Olimpo Informatico

[nerazzurro368]

ho notato nei programmi eseguiti automaticamente da windows due programmi body mix e noun boob nel percorso C:\DOCUME~1\user\DATIAP~1\MEALME~1\Noun boob.exe e body mix in C:\Documents and Settings\All Users\Dati applicazioni\BONE ABOUT BOOK BOWS\Body mix.exe sono dei virus grazie in anticipo per la risposta.3

[bdoriano]

CID, direi.

• Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
  
• Fai una scansione con Norman Malware Cleaner.
  
• Riavvia il computer in modalità normale
  
• Segui le istruzioni di questo topic per eseguire combofix.
  
• Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
  
  • Carica il log di Norman Malware Cleaner su WikiSend e posta il Forum Link che ti viene assegnato
    
  • Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio

PS: se vuoi, puoi presentarti qui

[nerazzurro368]

norman
NFix_2008-06-13_00-29-37.log

log di combofix:
ComboFix 08-06-11.1 - user 2008-06-13 7.01.21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.886 [GMT 2:00]
Eseguito da: C:\Documents and Settings\user\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-05-13 al 2008-06-13 )))))))))))))))))))))))))))))))))))
.

2008-06-12 20:33 . 2008-06-12 20:34 <DIR> d-------- C:\ComboFix
2008-06-12 17:38 . 2008-06-12 17:38 <DIR> d-------- C:\Programmi\Trend Micro
2008-06-11 10:04 . 2008-06-11 10:04 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\GrabPro
2008-06-11 01:20 . 2008-04-14 17:58 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 01:20 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-08 23:13 . 2008-06-11 00:57 <DIR> d-------- C:\Programmi\Game Graphic Studio
2008-06-08 23:00 . 2008-06-13 01:20 <DIR> d-------- C:\Programmi\KGB Archiver 2
2008-06-06 11:51 . 2008-06-06 11:51 <DIR> d-------- C:\Programmi\K-Lite Codec Pack
2008-06-06 11:51 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-05 14:11 . 2006-09-12 12:46 227,328 -r-hs---- C:\WINDOWS\system32\ac3DX.ax
2008-06-05 14:11 . 2006-03-10 22:48 169,472 -r-hs---- C:\WINDOWS\system32\MatroskaDX.ax
2008-06-05 14:11 . 2006-05-03 11:06 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2008-06-05 14:11 . 2005-11-25 21:46 161,792 -r-hs---- C:\WINDOWS\system32\RealMediaDX.ax
2008-06-05 14:11 . 2006-01-13 00:23 123,904 -r-hs---- C:\WINDOWS\system32\AVCDX.ax
2008-06-05 14:11 . 2003-11-21 00:00 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2008-06-05 14:11 . 2004-04-27 00:00 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2008-06-05 14:11 . 2007-02-21 12:47 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2008-06-05 14:11 . 2007-12-17 14:43 27,648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-06-05 00:07 . 2008-06-05 00:07 <DIR> d-------- C:\Programmi\Audacity
2008-06-03 21:33 . 2008-06-03 21:45 8 --a------ C:\WINDOWS\system32\PackGame.tmp
2008-06-01 20:13 . 2008-06-01 20:13 <DIR> d-------- C:\Programmi\WinUHA
2008-05-28 21:54 . 2008-05-28 21:54 <DIR> d-------- C:\Programmi\MEALMESSCORN
2008-05-28 21:54 . 2008-05-28 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\BONE ABOUT BOOK BOWS
2008-05-28 12:45 . 2008-05-28 12:45 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-27 13:10 . 2008-06-13 06:44 29,371 --a------ C:\WINDOWS\system32\oodbs.lor
2008-05-26 20:28 . 2008-05-26 20:28 0 --a------ C:\WINDOWS\oodcnt.INI
2008-05-24 20:06 . 2008-05-24 23:38 <DIR> d-------- C:\WINDOWS\system32\oodag
2008-05-24 19:52 . 2008-05-24 19:52 <DIR> d-------- C:\Programmi\OO Software
2008-05-22 21:18 . 2008-05-22 21:19 <DIR> d-------- C:\Programmi\UltraISO
2008-05-22 21:18 . 2008-05-22 21:18 <DIR> d-------- C:\Programmi\File comuni\EZB Systems
2008-05-22 19:29 . 2008-05-22 19:29 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Mathematica
2008-05-22 19:29 . 2008-05-22 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Mathematica
2008-05-22 17:19 . 2008-05-22 17:19 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\MathematicaPlayer
2008-05-22 17:19 . 2008-05-22 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MathematicaPlayer
2008-05-22 17:17 . 2008-06-01 15:18 <DIR> d-------- C:\Programmi\Wolfram Research
2008-05-22 16:55 . 2008-05-23 22:19 <DIR> d-------- C:\Programmi\Universal Math Solver
2008-05-18 16:53 . 2008-05-18 16:53 <DIR> d-------- C:\Programmi\Winamp Toolbar
2008-05-18 16:53 . 2008-05-19 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\OrbNetworks
2008-05-18 16:52 . 2008-05-18 16:53 <DIR> d-------- C:\Programmi\Winamp Remote
2008-05-17 21:59 . 2008-05-17 21:59 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Move Networks
2008-05-14 19:43 . 2008-05-14 19:43 <DIR> d-------- C:\Programmi\Furl Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 04:46 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Orbit
2008-06-13 04:45 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Vidalia
2008-06-13 04:45 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\tor
2008-06-13 04:43 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd1421.sys
2008-06-12 23:34 --------- d-----w C:\Programmi\PPMate
2008-06-12 22:31 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\MEALMESSCORN
2008-06-12 16:18 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\uTorrent
2008-06-12 12:48 --------- d-----w C:\Programmi\eMule
2008-06-11 08:04 --------- d-----w C:\Programmi\Orbitdownloader
2008-06-08 21:24 4,269 ----a-w C:\subafsfile47.bin
2008-06-08 21:23 8,306 ----a-w C:\subafsfile52.bin
2008-06-06 11:19 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-06-02 09:53 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-01 22:36 --------- d-----w C:\Programmi\KONAMI
2008-06-01 13:13 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-06-01 13:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-05-28 14:27 --------- d-----w C:\Programmi\Google
2008-05-18 14:53 --------- d-----w C:\Programmi\Winamp
2008-05-14 17:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-13 13:51 --------- d-----w C:\Programmi\StuffPlug3
2008-05-11 12:06 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\ppStream
2008-05-09 20:35 --------- d-----w C:\Programmi\d3lOo's MSN Block Checker v1.09
2008-05-09 20:06 --------- d-----w C:\Programmi\Windows Live
2008-05-09 13:18 --------- d-----w C:\Programmi\Conduit
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 15:08 --------- d-----w C:\Programmi\FolderSize
2008-05-07 05:10 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:10 1,293,312 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 12:59 --------- d-----w C:\Programmi\SopCast
2008-05-04 12:41 --------- d-----w C:\Programmi\TVUPlayer
2008-05-04 12:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TVU Networks
2008-05-04 12:37 --------- d-----w C:\Programmi\File comuni\Synacast
2008-05-04 12:37 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\PPMate
2008-05-03 10:03 171,520 ----a-w C:\WINDOWS\system32\cncs32.dll
2008-05-02 18:56 --------- d-----w C:\Programmi\7-Zip
2008-05-02 17:53 --------- d-----w C:\Programmi\TuneUp Utilities 2008
2008-05-02 17:51 354,560 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-02 17:36 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\TuneUp Software
2008-05-02 17:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
2008-05-01 19:04 --------- d-----w C:\Programmi\juve
2008-04-30 22:30 --------- d-----w C:\Programmi\File comuni\xing shared
2008-04-30 22:30 --------- d-----w C:\Programmi\File comuni\Real
2008-04-30 22:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-30 22:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-29 13:26 --------- d-----w C:\Programmi\Vidalia Bundle
2008-04-28 13:32 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-28 13:31 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-04-24 19:37 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\temp
2008-04-24 18:58 --------- d-----w C:\Programmi\Microsoft LifeCam
2008-04-24 18:34 --------- d-----w C:\Programmi\Realtek AC97
2008-04-24 18:09 --------- d-----w C:\Programmi\sisagp
2008-04-24 18:09 --------- d-----w C:\Programmi\SiS VGA Utilities V3.84
2008-04-24 15:06 --------- d-----w C:\Programmi\Silicon Integrated Systems
2008-04-24 14:55 --------- d-----w C:\Programmi\Logitech
2008-04-24 14:55 --------- d-----w C:\Programmi\File comuni\Logitech
2008-04-24 12:55 --------- d-----w C:\Programmi\Driver-Soft
2008-04-24 11:13 --------- d-----w C:\Programmi\Lphant
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 15:43 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Canon
2008-04-22 15:43 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-04-22 07:42 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-19 23:57 --------- d-----w C:\Programmi\Circle Developement
2008-04-15 20:11 --------- d-----w C:\Programmi\Passware
2008-04-14 15:58 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 02:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:16 331,776 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:13 99,840 ----a-w C:\WINDOWS\system32\loadperf.dll
2008-04-14 02:12 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 02:11 97,792 ----a-w C:\WINDOWS\system32\dllcache\chtmbx.dll
2008-04-14 02:11 56,320 ----a-w C:\WINDOWS\system32\dllcache\chtskdic.dll
2008-04-14 02:11 539,648 ----a-w C:\WINDOWS\system32\comuid.dll
2008-04-14 02:11 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 02:11 198,656 ----a-w C:\WINDOWS\system32\dllcache\cintime.dll
2008-04-14 02:11 173,568 ----a-w C:\WINDOWS\system32\dllcache\chtskf.dll
2008-04-14 02:11 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 01:56 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 01:56 68,736 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 01:56 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 01:55 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 01:55 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 01:55 2,027,520 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 01:54 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 01:54 2,148,864 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 01:53 92,672 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 01:53 92,672 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 01:53 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 01:53 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 01:53 154,240 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 01:53 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 01:52 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 01:52 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 01:52 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 01:52 37,504 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 01:51 65,792 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 01:51 566,272 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 01:51 51,200 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 01:50 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2007-10-24 10:55 16 -csha-r C:\WINDOWS\group.dat
2007-10-24 10:55 16 -csha-r C:\WINDOWS\winsys.dat
2006-08-21 21:08 56 --sha-r C:\WINDOWS\system32\028A4E80B2.sys
2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2006-08-21 21:08 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-13_ 0.22.45.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 22:17:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 04:45:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 04:45:30 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_944.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Programmi\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programmi\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= "C:\Programmi\Orbitdownloader\GrabPro.dll" [2008-06-10 10:47 457848]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\clsid\{c55bbcd6-41ad-48ad-9953-3609c48eacc7}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programmi\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= C:\Programmi\Orbitdownloader\GrabPro.dll [2008-06-10 10:47 457848]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\clsid\{c55bbcd6-41ad-48ad-9953-3609c48eacc7}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-01-30 18:12 40960]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]
"Vidalia"="C:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 23:49 12889088]
"Rdr okay"="C:\DOCUME~1\user\DATIAP~1\MEALME~1\Noun boob.exe" [2008-05-28 21:54 471552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 14:46 709992]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 16:41 438359]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 05:00 455168]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 05:00 455168]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 05:00 59392]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 05:00 208952]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Google IME Autoupdater"="C:\Programmi\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-01-07 12:15 251376]
"WatchDog"="C:\Programmi\mobile PhoneTools\WatchDog.exe" [2004-08-14 05:42 36864]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"egui"="C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"Start WingMan Profiler"="C:\Programmi\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]
"SiSRaid"="C:\Programmi\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2007-01-18 11:59 389120]
"SiSPower"="SiSPower.dll" [2008-03-20 18:58 53248 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"LifeCam"="C:\Programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 14:45 279912]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-05-01 00:29 185896]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08 2512392]
"book bows bolt bib"="C:\Documents and Settings\All Users\Dati applicazioni\BONE ABOUT BOOK BOWS\Body mix.exe" [2008-06-13 06:59 2174464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:14 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Orbit.lnk - C:\Programmi\Orbitdownloader\orbitdm.exe [2008-02-29 20:42:57 1690824]
Privoxy.lnk - C:\Programmi\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 16:30:54 250368]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-08-04 09:58:12 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuuspq]
wvuuspq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-09 00:00 128920 C:\Programmi\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 14:45 279912 C:\Programmi\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Rdr okay"=C:\DOCUME~1\user\DATIAP~1\MEALME~1\Noun boob.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\groove.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Programmi\\KONAMI\\pro evolution soccer 6\\pes6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Programmi\\Windows Media Player\\wmplayer.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\user\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\StreamerOne\\streamerone.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"C:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\Motorola\\RSD Lite\\SDL.exe"=
"C:\\Programmi\\Driver-Soft\\DriverGenius\\DriverGenius.exe"=
"C:\\Documents and Settings\\user\\Desktop\\Altri programmi\\MIRC\\mirc sassa60\\mirc.exe"=
"D:\\Nuova c3artella\\Motorola v3 Emulatore per giochi java per cellulare motorola v3\\EmulatorA.4\\bin\\jblend.exe"=
"C:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Programmi\\Lphant\\eLePhantClient.exe"=
"C:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Documents and Settings\\user\\Desktop\\Altri programmi\\Nuova cartella (5)\\eMule0.48a-ScarAngel_v2.5-bin\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Programmi\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Programmi\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 09:10]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R1 kwwalpgr;kwwalpgr;C:\WINDOWS\System32\Drivers\kwwalpgr.sys [2004-04-17 15:37]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 MSCamSvc;MSCamSvc;"C:\Programmi\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 14:45]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:14]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-19 05:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-02 19:51]
S3 usb_rndis;Pirelli Alice Gate 2 plus USB;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 20:56]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2706c7aa-4597-11dc-be2e-0016ec603daf}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-13 05:00:00 C:\WINDOWS\Tasks\B2645BE8907BC66C.job"
- c:\docume~1\user\datiap~1\mealme~1\about scr kind.exe
"2008-06-13 04:48:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2008-06-13 05:00:00 C:\WINDOWS\Tasks\Verifica e correzione automatica.job"
- C:\Programmi\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 07:05:27
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-06-13 7.06.40
ComboFix-quarantined-files.txt 2008-06-13 05:06:28

28 Directory 15,087,914,496 byte disponibili
33 Directory 15,084,024,320 byte disponibili

348 --- E O F --- 2008-06-10 23:35:40

[bdoriano]

Sembra che ci sia stato anche qualcos'altro...

Cominciamo dall'infezione più visibile, crea un file di testo con le seguenti istruzioni:

[nerazzurro368]

alla fine ho formattato il pc andava troppo lento grazie lo stesso

[bdoriano]

Soluzione estrema, ma efficace.

Occhio a non ribeccare l'ospite indesiderato.