Olimpo Informatico

[Pezz]

Salve staff,
eccomi di nuovo da voi....
il mio caro vecchio portatile Vista con IE 7 fa di nuovo i capricci;
questa volta si è preso un bel spyware ke rompe proprio le scatole,la cosa + grave è ke sia x l'antivirus(Norton Internet Security) che x Adaware2007 il mio pc è vergine....entrambi rilevano il nulla assoluto,ma intanto lo spyware c'è...e si vede
Help me....
grazie...

[bdoriano]

Ciao Pezz,

• Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
  
• Fai una scansione con Norman Malware Cleaner.
  
• Riavvia il computer in modalità normale
  
• Segui le istruzioni di questo topic per eseguire combofix.
  
• Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
  
  • Carica il log di Norman Malware Cleaner su WikiSend e posta il Forum Link che ti viene assegnato
    
  • Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio

[Pezz]

allora...ho fatto tutto,questi sono i due post:

NFix_2008-07-07_20-15-53.log


2008-07-07 17:56 --------- d-----w C:\Program Files\CCleaner
2008-07-05 18:06 --------- d-----w C:\Program Files\Lavasoft
2008-07-05 18:03 --------- d-----w C:\ProgramData\Lavasoft
2008-07-05 18:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 00:45 --------- d-----w C:\Program Files\Direct MIDI to MP3 Converter
2008-07-05 00:38 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-07-05 00:38 290,816 ------w C:\Windows\Setup1.exe
2008-07-04 19:40 --------- d-----w C:\ProgramData\Symantec
2008-07-04 13:38 --------- d-----w C:\Program Files\IDoser v4
2008-07-04 11:00 27,620 ----a-w C:\Users\Giuseppe\AppData\Roaming\nvModes.dat
2008-07-04 00:12 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-26 19:23 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-26 18:27 --------- d-----w C:\Program Files\AudioCommander
2008-06-26 12:34 --------- d-----w C:\Program Files\Windows Live SkyDrive
2008-06-21 12:52 --------- d-----w C:\Users\Giuseppe\AppData\Roaming\vlc
2008-06-21 12:48 --------- d-----w C:\Program Files\VideoLAN
2008-06-21 01:03 --------- d-----w C:\Program Files\Windows Live
2008-06-20 13:19 --------- d-----w C:\Program Files\eMule
2008-06-20 11:40 --------- d-----w C:\ProgramData\eMule
2008-06-20 10:59 --------- d-----w C:\ProgramData\Messenger Plus!
2008-06-20 10:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-20 10:41 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-20 10:41 --------- d-----w C:\Program Files\Windows Live Favorites
2008-06-20 10:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-20 10:26 --------- d-----w C:\ProgramData\WLInstaller
2008-06-20 10:03 174 --sha-w C:\Program Files\desktop.ini
2008-06-20 09:57 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-20 09:57 --------- d-----w C:\Program Files\Windows Mail
2008-06-20 09:57 --------- d-----w C:\Program Files\Windows Defender
2008-06-20 09:57 --------- d-----w C:\Program Files\Windows Calendar
2008-06-20 01:18 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-20 01:16 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-06-20 01:15 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-06-20 01:15 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-06-20 01:14 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-06-20 01:14 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-06-20 01:11 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-06-20 01:11 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-06-20 01:10 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-06-20 01:09 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-06-20 01:09 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-06-20 01:09 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-06-20 01:09 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-06-20 01:09 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-06-20 01:08 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-06-20 01:08 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-06-20 01:08 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-06-20 01:08 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-06-20 01:08 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-06-20 01:08 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-06-20 01:08 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-06-20 01:08 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-06-20 01:08 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-06-20 01:06 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-06-20 01:06 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-06-20 01:06 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-06-20 01:06 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-06-20 01:06 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-06-20 01:06 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-06-20 01:06 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-06-20 01:06 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-06-20 01:05 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-06-20 01:05 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-06-20 01:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-06-20 01:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-06-20 01:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-06-20 01:04 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-06-20 01:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-06-20 01:03 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-06-20 01:01 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-06-20 01:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-06-20 01:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-06-20 01:00 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-06-20 01:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-06-20 00:59 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-06-20 00:59 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-06-20 00:59 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-06-20 00:58 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-06-20 00:58 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-06-20 00:58 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-06-20 00:58 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-06-20 00:58 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-06-20 00:58 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-06-20 00:58 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-06-20 00:58 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-06-20 00:58 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-06-20 00:55 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-06-20 00:54 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-06-20 00:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-20 00:54 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-20 00:54 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-20 00:54 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-06-20 00:54 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-20 00:54 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-20 00:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-20 00:54 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-06-20 00:47 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-06-20 00:47 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-06-20 00:47 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-06-20 00:47 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-20 02:55 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 22:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 05:36 827392]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 12:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-06-24 00:18 77824]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 20:12 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\WINDOWS\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Avvio veloce di Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8D019FEF-E570-4541-BDC6-758B21A0EC22}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{309C3D5E-73C0-461D-AC5E-BFA280CF99F3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DE9372B-D0BF-484D-90BF-05ED7F24C183}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{68055C8E-413F-4C36-83A6-EF22882D29E1}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{D10D84AE-456B-47CA-A932-066C1F18A69C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080623.001\IDSvix86.sys [2008-06-03 17:55]
R2 ASBroker;Operatore della sessione di accesso;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 ASChannel;Canale di comunicazione locale;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 10:54]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 22:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-07 18:02:13 C:\Windows\Tasks\Norton Internet Security - Scansione completa sistema - Giuseppe.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-06-20 10:41:35 C:\Windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 01:14:09
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\WINDOWS\System32\wbem\WMIADAP.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-08 1:17:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-07 23:16:24

Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
18 Directory 85,654,745,088 byte disponibili

223 --- E O F --- 2008-07-07 13:42:04


Apparentemente SEMBRA che sia tutto risolto...poi non so...speriamo bene...
Grazie mille come al solito

[bdoriano]

Il log di Norman è inesistente.
Il log di combofix è incompleto (manca tutta la prima parte), quindi inutilizzabile.
Ri-postali, così possiamo verificare se ci sono altre pulizie da fare.

[Pezz]

scusa :S

cmq ecco combofix:

ComboFix 08-07-05.1 - Giuseppe 2008-07-08 1.05.18.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1040.18.1108 [GMT 2:00]
Eseguito da: C:\Users\Giuseppe\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2008-06-07 al 2008-07-07 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 17:56 --------- d-----w C:\Program Files\CCleaner
2008-07-05 18:06 --------- d-----w C:\Program Files\Lavasoft
2008-07-05 18:03 --------- d-----w C:\ProgramData\Lavasoft
2008-07-05 18:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 00:45 --------- d-----w C:\Program Files\Direct MIDI to MP3 Converter
2008-07-05 00:38 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-07-05 00:38 290,816 ------w C:\Windows\Setup1.exe
2008-07-04 19:40 --------- d-----w C:\ProgramData\Symantec
2008-07-04 13:38 --------- d-----w C:\Program Files\IDoser v4
2008-07-04 11:00 27,620 ----a-w C:\Users\Giuseppe\AppData\Roaming\nvModes.dat
2008-07-04 00:12 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-26 19:23 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-26 18:27 --------- d-----w C:\Program Files\AudioCommander
2008-06-26 12:34 --------- d-----w C:\Program Files\Windows Live SkyDrive
2008-06-21 12:52 --------- d-----w C:\Users\Giuseppe\AppData\Roaming\vlc
2008-06-21 12:48 --------- d-----w C:\Program Files\VideoLAN
2008-06-21 01:03 --------- d-----w C:\Program Files\Windows Live
2008-06-20 13:19 --------- d-----w C:\Program Files\eMule
2008-06-20 11:40 --------- d-----w C:\ProgramData\eMule
2008-06-20 10:59 --------- d-----w C:\ProgramData\Messenger Plus!
2008-06-20 10:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-20 10:41 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-20 10:41 --------- d-----w C:\Program Files\Windows Live Favorites
2008-06-20 10:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-20 10:26 --------- d-----w C:\ProgramData\WLInstaller
2008-06-20 10:03 174 --sha-w C:\Program Files\desktop.ini
2008-06-20 09:57 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-20 09:57 --------- d-----w C:\Program Files\Windows Mail
2008-06-20 09:57 --------- d-----w C:\Program Files\Windows Defender
2008-06-20 09:57 --------- d-----w C:\Program Files\Windows Calendar
2008-06-20 01:18 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-20 01:16 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-06-20 01:15 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-06-20 01:15 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-06-20 01:14 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-06-20 01:14 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-06-20 01:11 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-06-20 01:11 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-06-20 01:10 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-06-20 01:09 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-06-20 01:09 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-06-20 01:09 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-06-20 01:09 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-06-20 01:09 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-06-20 01:08 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-06-20 01:08 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-06-20 01:08 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-06-20 01:08 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-06-20 01:08 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-06-20 01:08 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-06-20 01:08 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-06-20 01:08 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-06-20 01:08 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-06-20 01:06 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-06-20 01:06 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-06-20 01:06 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-06-20 01:06 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-06-20 01:06 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-06-20 01:06 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-06-20 01:06 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-06-20 01:06 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-06-20 01:05 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-06-20 01:05 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-06-20 01:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-06-20 01:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-06-20 01:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-06-20 01:04 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-06-20 01:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-06-20 01:03 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-06-20 01:01 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-06-20 01:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-06-20 01:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-06-20 01:00 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-06-20 01:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-06-20 00:59 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-06-20 00:59 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-06-20 00:59 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-06-20 00:58 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-06-20 00:58 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-06-20 00:58 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-06-20 00:58 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-06-20 00:58 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-06-20 00:58 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-06-20 00:58 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-06-20 00:58 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-06-20 00:58 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-06-20 00:55 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-06-20 00:54 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-06-20 00:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-20 00:54 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-20 00:54 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-20 00:54 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-06-20 00:54 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-20 00:54 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-20 00:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-20 00:54 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-06-20 00:47 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-06-20 00:47 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-06-20 00:47 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-06-20 00:47 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-20 02:55 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 22:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 05:36 827392]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 12:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-06-24 00:18 77824]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 20:12 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\WINDOWS\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Avvio veloce di Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8D019FEF-E570-4541-BDC6-758B21A0EC22}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{309C3D5E-73C0-461D-AC5E-BFA280CF99F3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DE9372B-D0BF-484D-90BF-05ED7F24C183}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{68055C8E-413F-4C36-83A6-EF22882D29E1}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{D10D84AE-456B-47CA-A932-066C1F18A69C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080623.001\IDSvix86.sys [2008-06-03 17:55]
R2 ASBroker;Operatore della sessione di accesso;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 ASChannel;Canale di comunicazione locale;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 10:54]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 22:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-07 18:02:13 C:\Windows\Tasks\Norton Internet Security - Scansione completa sistema - Giuseppe.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-06-20 10:41:35 C:\Windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 01:14:09
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\WINDOWS\System32\wbem\WMIADAP.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-08 1:17:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-07 23:16:24

Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
18 Directory 85,654,745,088 byte disponibili

223 --- E O F --- 2008-07-07 13:42:04



NFix_2008-07-07_20-15-53.log

[bdoriano]

Perfetto! Norman ha rimosso il virus ZLob.

Adesso, segui le istruzioni di questo topic per usare MBAM. Carica il log su WikiSend e posta il Forum Link che ti viene assegnato.

Dopo, fai queste altre operazioni:

• Disabilita il tuo antivirus
  
• Collegati a BitDefender (con IE) e fai la scansione completa.
  
• Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
  Salva il risultato della scansione in un file (in formato TXT), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato.