Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
[RISOLTO] Ancora qui: Virtumonde e Virtumonde.dll
Nuovo argomento   Quest'argomento è chiuso: Non puoi inserire, rispondere o modificare i messaggi.    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Inf3kti0n
Eroe
Eroe


Registrato: 11/05/08 04:31
Messaggi: 41
MessaggioInviato: 11 Mag 2008 14:28    Oggetto: [RISOLTO] Ancora qui: Virtumonde e Virtumonde.dll Rispondi citando
Salve a tutti

Su consiglio del capo apro un topic riguardante un problema già visto, VIRTUMONDE e suo fratello VIRTUMONDE.DLL che sono stati rilevati dal fidato Spybot
Ho tentato di eseguire qualche operazione seguendo il topic precedente ma non ho combinato granchè
Ecco a voi

OS: Windows XP SP2
Antivirus: Nod 32
Altri programmi di rilevazione: Ad-Aware 2007 e Spybot


Log di HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.24.43, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Unknown\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205102358438
O20 - Winlogon Notify: vtUkiFXO - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4922 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 11 Mag 2008 14:34    Oggetto: Rispondi citando
Top
Profilo Invia messaggio privato
Inf3kti0n
Eroe
Eroe


Registrato: 11/05/08 04:31
Messaggi: 41
MessaggioInviato: 11 Mag 2008 15:29    Oggetto: Rispondi citando
Ecco a voi il log di Norman:

NFix_2008-05-11_14-39-41.log

Non mi funziona l'html, nel profilo risulta abilitato
Top
Profilo Invia messaggio privato
Inf3kti0n
Eroe
Eroe


Registrato: 11/05/08 04:31
Messaggi: 41
MessaggioInviato: 11 Mag 2008 19:09    Oggetto: Rispondi citando
Log di VirtumundoBeGone


[05/11/2008, 19:08:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Unknown\Desktop\VirtumundoBeGone.exe" )
[05/11/2008, 19:08:07] - Detected System Information:
[05/11/2008, 19:08:07] - Windows Version: 5.1.2600, Service Pack 2
[05/11/2008, 19:08:07] - Current Username: Unknown (Admin)
[05/11/2008, 19:08:07] - Windows is in SAFE mode.
[05/11/2008, 19:08:07] - Searching for Browser Helper Objects:
[05/11/2008, 19:08:07] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/11/2008, 19:08:07] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/11/2008, 19:08:07] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[05/11/2008, 19:08:07] - Finished Searching Browser Helper Objects
[05/11/2008, 19:08:07] - Finishing up...
[05/11/2008, 19:08:07] - Nothing found! Exiting...
Top
Profilo Invia messaggio privato
Inf3kti0n
Eroe
Eroe


Registrato: 11/05/08 04:31
Messaggi: 41
MessaggioInviato: 11 Mag 2008 19:20    Oggetto: Rispondi citando
Log di ComboFix

ComboFix 08-05-09.1 - Unknown 2008-05-11 19.14.53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1646 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Unknown\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-11 al 2008-05-11 )))))))))))))))))))))))))))))))))))
.

2008-05-11 15:46 . 2008-05-11 15:46 <DIR> d-------- C:\VundoFix Backups
2008-05-11 02:00 . 2008-05-11 02:00 325 --a------ C:\WINDOWS\KillProcess.INI
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-05-11 01:48 . 2008-02-07 21:30 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-05-11 01:48 . 2008-05-11 19:17 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-05-11 01:48 . 2008-05-11 01:48 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-11 01:48 . 2008-05-11 19:11 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-05-11 00:20 . 2008-05-11 00:20 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-11 00:12 . 2008-05-11 00:12 2,112 --a------ C:\WINDOWS\system32\fikyssyo.exe
2008-05-09 19:16 . 2008-05-09 19:16 2,112 --a------ C:\WINDOWS\system32\pmdfcbfw.exe
2008-05-09 17:26 . 2008-05-09 17:26 2,112 --a------ C:\WINDOWS\system32\nblbcvrl.exe
2008-05-09 00:50 . 2008-05-09 00:57 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-09 00:50 . 2008-05-09 00:59 4,646 --a------ C:\WINDOWS\unins000.dat
2008-05-09 00:45 . 2008-05-09 01:01 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-05-09 00:45 . 2008-05-11 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-09 00:31 . 2008-05-09 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PulituraSystem
2008-05-08 23:19 . 2008-05-08 23:19 2,112 --a------ C:\WINDOWS\system32\jbncpjia.exe
2008-05-06 23:00 . 2008-05-06 23:00 2,112 --a------ C:\WINDOWS\system32\ylvniegp.exe
2008-05-06 16:36 . 2008-05-06 16:36 1,479,969 --ahs---- C:\WINDOWS\system32\cptvtnrd.tmp
2008-05-05 22:42 . 2008-05-11 00:24 109,736 --a------ C:\WINDOWS\BM871f2942.xml
2008-05-05 01:23 . 2008-05-05 01:23 <DIR> d-------- C:\Programmi\Sierra
2008-04-30 00:22 . 2008-04-30 00:22 <DIR> d-------- C:\Programmi\Rockstar Games
2008-04-29 23:53 . 2008-04-29 23:53 <DIR> d-------- C:\Programmi\Alcohol Soft
2008-04-29 23:53 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-04-29 23:53 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-04-20 08:19 . 2008-04-20 13:42 <DIR> d-------- C:\Documents and Settings\Unknown\Dati applicazioni\Command & Conquer 3 L'ira di Kane
2008-04-16 23:36 . 2008-04-16 23:36 <DIR> d-------- C:\Documents and Settings\Unknown\Dati applicazioni\Command & Conquer 3 Tiberium Wars
2008-04-15 14:32 . 2008-04-15 14:32 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-04-14 00:09 . 2008-04-14 00:09 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-14 00:08 . 2008-04-14 00:08 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-14 00:08 . 2008-05-11 15:24 96,256 --a------ C:\WINDOWS\system32\drivers\sptd4189.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 23:27 --------- d-----w C:\Programmi\AdunanzA
2008-05-06 06:18 --------- d-----w C:\Programmi\ESET
2008-05-06 06:05 --------- d-----w C:\Programmi\Cheat Engine
2008-04-29 22:22 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-20 05:56 --------- d-----w C:\Programmi\Electronic Arts
2008-04-10 17:40 --------- d-----w C:\Programmi\Java
2008-04-10 17:39 --------- d-----w C:\Programmi\File comuni\Java
2008-04-02 21:26 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-03-22 13:10 --------- d-----w C:\Documents and Settings\Unknown\Dati applicazioni\Microsoft Games
2008-03-22 12:37 --------- d-----w C:\Programmi\Microsoft Games
2008-03-22 01:06 --------- d-----w C:\Programmi\Sierra Entertainment
2008-03-22 01:06 --------- d-----w C:\Documents and Settings\Unknown\Dati applicazioni\InstallShield
2008-03-18 00:31 --------- d-----w C:\Programmi\GameSpy
2008-03-18 00:30 22,328 ----a-w C:\Documents and Settings\Unknown\Dati applicazioni\PnkBstrK.sys
2008-03-14 22:38 --------- d-----w C:\Documents and Settings\Unknown\Dati applicazioni\dvdcss
2008-03-12 01:43 --------- d-----w C:\Programmi\CCleaner
2008-02-17 23:25 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-11 23:21 184,320 ----a-w C:\WINDOWS\system32\imon.dll
2008-02-11 23:21 114,688 ----a-w C:\WINDOWS\system32\nms32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-11_ 2.12.54.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 00:11:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-11 17:10:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-11-06 11:30 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-02-12 01:21 778240]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 11:30 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUkiFXO]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\Programmi\\id Software\\Quake 4\\quake4.exe"=
"C:\\Programmi\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Programmi\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Programmi\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Programmi\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Programmi\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Programmi\\Electronic Arts\\Command & Conquer 3 L'ira di Kane\\RetailExe\\1.0\\cnc3ep1.dat"=


.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 19:18:08
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\imon.dll
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-05-11 19.18.58
ComboFix-quarantined-files.txt 2008-05-11 17:18:50

6 Directory 72,121,253,888 byte disponibili
8 Directory 72,112,029,696 byte disponibili

126 --- E O F --- 2008-03-10 11:18:31
Top
Profilo Invia messaggio privato
Inf3kti0n
Eroe
Eroe


Registrato: 11/05/08 04:31
Messaggi: 41
MessaggioInviato: 12 Mag 2008 00:27    Oggetto: Rispondi citando
Nonostante tutto Spybot mi identifica ancora una voce (in rosso) come problema
Non sò se è dovuta al passaggio di Virtumonde o meno, sò che prima di rilevare il suddetto malware non c'era.

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Impostazioni (Modifica al registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 12 Mag 2008 08:03    Oggetto: Rispondi citando
Fai questa scansione con VirIT
Top
Profilo Invia messaggio privato
Inf3kti0n
Eroe
Eroe


Registrato: 11/05/08 04:31
Messaggi: 41
MessaggioInviato: 12 Mag 2008 12:47    Oggetto: Rispondi citando
VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
12/05/2008 - 12:32:36

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 38315.
Files Totali: 38315.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
Top
Profilo Invia messaggio privato
Inf3kti0n
Eroe
Eroe


Registrato: 11/05/08 04:31
Messaggi: 41
MessaggioInviato: 12 Mag 2008 17:39    Oggetto: Rispondi citando
A quanto pare ho il pc più pulito di quando l'ho formattato Laughing
Grazie capo, guida ottima
Posso riabilitare il ripristino di sistema?
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 12 Mag 2008 20:07    Oggetto: Rispondi citando
C'è qualcosa che non mi quadra... Think

Crea un file di testo con le seguenti istruzioni:
Codice:
File::
C:\WINDOWS\system32\fikyssyo.exe
C:\WINDOWS\system32\pmdfcbfw.exe
C:\WINDOWS\system32\nblbcvrl.exe
C:\WINDOWS\system32\jbncpjia.exe
C:\WINDOWS\system32\ylvniegp.exe

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink
Posta il log aggiornato di combofix.

Dopo, procedi così:
  1. Scarica questo programma e salvalo in C:\
  2. Clicca Start
  3. Clicca Esegui...
  4. Digita:
    Codice:
    cmd


  5. Clicca su ok
  6. si apre la finestra DOS, digita:
    Codice:
    CD \

    premi invio
  7. digita:
    Codice:
    mbr -f

    premi invio
  8. digita:
    Codice:
    exit

    premi invio

  9. Riavvia il pc
  10. Posta qui il contenuto del log C:\mbr.log


Nella cartella C:\QooBox\C\WINDOWS\system32\ troverai dei files con estensione .vir, per cortesia:
Top
Profilo Invia messaggio privato
Inf3kti0n
Eroe
Eroe


Registrato: 11/05/08 04:31
Messaggi: 41
MessaggioInviato: 12 Mag 2008 23:43    Oggetto: Rispondi citando
Log di ComboFix


ComboFix 08-05-09.1 - Unknown 2008-05-12 23.11.40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1542 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Unknown\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Unknown\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\fikyssyo.exe
C:\WINDOWS\system32\jbncpjia.exe
C:\WINDOWS\system32\nblbcvrl.exe
C:\WINDOWS\system32\pmdfcbfw.exe
C:\WINDOWS\system32\ylvniegp.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fikyssyo.exe
C:\WINDOWS\system32\jbncpjia.exe
C:\WINDOWS\system32\nblbcvrl.exe
C:\WINDOWS\system32\pmdfcbfw.exe
C:\WINDOWS\system32\ylvniegp.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-04-12 al 2008-05-12 )))))))))))))))))))))))))))))))))))
.

2008-05-12 12:14 . 2008-05-12 17:16 <DIR> d-------- C:\VEXPLITE
2008-05-12 12:14 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-11 02:00 . 2008-05-11 02:00 325 --a------ C:\WINDOWS\KillProcess.INI
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-05-11 01:48 . 2008-02-07 21:30 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-05-11 01:48 . 2008-05-12 23:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-05-11 01:48 . 2008-05-11 01:48 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-11 01:48 . 2008-05-12 00:35 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-05-11 00:20 . 2008-05-11 00:20 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-09 00:50 . 2008-05-09 00:57 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-09 00:50 . 2008-05-09 00:59 4,646 --a------ C:\WINDOWS\unins000.dat
2008-05-09 00:45 . 2008-05-09 01:01 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-05-09 00:45 . 2008-05-11 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-09 00:31 . 2008-05-09 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PulituraSystem
2008-05-06 16:36 . 2008-05-06 16:36 1,479,969 --ahs---- C:\WINDOWS\system32\cptvtnrd.tmp
2008-05-05 22:42 . 2008-05-11 00:24 109,736 --a------ C:\WINDOWS\BM871f2942.xml
2008-05-05 01:23 . 2008-05-05 01:23 <DIR> d-------- C:\Programmi\Sierra
2008-04-30 00:22 . 2008-04-30 00:22 <DIR> d-------- C:\Programmi\Rockstar Games
2008-04-29 23:53 . 2008-04-29 23:53 <DIR> d-------- C:\Programmi\Alcohol Soft
2008-04-29 23:53 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-04-29 23:53 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-04-20 08:19 . 2008-04-20 13:42 <DIR> d-------- C:\Documents and Settings\Unknown\Dati applicazioni\Command & Conquer 3 L'ira di Kane
2008-04-16 23:36 . 2008-04-16 23:36 <DIR> d-------- C:\Documents and Settings\Unknown\Dati applicazioni\Command & Conquer 3 Tiberium Wars
2008-04-15 14:32 . 2008-04-15 14:32 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-04-14 00:09 . 2008-04-14 00:09 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-14 00:08 . 2008-04-14 00:08 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-14 00:08 . 2008-05-11 15:24 96,256 --a------ C:\WINDOWS\system32\drivers\sptd4189.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 10:11 --------- d-----w C:\Programmi\AdunanzA
2008-05-06 06:18 --------- d-----w C:\Programmi\ESET
2008-05-06 06:05 --------- d-----w C:\Programmi\Cheat Engine
2008-04-29 22:22 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-20 05:56 --------- d-----w C:\Programmi\Electronic Arts
2008-04-10 17:40 --------- d-----w C:\Programmi\Java
2008-04-10 17:39 --------- d-----w C:\Programmi\File comuni\Java
2008-04-02 21:26 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-03-22 13:10 --------- d-----w C:\Documents and Settings\Unknown\Dati applicazioni\Microsoft Games
2008-03-22 12:37 --------- d-----w C:\Programmi\Microsoft Games
2008-03-22 01:06 --------- d-----w C:\Programmi\Sierra Entertainment
2008-03-22 01:06 --------- d-----w C:\Documents and Settings\Unknown\Dati applicazioni\InstallShield
2008-03-18 00:31 --------- d-----w C:\Programmi\GameSpy
2008-03-18 00:30 22,328 ----a-w C:\Documents and Settings\Unknown\Dati applicazioni\PnkBstrK.sys
2008-03-14 22:38 --------- d-----w C:\Documents and Settings\Unknown\Dati applicazioni\dvdcss
2008-03-12 01:43 --------- d-----w C:\Programmi\CCleaner
2008-02-17 23:25 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-11_ 2.12.54.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 00:11:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 15:16:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-11-06 11:30 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-02-12 01:21 778240]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 11:30 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUkiFXO]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\Programmi\\id Software\\Quake 4\\quake4.exe"=
"C:\\Programmi\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Programmi\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Programmi\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Programmi\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Programmi\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Programmi\\Electronic Arts\\Command & Conquer 3 L'ira di Kane\\RetailExe\\1.0\\cnc3ep1.dat"=


.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-11 22:37:28 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 23:14:51
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\imon.dll
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-05-12 23.15.37
ComboFix-quarantined-files.txt 2008-05-12 21:15:32

6 Directory 72,069,185,536 byte disponibili
8 Directory 72,062,988,288 byte disponibili

140 --- E O F --- 2008-03-10 11:18:31

-


Log mbr


Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 13 Mag 2008 07:50    Oggetto: Rispondi citando
Ultimissima operazione...

Crea un file di testo con le seguenti istruzioni:
Codice:
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUkiFXO]

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink
Posta i logs aggiornati di combofix e di hijackthis
Top
Profilo Invia messaggio privato
Inf3kti0n
Eroe
Eroe


Registrato: 11/05/08 04:31
Messaggi: 41
MessaggioInviato: 13 Mag 2008 19:08    Oggetto: Rispondi citando
Ecco qui capo Wink

ComboFix 08-05-09.1 - Unknown 2008-05-13 19.03.10.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1516 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Unknown\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Unknown\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-13 al 2008-05-13 )))))))))))))))))))))))))))))))))))
.

2008-05-13 13:00 . 2008-05-13 13:00 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-13 13:00 . 2008-05-13 13:00 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-13 13:00 . 2008-05-13 13:00 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-13 01:56 . 2008-05-13 01:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grid
2008-05-12 12:14 . 2008-05-12 17:16 <DIR> d-------- C:\VEXPLITE
2008-05-12 12:14 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-11 02:00 . 2008-05-11 02:00 325 --a------ C:\WINDOWS\KillProcess.INI
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-05-11 01:48 . 2008-02-07 21:30 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-05-11 01:48 . 2008-05-13 19:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-05-11 01:48 . 2008-02-07 21:24 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-05-11 01:48 . 2008-05-11 01:48 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-11 01:48 . 2008-05-12 00:35 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-05-11 00:20 . 2008-05-11 00:20 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-09 00:50 . 2008-05-09 00:57 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-09 00:50 . 2008-05-09 00:59 4,646 --a------ C:\WINDOWS\unins000.dat
2008-05-09 00:45 . 2008-05-09 01:01 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-05-09 00:45 . 2008-05-11 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-06 16:36 . 2008-05-06 16:36 1,479,969 --ahs---- C:\WINDOWS\system32\cptvtnrd.tmp
2008-05-05 22:42 . 2008-05-11 00:24 109,736 --a------ C:\WINDOWS\BM871f2942.xml
2008-05-05 01:23 . 2008-05-05 01:23 <DIR> d-------- C:\Programmi\Sierra
2008-04-30 00:22 . 2008-04-30 00:22 <DIR> d-------- C:\Programmi\Rockstar Games
2008-04-29 23:53 . 2008-04-29 23:53 <DIR> d-------- C:\Programmi\Alcohol Soft
2008-04-29 23:53 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-04-29 23:53 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-04-20 08:19 . 2008-04-20 13:42 <DIR> d-------- C:\Documents and Settings\Unknown\Dati applicazioni\Command & Conquer 3 L'ira di Kane
2008-04-16 23:36 . 2008-04-16 23:36 <DIR> d-------- C:\Documents and Settings\Unknown\Dati applicazioni\Command & Conquer 3 Tiberium Wars
2008-04-15 14:32 . 2008-04-15 14:32 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-04-14 00:09 . 2008-04-14 00:09 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-14 00:08 . 2008-04-14 00:08 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-14 00:08 . 2008-05-11 15:24 96,256 --a------ C:\WINDOWS\system32\drivers\sptd4189.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 11:00 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-13 11:00 22,328 ----a-w C:\Documents and Settings\Unknown\Dati applicazioni\PnkBstrK.sys
2008-05-12 22:26 --------- d-----w C:\Programmi\AdunanzA
2008-05-06 06:18 --------- d-----w C:\Programmi\ESET
2008-05-06 06:05 --------- d-----w C:\Programmi\Cheat Engine
2008-04-29 22:22 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-20 05:56 --------- d-----w C:\Programmi\Electronic Arts
2008-04-10 17:40 --------- d-----w C:\Programmi\Java
2008-04-10 17:39 --------- d-----w C:\Programmi\File comuni\Java
2008-04-02 21:26 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-03-22 13:10 --------- d-----w C:\Documents and Settings\Unknown\Dati applicazioni\Microsoft Games
2008-03-22 12:37 --------- d-----w C:\Programmi\Microsoft Games
2008-03-22 01:06 --------- d-----w C:\Programmi\Sierra Entertainment
2008-03-22 01:06 --------- d-----w C:\Documents and Settings\Unknown\Dati applicazioni\InstallShield
2008-03-18 00:31 --------- d-----w C:\Programmi\GameSpy
2008-03-14 22:38 --------- d-----w C:\Documents and Settings\Unknown\Dati applicazioni\dvdcss
.

((((((((((((((((((((((((((((( snapshot@2008-05-11_ 2.12.54.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 00:11:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 15:51:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-03-18 00:29:42 9,662 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
+ 2008-05-13 11:00:04 9,662 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
- 2008-03-18 00:29:42 10,134 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2008-05-13 11:00:04 10,134 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
- 2008-03-18 00:29:42 10,134 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2008-05-13 11:00:04 10,134 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-11-06 11:30 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-02-12 01:21 778240]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 11:30 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\Programmi\\id Software\\Quake 4\\quake4.exe"=
"C:\\Programmi\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programmi\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Programmi\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Programmi\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Programmi\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Programmi\\Electronic Arts\\Command & Conquer 3 L'ira di Kane\\RetailExe\\1.0\\cnc3ep1.dat"=
"C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=


.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-11 22:37:28 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 19:06:13
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\imon.dll
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-05-13 19.06.59
ComboFix-quarantined-files.txt 2008-05-13 17:06:53

6 Directory 73,014,861,824 byte disponibili
8 Directory 73,008,463,872 byte disponibili

136 --- E O F --- 2008-03-10 11:18:31
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 13 Mag 2008 20:49    Oggetto: Rispondi citando
Oserei dire che sei a posto. Razz
Riscontri altri problemi?
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 13 Mag 2008 21:55    Oggetto: Rispondi citando
Se è tutto a posto,
ricordati di riattivare il ripristino di configurazione di sistema.
Top
Profilo Invia messaggio privato
Inf3kti0n
Eroe
Eroe


Registrato: 11/05/08 04:31
Messaggi: 41
MessaggioInviato: 14 Mag 2008 17:26    Oggetto: Rispondi citando
Nessun altro problema per ora Wink
Mal che vada torno a scassare


Grazie capo
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 14 Mag 2008 18:09    Oggetto: Rispondi
Ok,
se non l'hai ancora fatto e se vuoi, fai un salto in questa discussione a presentarti agli utenti del forum.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Quest'argomento è chiuso: Non puoi inserire, rispondere o modificare i messaggi.    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi