Condividi:        

Chi mi da una mano?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Chi mi da una mano?

Postdi Solidus75 » 13/10/08 17:06

Ciao,

Credo di essermi imbattuto in qualche virus..O almeno..credo che sia quello che mi pare di capire
dal log di Hijack..Però non mi fido tanto a fixare subito dei files sospetti..
Perciò, se è possibile,gradirei il consiglio di qualcuno più esperto di me.. :)
Questo il log a cui mi riferisco:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.58.53, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE
C:\Programmi\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\daniele\impostazioni locali\dati applicazioni\istfg.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\Microsoft IntelliPoint\dpupdchk.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
F:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - F:\Program Files\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_SBC.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [NSLauncher] C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [sclauncher] C:\Programmi\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [583dbaca] rundll32.exe "C:\WINDOWS\system32\gcufvfnv.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [istfg] "c:\documents and settings\daniele\impostazioni locali\dati applicazioni\istfg.exe" istfg
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HDDlife.lnk = F:\Program Files\HDDLife\HDDlifePro.exe
O4 - Startup: MagicDisc.lnk = F:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version ... Client.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://bolnotes1.network.int/iNotes6W.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3838348209
O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} (Net6Launcher Class) - https://accesseu.sauer-danfoss.com/net6helper.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://dsanna75.spaces.live.com/PhotoUp ... nPUpld.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.pvw.od2.com/common/musicman ... Plugin.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8062 bytes


Spero di ricevere l'aiuto di qualcuno..

Ciao, e grazie.. ;)
Solidus75
Newbie
 
Post: 5
Iscritto il: 13/10/08 16:51

Sponsor
 

Re: Chi mi da una mano?

Postdi Jeppe » 13/10/08 18:40

Ciao da quel che vedo non e che hai due o piu antivirus ,kasperski e norton,treend micro potrebbe essere semplicemente un conflitto tra i due,se per caso ai disistallato norton senza usare le dovute procedure te lo ritrovi da tutte le parti,esiste un piccolo programma adatto a quello,non mi ricordo pero dove l'ho visto.ciao
Jeppe
Utente Junior
 
Post: 56
Iscritto il: 02/01/08 18:56

Re: Chi mi da una mano?

Postdi Solidus75 » 13/10/08 20:29

Ciao,

Ho solo Kaspersky installato come antivirus, Norton non l'ho mai avuto su questo computer.
Trend Micro dovrebbe invece essere relativo ad Hijack, ma non ho mai avuto problemi di conflitti finora..

Comunque grazie.
Solidus75
Newbie
 
Post: 5
Iscritto il: 13/10/08 16:51

Re: Chi mi da una mano?

Postdi Luke57 » 13/10/08 21:59

Ciao, apri hijackthis, premi "config", "misc tools", "open process manager", cerca tra i processi:
C:\documents and settings\daniele\impostazioni locali\dati applicazioni\istfg.exe
se presenti lo evidenzi e premi kill process.
Torni al mnu principale con back, premi "scan", cerchi e spunti le voci seguenti:
O4 - HKLM\..\Run: [583dbaca] rundll32.exe "C:\WINDOWS\system32\gcufvfnv.dll",b
O4 - HKCU\..\Run: [istfg] "c:\documents and settings\daniele\impostazioni locali\dati applicazioni\istfg.exe" istfg

premi fix checked.

Chiudi hijackthis, da risorse del computer>strumenti>opzioni cartella>visualizzazione, metti la spunta a "visualizza file e cartelle nascosti">OK.

Cerchi ed elimini il seguente file:
c:\documents and settings\daniele\impostazioni locali\dati applicazioni\istfg.exe

Poi scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Poi avvia combofix.exe, parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se dovessero scomparire le icone sul desktop e la barra delle applicazioni, non è nulla di cui preoccuparsi),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , allegalo o posta il contenuto del file.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Chi mi da una mano?

Postdi Solidus75 » 14/10/08 13:22

Ciao Luke

Grazie per la risposta.

Ho fatto tutto ciò che mi hai detto

Dalla cartella c:\documents and settings\daniele\impostazioni locali\dati applicazioni ho eliminato il file istfg.exe
Ho notato che sono rimasti tre files DAT con lo stesso nome,dovrei eliminare anche quelli?

Dalla scansione con Combofix ho ottenuto questo file log che ora allego, che si chiama però Bug.txt:


PUSHD "C:\32788R22FWJFW\"

IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT

VER 1>OsVer

"C:\WINDOWS\system32\Find.exe" "Microsoft Windows [Version 5.2.3790]" OsVer

---------- OSVER

IF NOT ERRORLEVEL 1 GOTO Not_NT

"C:\WINDOWS\system32\Find.exe" "Windows XP" OsVer

---------- OSVER
Microsoft Windows XP [Versione 5.1.2600]

IF NOT ERRORLEVEL 1 GOTO NT

HANDLE 1>HandleNon-existantProcess00

SED -r "/<Non-existant Process> pid: ([0-9]*) .*/!d; s//@Nircmd KillProcess \/\1/" HandleNon-existantProcess00 1>HandleNon-existantProcess.bat

CALL HandleNon-existantProcess.bat

DEL /Q HandleNon-existantProcess*

=============================================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Daniele\Dati applicazioni
CFLDR=32788R22FWJFW
CommonProgramFiles=C:\Programmi\File comuni
COMPUTERNAME=DANIELE
ComSpec=C:\WINDOWS\system32\cmd.execf
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Daniele
KMD=CF16678.exe
LOGONSERVER=\\DANIELE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programmi\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programmi\ATI Technologies\ATI.ACE\Core-Static;C:\Programmi\File comuni\Nero\Lib\
PATHEXT=.CFEXE;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Programmi
PROMPT=$
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\Daniele\Desktop\ComboFix.exe"
sfxname=C:\Documents and Settings\Daniele\Desktop\ComboFix.exe
SYSTEM=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Daniele\IMPOST~1\Temp
TMP=C:\DOCUME~1\Daniele\IMPOST~1\Temp
USERDOMAIN=DANIELE
USERNAME=Daniele
USERPROFILE=C:\Documents and Settings\Daniele
windir=C:\WINDOWS

=============================================


IF NOT DEFINED sfxname GOTO END

COPY SWREG.exe SWREG.cfexe
1 file copiati.


Resto in attesa dei tuoi consigli.

Ciao, e mille grazie.
Solidus75
Newbie
 
Post: 5
Iscritto il: 13/10/08 16:51

Re: Chi mi da una mano?

Postdi Solidus75 » 14/10/08 15:15

Errata corrige...

Credo di aver postato il log sbagliato..

La scansione con Combofix è partita dopo un bel pò che avevo lanciato Combofix.exe

Questo dovrebbe essere il log corretto:


ComboFix 08-10-12.01 - Daniele 2008-10-14 15.25.11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.472 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Daniele\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Daniele\Impostazioni locali\Dati applicazioni\istfg.dat
C:\Documents and Settings\Daniele\Impostazioni locali\Dati applicazioni\istfg_nav.dat
C:\Documents and Settings\Daniele\Impostazioni locali\Dati applicazioni\istfg_navps.dat
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\system32\auiokght.dll
C:\WINDOWS\system32\BcKTvyay.ini
C:\WINDOWS\system32\BcKTvyay.ini2
C:\WINDOWS\system32\inetsrv\update
C:\WINDOWS\system32\inetsrv\update\kb892130.cat
C:\WINDOWS\system32\inetsrv\update\update.exe
C:\WINDOWS\system32\inetsrv\update\update.inf
C:\WINDOWS\system32\inetsrv\update\update.ver
C:\WINDOWS\system32\inetsrv\update\updspapi.dll
C:\WINDOWS\system32\inetsrv\update\wgacustom.dll
C:\WINDOWS\system32\orvjvg.dll
C:\WINDOWS\system32\qoMeCrqq.dll
C:\WINDOWS\system32\thgkoiua.ini
C:\WINDOWS\system32\vnfvfucg.ini
C:\WINDOWS\system32\yayvTKcB.dll
C:\WINDOWS\system32\yayvTmkj.dll
C:\WINDOWS\system32\ywnpfxmi.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-09-14 al 2008-10-14 )))))))))))))))))))))))))))))))))))
.

2008-10-14 15:59 . 2008-10-14 15:59 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-10-14 15:59 . 2008-10-14 15:59 <DIR> d-------- C:\Programmi\microsoft frontpage
2008-10-13 13:44 . 2008-10-13 13:44 38 --a------ C:\WINDOWS\avisplitter.INI
2008-10-12 21:29 . 2008-10-12 21:29 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\Windows Search
2008-10-12 21:13 . 2008-10-12 21:13 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-10-12 21:13 . 2008-10-12 21:13 <DIR> d-------- C:\Programmi\Windows Desktop Search
2008-10-12 21:13 . 2008-10-12 21:13 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\Windows Desktop Search
2008-10-12 21:12 . 2008-03-07 19:02 192,000 --a------ C:\WINDOWS\system32\dllcache\offfilt.dll
2008-10-12 21:12 . 2008-03-07 19:02 98,304 --a------ C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-10-12 21:12 . 2008-03-07 19:02 29,696 --a------ C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-10-12 16:05 . 2008-04-13 11:45 59,136 --a------ C:\WINDOWS\system32\drivers\GcKernel.sys
2008-10-12 16:05 . 2008-04-13 18:53 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-10-12 16:05 . 2001-08-17 22:02 2,688 --a------ C:\WINDOWS\system32\drivers\HIDSwvd.sys
2008-10-12 15:33 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-10-12 15:33 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-12 15:33 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-10-12 15:33 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-10-12 15:33 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-10-12 15:33 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-12 15:33 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-12 15:32 . 2008-10-12 15:33 <DIR> d-------- C:\WINDOWS\Logs
2008-10-07 18:48 . 2008-10-07 18:48 <DIR> d-------- C:\Programmi\Anark
2008-10-07 18:48 . 2006-11-22 15:27 212,992 --a------ C:\WINDOWS\system32\AKCPanel.cpl
2008-09-22 18:39 . 2008-09-22 18:39 <DIR> d-------- C:\Programmi\SweetIM
2008-09-21 12:44 . 2008-09-21 12:44 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-09-20 14:16 . 2008-07-28 17:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 14:00 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-10-14 13:57 9,662,496 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-14 13:57 79,712 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-14 13:57 737,312 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-14 13:57 6,744 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-13 20:12 --------- d-----w C:\Programmi\NET6
2008-10-13 13:45 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\uTorrent
2008-10-12 19:02 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-09-21 18:22 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-09-15 15:39 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-09-13 15:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ATI
2008-09-13 15:04 --------- d-----w C:\Programmi\ATI Technologies
2008-09-11 20:54 --------- d-----w C:\Programmi\Cyanide
2008-09-11 20:50 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\Pro Cycling Manager 2008
2008-09-10 15:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-09-05 21:30 952,360 ----a-w C:\WINDOWS\system32\dllcache\WgaTray.exe
2008-09-05 21:30 267,304 ----a-w C:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-08-19 16:23 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-01 04:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-01 04:19 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-01 03:46 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-01 03:40 35,328 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-01 03:40 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-01 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-07-31 19:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-07-27 12:50 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-07-19 20:48 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-05-18 17:05 86 ----a-w C:\WINDOWS\system32\config\systemprofile\DelE0F.bat
2008-05-18 17:05 86 ----a-w C:\Documents and Settings\Default User\DelE0F.bat
2008-05-18 17:05 86 ----a-w C:\Documents and Settings\Daniele\DelE0F.bat
2008-05-18 17:10 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008051820080519\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NSLauncher"="C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"sclauncher"="C:\Programmi\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
"IntelliPoint"="C:\Programmi\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SweetIM"="C:\Programmi\SweetIM\Messenger\SweetIM.exe" [2008-07-06 111928]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Windows Search.lnk - C:\Programmi\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"F:\\Program Files\\eMule\\emule.exe"=
"F:\\Program Files\\Veoh\\VeohClient.exe"=
"F:\\Program Files\\KONAMI\\Pro Evolution Soccer\\PES2008.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\SimpleCenter\\Home Media Server.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Italian\\setup.exe"=
"C:\\Programmi\\NET6\\net6vpn.exe"=
"F:\\Program Files\\SopCast\\SopCast.exe"=
"F:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"E:\\Documenti\\Giochi e Immagini ISO\\Medal Of Honor - Airborne\\MoH - Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 VIDEX32;VIDEX32;C:\WINDOWS\system32\drivers\VIDEX32.sys [2002-12-31 9216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 Net6IM;Net6;C:\WINDOWS\system32\DRIVERS\net6im51.sys [2008-03-12 49008]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{4814bc30-782f-4504-b716-8d05186e3b65} - C:\WINDOWS\system32\orvjvg.dll
BHO-{C2D425B2-3452-427A-96BE-B3CD66620205} - C:\WINDOWS\system32\qoMeCrqq.dll
BHO-{E091D30E-5C6F-40CB-AAE5-70C2DC3505B3} - C:\WINDOWS\system32\yayvTKcB.dll
HKLM-Run-583dbaca - C:\WINDOWS\system32\auiokght.dll
ShellExecuteHooks-{C2D425B2-3452-427A-96BE-B3CD66620205} - C:\WINDOWS\system32\qoMeCrqq.dll


.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Documents and Settings\Daniele\Dati applicazioni\Mozilla\Firefox\Profiles\t44u0g6f.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/index.html
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 16:00:39
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\Microsoft IntelliPoint\dpupdchk.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
F:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-14 16:02:43 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-10-14 14:02:36

Pre-Run: 38.549.446.656 byte disponibili
Post-Run: 38,457,516,032 byte disponibili

226 --- E O F --- 2008-09-10 16:00:59


Vedi ancora qualcosa di strano Luke?

Scusate ancora per l'errore, :)

Ciao e grazie.
Solidus75
Newbie
 
Post: 5
Iscritto il: 13/10/08 16:51

Re: Chi mi da una mano?

Postdi Luke57 » 15/10/08 10:37

Ciao, sembra a posto.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Chi mi da una mano?

Postdi Solidus75 » 15/10/08 10:50

Ciao

In effetti ora sembra essere tornato tutto a posto.

Grazie ancora per l'aiuto Luke e per l'ottimo servizio che puntualmente fornite. ;)

Ciao ciao
Solidus75
Newbie
 
Post: 5
Iscritto il: 13/10/08 16:51


Torna a Sicurezza e Privacy


Topic correlati a "Chi mi da una mano?":


Chi c’è in linea

Visitano il forum: Nessuno e 39 ospiti