Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » VBS:Malware-gen,please Help mi date un'occhiata al mio log hijack

6 pages: 1 [2] 3 4 5 6

VBS:Malware-gen,please Help mi date un'occhiata al mio log hijack

Opzioni

Topic Precedente · Topic Sucessivo

paolopa

Inviato: Thursday, February 18, 2010 12:56:15 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777

no,dicevo per questo caso specifico,poi giustamente installare o ninja o pandausbvaccine.la mia idea era per bonificare la card e la pendrive,visto che la prima gli risulta ancora infetta,e cosi' sarebbe sicuro di averla ripulita a dovere.come ti ho detto sto solo cercando di imparare qualcosa da chi ne sa di piu'....

wincensic

Inviato: Thursday, February 18, 2010 7:48:31 PM

Rank: AiutAmico

Iscritto dal : 2/15/2010
Posts: 55

Ecco qui il log di combofix....ora procedo con ninja

ComboFix 10-02-18.02 - Vincenzo Siciliano 18/02/2010 19.28.41.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1014.436 [GMT 1:00]
Eseguito da: c:\documents and settings\Vincenzo Siciliano\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\WinPCap
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF

((((((((((((((((((((((((( Files Creati Da 2010-01-18 al 2010-02-18 )))))))))))))))))))))))))))))))))))
.

2010-02-17 19:11 . 2010-02-17 19:11 -------- d-----w- c:\programmi\uTorrent
2010-02-17 19:10 . 2010-02-17 19:10 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\uTorrent
2010-02-17 19:05 . 2010-02-17 19:05 -------- d-----w- c:\windows\system32\PCCleanerTemp
2010-02-16 19:55 . 2010-02-16 19:55 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Malwarebytes
2010-02-16 19:55 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 19:55 . 2010-02-16 19:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-16 19:55 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-16 19:55 . 2010-02-16 19:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-15 20:54 . 2010-02-15 20:54 -------- d-----w- c:\programmi\TrendMicro
2010-02-07 17:18 . 2010-02-07 17:18 -------- d-----w- c:\programmi\PC Cleaner
2010-02-06 16:34 . 2010-02-06 16:34 -------- d-----w- c:\programmi\File comuni\4Team
2010-02-06 16:34 . 2010-02-06 16:34 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\4Team
2010-02-06 16:34 . 2010-02-06 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\4Team
2010-02-06 15:37 . 2010-02-06 15:37 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Uniblue
2010-02-05 23:57 . 2010-02-05 23:57 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\gMozilla
2010-02-05 23:57 . 2010-02-05 23:57 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\gMozilla
2010-02-05 23:51 . 2010-02-05 23:51 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\FLVPlayer4Free
2010-02-05 23:51 . 2010-02-05 23:51 -------- d-----w- c:\programmi\FLVPlayer4Free
2010-02-05 23:35 . 2010-02-05 23:35 -------- d-----w- C:\FOUND.002
2010-01-31 23:09 . 2010-01-31 23:09 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\FLEXnet
2010-01-27 19:50 . 2009-06-29 17:00 102656 ----a-r- c:\windows\system32\drivers\ewusbfake.sys
2010-01-27 19:45 . 2009-06-29 17:00 112640 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2010-01-27 19:45 . 2009-04-09 12:38 102400 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2010-01-27 19:44 . 2010-01-27 19:44 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Vodafone
2010-01-27 19:44 . 2010-01-27 19:44 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Vodafone
2010-01-27 19:44 . 2010-01-27 19:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Vodafone
2010-01-27 19:43 . 2010-01-27 19:43 -------- d-----w- c:\programmi\Vodafone
2010-01-27 19:43 . 2010-01-27 19:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-01-27 19:43 . 2010-01-27 19:43 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Impostazioni locali\Dati applicazioni\{6118B561-4CCF-4F70-B358-73ACA4B8FB39}
2010-01-27 19:28 . 2010-01-27 19:28 -------- d-----w- c:\programmi\vodafonesam
2010-01-27 19:28 . 2010-01-27 19:28 -------- d-----w- c:\programmi\Common Files
2010-01-27 19:24 . 2010-01-27 19:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 18:34 . 2006-08-30 23:34 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-15 20:55 . 2010-02-15 20:54 388096 ----a-r- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-11 18:53 . 2010-01-07 18:42 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2010-01-07 17:41 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2010-01-07 17:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2010-01-07 17:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2010-01-07 17:42 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2010-01-07 17:42 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2010-01-07 17:42 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2010-01-07 17:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2010-01-07 17:42 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-07 17:16 . 2009-10-19 15:44 0 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2010-02-07 16:35 . 2009-10-19 15:39 57344 ----a-r- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-02-06 15:45 . 2006-08-30 23:13 85070 ----a-w- c:\windows\system32\perfc010.dat
2010-02-06 15:45 . 2006-08-30 23:13 490898 ----a-w- c:\windows\system32\perfh010.dat
2010-02-06 13:25 . 2009-10-19 15:37 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdw.DAT
2010-02-05 20:09 . 2006-08-30 04:28 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll
2010-01-11 21:34 . 2010-01-11 21:34 -------- d-----w- c:\programmi\File comuni\Skype
2010-01-07 19:42 . 2010-01-07 19:42 33558 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2010-01-07 17:41 . 2010-01-07 17:41 -------- d-----w- c:\programmi\Alwil Software
2010-01-07 17:41 . 2010-01-07 17:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-01-07 17:38 . 2010-01-07 17:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-01-07 17:25 . 2010-01-07 17:25 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\gMozilla
2010-01-05 09:53 . 2006-01-09 18:59 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2004-09-07 19:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2004-09-07 19:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-01 02:53 . 2010-01-01 02:53 16614 --sh--w- c:\windows\system32\wbem\xiao.vbs
2009-12-31 16:50 . 2004-09-07 19:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 21:09 . 2009-12-29 21:09 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
2009-12-29 21:08 . 2009-12-29 21:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Native Instruments
2009-12-29 21:08 . 2009-12-29 21:08 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2009-12-29 21:08 . 2009-12-29 21:08 -------- d-----w- c:\programmi\Native Instruments
2009-12-29 21:08 . 2009-12-29 21:08 -------- d-----w- c:\programmi\File comuni\Native Instruments
2009-12-28 22:58 . 2009-12-28 22:07 21856 ----a-w- c:\windows\system32\drivers\BCD3000WDM.SYS
2009-12-28 22:53 . 2009-12-28 22:07 548864 ----a-w- c:\windows\system32\bcd3kcpan.exe
2009-12-28 22:53 . 2009-12-28 22:07 42784 ----a-w- c:\windows\system32\drivers\BCD3000.SYS
2009-12-28 22:53 . 2009-12-28 22:07 106496 ----a-w- c:\windows\system32\bcd3kasio.dll
2009-12-20 11:28 . 2009-10-19 15:34 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2009-12-17 07:40 . 2004-09-07 19:00 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 13:42 . 2010-01-08 22:12 872960 ----a-w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Mozilla\Firefox\Profiles\9xhr90co.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 13:42 . 2010-01-08 22:12 43008 ----a-w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Mozilla\Firefox\Profiles\9xhr90co.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 13:42 . 2010-01-08 22:12 340480 ----a-w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Mozilla\Firefox\Profiles\9xhr90co.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 13:41 . 2010-01-08 22:12 346624 ----a-w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Mozilla\Firefox\Profiles\9xhr90co.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-14 22:27 . 2009-08-26 07:43 180288 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-14 07:08 . 2004-09-07 19:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:07 . 2005-09-29 19:27 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2005-09-29 19:28 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-09-07 19:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:12 . 2005-06-29 02:55 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:12 . 2004-09-07 19:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-09-07 19:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-09-07 19:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-09-07 19:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-09-07 19:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-09-07 19:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:54 . 2004-09-07 19:00 471552 ----a-w- c:\windows\AppPatch\AcLayers.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-09-07 19:00 . 2004-09-07 19:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-09-07 19:00 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe

2006-03-23 11:17 . 2006-03-23 11:17 94208 c:\windows\system32\bak\igfxtray.exe

2006-03-23 11:13 . 2006-03-23 11:13 77824 c:\windows\system32\bak\hkcmd.exe

2006-03-23 11:17 . 2006-03-23 11:17 118784 c:\windows\system32\bak\igfxpers.exe

2006-06-23 09:39 . 2006-06-23 09:39 225280 c:\windows\system32\bak\LVCOMSX.EXE

2007-04-12 20:39 . 2004-11-01 17:22 262144 c:\windows\system32\bak\ElkCtrl.exe

2004-09-07 19:00 . 2004-09-07 19:00 59392 c:\windows\system32\IME\PINTLGNT\bak\ImScInst.exe
2004-09-07 19:00 . 2004-09-07 19:00 59392 c:\windows\system32\IME\PINTLGNT\imscinst.exe

2004-09-07 19:00 . 2004-09-07 19:00 455168 c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE
2004-09-07 19:00 . 2004-09-07 19:00 455168 c:\windows\system32\IME\TINTLGNT\tintsetp.exe

2004-09-07 19:00 . 2004-09-07 19:00 208952 c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE
2004-09-07 19:00 . 2004-09-07 19:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

2005-08-17 21:40 . 2005-08-17 21:40 64512 c:\windows\ehome\bak\ehtray.exe
2005-08-17 21:40 . 2005-08-17 21:40 64512 c:\windows\ehome\ehtray.exe

2006-03-03 12:07 . 2006-03-03 12:07 761946 c:\programmi\Synaptics\SynTP\bak\SynTPEnh.exe

2006-05-15 10:15 . 2006-05-15 10:15 45056 c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe

2007-04-12 20:35 . 2006-07-20 21:15 593920 c:\programmi\Launch Manager\bak\LManager.exe

2007-04-12 20:39 . 2006-06-26 14:47 331776 c:\programmi\Acer\OrbiCam\bak\CameraAssistant.exe

2007-04-12 20:39 . 2006-06-26 14:55 73728 c:\programmi\Acer\OrbiCam\bak\InstallHelper.exe

2007-04-12 20:49 . 2005-05-15 17:35 368640 c:\programmi\TIM Turbo Manager V2.33I\bak\N100EM~1.EXE

2007-08-02 14:30 . 2007-08-02 14:30 3096576 c:\programmi\Nokia\Nokia Software Launcher\bak\NSLauncher.exe

2007-12-18 19:44 . 2007-01-30 09:42 94208 c:\programmi\SimpleCenter\bin\win\bak\sclauncher.exe

2005-10-24 15:45 . 2005-10-24 15:45 2462208 c:\acer\Empowering Technology\bak\admtray.exe

2005-12-27 14:50 . 2005-12-27 14:50 69632 c:\acer\Empowering Technology\eDataSecurity\bak\eDSloader.exe

2007-04-12 20:34 . 2006-08-10 18:29 352256 c:\acer\Empowering Technology\ePower\bak\ePower_DMC.exe

2007-04-12 20:38 . 2006-01-24 17:00 397312 c:\acer\Empowering Technology\eRecovery\bak\Monitor.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"Google Update"="c:\documents and settings\Vincenzo Siciliano\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-05-18 133104]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-07 39408]
"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"Device Detector"="DevDetect.exe -autorun" [X]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [N/A]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"Symantec PIF AlertEng"="c:\programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-12-11 286720]
"BCD3000"="c:\windows\system32\bcd3kcpan.exe" [2009-12-28 548864]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-07-03 2328576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Application\
Update.vbs [2010-2-7 77]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2006-02-14 11:00 8704 ----a-w- c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\SimpleCenter\\Home Media Server.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\eMule0.48\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Documents and Settings\\Vincenzo Siciliano\\Local Settings\\Temp\\VVisit.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/01/2010 18.42.11 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/01/2010 18.42.11 19024]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [12/11/2008 19.33.04 8192]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;c:\programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe [14/04/2007 14.07.56 100032]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [03/07/2009 11.40.30 9216]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [19/06/2006 12.20.24 1097728]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [07/01/2010 20.45.27 135664]
S3 BCD3000;Behringer BCD3000 V1.2.0.0;c:\windows\system32\drivers\BCD3000.SYS [28/12/2009 23.07.26 42784]
S3 BCD3000WDM;Behringer BCD3000WDM V1.2.0.0;c:\windows\system32\drivers\BCD3000WDM.SYS [28/12/2009 23.07.26 21856]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [27/01/2010 20.45.10 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [27/01/2010 20.50.11 102656]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15/02/2009 23.31.33 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15/02/2009 23.31.33 8320]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys --> c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [?]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys --> c:\windows\system32\DRIVERS\ONDAusbnet.sys [?]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys --> c:\windows\system32\DRIVERS\ONDAusbser6k.sys [?]
S3 ThSerial;ThSerial;c:\windows\system32\drivers\thserial.sys [12/04/2007 21.47.54 59776]
S3 ThSerMux;ThSerMux;c:\windows\system32\drivers\thsermux.sys [12/04/2007 21.47.54 33408]
S3 thserprt;thserprt;c:\windows\system32\drivers\thserprt.sys [12/04/2007 21.47.54 17664]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-18 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-07 23:17]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-07 19:44]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-07 19:44]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy:8080
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Mozilla\Firefox\Profiles\9xhr90co.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it/
FF - component: c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Mozilla\Firefox\Profiles\9xhr90co.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Vincenzo Siciliano\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast, .
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-HijackThis - c:\documents and settings\Vincenzo Siciliano\Documenti\Downloads\HijackThis.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 19:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(6884)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\programmi\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
c:\programmi\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\programmi\Symantec\pcAnywhere\awhost32.exe
c:\windows\RTHDCPL.EXE
c:\programmi\File comuni\ACD Systems\EN\DevDetect.exe
c:\acer\Empowering Technology\admServ.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\docume~1\VINCEN~1\IMPOST~1\Temp\RtkBtMnt.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\fxssvc.exe
c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\Skype\Phone\Skype.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\WinZip\WZQKPICK.EXE
c:\windows\system32\dllhost.exe
c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe
c:\programmi\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe
c:\programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-18 19:41:19 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-18 18:41

