"15353:TCP"= 15353:TCP:NortonAV
"17410:TCP"= 17410:TCP:NortonAV
"18348:TCP"= 18348:TCP:NortonAV
"14297:TCP"= 14297:TCP:NortonAV
"16262:TCP"= 16262:TCP:NortonAV
"12207:TCP"= 12207:TCP:NortonAV
"15315:TCP"= 15315:TCP:NortonAV
"17837:TCP"= 17837:TCP:NortonAV
"17081:TCP"= 17081:TCP:NortonAV
"18146:TCP"= 18146:TCP:NortonAV
"16155:TCP"= 16155:TCP:NortonAV
"15574:TCP"= 15574:TCP:NortonAV
"13192:TCP"= 13192:TCP:NortonAV
"14842:TCP"= 14842:TCP:NortonAV
"14874:TCP"= 14874:TCP:NortonAV
"18681:TCP"= 18681:TCP:NortonAV
"13799:TCP"= 13799:TCP:NortonAV
"12987:TCP"= 12987:TCP:NortonAV
"17470:TCP"= 17470:TCP:NortonAV
"12845:TCP"= 12845:TCP:NortonAV
"14977:TCP"= 14977:TCP:NortonAV
"12237:TCP"= 12237:TCP:NortonAV
"17753:TCP"= 17753:TCP:NortonAV
"16457:TCP"= 16457:TCP:NortonAV
"15928:TCP"= 15928:TCP:NortonAV
"15118:TCP"= 15118:TCP:NortonAV
"18020:TCP"= 18020:TCP:NortonAV
"12926:TCP"= 12926:TCP:NortonAV
"16608:TCP"= 16608:TCP:NortonAV
"18128:TCP"= 18128:TCP:NortonAV
"17633:TCP"= 17633:TCP:NortonAV
"12085:TCP"= 12085:TCP:NortonAV
"18981:TCP"= 18981:TCP:NortonAV
"16786:TCP"= 16786:TCP:NortonAV
"12410:TCP"= 12410:TCP:NortonAV
"13661:TCP"= 13661:TCP:NortonAV
"12382:TCP"= 12382:TCP:NortonAV
"12869:TCP"= 12869:TCP:NortonAV
"18756:TCP"= 18756:TCP:NortonAV
"17882:TCP"= 17882:TCP:NortonAV
"16347:TCP"= 16347:TCP:NortonAV
"16554:TCP"= 16554:TCP:NortonAV
"18975:TCP"= 18975:TCP:NortonAV
"16289:TCP"= 16289:TCP:NortonAV
"18620:TCP"= 18620:TCP:NortonAV
"13177:TCP"= 13177:TCP:NortonAV
"17878:TCP"= 17878:TCP:NortonAV
"18217:TCP"= 18217:TCP:NortonAV
"13155:TCP"= 13155:TCP:NortonAV
"15642:TCP"= 15642:TCP:NortonAV
"12551:TCP"= 12551:TCP:NortonAV
"16550:TCP"= 16550:TCP:NortonAV
"16675:TCP"= 16675:TCP:NortonAV
"18118:TCP"= 18118:TCP:NortonAV
"13208:TCP"= 13208:TCP:NortonAV
"12615:TCP"= 12615:TCP:NortonAV
"16541:TCP"= 16541:TCP:NortonAV
"12197:TCP"= 12197:TCP:NortonAV
"16077:TCP"= 16077:TCP:NortonAV
"12713:TCP"= 12713:TCP:NortonAV
"12017:TCP"= 12017:TCP:NortonAV
"13311:TCP"= 13311:TCP:NortonAV
"12665:TCP"= 12665:TCP:NortonAV
"15890:TCP"= 15890:TCP:NortonAV
"12636:TCP"= 12636:TCP:NortonAV
"14246:TCP"= 14246:TCP:NortonAV
"12951:TCP"= 12951:TCP:NortonAV
"14620:TCP"= 14620:TCP:NortonAV
"14586:TCP"= 14586:TCP:NortonAV
"15274:TCP"= 15274:TCP:NortonAV
"16777:TCP"= 16777:TCP:NortonAV
"14572:TCP"= 14572:TCP:NortonAV
"15255:TCP"= 15255:TCP:NortonAV
"14962:TCP"= 14962:TCP:NortonAV
"16309:TCP"= 16309:TCP:NortonAV
"12105:TCP"= 12105:TCP:NortonAV
"12089:TCP"= 12089:TCP:NortonAV
"12351:TCP"= 12351:TCP:NortonAV
"18394:TCP"= 18394:TCP:NortonAV
"15463:TCP"= 15463:TCP:NortonAV
"13847:TCP"= 13847:TCP:NortonAV

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2005-06-28 10:17]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2005-06-28 10:17]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-12-14 21:39]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 07:37]
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2003-12-18 21:51]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2003-12-18 21:51]
S2 PDSched;PDScheduler;C:\Programmi\Raxco\PerfectDisk\PDSched.exe [2005-06-28 14:07]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 15:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\d8hii.cmd
\Shell\explore\Command - H:\d8hii.cmd
\Shell\open\Command - H:\d8hii.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b516d9c8-472d-11da-828e-000ea661e916}]
\Shell\AutoRun\command - I:\vl.com
\Shell\explore\Command - I:\vl.com
\Shell\open\Command - I:\vl.com

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 14:01:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-17 14.02.28
ComboFix-quarantined-files.txt 2008-05-17 12:02:26

17 Directory 8,125,677,568 byte disponibili
22 Directory 8,106,115,072 byte disponibili

219 --- E O F --- 2008-05-14 18:22:04

Speriamo!!!

bdoriano

Crea un file di testo con le seguenti istruzioni:

Codice:

File::
C:\WINDOWS\system32\fool2.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b516d9c8-472d-11da-828e-000ea661e916}]

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink

Posta il logs aggiornato di combofix.

Dopo, fai questa scansione con VirIT.

PRANDIER · Mortale devoto Registrato: 16/05/08 20:21 Messaggi: 6 Residenza: Mantova

Ecco il log di VirIT

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
17/05/2008 - 16:00:47

[SCANSIONE DEL REGISTRO]
OK

[K:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

K:\H\Programmi\Viewpoint\Viewpoint Media Player\AxMetaStream.dll Infetto da Spyware.ViewPoint.A
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 46817.
Files Totali: 46817.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.

PRANDIER · Mortale devoto Registrato: 16/05/08 20:21 Messaggi: 6 Residenza: Mantova

Questo è il log di Combofix aggiornato che mi sono scordato

ComboFix 08-05-15.3 - NB ASUS 2008-05-17 15.54.59.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.654 [GMT 2:00]
Eseguito da: C:\Documents and Settings\NB ASUS\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\NB ASUS\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\fool2.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fool2.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-04-17 al 2008-05-17 )))))))))))))))))))))))))))))))))))
.

2008-05-15 21:06 . 2008-05-15 21:06 <DIR> d-------- C:\Programmi\Driver Magician Lite
2008-05-15 16:58 . 2008-05-15 16:59 <DIR> d-------- C:\Programmi\RegCleaner
2008-05-07 12:27 . 2008-05-07 12:27 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-05 23:25 . 2008-05-05 23:25 <DIR> d-------- C:\winxp
2008-05-05 16:45 . 2008-05-05 16:45 <DIR> d-------- C:\Programmi\Cobian Backup 9
2008-05-05 16:38 . 2004-08-04 08:07 20,992 --a------ C:\WINDOWS\system32\drivers\vga.sys
2008-05-05 16:38 . 2008-05-05 16:37 20,992 --a------ C:\WINDOWS\system32\drivers\OLDA.tmp
2008-05-05 16:38 . 2004-08-04 08:07 20,992 --a------ C:\WINDOWS\system32\dllcache\vga.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 183,072 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:06 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 15:55 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:50 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:33 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:33 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2003-12-08 12:04 827,392 ----a-w C:\Programmi\NPSWF32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpAgent"="C:\Programmi\ScanSoft\OmniPage15.0\OpAgent.exe" [2005-07-06 01:02 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-13 20:09 65536]
"ASUS Live Update"="C:\Programmi\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54 172032]
"Power_Gear"="C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2002-11-29 11:14 73728]
"ATIPTA"="C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2003-12-03 09:04 110592]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2003-12-03 09:04 618496]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2003-09-19 11:12 1241088]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 12:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Acrobat Assistant 7.0"="C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"REGSHAVE"="C:\Programmi\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"Opware15"="C:\Programmi\ScanSoft\OmniPage15.0\Opware15.exe" [2005-07-06 00:58 69632]
"PDF3 Registry Controller"="C:\Programmi\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-12 10:16 106496]
"SoundMan"="SOUNDMAN.EXE" [2004-05-05 18:45 65024 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-03-05 17:55 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ASUS ChkMail.lnk - C:\Programmi\Asus\Asus ChkMail\ChkMail.exe [2004-02-05 06:44:16 40960]
Hotkey.lnk - C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe [2004-02-05 06:45:37 798208]
Avvio Veloce di WinZip.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2004-03-04 09:51:55 106560]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
Adobe Gamma Loader.exe.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2004-04-29 20:52:18 110592]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2004-04-29 20:52:18 110592]
AutoCAD Startup Accelerator.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2005-10-27 23:00:14 282624]
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-02-16 13:41:20 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Asus\\ASUS Live Update\\LiveUpdt.exe"=
"C:\\Programmi\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\Google\\Google SketchUp 6\\SketchUp.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13158:TCP"= 13158:TCP:NortonAV
"18318:TCP"= 18318:TCP:NortonAV
"16842:TCP"= 16842:TCP:NortonAV
"15353:TCP"= 15353:TCP:NortonAV
"17410:TCP"= 17410:TCP:NortonAV
"18348:TCP"= 18348:TCP:NortonAV
"14297:TCP"= 14297:TCP:NortonAV
"16262:TCP"= 16262:TCP:NortonAV
"12207:TCP"= 12207:TCP:NortonAV
"15315:TCP"= 15315:TCP:NortonAV
"17837:TCP"= 17837:TCP:NortonAV
"17081:TCP"= 17081:TCP:NortonAV
"18146:TCP"= 18146:TCP:NortonAV
"16155:TCP"= 16155:TCP:NortonAV
"15574:TCP"= 15574:TCP:NortonAV
"13192:TCP"= 13192:TCP:NortonAV
"14842:TCP"= 14842:TCP:NortonAV
"14874:TCP"= 14874:TCP:NortonAV
"18681:TCP"= 18681:TCP:NortonAV
"13799:TCP"= 13799:TCP:NortonAV
"12987:TCP"= 12987:TCP:NortonAV
"17470:TCP"= 17470:TCP:NortonAV
"12845:TCP"= 12845:TCP:NortonAV
"14977:TCP"= 14977:TCP:NortonAV
"12237:TCP"= 12237:TCP:NortonAV
"17753:TCP"= 17753:TCP:NortonAV
"16457:TCP"= 16457:TCP:NortonAV
"15928:TCP"= 15928:TCP:NortonAV
"15118:TCP"= 15118:TCP:NortonAV
"18020:TCP"= 18020:TCP:NortonAV
"12926:TCP"= 12926:TCP:NortonAV
"16608:TCP"= 16608:TCP:NortonAV
"18128:TCP"= 18128:TCP:NortonAV
"17633:TCP"= 17633:TCP:NortonAV
"12085:TCP"= 12085:TCP:NortonAV
"18981:TCP"= 18981:TCP:NortonAV
"16786:TCP"= 16786:TCP:NortonAV
"12410:TCP"= 12410:TCP:NortonAV
"13661:TCP"= 13661:TCP:NortonAV
"12382:TCP"= 12382:TCP:NortonAV
"12869:TCP"= 12869:TCP:NortonAV
"18756:TCP"= 18756:TCP:NortonAV
"17882:TCP"= 17882:TCP:NortonAV
"16347:TCP"= 16347:TCP:NortonAV
"16554:TCP"= 16554:TCP:NortonAV
"18975:TCP"= 18975:TCP:NortonAV
"16289:TCP"= 16289:TCP:NortonAV
"18620:TCP"= 18620:TCP:NortonAV
"13177:TCP"= 13177:TCP:NortonAV
"17878:TCP"= 17878:TCP:NortonAV
"18217:TCP"= 18217:TCP:NortonAV
"13155:TCP"= 13155:TCP:NortonAV
"15642:TCP"= 15642:TCP:NortonAV
"12551:TCP"= 12551:TCP:NortonAV
"16550:TCP"= 16550:TCP:NortonAV
"16675:TCP"= 16675:TCP:NortonAV
"18118:TCP"= 18118:TCP:NortonAV
"13208:TCP"= 13208:TCP:NortonAV
"12615:TCP"= 12615:TCP:NortonAV
"16541:TCP"= 16541:TCP:NortonAV
"12197:TCP"= 12197:TCP:NortonAV
"16077:TCP"= 16077:TCP:NortonAV
"12713:TCP"= 12713:TCP:NortonAV
"12017:TCP"= 12017:TCP:NortonAV
"13311:TCP"= 13311:TCP:NortonAV
"12665:TCP"= 12665:TCP:NortonAV
"15890:TCP"= 15890:TCP:NortonAV
"12636:TCP"= 12636:TCP:NortonAV
"14246:TCP"= 14246:TCP:NortonAV
"12951:TCP"= 12951:TCP:NortonAV
"14620:TCP"= 14620:TCP:NortonAV
"14586:TCP"= 14586:TCP:NortonAV
"15274:TCP"= 15274:TCP:NortonAV
"16777:TCP"= 16777:TCP:NortonAV
"14572:TCP"= 14572:TCP:NortonAV
"15255:TCP"= 15255:TCP:NortonAV
"14962:TCP"= 14962:TCP:NortonAV
"16309:TCP"= 16309:TCP:NortonAV
"12105:TCP"= 12105:TCP:NortonAV
"12089:TCP"= 12089:TCP:NortonAV
"12351:TCP"= 12351:TCP:NortonAV
"18394:TCP"= 18394:TCP:NortonAV
"15463:TCP"= 15463:TCP:NortonAV
"13847:TCP"= 13847:TCP:NortonAV

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2005-06-28 10:17]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2005-06-28 10:17]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-12-14 21:39]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 07:37]
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2003-12-18 21:51]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2003-12-18 21:51]
S2 PDSched;PDScheduler;C:\Programmi\Raxco\PerfectDisk\PDSched.exe [2005-06-28 14:07]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 15:21]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 15:55:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-17 15.56.00
ComboFix-quarantined-files.txt 2008-05-17 13:56:00
ComboFix2.txt 2008-05-17 12:02:30

17 Directory 8,035,762,176 byte disponibili
22 Directory 8,028,585,984 byte disponibili

215 --- E O F --- 2008-05-14 18:22:04

bdoriano

Scusa, mi sono dimenticato di farti cancellare un file. Razz

Crea un file di testo con le seguenti istruzioni: