Olimpo Informatico

baciami · Semidio Registrato: 02/09/07 15:40 Messaggi: 287 Residenza: toscana

ogni tanto torno a rompe Very Happy

ho fatto una scansione con virit e mi ha trovato

[SCANSIONE DEL REGISTRO]
{DCE2F8B1-A520-11D4-8FD0-00D0B7730277} Infetto da Trojan.Win32.Dialer.KA

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

Chiavi Registro infette: 1.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 63425.
Files Totali: 63425.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

kaspersky on-line e hijak non mi hanno trovato niente.e con virit non mi elimina sto trojan..che posso fare? ho provato anche combofix ma..niente..tutto a posto..ho scaricato anche il nod32 ma mi ha trovato un virus java che neanche sapevo che c'era..come antivirus ho avira il mi pc è un window xp home edition

bdoriano

Ciao baciami, Ciao

probabilmente è solo un rimasuglio di qualche infezione precedente, visto che lo trova solo nel registro.

Posta comunque il log di combofix, che gli diamo un'occhiata. Wink

baciami · Semidio Registrato: 02/09/07 15:40 Messaggi: 287 Residenza: toscana

ok bdoriano..grazie

ComboFix 08-06-20.4 - Proprietario 2008-06-29 20.24.35.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.470 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-05-28 al 2008-06-29 )))))))))))))))))))))))))))))))))))
.

2008-06-28 21:29 . 2008-06-28 21:55 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-06-27 22:48 . 2008-06-27 22:48 <DIR> d-------- C:\Documents and Settings\Proprietario\DoctorWeb
2008-06-27 20:40 . 2008-06-27 23:29 <DIR> d-------- C:\VEXPLITE
2008-06-11 12:26 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 13:38 . 2008-06-06 13:38 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\Nokia
2008-06-06 13:37 . 2008-06-06 13:37 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\PC Suite
2008-06-06 13:36 . 2008-06-06 13:37 <DIR> d-------- C:\Programmi\Nokia
2008-06-06 13:36 . 2008-06-06 13:36 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-06-06 13:36 . 2008-06-06 13:36 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-05-30 19:29 . 2002-08-06 16:38 87,168 --a------ C:\WINDOWS\system32\drivers\vnetusbr.sys
2008-05-30 19:29 . 2002-07-16 15:59 85,888 --a------ C:\WINDOWS\system32\drivers\fvnetr.sys
2008-05-30 19:29 . 2002-08-06 16:38 74,112 --a------ C:\WINDOWS\system32\drivers\vnetusba.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 18:27 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 17:29 --------- d-----w C:\Programmi\Siemens
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-30 10:51 2,572 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
2008-03-01 15:49 20,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-27_23.14.35.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-28 19:29:31 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-06-28 19:29:31 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-06-28 19:29:32 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-06-28 19:29:37 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-06-28 19:29:39 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-06-28 19:29:33 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
- 2008-06-27 20:22:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 17:35:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"Yahoo! Pager"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 20:27 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-25 00:27 32768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 21:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-25 00:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 21:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-03-31 09:30 1106944 C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 19:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 11:01 319488 C:\WINDOWS\PixArt\PAC207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 09:39 167936 C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 09:57 847872 C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 04:23 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
R3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 20:25:57
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-06-29 20.27.35
ComboFix-quarantined-files.txt 2008-06-29 18:27:26
ComboFix2.txt 2008-06-27 21:15:02

10 Directory 20,481,531,904 byte disponibili
12 Directory 20,475,629,568 byte disponibili

119 --- E O F --- 2008-06-20 18:29:23

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Bdoriano al momento è impegnato e non può rispondere....

Comunque, Combofix non ha trovato niente e il resto del log sempra pulito;

Se hai ancora problemi con il PC fai la scansione con Systemscan e posta il log generato come
indicato quì

baciami · Semidio Registrato: 02/09/07 15:40 Messaggi: 287 Residenza: toscana

grazie sante..ecco il risultato

http://www.freefilehosting.net/download/3j5dc

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Nulla di sospetto nel log...

dovresti essere a posto così....

baciami · Semidio Registrato: 02/09/07 15:40 Messaggi: 287 Residenza: toscana

ok sante..grazie..anche se sento sempre dei brevi suoni..e tutte le volte era x virus..cmq speriamo bene,ciao Smile

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia