Precedente :: Successivo |
Autore |
Messaggio |
getro_west Comune mortale


Registrato: 13/11/09 09:19 Messaggi: 1
|
Inviato: 13 Nov 2009 09:33 Oggetto: MBR Rootkit e altri virus |
|
|
Sono nuovo del forum. Ho da qualche giorno problemi con un rootkit:"tdlwsp.dll", che ogni volta metto in quarantena con "AVG 8" e che ogni giorno si ripresenta e del quale spero di essermi liberato con l'aiuto di Combofix. Volevo un parere sul log della avvenuta scansione.
Ringrazio chiunque possa capirne più di me, e sperando di essere nella sezione giusta del forum
Ma bando ai convenevoli ecco il log:
-------------------------------------------------------------------------------------
ComboFix 09-11-13.04 - Stenoz 13/11/2009 7.30.37.1.2 - NTFSx86
Eseguito da: c:\documents and settings\Stenoz\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\idm.dat
c:\windows\system32\tdlwsp.dll
----- BITS: Possibili siti infetti -----
hxxp://nds1.nokia.com
La copia infetta di c:\windows\system32\drivers\nvata.sys è stata trovata e disinfettata
ipristinata copia da - Kitty ate it :p
.
((((((((((((((((((((((((( Files Creati Da 2009-10-13 al 2009-11-13 )))))))))))))))))))))))))))))))))))
.
2009-11-13 06:05 . 2009-11-13 06:06 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\QuickScan
2009-11-12 09:16 . 2009-11-12 18:28 -------- d-----w- C:\$AVG8.VAULT$
2009-11-10 18:09 . 2009-11-10 18:10 -------- d-----w- c:\programmi\OpenOfficePortable
2009-11-10 18:07 . 2009-11-10 18:07 -------- d-----w- c:\documents and settings\Stenoz\Impostazioni locali\Dati applicazioni\PCHealth
2009-11-10 18:07 . 2009-11-10 18:07 53248 ----a-w- c:\documents and settings\Stenoz\Dati applicazioni\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\ODSERV.EXE
2009-11-10 18:06 . 2009-11-10 18:06 53248 ----a-w- c:\documents and settings\Stenoz\Dati applicazioni\Thinstall\Microsoft Office Enterprise 2007\30000000111800002h\EXCEL.EXE
2009-11-10 18:06 . 2009-11-10 18:06 53248 ----a-w- c:\documents and settings\Stenoz\Dati applicazioni\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE
2009-11-10 18:06 . 2009-11-10 18:06 53248 ----a-w- c:\documents and settings\Stenoz\Dati applicazioni\Thinstall\Microsoft Office Enterprise 2007\300000002ca00002h\OffDiag.exe
2009-11-10 06:28 . 2009-11-10 06:36 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\FrostWire
2009-11-10 06:24 . 2009-11-10 06:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-10 06:23 . 2009-11-10 06:23 -------- d-----w- c:\programmi\Java
2009-11-10 06:23 . 2009-11-10 06:23 152576 ----a-w- c:\documents and settings\Stenoz\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-11-10 05:34 . 2009-11-10 05:34 -------- d-----w- c:\programmi\PowerISO
2009-11-10 05:29 . 2009-11-10 05:29 -------- d-----w- c:\programmi\MAF-Soft
2009-11-09 18:28 . 2009-11-09 18:28 -------- d-----w- c:\programmi\InfraRecorderPortable
2009-11-08 09:24 . 2009-11-08 09:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DreamFarm
2009-11-08 09:24 . 2009-11-08 09:24 -------- d-----w- c:\programmi\Alawar
2009-11-08 08:10 . 2009-11-08 08:10 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-11-08 08:10 . 2009-11-08 08:10 -------- d-----w- c:\windows\system32\Lang
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\dBpoweramp
2009-11-07 09:15 . 2009-11-07 10:08 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\AccurateRip
2009-11-07 09:10 . 2009-11-07 09:10 3148 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2009-11-07 09:09 . 2009-11-07 09:10 2985 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-11-07 09:09 . 2009-11-07 09:09 8453 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-11-07 09:09 . 2009-11-07 09:09 13277 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-11-07 09:09 . 2009-07-14 18:39 515760 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-11-07 09:09 . 2009-11-07 09:09 -------- d-----w- c:\programmi\Illustrate
2009-11-07 06:40 . 2009-11-07 06:41 -------- d-----w- c:\programmi\GIMPPortable
2009-11-06 11:01 . 2009-11-06 11:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Enkord
2009-11-06 10:09 . 2009-11-06 10:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skypito
2009-11-06 10:09 . 2009-11-06 10:09 772 ----a-w- c:\windows\system32\ezdigsgn.dat
2009-11-06 10:09 . 2009-11-06 10:09 91136 ----a-w- c:\windows\system32\ezUninst.exe
2009-11-06 10:09 . 2009-11-06 10:09 268800 ----a-w- c:\windows\system32\ezSetup.exe
2009-11-06 10:09 . 2009-11-06 10:09 15872 ----a-w- c:\windows\system32\ezMAPIHelper.exe
2009-11-06 10:09 . 2009-11-06 10:14 -------- d-----w- c:\programmi\Skypito
2009-11-06 09:48 . 2009-11-06 09:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-06 09:48 . 2009-11-06 09:48 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\skypePM
2009-11-06 09:46 . 2009-11-06 10:14 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\Skype
2009-11-06 09:46 . 2009-11-06 09:46 -------- d-----w- c:\programmi\File comuni\Skype
2009-11-06 09:46 . 2009-11-06 09:46 -------- d-----r- c:\programmi\Skype
2009-11-06 09:46 . 2009-11-06 09:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-11-02 17:22 . 2009-10-16 08:00 3510552 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgui.exe
2009-11-01 13:57 . 2009-11-01 13:57 -------- d-----w- c:\programmi\Mobipocket.com
2009-11-01 13:57 . 2009-11-01 13:57 -------- d-----w- c:\programmi\File comuni\Mobipocket Shared
2009-11-01 11:12 . 2009-11-01 11:12 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\Thinstall
2009-11-01 11:02 . 2009-11-01 11:35 -------- d-----w- c:\programmi\ABC Amber LIT Converter
2009-11-01 10:46 . 2009-11-01 11:40 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\Mobipocket
2009-10-31 09:47 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-10-31 09:47 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-10-31 09:35 . 2009-10-31 09:26 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_it.exe
2009-10-31 09:35 . 2009-10-31 09:35 -------- d-----w- c:\programmi\MSXML 6.0
2009-10-31 09:34 . 2009-10-31 09:38 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-31 09:34 . 2009-10-31 09:34 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-10-31 09:34 . 2009-10-31 09:34 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-10-31 09:34 . 2009-10-31 09:34 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-10-30 09:00 . 2009-10-30 09:00 -------- d-----w- c:\programmi\Mobipocket Reader
2009-10-25 18:14 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-10-25 16:50 . 2009-10-25 16:52 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\Internet Tablet Video Converter
2009-10-25 16:50 . 2009-10-25 16:50 -------- d-----w- c:\documents and settings\Stenoz\Impostazioni locali\Dati applicazioni\Internet Tablet Video Converter
2009-10-25 16:27 . 2009-10-25 16:28 -------- d-----w- c:\programmi\Total Video Converter
2009-10-25 15:34 . 2009-10-25 15:34 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-10-25 15:34 . 2009-10-25 15:34 -------- d-----w- c:\programmi\Nokia Pc Suite 7.1
2009-10-25 15:34 . 2009-10-31 09:35 -------- d-----w- c:\programmi\File comuni\Nokia
2009-10-25 15:34 . 2009-10-25 15:32 33853800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ita_web.exe
2009-10-25 15:34 . 2009-10-25 15:34 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-10-25 15:34 . 2009-10-25 15:34 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-25 15:34 . 2009-10-25 15:34 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-25 15:34 . 2009-10-25 15:34 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-25 15:09 . 2009-10-25 15:09 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\Nokia Ovi Suite
2009-10-25 15:09 . 2009-10-25 15:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nokia
2009-10-25 15:06 . 2009-10-25 15:06 -------- d-----w- c:\documents and settings\Stenoz\Impostazioni locali\Dati applicazioni\Nokia
2009-10-25 15:06 . 2009-10-25 15:06 -------- d-----w- c:\documents and settings\Stenoz\Impostazioni locali\Dati applicazioni\NokiaAccount
2009-10-25 14:46 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-25 14:46 . 2009-10-25 14:46 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-10-25 14:46 . 2009-03-19 13:48 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2009-10-25 14:46 . 2009-03-19 13:48 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-10-25 14:46 . 2009-02-09 07:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-10-25 14:46 . 2009-02-09 07:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-10-25 14:46 . 2009-02-09 07:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-10-25 14:46 . 2009-02-09 07:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-10-25 14:46 . 2009-02-09 07:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-10-25 14:46 . 2009-02-09 07:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-10-25 14:46 . 2009-10-31 09:35 -------- d-----w- c:\programmi\Nokia
2009-10-25 14:44 . 2009-10-25 15:08 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-25 14:27 . 2008-03-21 12:57 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-25 14:26 . 2009-10-25 14:44 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-10-25 14:26 . 2009-10-25 14:44 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-10-25 14:26 . 2009-10-25 14:44 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-10-25 14:26 . 2009-10-25 14:44 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-10-25 14:26 . 2009-10-25 14:44 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\pcswpc.exe
2009-10-25 14:16 . 2009-10-25 14:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2009-10-25 14:16 . 2009-10-25 14:16 92597600 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Nokia_Ovi_Suite_webinstaller.exe
2009-10-25 09:44 . 2009-10-25 15:35 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\Nokia
2009-10-25 09:41 . 2009-10-31 09:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-10-25 09:32 . 2004-08-03 22:10 38016 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2009-10-25 09:32 . 2004-08-03 22:10 38016 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2009-10-25 09:32 . 2009-10-25 09:32 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\Datalayer
2009-10-25 09:28 . 2009-10-25 09:28 -------- d-----w- c:\programmi\WIDCOMM
2009-10-25 09:24 . 2009-10-25 13:28 -------- d-sh--w- c:\documents and settings\Stenoz\Phone Browser
2009-10-24 04:45 . 2009-10-24 04:58 -------- d-----w- c:\programmi\Total Video Player
2009-10-24 04:35 . 2009-11-11 06:47 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\XnView
2009-10-24 04:35 . 2009-11-07 10:01 -------- d---a-w- c:\programmi\XnView
2009-10-23 17:44 . 2009-10-23 17:44 1 ----a-w- c:\windows\system32\qsf.dat
2009-10-23 17:44 . 2009-10-23 17:44 1 ----a-w- c:\windows\system32\fcd.dat
2009-10-23 09:19 . 2009-04-06 12:54 6806784 ----a-w- c:\programmi\Foxit Reader.exe
2009-10-21 17:00 . 2009-11-12 22:37 138736 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-21 16:59 . 2009-11-12 22:37 188968 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-21 16:59 . 2009-10-21 16:59 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-21 16:59 . 2009-10-21 16:59 -------- d-----w- c:\documents and settings\Stenoz\Impostazioni locali\Dati applicazioni\PunkBuster
2009-10-21 07:07 . 2009-10-21 07:07 2064152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgcorex.dll
2009-10-21 07:07 . 2009-10-21 07:07 2025752 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgtray.exe
2009-10-20 16:57 . 2009-10-20 16:57 -------- d-----w- c:\programmi\Electronic Arts
2009-10-19 12:35 . 2009-10-19 12:46 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\vlc
2009-10-19 12:35 . 2009-10-19 12:35 -------- d-----w- c:\programmi\VLCPortable
2009-10-19 12:00 . 2009-09-16 07:10 76080 ----a-w- c:\windows\system32\WIN2PDFM.DLL
2009-10-19 12:00 . 2009-09-16 07:10 152368 ----a-w- c:\windows\system32\WIN2PDFS.DLL
2009-10-19 11:58 . 2009-10-31 07:42 -------- d-----w- c:\programmi\Xion portable
2009-10-19 04:15 . 2009-10-19 06:36 -------- d-----w- c:\programmi\RocketDock
2009-10-18 09:05 . 2009-10-18 09:05 -------- d-----w- c:\programmi\XML Marker
2009-10-18 07:39 . 2008-03-17 14:40 139264 ----a-w- c:\windows\system32\psicon.dll
2009-10-18 03:49 . 2009-10-25 15:09 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\PC Suite
2009-10-18 03:49 . 2009-10-25 15:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2009-10-18 03:49 . 2009-10-25 15:34 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-18 03:49 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-17 15:25 . 2009-10-17 15:25 -------- d-----w- c:\documents and settings\Stenoz\Impostazioni locali\Dati applicazioni\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 06:33 . 2002-12-31 12:00 69568 ----a-w- c:\windows\system32\perfc010.dat
2009-11-13 06:33 . 2002-12-31 12:00 437272 ----a-w- c:\windows\system32\perfh010.dat
2009-11-13 06:26 . 2009-10-14 09:08 22480928 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-13 06:26 . 2009-10-14 09:08 146804 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-13 06:07 . 2009-10-14 09:38 -------- d-----w- c:\programmi\Flock
2009-11-12 18:43 . 2009-10-14 08:54 -------- d-----w- c:\programmi\AVG
2009-11-12 07:46 . 2009-10-23 09:21 6161 ----a-w- c:\programmi\FoxitReader_Preferences.ini
2009-11-07 08:36 . 2009-10-14 08:51 -------- d-----w- c:\programmi\Emule
2009-11-02 18:36 . 2009-11-03 06:34 1594880 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-10-31 09:47 . 2009-10-31 09:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-26 08:28 . 2009-10-26 06:56 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\Winamp
2009-10-26 06:56 . 2009-10-26 06:56 -------- d-----w- c:\programmi\Winamp
2009-10-25 18:14 . 2009-10-25 18:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-10-25 18:14 . 2009-10-25 18:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-10-25 15:08 . 2009-10-25 15:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-10-25 15:08 . 2009-10-25 15:08 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-10-24 04:00 . 2009-10-24 04:02 1487360 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-10-24 04:00 . 2009-10-24 04:02 228352 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-10-20 16:48 . 2009-10-14 08:14 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-16 08:00 . 2009-10-14 08:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-10-16 08:00 . 2009-10-14 08:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-16 08:00 . 2009-10-14 08:54 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-16 08:00 . 2009-10-14 08:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-16 08:00 . 2009-10-14 08:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-16 03:54 . 2009-10-14 08:05 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-10-14 09:39 . 2009-10-14 09:39 0 ----a-w- c:\windows\nsreg.dat
2009-10-14 09:38 . 2009-10-14 09:38 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\Flock
2009-10-14 09:08 . 2009-10-14 08:49 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-10-14 08:58 . 2009-10-14 08:56 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-10-14 08:58 . 2009-10-14 08:55 -------- d-----w- c:\programmi\ZoneAlarm
2009-10-14 08:57 . 2009-10-14 08:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MailFrontier
2009-10-14 08:50 . 2009-10-14 08:39 -------- d-----w- c:\documents and settings\Stenoz\Dati applicazioni\DAEMON Tools Lite
2009-10-14 08:49 . 2009-10-14 08:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-10-14 08:49 . 2009-10-14 08:49 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2009-10-14 08:39 . 2009-10-14 08:39 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-14 08:16 . 2009-10-14 07:25 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-14 08:14 . 2009-10-14 08:14 -------- d-----w- c:\programmi\Realtek AC97
2009-10-14 08:12 . 2009-10-14 08:12 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-10-14 08:10 . 2009-10-14 08:10 -------- d-----w- c:\programmi\NVIDIA Corporation
2009-10-14 08:10 . 2009-10-14 08:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA Corporation
2009-10-14 07:26 . 2009-10-14 07:26 -------- d-----w- c:\programmi\microsoft frontpage
2009-10-14 07:25 . 2009-10-14 07:25 -------- d-----w- c:\programmi\Servizi in linea
2009-10-14 07:22 . 2009-10-14 07:22 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-12 04:22 . 2009-10-14 05:40 1124352 ----a-w- c:\programmi\Folder2Iso.exe
2009-08-21 23:00 . 2009-10-14 05:40 440832 ----a-w- c:\programmi\SuchSofts.OpenImage.exe
2009-08-17 01:03 . 2009-08-17 01:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-08-17 01:02 . 2009-08-17 01:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 22:57 . 2009-10-14 08:10 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 22:57 . 2009-08-16 22:57 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 22:57 . 2009-08-16 22:57 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 22:57 . 2009-08-16 22:57 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-16 22:57 . 2009-08-16 22:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 22:57 . 2009-08-16 22:57 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 22:57 . 2009-08-16 22:57 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 22:57 . 2009-08-16 22:57 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-02-25 21:53 . 2009-10-14 05:40 368640 ----a-w- c:\programmi\xp-AntiSpy.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\programmi\Nokia Pc Suite 7.1\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\programmi\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"AVG8_TRAY"="c:\progra~1\AVG\avgtray.exe" [2009-11-02 2028312]
"ZoneAlarm Client"="c:\programmi\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-11-10 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2002-12-31 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2003-7-29 499773]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-16 08:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\avgupd.exe"=
"c:\\Programmi\\AVG\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [14/10/2009 9.54.15 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [14/10/2009 9.54.18 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\avgemc.exe [16/10/2009 8.59.54 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\avgwdsvc.exe [16/10/2009 8.59.55 297752]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25/10/2009 15.46.32 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25/10/2009 15.46.32 8320]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Stenoz\Dati applicazioni\Mozilla\Firefox\Profiles\60svrif6.default\
FF - component: c:\programmi\Nokia Pc Suite 7.1\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 07:59
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89DCE1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x89dce1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
**************************************************************************
.
Ora fine scansione: 2009-11-13 08:02
ComboFix-quarantined-files.txt 2009-11-13 07:02
Pre-Run: 107.716.771.840 byte disponibili
Post-Run: 107.687.890.944 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - EFB1B386AEF17320D3B345D74EEB4873
----------------------------------------------------------------------------------
Confido e spero che qualcuno possa aiutarmi
Grazie
Getro |
|
Top |
|
 |
R16 Dio maturo


Registrato: 07/03/08 22:58 Messaggi: 10129
|
Inviato: 13 Nov 2009 14:38 Oggetto: |
|
|
Ciao.
Scarica MBR:EXE direttamente nella Directory C: (Devi scaricarlo obligatoriamente in C: )
link
Clicca Start
Clicca Esegui...
Digita: cmd
si apre la finestra DOS, digita: CD \
premi invio
digita: mbr -f (fai il Copia-Incolla)
premi invio
Poi digita: exit
premi invio
Riavvia il pc
Posta il log che troverai dove hai scaricato il tooll, e cioè in C:\mbr.log
Segui le istruzioni di questo topic per usare MBAM:
http://forum.zeusnews.com/viewtopic.php?p=297823#297823
Esegui una scansione completa.
Segui le istruzioni di questo topic per postare il log di HiJackThis:
http://forum.zeusnews.com/viewtopic.php?t=23440
Carica i log di MBAM, e HiJackThis su WikiSend (o FreeFileHosting) e posta il Forum Link che ti viene assegnato.
http://www.wikisend.com/ |
|
Top |
|
 |
|
|
Non puoi inserire nuovi argomenti Non puoi rispondere a nessun argomento Non puoi modificare i tuoi messaggi Non puoi cancellare i tuoi messaggi Non puoi votare nei sondaggi
|
|