01net Applicando CIO Club IlSoftware ProntoImprese SearchCIO SearchSecurity SearchNetworking

IlSoftware.it - Il portale italiano sul software

Ricerca

Pc infetto

In questa sezione del forum si parla di sicurezza, soluzioni antivirus, firewall, problematiche relative a malware in generale

Moderatore: Staff forum IlSoftware.it

Rispondi al messaggio

Re: Pc infetto

Messaggiodi Luke57 » 18 mag 2009 18:14

Ciao, nel file CFScript.txt inserisci questo testo al posto dell'altro, salvando la modifica:

Codice: Seleziona tutto
File::
c:\windows\system32\winxp.exe
c:\windows\system32\wscript.exe /E:vbs
c:\windows\system32\winjpg.jpg

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\[u]0[/u]0hoeav.com]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\[u]0[/u]w.com]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=-


ripeti il trascinamento e la scansione più nuovo report.
Luke57
Active member
Active member
 
Messaggi: 904
Iscritto il: 04 feb 2005 14:17
Top

Re: Pc infetto

Messaggiodi rrplusmc » 18 mag 2009 18:54

Codice: Seleziona tutto
ComboFix 09-05-17.08 - Roberto Raffaelli 18/05/2009 18.50.40.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1023.718 [GMT 2:00]
Eseguito da: c:\documents and settings\Roberto Raffaelli\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Roberto Raffaelli\Documenti\CFScript.txt
AV: avast! antivirus 4.8.1169 [VPS 090517-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
c:\windows\system32\winjpg.jpg
c:\windows\system32\winxp.exe
c:\windows\system32\wscript.exe /E:vbs
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winjpg.jpg

.
(((((((((((((((((((((((((   Files Creati Da 2009-04-18 al 2009-05-18  )))))))))))))))))))))))))))))))))))
.

2009-05-18 13:28 . 2009-05-18 13:37   --------   d-----w   c:\windows\BDOSCAN8
2009-05-18 07:23 . 2009-05-18 07:23   --------   d-----w   c:\programmi\Trend Micro
2009-05-17 17:31 . 2009-05-17 17:31   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\teamspeak2
2009-05-08 16:34 . 2009-05-08 16:34   --------   d-----w   c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-05-05 20:09 . 2009-05-05 20:09   --------   d-sh--w   c:\documents and settings\Roberto Raffaelli\IECompatCache
2009-05-05 17:44 . 2009-05-05 17:44   --------   d-----w   c:\programmi\Circle Developement
2009-05-05 17:44 . 2009-05-05 17:44   --------   d-----w   c:\programmi\Messenger Plus! Live
2009-05-04 16:57 . 2009-05-04 16:57   --------   d-sh--w   c:\documents and settings\Roberto Raffaelli\PrivacIE
2009-05-04 15:47 . 2009-05-04 15:47   --------   d-sh--w   c:\documents and settings\Roberto Raffaelli\IETldCache
2009-05-04 15:47 . 2009-05-04 15:47   --------   d-sh--w   c:\documents and settings\NetworkService\IETldCache
2009-05-04 15:47 . 2009-05-04 15:47   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-05-04 15:32 . 2009-05-04 15:32   --------   d-----w   c:\windows\ie8updates
2009-05-04 15:31 . 2009-02-28 04:55   105984   -c----w   c:\windows\system32\dllcache\iecompat.dll
2009-05-04 15:28 . 2009-05-04 15:31   --------   dc-h--w   c:\windows\ie8
2009-05-04 13:06 . 2009-05-04 13:06   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Installer2056
2009-05-04 09:31 . 2009-05-04 09:32   --------   d-----w   c:\programmi\PDFCreator
2009-05-04 08:25 . 2009-05-04 08:25   --------   d-----w   c:\programmi\File comuni\Control Panels
2009-05-02 12:40 . 2009-05-02 12:40   --------   d-----w   c:\programmi\Microsoft
2009-05-02 12:39 . 2009-05-02 12:39   --------   d-----w   c:\programmi\Windows Live SkyDrive
2009-05-02 12:22 . 2009-05-02 12:22   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Mozilla
2009-04-28 15:59 . 2009-04-28 15:59   --------   d-----w   c:\programmi\Bonjour
2009-04-28 15:44 . 2009-04-28 15:44   --------   d-----w   c:\programmi\File comuni\Macrovision Shared
2009-04-28 05:17 . 2008-10-16 12:06   208744   ----a-w   c:\windows\system32\muweb.dll
2009-04-28 05:17 . 2008-10-16 12:06   268648   ----a-w   c:\windows\system32\mucltui.dll
2009-04-27 18:11 . 2009-05-05 09:45   103824   ----a-w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-27 10:49 . 2009-05-17 18:14   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Tracing
2009-04-27 10:28 . 2009-04-27 10:28   --------   d-----w   c:\programmi\File comuni\Windows Live
2009-04-27 08:31 . 2009-04-27 08:59   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\BitTorrent
2009-04-27 08:31 . 2009-04-27 08:31   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\DNA
2009-04-27 08:31 . 2009-05-18 13:16   --------   d-----w   c:\programmi\DNA
2009-04-27 08:31 . 2009-05-18 13:42   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\DNA
2009-04-27 08:31 . 2009-04-27 08:31   --------   d-----w   c:\programmi\BitTorrent
2009-04-27 08:26 . 2009-04-27 08:26   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\Apple Computer
2009-04-27 08:25 . 2008-04-17 10:12   107368   ----a-w   c:\windows\system32\GEARAspi.dll
2009-04-27 08:25 . 2009-03-19 14:32   23400   ----a-w   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-27 08:25 . 2009-04-27 08:25   --------   d-----w   c:\programmi\iPod
2009-04-27 08:25 . 2009-04-27 08:25   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-27 08:25 . 2009-04-27 08:25   --------   d-----w   c:\programmi\iTunes
2009-04-27 08:23 . 2009-04-27 08:25   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-04-27 08:23 . 2009-04-27 08:23   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Apple
2009-04-27 08:23 . 2009-04-27 08:23   --------   d-----w   c:\programmi\Apple Software Update
2009-04-27 08:22 . 2009-04-27 08:25   --------   d-----w   c:\programmi\File comuni\Apple
2009-04-27 08:22 . 2009-04-27 08:22   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Apple
2009-04-27 08:20 . 2009-04-27 08:26   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Apple Computer
2009-04-24 08:00 . 2009-04-24 08:01   --------   d-----w   c:\programmi\eMule
2009-04-24 08:00 . 2009-04-24 08:00   --------   d-----w   c:\programmi\uTorrent
2009-04-24 08:00 . 2009-05-08 10:56   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\uTorrent
2009-04-24 06:20 . 2009-05-04 09:11   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Adobe
2009-04-23 19:05 . 2009-04-24 08:23   --------   d-----w   c:\programmi\MSECache
2009-04-23 13:52 . 2009-04-23 13:52   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\Yahoo!
2009-04-23 13:52 . 2009-04-28 09:07   --------   d-----w   c:\programmi\Yahoo!
2009-04-23 13:52 . 2009-04-23 13:53   --------   d-----w   c:\programmi\CCleaner
2009-04-23 09:26 . 2009-04-28 16:14   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-04-23 08:15 . 2009-05-04 09:13   --------   d-----w   c:\programmi\File comuni\Adobe
2009-04-22 10:26 . 2009-04-22 10:26   --------   d-----w   c:\windows\system32\LogFiles
2009-04-22 09:16 . 2003-11-21 09:20   38400   ----a-w   c:\windows\HPLTLNK.EXE
2009-04-22 09:12 . 2002-01-08 08:08   51712   ----a-w   c:\windows\system32\ngprtserv.dll
2009-04-22 09:12 . 2009-04-22 09:12   --------   d-----w   c:\programmi\NETGEAR Print Server
2009-04-22 08:12 . 2009-04-22 08:12   0   ----a-w   c:\windows\nsreg.dat
2009-04-22 08:12 . 2009-04-22 08:12   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\Thunderbird
2009-04-22 08:12 . 2009-04-22 08:12   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Thunderbird
2009-04-22 08:12 . 2009-05-18 15:26   --------   d-----w   c:\programmi\Mozilla Thunderbird
2009-04-22 08:07 . 1998-10-29 14:45   306688   ----a-w   c:\windows\IsUninst.exe
2009-04-22 08:07 . 2009-04-22 08:07   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Help
2009-04-22 08:06 . 2009-04-22 08:06   --------   d-----w   c:\windows\OCCACHE
2009-04-22 08:06 . 2009-04-22 08:06   --------   d-----w   c:\programmi\File comuni\Autodesk Shared
2009-04-22 08:06 . 1999-03-11 10:41   495616   ----a-w   c:\windows\system32\heidiw.dll
2009-04-22 08:06 . 1999-03-11 10:41   28672   ----a-w   c:\windows\system32\mtlw.dll
2009-04-22 08:06 . 1999-03-11 10:41   24576   ----a-w   c:\windows\system32\texturew.dll
2009-04-22 08:06 . 1999-03-11 10:40   106496   ----a-w   c:\windows\system32\dllongw.dll
2009-04-22 08:06 . 1999-03-11 10:41   237568   ----a-w   c:\windows\system32\whiptkw.dll
2009-04-22 08:06 . 1999-09-21 09:51   24576   ----a-w   c:\windows\system32\hdimon.dll
2009-04-22 08:06 . 1999-09-21 09:53   45056   ----a-w   c:\windows\system32\mtstack.exe
2009-04-22 08:06 . 1999-07-23 03:15   28672   ----a-w   c:\windows\system32\adresc.dll
2009-04-22 08:06 . 1999-09-22 18:40   299008   ----a-w   c:\windows\system32\acltficn.dll
2009-04-22 08:05 . 2009-04-22 10:34   --------   d-----w   c:\programmi\AutoCAD LT 2000
2009-04-22 08:04 . 1999-08-18 13:20   301568   ----a-w   c:\windows\unin0410.exe
2009-04-22 08:04 . 2009-04-22 08:04   --------   d-----w   c:\documents and settings\Roberto Raffaelli\WINDOWS
2009-04-22 08:00 . 2009-04-22 08:00   --------   d-----w   c:\windows\ShellNew
2009-04-22 06:42 . 2008-06-14 17:32   272768   -c----w   c:\windows\system32\dllcache\bthport.sys
2009-04-22 06:42 . 2008-06-14 17:32   272768   ------w   c:\windows\system32\drivers\bthport.sys
2009-04-22 06:41 . 2009-02-09 11:23   2192768   -c----w   c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-22 06:41 . 2009-02-09 11:22   2148864   -c----w   c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-22 06:41 . 2009-02-09 11:23   2027520   -c----w   c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-22 06:40 . 2008-10-24 11:21   455296   -c----w   c:\windows\system32\dllcache\mrxsmb.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 13:47 . 2001-08-31 12:00   47814   ----a-w   c:\windows\system32\perfc010.dat
2009-05-18 13:47 . 2001-08-31 12:00   345382   ----a-w   c:\windows\system32\perfh010.dat
2009-05-16 09:18 . 2009-04-21 16:24   --------   d-----w   c:\programmi\Spyware Terminator
2009-05-05 08:02 . 2009-04-21 16:38   103824   ----a-w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-02 12:40 . 2009-04-21 15:53   --------   d-----w   c:\programmi\Windows Live
2009-04-28 16:29 . 2009-04-21 16:29   --------   d-----w   c:\programmi\Alice ti aiuta
2009-04-28 16:10 . 2009-04-21 16:15   --------   d--h--w   c:\programmi\InstallShield Installation Information
2009-04-28 16:10 . 2009-04-21 16:29   --------   d-----w   c:\programmi\Telecom Italia
2009-04-22 09:53 . 2009-04-21 16:50   --------   d-----w   c:\programmi\Network Print Monitor
2009-04-21 16:49 . 2009-04-21 16:15   --------   d-----w   c:\programmi\File comuni\InstallShield
2009-04-21 16:30 . 2009-04-21 16:30   --------   d-----w   c:\programmi\Pirelli
2009-04-21 16:30 . 2009-04-21 16:30   --------   d-----w   c:\programmi\File comuni\Motive
2009-04-21 16:30 . 2009-04-21 16:30   --------   d-----w   c:\programmi\Common Files
2009-04-21 16:26 . 2009-04-21 16:26   --------   d-----w   c:\programmi\Alwil Software
2009-04-21 16:25 . 2009-04-21 16:25   --------   d-----w   c:\programmi\Malwarebytes' Anti-Malware
2009-04-21 16:24 . 2009-04-21 16:24   138752   ----a-w   c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-21 15:58 . 2009-04-21 15:58   --------   d-----w   c:\programmi\microsoft frontpage
2009-04-21 15:56 . 2009-04-21 15:56   --------   d-----w   c:\programmi\Servizi in linea
2009-04-21 15:54 . 2009-04-21 15:54   21840   ----a-w   c:\windows\system32\emptyregdb.dat
2009-04-21 15:53 . 2009-04-21 15:52   --------   d-----w   c:\programmi\Windows Media Connect 2
2009-03-08 02:34 . 2008-05-05 12:45   914944   ----a-w   c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2008-05-05 12:45   43008   ----a-w   c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2008-05-05 12:44   18944   ----a-w   c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2008-04-13 17:13   420352   ----a-w   c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2008-05-05 12:44   72704   ----a-w   c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2008-05-05 12:45   71680   ----a-w   c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2008-05-05 12:45   34816   ----a-w   c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2008-05-05 12:45   48128   ----a-w   c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2008-05-05 12:45   45568   ----a-w   c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2008-05-05 12:45   156160   ----a-w   c:\windows\system32\msls31.dll
2009-03-06 14:19 . 2008-04-13 17:13   286208   ----a-w   c:\windows\system32\pdh.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-05-18_08.05.41   )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-31 12:00 . 2009-05-18 07:20   40128              c:\windows\system32\perfc009.dat
+ 2001-08-31 12:00 . 2009-05-18 13:47   40128              c:\windows\system32\perfc009.dat
+ 2009-01-05 13:44 . 2009-01-05 13:44   53248              c:\windows\bdoscandel.exe
+ 2009-05-18 13:29 . 2009-05-18 13:29   86016              c:\windows\BDOSCAN8\librtvr.dll
+ 2009-05-18 13:29 . 2009-05-18 13:29   27136              c:\windows\BDOSCAN8\avxt.dll
+ 2009-05-18 13:29 . 2009-05-18 13:29   10240              c:\windows\BDOSCAN8\avxs.dll
+ 2009-05-18 13:29 . 2009-05-18 13:29   45056              c:\windows\BDOSCAN8\avxdisk.dll
- 2001-08-31 12:00 . 2009-05-18 07:20   311740              c:\windows\system32\perfh009.dat
+ 2001-08-31 12:00 . 2009-05-18 13:47   311740              c:\windows\system32\perfh009.dat
+ 2009-01-05 13:44 . 2009-01-05 13:44   741376              c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 13:44 . 2009-05-18 13:29   142848              c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-05 13:44 . 2009-01-05 13:44   741376              c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-05 13:44 . 2009-05-18 13:29   102400              c:\windows\BDOSCAN8\bdcore.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-04-27 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-21 2957824]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"CTFMON"="c:\windows\system32\wscript.exe" [2008-05-08 155648]
"SoundMan"="soundman.exe" - c:\windows\soundman.exe [2001-05-29 124416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\[u]0[/u]0hoeav.com]
"Debugger"=c:\windows\system32\winxp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\[u]0[/u]w.com]
"Debugger"=c:\windows\system32\winxp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/04/2009 18.27.01 75856]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [21/04/2009 18.24.13 138752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/04/2009 18.27.01 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-05-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-05-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {7EA816A8-20A4-40EB-99BC-47A668DD8F51} = 192.168.0.4
TCP: {8E8D2514-99CE-4BFD-8287-124F175609AE} = 85.37.17.14 85.38.28.78
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 18:52
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-05-18 18.54.01
ComboFix-quarantined-files.txt  2009-05-18 16:53
ComboFix2.txt  2009-05-18 16:01
ComboFix3.txt  2009-05-18 13:47
ComboFix4.txt  2009-05-18 08:07

Pre-Run: 68.579.196.928 byte disponibili
Post-Run: 68.571.877.376 byte disponibili

232   --- E O F ---   2009-05-06 12:16
Avatar utente
rrplusmc
Junior Software
Junior Software
 
Messaggi: 86
Iscritto il: 26 giu 2007 15:33
Località: Udine
Top

Re: Pc infetto

Messaggiodi Luke57 » 18 mag 2009 19:26

Ciao, stavolta lo script da inserire nel file è questo:


Codice: Seleziona tutto
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\[u]0[/u]0hoeav.com]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\[u]0[/u]w.com]

Va ripetuta l'operazione.
Luke57
Active member
Active member
 
Messaggi: 904
Iscritto il: 04 feb 2005 14:17
Top

Re: Pc infetto

Messaggiodi rrplusmc » 19 mag 2009 09:30

Codice: Seleziona tutto
ComboFix 09-05-17.08 - Roberto Raffaelli 19/05/2009  9.23.32.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1023.686 [GMT 2:00]
Eseguito da: c:\documents and settings\Roberto Raffaelli\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Roberto Raffaelli\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1169 [VPS 090517-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ntos.exe

.
(((((((((((((((((((((((((   Files Creati Da 2009-04-19 al 2009-05-19  )))))))))))))))))))))))))))))))))))
.

2009-05-18 13:28 . 2009-05-18 13:37   --------   d-----w   c:\windows\BDOSCAN8
2009-05-18 07:23 . 2009-05-18 07:23   --------   d-----w   c:\programmi\Trend Micro
2009-05-17 17:31 . 2009-05-17 17:31   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\teamspeak2
2009-05-08 16:34 . 2009-05-08 16:34   --------   d-----w   c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-05-05 20:09 . 2009-05-05 20:09   --------   d-sh--w   c:\documents and settings\Roberto Raffaelli\IECompatCache
2009-05-05 17:44 . 2009-05-05 17:44   --------   d-----w   c:\programmi\Circle Developement
2009-05-05 17:44 . 2009-05-05 17:44   --------   d-----w   c:\programmi\Messenger Plus! Live
2009-05-04 16:57 . 2009-05-04 16:57   --------   d-sh--w   c:\documents and settings\Roberto Raffaelli\PrivacIE
2009-05-04 15:47 . 2009-05-04 15:47   --------   d-sh--w   c:\documents and settings\Roberto Raffaelli\IETldCache
2009-05-04 15:47 . 2009-05-04 15:47   --------   d-sh--w   c:\documents and settings\NetworkService\IETldCache
2009-05-04 15:47 . 2009-05-04 15:47   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-05-04 15:32 . 2009-05-04 15:32   --------   d-----w   c:\windows\ie8updates
2009-05-04 15:31 . 2009-02-28 04:55   105984   -c----w   c:\windows\system32\dllcache\iecompat.dll
2009-05-04 15:28 . 2009-05-04 15:31   --------   dc-h--w   c:\windows\ie8
2009-05-04 13:06 . 2009-05-04 13:06   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Installer2056
2009-05-04 09:31 . 2009-05-04 09:32   --------   d-----w   c:\programmi\PDFCreator
2009-05-04 08:25 . 2009-05-04 08:25   --------   d-----w   c:\programmi\File comuni\Control Panels
2009-05-02 12:40 . 2009-05-02 12:40   --------   d-----w   c:\programmi\Microsoft
2009-05-02 12:39 . 2009-05-02 12:39   --------   d-----w   c:\programmi\Windows Live SkyDrive
2009-05-02 12:22 . 2009-05-02 12:22   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Mozilla
2009-04-28 15:59 . 2009-04-28 15:59   --------   d-----w   c:\programmi\Bonjour
2009-04-28 15:44 . 2009-04-28 15:44   --------   d-----w   c:\programmi\File comuni\Macrovision Shared
2009-04-28 05:17 . 2008-10-16 12:06   208744   ----a-w   c:\windows\system32\muweb.dll
2009-04-28 05:17 . 2008-10-16 12:06   268648   ----a-w   c:\windows\system32\mucltui.dll
2009-04-27 18:11 . 2009-05-05 09:45   103824   ----a-w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-27 10:49 . 2009-05-17 18:14   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Tracing
2009-04-27 10:28 . 2009-04-27 10:28   --------   d-----w   c:\programmi\File comuni\Windows Live
2009-04-27 08:31 . 2009-04-27 08:59   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\BitTorrent
2009-04-27 08:31 . 2009-04-27 08:31   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\DNA
2009-04-27 08:31 . 2009-05-19 07:12   --------   d-----w   c:\programmi\DNA
2009-04-27 08:31 . 2009-05-19 07:20   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\DNA
2009-04-27 08:31 . 2009-04-27 08:31   --------   d-----w   c:\programmi\BitTorrent
2009-04-27 08:26 . 2009-04-27 08:26   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\Apple Computer
2009-04-27 08:25 . 2008-04-17 10:12   107368   ----a-w   c:\windows\system32\GEARAspi.dll
2009-04-27 08:25 . 2009-03-19 14:32   23400   ----a-w   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-27 08:25 . 2009-04-27 08:25   --------   d-----w   c:\programmi\iPod
2009-04-27 08:25 . 2009-04-27 08:25   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-27 08:25 . 2009-04-27 08:25   --------   d-----w   c:\programmi\iTunes
2009-04-27 08:23 . 2009-04-27 08:25   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-04-27 08:23 . 2009-04-27 08:23   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Apple
2009-04-27 08:23 . 2009-04-27 08:23   --------   d-----w   c:\programmi\Apple Software Update
2009-04-27 08:22 . 2009-04-27 08:25   --------   d-----w   c:\programmi\File comuni\Apple
2009-04-27 08:22 . 2009-04-27 08:22   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Apple
2009-04-27 08:20 . 2009-04-27 08:26   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Apple Computer
2009-04-24 08:00 . 2009-04-24 08:01   --------   d-----w   c:\programmi\eMule
2009-04-24 08:00 . 2009-04-24 08:00   --------   d-----w   c:\programmi\uTorrent
2009-04-24 08:00 . 2009-05-08 10:56   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\uTorrent
2009-04-24 06:20 . 2009-05-04 09:11   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Adobe
2009-04-23 19:05 . 2009-04-24 08:23   --------   d-----w   c:\programmi\MSECache
2009-04-23 13:52 . 2009-04-23 13:52   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\Yahoo!
2009-04-23 13:52 . 2009-04-28 09:07   --------   d-----w   c:\programmi\Yahoo!
2009-04-23 13:52 . 2009-04-23 13:53   --------   d-----w   c:\programmi\CCleaner
2009-04-23 09:26 . 2009-04-28 16:14   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-04-23 08:15 . 2009-05-04 09:13   --------   d-----w   c:\programmi\File comuni\Adobe
2009-04-22 10:26 . 2009-04-22 10:26   --------   d-----w   c:\windows\system32\LogFiles
2009-04-22 09:16 . 2003-11-21 09:20   38400   ----a-w   c:\windows\HPLTLNK.EXE
2009-04-22 09:12 . 2002-01-08 08:08   51712   ----a-w   c:\windows\system32\ngprtserv.dll
2009-04-22 09:12 . 2009-04-22 09:12   --------   d-----w   c:\programmi\NETGEAR Print Server
2009-04-22 08:12 . 2009-04-22 08:12   0   ----a-w   c:\windows\nsreg.dat
2009-04-22 08:12 . 2009-04-22 08:12   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\Thunderbird
2009-04-22 08:12 . 2009-04-22 08:12   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Thunderbird
2009-04-22 08:12 . 2009-05-18 15:26   --------   d-----w   c:\programmi\Mozilla Thunderbird
2009-04-22 08:07 . 1998-10-29 14:45   306688   ----a-w   c:\windows\IsUninst.exe
2009-04-22 08:07 . 2009-04-22 08:07   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Help
2009-04-22 08:06 . 2009-04-22 08:06   --------   d-----w   c:\windows\OCCACHE
2009-04-22 08:06 . 2009-04-22 08:06   --------   d-----w   c:\programmi\File comuni\Autodesk Shared
2009-04-22 08:06 . 1999-03-11 10:41   495616   ----a-w   c:\windows\system32\heidiw.dll
2009-04-22 08:06 . 1999-03-11 10:41   28672   ----a-w   c:\windows\system32\mtlw.dll
2009-04-22 08:06 . 1999-03-11 10:41   24576   ----a-w   c:\windows\system32\texturew.dll
2009-04-22 08:06 . 1999-03-11 10:40   106496   ----a-w   c:\windows\system32\dllongw.dll
2009-04-22 08:06 . 1999-03-11 10:41   237568   ----a-w   c:\windows\system32\whiptkw.dll
2009-04-22 08:06 . 1999-09-21 09:51   24576   ----a-w   c:\windows\system32\hdimon.dll
2009-04-22 08:06 . 1999-09-21 09:53   45056   ----a-w   c:\windows\system32\mtstack.exe
2009-04-22 08:06 . 1999-07-23 03:15   28672   ----a-w   c:\windows\system32\adresc.dll
2009-04-22 08:06 . 1999-09-22 18:40   299008   ----a-w   c:\windows\system32\acltficn.dll
2009-04-22 08:05 . 2009-04-22 10:34   --------   d-----w   c:\programmi\AutoCAD LT 2000
2009-04-22 08:04 . 1999-08-18 13:20   301568   ----a-w   c:\windows\unin0410.exe
2009-04-22 08:04 . 2009-04-22 08:04   --------   d-----w   c:\documents and settings\Roberto Raffaelli\WINDOWS
2009-04-22 08:00 . 2009-04-22 08:00   --------   d-----w   c:\windows\ShellNew
2009-04-22 06:42 . 2008-06-14 17:32   272768   -c----w   c:\windows\system32\dllcache\bthport.sys
2009-04-22 06:42 . 2008-06-14 17:32   272768   ------w   c:\windows\system32\drivers\bthport.sys
2009-04-22 06:41 . 2009-02-09 11:23   2192768   -c----w   c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-22 06:41 . 2009-02-09 11:22   2148864   -c----w   c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-22 06:41 . 2009-02-09 11:23   2027520   -c----w   c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-22 06:40 . 2008-10-24 11:21   455296   -c----w   c:\windows\system32\dllcache\mrxsmb.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 07:17 . 2001-08-31 12:00   47814   ----a-w   c:\windows\system32\perfc010.dat
2009-05-19 07:17 . 2001-08-31 12:00   345382   ----a-w   c:\windows\system32\perfh010.dat
2009-05-16 09:18 . 2009-04-21 16:24   --------   d-----w   c:\programmi\Spyware Terminator
2009-05-05 08:02 . 2009-04-21 16:38   103824   ----a-w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-02 12:40 . 2009-04-21 15:53   --------   d-----w   c:\programmi\Windows Live
2009-04-28 16:29 . 2009-04-21 16:29   --------   d-----w   c:\programmi\Alice ti aiuta
2009-04-28 16:10 . 2009-04-21 16:15   --------   d--h--w   c:\programmi\InstallShield Installation Information
2009-04-28 16:10 . 2009-04-21 16:29   --------   d-----w   c:\programmi\Telecom Italia
2009-04-22 09:53 . 2009-04-21 16:50   --------   d-----w   c:\programmi\Network Print Monitor
2009-04-21 16:49 . 2009-04-21 16:15   --------   d-----w   c:\programmi\File comuni\InstallShield
2009-04-21 16:30 . 2009-04-21 16:30   --------   d-----w   c:\programmi\Pirelli
2009-04-21 16:30 . 2009-04-21 16:30   --------   d-----w   c:\programmi\File comuni\Motive
2009-04-21 16:30 . 2009-04-21 16:30   --------   d-----w   c:\programmi\Common Files
2009-04-21 16:26 . 2009-04-21 16:26   --------   d-----w   c:\programmi\Alwil Software
2009-04-21 16:25 . 2009-04-21 16:25   --------   d-----w   c:\programmi\Malwarebytes' Anti-Malware
2009-04-21 16:24 . 2009-04-21 16:24   138752   ----a-w   c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-21 15:58 . 2009-04-21 15:58   --------   d-----w   c:\programmi\microsoft frontpage
2009-04-21 15:56 . 2009-04-21 15:56   --------   d-----w   c:\programmi\Servizi in linea
2009-04-21 15:54 . 2009-04-21 15:54   21840   ----a-w   c:\windows\system32\emptyregdb.dat
2009-04-21 15:53 . 2009-04-21 15:52   --------   d-----w   c:\programmi\Windows Media Connect 2
2009-03-08 02:34 . 2008-05-05 12:45   914944   ----a-w   c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2008-05-05 12:45   43008   ----a-w   c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2008-05-05 12:44   18944   ----a-w   c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2008-04-13 17:13   420352   ----a-w   c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2008-05-05 12:44   72704   ----a-w   c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2008-05-05 12:45   71680   ----a-w   c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2008-05-05 12:45   34816   ----a-w   c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2008-05-05 12:45   48128   ----a-w   c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2008-05-05 12:45   45568   ----a-w   c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2008-05-05 12:45   156160   ----a-w   c:\windows\system32\msls31.dll
2009-03-06 14:19 . 2008-04-13 17:13   286208   ----a-w   c:\windows\system32\pdh.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-05-18_08.05.41   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-19 07:22 . 2009-05-19 07:22   16384              c:\windows\temp\Perflib_Perfdata_634.dat
- 2001-08-31 12:00 . 2009-05-18 07:20   40128              c:\windows\system32\perfc009.dat
+ 2001-08-31 12:00 . 2009-05-19 07:17   40128              c:\windows\system32\perfc009.dat
- 2009-04-29 07:40 . 2009-04-29 07:40   49936              c:\windows\Installer\{95120000-00AF-0410-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-05-19 07:17 . 2009-05-19 07:17   49936              c:\windows\Installer\{95120000-00AF-0410-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-05-19 07:17 . 2009-05-19 07:17   38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-05-04 15:21 . 2009-05-04 15:21   38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-04-02 12:35 . 2009-04-02 12:35   16712              c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109020090400000000000F01FEC\12.0.6425\PXBPROXY.DLL
+ 2009-04-02 12:35 . 2009-04-02 12:35   68496              c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109020090400000000000F01FEC\12.0.6425\PXBCOM.EXE
+ 2009-01-05 13:44 . 2009-01-05 13:44   53248              c:\windows\bdoscandel.exe
+ 2009-05-18 13:29 . 2009-05-18 13:29   86016              c:\windows\BDOSCAN8\librtvr.dll
+ 2009-05-18 13:29 . 2009-05-18 13:29   27136              c:\windows\BDOSCAN8\avxt.dll
+ 2009-05-18 13:29 . 2009-05-18 13:29   10240              c:\windows\BDOSCAN8\avxs.dll
+ 2009-05-18 13:29 . 2009-05-18 13:29   45056              c:\windows\BDOSCAN8\avxdisk.dll
+ 2001-08-31 12:00 . 2009-05-19 07:17   311740              c:\windows\system32\perfh009.dat
- 2001-08-31 12:00 . 2009-05-18 07:20   311740              c:\windows\system32\perfh009.dat
+ 2009-01-05 13:44 . 2009-01-05 13:44   741376              c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 13:44 . 2009-05-18 13:29   142848              c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-05 13:44 . 2009-01-05 13:44   741376              c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-05 13:44 . 2009-05-18 13:29   102400              c:\windows\BDOSCAN8\bdcore.dll
+ 2009-04-02 12:35 . 2009-04-02 12:35   1787216              c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109020090400000000000F01FEC\12.0.6425\PPCNV.DLL
+ 2008-04-13 04:21 . 2009-05-07 07:16   24699336              c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-04-27 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-21 2957824]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"CTFMON"="c:\windows\system32\wscript.exe" [2008-05-08 155648]
"SoundMan"="soundman.exe" - c:\windows\soundman.exe [2001-05-29 124416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\[u]0[/u]0hoeav.com]
"Debugger"=c:\windows\system32\winxp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\[u]0[/u]w.com]
"Debugger"=c:\windows\system32\winxp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/04/2009 18.27.01 75856]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [21/04/2009 18.24.13 138752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/04/2009 18.27.01 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-05-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-05-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {7EA816A8-20A4-40EB-99BC-47A668DD8F51} = 192.168.0.4
TCP: {8E8D2514-99CE-4BFD-8287-124F175609AE} = 85.37.17.14 85.38.28.78
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 09:26
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-05-19  9.28.28
ComboFix-quarantined-files.txt  2009-05-19 07:28
ComboFix2.txt  2009-05-18 16:54
ComboFix3.txt  2009-05-18 16:01
ComboFix4.txt  2009-05-18 13:47
ComboFix5.txt  2009-05-19 07:19

Pre-Run: 68.515.409.920 byte disponibili
Post-Run: 68.507.267.072 byte disponibili

239   --- E O F ---   2009-05-19 07:17
Avatar utente
rrplusmc
Junior Software
Junior Software
 
Messaggi: 86
Iscritto il: 26 giu 2007 15:33
Località: Udine
Top

Re: Pc infetto

Messaggiodi jacopo » 19 mag 2009 15:05

Uhm...sono ancora al loro posto.
Prova ad utilizzare questo:
Codice: Seleziona tutto
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\00hoeav.com]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\0w.com]
IlSoftware.it Forum: Regolamento - Linee guida - Cerca
About me: @facebook, @google+

Immagine
Avatar utente
jacopo
Moderatore
Moderatore
 
Messaggi: 17310
Iscritto il: 29 dic 2003 16:35
Località: Montegrotto Terme (Padova)
Top

Re: Pc infetto

Messaggiodi rrplusmc » 19 mag 2009 15:15

Da dopo l'ultima eliminazione di ieri sera con combofix all'avvio mi dice che manca questo:
c:\windows\system32\winjpg.jpg


ecco il nuovo report :
Codice: Seleziona tutto
ComboFix 09-05-18.06 - Roberto Raffaelli 19/05/2009 15.21.27.7 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1023.687 [GMT 2:00]
Eseguito da: c:\documents and settings\Roberto Raffaelli\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Roberto Raffaelli\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1169 [VPS 090518-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ntos.exe

.
(((((((((((((((((((((((((   Files Creati Da 2009-04-19 al 2009-05-19  )))))))))))))))))))))))))))))))))))
.

2009-05-18 13:28 . 2009-05-18 13:37   --------   d-----w   c:\windows\BDOSCAN8
2009-05-18 07:23 . 2009-05-18 07:23   --------   d-----w   c:\programmi\Trend Micro
2009-05-17 17:31 . 2009-05-17 17:31   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\teamspeak2
2009-05-08 16:34 . 2009-05-08 16:34   --------   d-----w   c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-05-05 20:09 . 2009-05-05 20:09   --------   d-sh--w   c:\documents and settings\Roberto Raffaelli\IECompatCache
2009-05-05 17:44 . 2009-05-05 17:44   --------   d-----w   c:\programmi\Circle Developement
2009-05-05 17:44 . 2009-05-05 17:44   --------   d-----w   c:\programmi\Messenger Plus! Live
2009-05-04 16:57 . 2009-05-04 16:57   --------   d-sh--w   c:\documents and settings\Roberto Raffaelli\PrivacIE
2009-05-04 15:47 . 2009-05-04 15:47   --------   d-sh--w   c:\documents and settings\Roberto Raffaelli\IETldCache
2009-05-04 15:47 . 2009-05-04 15:47   --------   d-sh--w   c:\documents and settings\NetworkService\IETldCache
2009-05-04 15:47 . 2009-05-04 15:47   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-05-04 15:32 . 2009-05-04 15:32   --------   d-----w   c:\windows\ie8updates
2009-05-04 15:31 . 2009-02-28 04:55   105984   -c----w   c:\windows\system32\dllcache\iecompat.dll
2009-05-04 15:28 . 2009-05-04 15:31   --------   dc-h--w   c:\windows\ie8
2009-05-04 13:06 . 2009-05-04 13:06   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Installer2056
2009-05-04 09:31 . 2009-05-04 09:32   --------   d-----w   c:\programmi\PDFCreator
2009-05-04 08:25 . 2009-05-04 08:25   --------   d-----w   c:\programmi\File comuni\Control Panels
2009-05-02 12:40 . 2009-05-02 12:40   --------   d-----w   c:\programmi\Microsoft
2009-05-02 12:39 . 2009-05-02 12:39   --------   d-----w   c:\programmi\Windows Live SkyDrive
2009-05-02 12:22 . 2009-05-02 12:22   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Mozilla
2009-04-28 15:59 . 2009-04-28 15:59   --------   d-----w   c:\programmi\Bonjour
2009-04-28 15:44 . 2009-04-28 15:44   --------   d-----w   c:\programmi\File comuni\Macrovision Shared
2009-04-28 05:17 . 2008-10-16 12:06   208744   ----a-w   c:\windows\system32\muweb.dll
2009-04-28 05:17 . 2008-10-16 12:06   268648   ----a-w   c:\windows\system32\mucltui.dll
2009-04-27 18:11 . 2009-05-05 09:45   103824   ----a-w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-27 10:49 . 2009-05-17 18:14   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Tracing
2009-04-27 10:28 . 2009-04-27 10:28   --------   d-----w   c:\programmi\File comuni\Windows Live
2009-04-27 08:31 . 2009-04-27 08:59   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\BitTorrent
2009-04-27 08:31 . 2009-04-27 08:31   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\DNA
2009-04-27 08:31 . 2009-05-19 13:04   --------   d-----w   c:\programmi\DNA
2009-04-27 08:31 . 2009-05-19 13:19   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\DNA
2009-04-27 08:31 . 2009-04-27 08:31   --------   d-----w   c:\programmi\BitTorrent
2009-04-27 08:26 . 2009-04-27 08:26   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\Apple Computer
2009-04-27 08:25 . 2008-04-17 10:12   107368   ----a-w   c:\windows\system32\GEARAspi.dll
2009-04-27 08:25 . 2009-03-19 14:32   23400   ----a-w   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-27 08:25 . 2009-04-27 08:25   --------   d-----w   c:\programmi\iPod
2009-04-27 08:25 . 2009-04-27 08:25   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-27 08:25 . 2009-04-27 08:25   --------   d-----w   c:\programmi\iTunes
2009-04-27 08:23 . 2009-04-27 08:25   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-04-27 08:23 . 2009-04-27 08:23   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Apple
2009-04-27 08:23 . 2009-04-27 08:23   --------   d-----w   c:\programmi\Apple Software Update
2009-04-27 08:22 . 2009-04-27 08:25   --------   d-----w   c:\programmi\File comuni\Apple
2009-04-27 08:22 . 2009-04-27 08:22   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Apple
2009-04-27 08:20 . 2009-04-27 08:26   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Apple Computer
2009-04-24 08:00 . 2009-04-24 08:01   --------   d-----w   c:\programmi\eMule
2009-04-24 08:00 . 2009-04-24 08:00   --------   d-----w   c:\programmi\uTorrent
2009-04-24 08:00 . 2009-05-08 10:56   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\uTorrent
2009-04-24 06:20 . 2009-05-04 09:11   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Adobe
2009-04-23 19:05 . 2009-04-24 08:23   --------   d-----w   c:\programmi\MSECache
2009-04-23 13:52 . 2009-04-23 13:52   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\Yahoo!
2009-04-23 13:52 . 2009-04-28 09:07   --------   d-----w   c:\programmi\Yahoo!
2009-04-23 13:52 . 2009-04-23 13:53   --------   d-----w   c:\programmi\CCleaner
2009-04-23 09:26 . 2009-04-28 16:14   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-04-23 08:15 . 2009-05-04 09:13   --------   d-----w   c:\programmi\File comuni\Adobe
2009-04-22 10:26 . 2009-04-22 10:26   --------   d-----w   c:\windows\system32\LogFiles
2009-04-22 09:16 . 2003-11-21 09:20   38400   ----a-w   c:\windows\HPLTLNK.EXE
2009-04-22 09:12 . 2002-01-08 08:08   51712   ----a-w   c:\windows\system32\ngprtserv.dll
2009-04-22 09:12 . 2009-04-22 09:12   --------   d-----w   c:\programmi\NETGEAR Print Server
2009-04-22 08:12 . 2009-04-22 08:12   0   ----a-w   c:\windows\nsreg.dat
2009-04-22 08:12 . 2009-04-22 08:12   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Dati applicazioni\Thunderbird
2009-04-22 08:12 . 2009-04-22 08:12   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Thunderbird
2009-04-22 08:12 . 2009-05-19 10:01   --------   d-----w   c:\programmi\Mozilla Thunderbird
2009-04-22 08:07 . 1998-10-29 14:45   306688   ----a-w   c:\windows\IsUninst.exe
2009-04-22 08:07 . 2009-04-22 08:07   --------   d-----w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\Help
2009-04-22 08:06 . 2009-04-22 08:06   --------   d-----w   c:\windows\OCCACHE
2009-04-22 08:06 . 2009-04-22 08:06   --------   d-----w   c:\programmi\File comuni\Autodesk Shared
2009-04-22 08:06 . 1999-03-11 10:41   495616   ----a-w   c:\windows\system32\heidiw.dll
2009-04-22 08:06 . 1999-03-11 10:41   28672   ----a-w   c:\windows\system32\mtlw.dll
2009-04-22 08:06 . 1999-03-11 10:41   24576   ----a-w   c:\windows\system32\texturew.dll
2009-04-22 08:06 . 1999-03-11 10:40   106496   ----a-w   c:\windows\system32\dllongw.dll
2009-04-22 08:06 . 1999-03-11 10:41   237568   ----a-w   c:\windows\system32\whiptkw.dll
2009-04-22 08:06 . 1999-09-21 09:51   24576   ----a-w   c:\windows\system32\hdimon.dll
2009-04-22 08:06 . 1999-09-21 09:53   45056   ----a-w   c:\windows\system32\mtstack.exe
2009-04-22 08:06 . 1999-07-23 03:15   28672   ----a-w   c:\windows\system32\adresc.dll
2009-04-22 08:06 . 1999-09-22 18:40   299008   ----a-w   c:\windows\system32\acltficn.dll
2009-04-22 08:05 . 2009-04-22 10:34   --------   d-----w   c:\programmi\AutoCAD LT 2000
2009-04-22 08:04 . 1999-08-18 13:20   301568   ----a-w   c:\windows\unin0410.exe
2009-04-22 08:04 . 2009-04-22 08:04   --------   d-----w   c:\documents and settings\Roberto Raffaelli\WINDOWS
2009-04-22 08:00 . 2009-04-22 08:00   --------   d-----w   c:\windows\ShellNew
2009-04-22 06:42 . 2008-06-14 17:32   272768   -c----w   c:\windows\system32\dllcache\bthport.sys
2009-04-22 06:42 . 2008-06-14 17:32   272768   ------w   c:\windows\system32\drivers\bthport.sys
2009-04-22 06:41 . 2009-02-09 11:23   2192768   -c----w   c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-22 06:41 . 2009-02-09 11:22   2148864   -c----w   c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-22 06:41 . 2009-02-09 11:23   2027520   -c----w   c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-22 06:40 . 2008-10-24 11:21   455296   -c----w   c:\windows\system32\dllcache\mrxsmb.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 13:12 . 2009-04-21 16:24   --------   d-----w   c:\programmi\Spyware Terminator
2009-05-19 13:08 . 2001-08-31 12:00   47814   ----a-w   c:\windows\system32\perfc010.dat
2009-05-19 13:08 . 2001-08-31 12:00   345382   ----a-w   c:\windows\system32\perfh010.dat
2009-05-05 08:02 . 2009-04-21 16:38   103824   ----a-w   c:\documents and settings\Roberto Raffaelli\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-02 12:40 . 2009-04-21 15:53   --------   d-----w   c:\programmi\Windows Live
2009-04-28 16:29 . 2009-04-21 16:29   --------   d-----w   c:\programmi\Alice ti aiuta
2009-04-28 16:10 . 2009-04-21 16:15   --------   d--h--w   c:\programmi\InstallShield Installation Information
2009-04-28 16:10 . 2009-04-21 16:29   --------   d-----w   c:\programmi\Telecom Italia
2009-04-22 09:53 . 2009-04-21 16:50   --------   d-----w   c:\programmi\Network Print Monitor
2009-04-21 16:49 . 2009-04-21 16:15   --------   d-----w   c:\programmi\File comuni\InstallShield
2009-04-21 16:30 . 2009-04-21 16:30   --------   d-----w   c:\programmi\Pirelli
2009-04-21 16:30 . 2009-04-21 16:30   --------   d-----w   c:\programmi\File comuni\Motive
2009-04-21 16:30 . 2009-04-21 16:30   --------   d-----w   c:\programmi\Common Files
2009-04-21 16:26 . 2009-04-21 16:26   --------   d-----w   c:\programmi\Alwil Software
2009-04-21 16:25 . 2009-04-21 16:25   --------   d-----w   c:\programmi\Malwarebytes' Anti-Malware
2009-04-21 16:24 . 2009-04-21 16:24   138752   ----a-w   c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-21 15:58 . 2009-04-21 15:58   --------   d-----w   c:\programmi\microsoft frontpage
2009-04-21 15:56 . 2009-04-21 15:56   --------   d-----w   c:\programmi\Servizi in linea
2009-04-21 15:54 . 2009-04-21 15:54   21840   ----a-w   c:\windows\system32\emptyregdb.dat
2009-04-21 15:53 . 2009-04-21 15:52   --------   d-----w   c:\programmi\Windows Media Connect 2
2009-03-08 02:34 . 2008-05-05 12:45   914944   ----a-w   c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2008-05-05 12:45   43008   ----a-w   c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2008-05-05 12:44   18944   ----a-w   c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2008-04-13 17:13   420352   ----a-w   c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2008-05-05 12:44   72704   ----a-w   c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2008-05-05 12:45   71680   ----a-w   c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2008-05-05 12:45   34816   ----a-w   c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2008-05-05 12:45   48128   ----a-w   c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2008-05-05 12:45   45568   ----a-w   c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2008-05-05 12:45   156160   ----a-w   c:\windows\system32\msls31.dll
2009-03-06 14:19 . 2008-04-13 17:13   286208   ----a-w   c:\windows\system32\pdh.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-05-18_08.05.41   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-19 13:20 . 2009-05-19 13:20   16384              c:\windows\temp\Perflib_Perfdata_638.dat
- 2001-08-31 12:00 . 2009-05-18 07:20   40128              c:\windows\system32\perfc009.dat
+ 2001-08-31 12:00 . 2009-05-19 13:08   40128              c:\windows\system32\perfc009.dat
- 2009-04-29 07:40 . 2009-04-29 07:40   49936              c:\windows\Installer\{95120000-00AF-0410-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-05-19 07:17 . 2009-05-19 07:17   49936              c:\windows\Installer\{95120000-00AF-0410-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-05-19 07:17 . 2009-05-19 07:17   38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-05-04 15:21 . 2009-05-04 15:21   38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-04-02 12:35 . 2009-04-02 12:35   16712              c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109020090400000000000F01FEC\12.0.6425\PXBPROXY.DLL
+ 2009-04-02 12:35 . 2009-04-02 12:35   68496              c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109020090400000000000F01FEC\12.0.6425\PXBCOM.EXE
+ 2009-01-05 13:44 . 2009-01-05 13:44   53248              c:\windows\bdoscandel.exe
+ 2009-05-18 13:29 . 2009-05-18 13:29   86016              c:\windows\BDOSCAN8\librtvr.dll
+ 2009-05-18 13:29 . 2009-05-18 13:29   27136              c:\windows\BDOSCAN8\avxt.dll
+ 2009-05-18 13:29 . 2009-05-18 13:29   10240              c:\windows\BDOSCAN8\avxs.dll
+ 2009-05-18 13:29 . 2009-05-18 13:29   45056              c:\windows\BDOSCAN8\avxdisk.dll
+ 2001-08-31 12:00 . 2009-05-19 13:08   311740              c:\windows\system32\perfh009.dat
- 2001-08-31 12:00 . 2009-05-18 07:20   311740              c:\windows\system32\perfh009.dat
+ 2009-01-05 13:44 . 2009-01-05 13:44   741376              c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 13:44 . 2009-05-18 13:29   142848              c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-05 13:44 . 2009-01-05 13:44   741376              c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-05 13:44 . 2009-05-18 13:29   102400              c:\windows\BDOSCAN8\bdcore.dll
+ 2009-04-02 12:35 . 2009-04-02 12:35   1787216              c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109020090400000000000F01FEC\12.0.6425\PPCNV.DLL
+ 2008-04-13 04:21 . 2009-05-07 07:16   24699336              c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-04-27 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-21 2957824]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"CTFMON"="c:\windows\system32\wscript.exe" [2008-05-08 155648]
"SoundMan"="soundman.exe" - c:\windows\soundman.exe [2001-05-29 124416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/04/2009 18.27.01 75856]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [21/04/2009 18.24.13 138752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/04/2009 18.27.01 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-05-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-05-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {7EA816A8-20A4-40EB-99BC-47A668DD8F51} = 192.168.0.4
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 15:24
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-05-19 15.26.18
ComboFix-quarantined-files.txt  2009-05-19 13:25
ComboFix2.txt  2009-05-19 07:28
ComboFix3.txt  2009-05-18 16:54
ComboFix4.txt  2009-05-18 16:01
ComboFix5.txt  2009-05-19 13:18

Pre-Run: 68.476.911.616 byte disponibili
Post-Run: 68.469.604.352 byte disponibili

234   --- E O F ---   2009-05-19 07:17
Avatar utente
rrplusmc
Junior Software
Junior Software
 
Messaggi: 86
Iscritto il: 26 giu 2007 15:33
Località: Udine
Top

Re: Pc infetto

Messaggiodi rrplusmc » 20 mag 2009 09:19

Il problema e' risolto visto che non mi scrivi piu' nulla?
Avatar utente
rrplusmc
Junior Software
Junior Software
 
Messaggi: 86
Iscritto il: 26 giu 2007 15:33
Località: Udine
Top

Re: Pc infetto

Messaggiodi jacopo » 20 mag 2009 15:23

Mi sembra di sì.
Hai ancora quell'avviso all'avvio ?
IlSoftware.it Forum: Regolamento - Linee guida - Cerca
About me: @facebook, @google+

Immagine
Avatar utente
jacopo
Moderatore
Moderatore
 
Messaggi: 17310
Iscritto il: 29 dic 2003 16:35
Località: Montegrotto Terme (Padova)
Top

Re: Pc infetto

Messaggiodi Luke57 » 21 mag 2009 00:05

Ciao, quell'avviso è relativo al file infetto. Scarica regsearch
http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip
Decomprimili l'archivio, esegui il file.
Nel primo box bianco (Enter search strings ecc ecc)
Copia e incolla questo "valore"
winjpg.jpg

Clicca su OK, finita la ricerca, il block notes si aprirà, chiudilo, adesso portati nella cartella dove hai estratto il file regsearch.exe e troverai il file regsearch.txt , Posta il contenuto del file Regsearch.txt sempre usando i tag code.
Luke57
Active member
Active member
 
Messaggi: 904
Iscritto il: 04 feb 2005 14:17
Top

Re: Pc infetto

Messaggiodi rrplusmc » 21 mag 2009 10:43

Ecco qua quello che mi hai chiesto.
Vorrei cmq gia da ora ringraziarvi molto!!!
E poi vorrei chiedervi se questi "virus" li ho becacti da delle chiavette prese dall'universita' come faccio a debellare i file infetti dalle chiavette? Solo formattandole?Ma non e' che inserendole ora in questo pc mi re-infetto?
Anche perche' oltre questo pc mi ha infettato anche il portatile.... :(
Su quello ho ripetuto le cose fatte in questo post...
Grazie e a presto.


Codice: Seleziona tutto
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 21/05/2009 12.29.09 for strings:
;  'winjpg.jpg'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\Scan for virus,s\command]
@="C:\\WINDOWS\\system32\\wscript.exe /E:vbs C:\\WINDOWS\\system32\\winjpg.jpg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON"="C:\\WINDOWS\\system32\\wscript.exe /E:vbs C:\\WINDOWS\\system32\\winjpg.jpg"

; End Of The Log...
Avatar utente
rrplusmc
Junior Software
Junior Software
 
Messaggi: 86
Iscritto il: 26 giu 2007 15:33
Località: Udine
Top

Re: Pc infetto

Messaggiodi Luke57 » 21 mag 2009 13:59

Ciao, apri un file di testo, al suo internoi inserisci il seguente script:

Codice: Seleziona tutto
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\Scan for virus,s\command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON"=-
;


salvalo con il nome di fix.reg tipo di file=tutti i file
Poi doppio click su di esso e accetta le modifiche proposte.
Luke57
Active member
Active member
 
Messaggi: 904
Iscritto il: 04 feb 2005 14:17
Top

Re: Pc infetto

Messaggiodi rrplusmc » 21 mag 2009 15:16

Ok, grazie tutto a posto.
Non mi scrive più nulla!
Mi sai dire qualcosa sulle chiavette?
Grazie.
Mandi!
Avatar utente
rrplusmc
Junior Software
Junior Software
 
Messaggi: 86
Iscritto il: 26 giu 2007 15:33
Località: Udine
Top

Re: Pc infetto

Messaggiodi jacopo » 21 mag 2009 16:43

Per le chiavette valgono i suggerimenti che ho dato qui (seconda parte).
IlSoftware.it Forum: Regolamento - Linee guida - Cerca
About me: @facebook, @google+

Immagine
Avatar utente
jacopo
Moderatore
Moderatore
 
Messaggi: 17310
Iscritto il: 29 dic 2003 16:35
Località: Montegrotto Terme (Padova)
Top

Re: Pc infetto

Messaggiodi rrplusmc » 21 mag 2009 17:33

Mado' ma te sei un genio!!!!
Dove si imparano tutte queste cose??
Grazie infinitamente siete sempre molto gentili e competenti!
Avatar utente
rrplusmc
Junior Software
Junior Software
 
Messaggi: 86
Iscritto il: 26 giu 2007 15:33
Località: Udine
Top

Re: Pc infetto

Messaggiodi jacopo » 21 mag 2009 18:31

rrplusmc ha scritto:Dove si imparano tutte queste cose??

Frequentando questo sito e il suo Forum. :D
IlSoftware.it Forum: Regolamento - Linee guida - Cerca
About me: @facebook, @google+

Immagine
Avatar utente
jacopo
Moderatore
Moderatore
 
Messaggi: 17310
Iscritto il: 29 dic 2003 16:35
Località: Montegrotto Terme (Padova)
Top
PrecedenteProssimo
Rispondi al messaggio

Torna a Sicurezza e antivirus

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB® Forum Software © phpBB Group
Traduzione Italiana phpBB.it