Pre-Run: 6.296.731.648 byte disponibili
Post-Run: 6.210.060.288 byte disponibili

- - End Of File - - 8CA948A816413B02DC32B4CB47F40DF2

shapiro

Inviato: Thursday, February 18, 2010 8:22:43 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

scarica avenger sul desktop

Decomprimi l'archivio

Avvia il file avenger.exe

Copi e incolli nella finestra: "Imput script here" il SEGUENTE testo

Code:

files to move:
c:\windows\system32\bak\ctfmon.exe | c:\windows\system32\ctfmon.exe
c:\windows\system32\bak\igfxtray.exe | c:\windows\system32\igfxtray.exe
c:\windows\system32\bak\hkcmd.exe | c:\windows\system32\hkcmd.exe
c:\windows\system32\bak\igfxpers.exe | c:\windows\system32\igfxpers.exe
c:\windows\system32\bak\LVCOMSX.EXE | c:\windows\system32\LVCOMSX.EXE
c:\windows\system32\bak\ElkCtrl.exe | c:\windows\system32\ElkCtrl.exe
c:\windows\system32\IME\PINTLGNT\bak\ImScInst.exe | c:\windows\system32\IME\PINTLGNT\ImScInst.exe
c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE | c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE | c:\windows\ime\imjp8_1\IMJPMIG.EXE
c:\windows\ehome\bak\ehtray.exe | c:\windows\ehome\ehtray.exe
c:\programmi\Synaptics\SynTP\bak\SynTPEnh.exe | c:\programmi\Synaptics\SynTP\SynTPEnh.exe
c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe | c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
c:\programmi\Launch Manager\bak\LManager.exe | c:\programmi\Launch Manager\LManager.exe
c:\programmi\Acer\OrbiCam\bak\CameraAssistant.exe | c:\programmi\Acer\OrbiCam\CameraAssistant.exe
c:\programmi\Acer\OrbiCam\bak\InstallHelper.exe | c:\programmi\Acer\OrbiCam\InstallHelper.exe
c:\programmi\TIM Turbo Manager V2.33I\bak\N100EM~1.EXE | c:\programmi\TIM Turbo Manager V2.33I\N100EM~1.EXE
c:\programmi\Nokia\Nokia Software Launcher\bak\NSLauncher.exe | c:\programmi\Nokia\Nokia Software Launcher\NSLauncher.exe
c:\programmi\SimpleCenter\bin\win\bak\sclauncher.exe | c:\programmi\SimpleCenter\bin\win\sclauncher.exe
c:\acer\Empowering Technology\bak\admtray.exe | c:\acer\Empowering Technology\admtray.exe
c:\acer\Empowering Technology\eDataSecurity\bak\eDSloader.exe | c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
c:\acer\Empowering Technology\ePower\bak\ePower_DMC.exe | c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\acer\Empowering Technology\eRecovery\bak\Monitor.exe | c:\acer\Empowering Technology\eRecovery\Monitor.exe

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

wincensic

Inviato: Thursday, February 18, 2010 8:47:16 PM

Rank: AiutAmico

Iscritto dal : 2/15/2010
Posts: 55

Ecco qui....

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File move operation "c:\windows\system32\bak\ctfmon.exe|c:\windows\system32\ctfmon.exe" completed successfully.
File move operation "c:\windows\system32\bak\igfxtray.exe|c:\windows\system32\igfxtray.exe" completed successfully.
File move operation "c:\windows\system32\bak\hkcmd.exe|c:\windows\system32\hkcmd.exe" completed successfully.
File move operation "c:\windows\system32\bak\igfxpers.exe|c:\windows\system32\igfxpers.exe" completed successfully.
File move operation "c:\windows\system32\bak\LVCOMSX.EXE|c:\windows\system32\LVCOMSX.EXE" completed successfully.
File move operation "c:\windows\system32\bak\ElkCtrl.exe|c:\windows\system32\ElkCtrl.exe" completed successfully.
File move operation "c:\windows\system32\IME\PINTLGNT\bak\ImScInst.exe|c:\windows\system32\IME\PINTLGNT\ImScInst.exe" completed successfully.
File move operation "c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE|c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" completed successfully.
File move operation "c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE|c:\windows\ime\imjp8_1\IMJPMIG.EXE" completed successfully.
File move operation "c:\windows\ehome\bak\ehtray.exe|c:\windows\ehome\ehtray.exe" completed successfully.
File move operation "c:\programmi\Synaptics\SynTP\bak\SynTPEnh.exe|c:\programmi\Synaptics\SynTP\SynTPEnh.exe" completed successfully.
File move operation "c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe|c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" completed successfully.
File move operation "c:\programmi\Launch Manager\bak\LManager.exe|c:\programmi\Launch Manager\LManager.exe" completed successfully.
File move operation "c:\programmi\Acer\OrbiCam\bak\CameraAssistant.exe|c:\programmi\Acer\OrbiCam\CameraAssistant.exe" completed successfully.
File move operation "c:\programmi\Acer\OrbiCam\bak\InstallHelper.exe|c:\programmi\Acer\OrbiCam\InstallHelper.exe" completed successfully.
File move operation "c:\programmi\TIM Turbo Manager V2.33I\bak\N100EM~1.EXE|c:\programmi\TIM Turbo Manager V2.33I\N100EM~1.EXE" completed successfully.
File move operation "c:\programmi\Nokia\Nokia Software Launcher\bak\NSLauncher.exe|c:\programmi\Nokia\Nokia Software Launcher\NSLauncher.exe" completed successfully.
File move operation "c:\programmi\SimpleCenter\bin\win\bak\sclauncher.exe|c:\programmi\SimpleCenter\bin\win\sclauncher.exe" completed successfully.
File move operation "c:\acer\Empowering Technology\bak\admtray.exe|c:\acer\Empowering Technology\admtray.exe" completed successfully.
File move operation "c:\acer\Empowering Technology\eDataSecurity\bak\eDSloader.exe|c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" completed successfully.
File move operation "c:\acer\Empowering Technology\ePower\bak\ePower_DMC.exe|c:\acer\Empowering Technology\ePower\ePower_DMC.exe" completed successfully.
File move operation "c:\acer\Empowering Technology\eRecovery\bak\Monitor.exe|c:\acer\Empowering Technology\eRecovery\Monitor.exe" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

shapiro

Inviato: Thursday, February 18, 2010 9:16:31 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

facciamo un controllo

scarica FindAWF da qui - lo avvii, nella finestra dos che si apre premi 1 e poi invio; alla fine dello scan copia e incolla il report rilasciato

lo trovi in (C:\findawf\txt).

hai controllato le chiavette con ninja?

segui anche il consiglio di paolopa

wincensic

Inviato: Thursday, February 18, 2010 9:33:42 PM

Rank: AiutAmico

Iscritto dal : 2/15/2010
Posts: 55

Find AWF report by noahdfear ©2006
Version 1.40

Fatto.....in allegato

Ho controllato con ninja ed ho trovato il file xiao.vbs e lo ho eliminato

P.s.=sto seguendo i consigli di poaolopa...e lo ringrazio.

bak folders found
~~~~~~~~~~~

Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\WINDOWS\EHOME\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\LAUNCH~1\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\TIMTUR~1.33I\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\ACER\EMPOWE~1\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\WINDOWS\IME\IMJP8_1\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\REALTEK\INSTAL~1\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\NEWTEC~1\NTICD&~1\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\ACER\ORBICAM\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\NOKIA\NOKIAS~1\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\SKYPE\PHONE\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\ACER\EMPOWE~1\EDATAS~1\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\ACER\EMPOWE~1\EPOWER\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\ACER\EMPOWE~1\ERECOV~1\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili
Il volume nell'unità C è ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\SIMPLE~1\BIN\WIN\BAK

0 File 0 byte
2 Directory 6.223.364.096 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

shapiro

Inviato: Thursday, February 18, 2010 10:44:38 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

fai una ricerca

scaricati questo programmino

aprilo

clicca su Size and date

spunta minimum filesize

maximum filesize

scrivi nei due box bianchi 14348 e nella colonna accanto scegli BYTES

avvia la ricerca cliccando su FIND NOW

controlla se nella lista appaiono file con 14348 byte.

E' solo un controllo, non toccarli

wincensic

Inviato: Thursday, February 18, 2010 10:59:32 PM

Rank: AiutAmico

Iscritto dal : 2/15/2010
Posts: 55

Mi dice:

Cannot open C:\documents and settings\Vincenzo Siciliano\Dati applicazioni\locate32\files.dbs

wincensic

Inviato: Thursday, February 18, 2010 11:10:19 PM

Rank: AiutAmico

Iscritto dal : 2/15/2010
Posts: 55

Risolto.

Mi compare il file TRIALOC.DL_ folder C:\i385

wincensic

Inviato: Thursday, February 18, 2010 11:11:02 PM

Rank: AiutAmico

Iscritto dal : 2/15/2010
Posts: 55

scusa....TRIALOC.DL_ folder C:\i386

shapiro

Inviato: Friday, February 19, 2010 9:13:38 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

prova di nuovo, voglio controllare se ci sono ancora delle tracce del dialer anche se le cartelle sono vuote (dopo dovrai eliminarle)

apri locate32 e, nella finestra che si apre, clicca su:
options => settings => auto update => add
in "schedule updates" inserisci At Startup => ok <<<''

fatto questo ripeti il passaggio che ti ho indicato

ricorda di inserire 14348 byte

wincensic

Inviato: Friday, February 19, 2010 8:55:27 PM

Rank: AiutAmico

Iscritto dal : 2/15/2010
Posts: 55

Ciao Shapiro,

L'esecuzione di locate32 mi ha dato lo stesso risultato TRIALOC.DL_ folder C:\i386....

Thanks per la pazienza e supporto.......

shapiro

Inviato: Friday, February 19, 2010 9:04:28 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

non preoccuparti, probabilmente non hai selezionato qualcosa

lo facciamo dopo

adesso dobbiamo eliminare le cartelle bak a mano - prima di eliminarle, controlla che non ci sia effettivamente niente dentro, devono essere vuote

devi eliminare la cartella bak seguendo il precorso

abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti

Commenta:

C:\WINDOWS\EHOME\BAK

C:\PROGRA~1\MESSEN~1\BAK

C:\PROGRA~1\LAUNCH~1\BAK

C:\PROGRA~1\TIMTUR~1.33I\BAK

C:\ACER\EMPOWE~1\BAK

C:\WINDOWS\IME\IMJP8_1\BAK

C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

C:\PROGRA~1\REALTEK\INSTAL~1\BAK

C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

C:\PROGRA~1\NEWTEC~1\NTICD&~1\BAK

C:\PROGRA~1\ACER\ORBICAM\BAK

C:\PROGRA~1\NOKIA\NOKIAS~1\BAK

C:\PROGRA~1\SKYPE\PHONE\BAK

C:\ACER\EMPOWE~1\EDATAS~1\BAK

C:\ACER\EMPOWE~1\EPOWER\BAK

C:\ACER\EMPOWE~1\ERECOV~1\BAK

C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK

C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

C:\PROGRA~1\SIMPLE~1\BIN\WIN\BAK

wincensic

Inviato: Friday, February 19, 2010 9:50:42 PM

Rank: AiutAmico

Iscritto dal : 2/15/2010
Posts: 55

Fatto....

shapiro

Inviato: Friday, February 19, 2010 10:16:34 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

vai qui

analizza questi file

c:\windows\system32\bcd3kasio.dll

c:\windows\system32\NTIMPEG2.dll

in questa pagina e' spiegato come si usa virus total

riporta cosa dicono i 40 antivirus, salva il rapporto

wincensic

Inviato: Friday, February 19, 2010 10:26:37 PM

Rank: AiutAmico

Iscritto dal : 2/15/2010
Posts: 55

Questo il primo, fammi sapere se è il report giusto

File bcd3kasio.dll ricevuto il 2010.01.06 23:05:31 (UTC)
Stato corrente: finito
Risultato: 0/41 (0.00%)
Formattato
Stampa risultati
Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.5.0.48 2010.01.06 -
AhnLab-V3 5.0.0.2 2010.01.06 -
AntiVir 7.9.1.122 2009.12.31 -
Antiy-AVL 2.0.3.7 2010.01.06 -
Authentium 5.2.0.5 2010.01.06 -
Avast 4.8.1351.0 2010.01.06 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.06 -
CAT-QuickHeal 10.00 2010.01.05 -
ClamAV 0.94.1 2010.01.06 -
Comodo 3490 2010.01.06 -
DrWeb 5.0.1.12222 2010.01.06 -
eSafe 7.0.17.0 2010.01.06 -
eTrust-Vet 35.1.7219 2010.01.06 -
F-Prot 4.5.1.85 2010.01.06 -
F-Secure 9.0.15370.0 2010.01.06 -
Fortinet 4.0.14.0 2010.01.06 -
GData 19 2010.01.06 -
Ikarus T3.1.1.79.0 2010.01.06 -
Jiangmin 13.0.900 2010.01.06 -
K7AntiVirus 7.10.940 2010.01.06 -
Kaspersky 7.0.0.125 2010.01.06 -
McAfee 5853 2010.01.06 -
McAfee+Artemis 5853 2010.01.06 -
McAfee-GW-Edition 6.8.5 2010.01.06 -
Microsoft 1.5302 2010.01.06 -
NOD32 4749 2010.01.06 -
Norman 6.04.03 2010.01.06 -
nProtect 2009.1.8.0 2010.01.06 -
Panda 10.0.2.2 2010.01.06 -
PCTools 7.0.3.5 2010.01.06 -
Prevx 3.0 2010.01.07 -
Rising 22.29.02.06 2010.01.06 -
Sophos 4.49.0 2010.01.06 -
Sunbelt 3.2.1858.2 2010.01.06 -
Symantec 20091.2.0.41 2010.01.06 -
TheHacker 6.5.0.3.137 2010.01.06 -
TrendMicro 9.120.0.1004 2010.01.06 -
VBA32 3.12.12.1 2010.01.06 -
ViRobot 2010.1.6.2124 2010.01.06 -
VirusBuster 5.0.21.0 2010.01.06 -
Informazioni addizionali
File size: 106496 bytes
MD5 : 8f02f857f9dd5f315ebfcfbf8ed55e9e
SHA1 : 5898e057a67760bbdc576bcaf569ee4d8242870c
SHA256: a621f436aa3f253d466cbfd5fcc943b2ff1b057ddc0cca1714edbed7be510b73
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x436D
timedatestamp.....: 0x48DFE499 (Sun Sep 28 22:10:01 2008)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xFA34 0x10000 6.59 0c40ea3a18ab0f26a6f53f22d6b3c770
.rdata 0x11000 0x31A8 0x4000 4.63 d8d1d524a96d3dcefb0c582bb74988a3
.data 0x15000 0x3158 0x2000 2.32 8ad15f939c1d9d10df9201b7a7c0491b
.rsrc 0x19000 0x438 0x1000 1.13 e6d9df6ac7e5dbc8e7f814f8d0a4cab7
.reloc 0x1A000 0x1980 0x2000 3.71 ece49149a837c7a972512b04138367ea

( 6 imports )

> advapi32.dll: RegCreateKeyA, RegDeleteKeyA, RegCloseKey, RegQueryValueExA, RegCreateKeyExA, RegOpenKeyA, RegSetValueExA, RegEnumKeyA, RegOpenKeyExA
> kernel32.dll: GetStdHandle, FlushFileBuffers, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetStringTypeW, GetStringTypeA, CreateProcessA, DeviceIoControl, WaitForSingleObject, CloseHandle, SetEvent, CreateMutexA, InterlockedDecrement, InterlockedIncrement, ReleaseMutex, WaitForSingleObjectEx, SetThreadPriority, CreateThread, CreateEventA, WideCharToMultiByte, GetModuleFileNameA, GetModuleHandleA, LocalFree, GetLastError, CreateFileA, FormatMessageA, HeapFree, RtlUnwind, HeapAlloc, GetCurrentThreadId, GetCommandLineA, GetProcAddress, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, WriteFile, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapCreate, HeapDestroy, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, RaiseException, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, Sleep, ExitProcess, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetConsoleCP, GetConsoleMode, LoadLibraryA, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, HeapSize, LCMapStringA, MultiByteToWideChar, LCMapStringW
> ole32.dll: StringFromCLSID
> setupapi.dll: SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailA, SetupDiGetClassDevsA, SetupDiDestroyDeviceInfoList
> user32.dll: MessageBoxA, FindWindowA, CharLowerA, RegisterWindowMessageA, SendMessageA, IsWindowVisible, SetForegroundWindow
> winmm.dll: timeGetTime

( 1 exports )

> DllCanUnloadNow, DllGetClassObject, DllMain, DllRegisterServer, DllUnregisterServer
TrID : File type identification
DirectShow filter (58.4%)
Win64 Executable Generic (24.8%)
Win32 Executable MS Visual C++ (generic) (10.9%)
Win32 Executable Generic (2.4%)
Win32 Dynamic Link Library (generic) (2.1%)
ssdeep: 1536:2M6cA4tDsKS8xAN93woYpFdBcVM+Ps6sriN:dr3XKN2Hp5+k6sriN
PEiD : -
RDS : NSRL Reference Data Set

wincensic

Inviato: Friday, February 19, 2010 10:30:14 PM

Rank: AiutAmico

Iscritto dal : 2/15/2010
Posts: 55

Ecco il secondo

ile NTIMPEG2.dll ricevuto il 2010.02.19 21:28:46 (UTC)
Stato corrente: finito
Risultato: 0/41 (0%)
Formattato
Stampa risultati
Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.5.0.50 2010.02.19 -
AhnLab-V3 5.0.0.2 2010.02.19 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.19 -
Avast 4.8.1351.0 2010.02.19 -
AVG 9.0.0.730 2010.02.19 -
BitDefender 7.2 2010.02.19 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.19 -
Comodo 3994 2010.02.19 -
DrWeb 5.0.1.12222 2010.02.19 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7313 2010.02.19 -
F-Prot 4.5.1.85 2010.02.19 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.18 -
GData 19 2010.02.19 -
Ikarus T3.1.1.80.0 2010.02.19 -
Jiangmin 13.0.900 2010.02.19 -
K7AntiVirus 7.10.977 2010.02.18 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5897 2010.02.19 -
McAfee+Artemis 5897 2010.02.19 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.18 -
NOD32 4881 2010.02.19 -
Norman 6.04.08 2010.02.19 -
nProtect 2009.1.8.0 2010.02.19 -
Panda 10.0.2.2 2010.02.19 -
PCTools 7.0.3.5 2010.02.19 -
Prevx 3.0 2010.02.19 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.19 -
Sunbelt 5686 2010.02.19 -
Symantec 20091.2.0.41 2010.02.19 -
TheHacker 6.5.1.5.202 2010.02.19 -
TrendMicro 9.120.0.1004 2010.02.19 -
VBA32 3.12.12.2 2010.02.19 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.19 -
Informazioni addizionali
File size: 1024 bytes
MD5...: af43c7f0cfff134a3160a62f1bea6beb
SHA1..: 7cfd3855c35bafaa91f5e732b5d5948453ecf8a2
SHA256: 64f7707948ce40898ac68e00ae33c77d4921066ff2ae3dd63910b834ad4ae4e1
ssdeep: 3:GLljMKORMiGx7rygUStmL/L8xPx2GpynWOPu4VO506fUyKpO506fUyKpO506fU
ye:GL5MdYN3U0xPPOP5
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

shapiro

Inviato: Friday, February 19, 2010 10:38:43 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

il rapporto e' 0 su 41 quindi sono buoni

scarica virit

vai in provvisoria

aggiorna il programma e fai una scansione completa

Posta il log che rilascia

wincensic

Inviato: Friday, February 19, 2010 11:54:55 PM

Rank: AiutAmico

Iscritto dal : 2/15/2010
Posts: 55

Ecco il log......

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK

19/02/2010 - 23:03:56

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 208.
Files Totali: 208.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK

19/02/2010 - 23:14:23

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

[E:]

Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 87563.
Files Totali: 87563.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

shapiro

Inviato: Saturday, February 20, 2010 11:01:52 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

bene cosi'

conosci questa cartella?

C:\FOUND.002

e' tua?

hai installato anche il norton o sono delle vecchie tracce quelle che sono nel log ?

Utenti presenti in questo topic

6 pages: 1 [2] 3 4 5 6

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » VBS:Malware-gen,please Help mi date un'occhiata al mio log hijack

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded