Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Trojan Mebroot.B ha infettato il pc!

7 pages: 1 2 3 4 5 6 [7]
Trojan Mebroot.B ha infettato il pc! Opzioni
Topic Precedente · Topic Sucessivo
parthenopea
Inviato: Saturday, March 21, 2009 5:29:48 PM
Rank: Newbie

Iscritto dal : 3/16/2009
Posts: 0
eccoti il report di gmer

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2009-03-21 17:27:09
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF84A7818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF84A77D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF849BA20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF849C2A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF84A7910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF84A7794]
SSDT \??\D:\Bit defender\programma installato\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xF037DBCE]
SSDT \??\D:\Bit defender\programma installato\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xF037DCBC]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF849C2C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF84A7866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF84A70B0]
SSDT spqx.sys ZwSetValueKey [0xF84F719A]
SSDT \??\D:\Bit defender\programma installato\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xF037DB32]

---- Kernel code sections - GMER 1.0.14 ----

? spqx.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload F7B3A62C 5 Bytes JMP 82D131D8

---- User code sections - GMER 1.0.14 ----

.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] kernel32.dll!LoadResource 7C80A065 7 Bytes JMP 28001E20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] kernel32.dll!FindResourceExW 7C80AB10 4 Bytes JMP 28001C60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] kernel32.dll!FindResourceExW + 5 7C80AB15 2 Bytes [ CC, CC ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] kernel32.dll!FindResourceW 7C80BA56 7 Bytes JMP 28001BE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] kernel32.dll!SizeofResource 7C80BAF1 7 Bytes JMP 28001EE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] kernel32.dll!LockResource 7C80C6CF 5 Bytes JMP 28001F50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] kernel32.dll!FindResourceA 7C80C7B1 7 Bytes JMP 28001CF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] kernel32.dll!CreateEventA 7C81E4BD 5 Bytes JMP 28001840 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] kernel32.dll!FindResourceExA 7C822C2D 7 Bytes JMP 28001D80 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] kernel32.dll!OutputDebugStringW 7C85A215 5 Bytes JMP 28001FB0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] ADVAPI32.dll!CryptDeriveKey 77F5A685 7 Bytes JMP 28001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] ADVAPI32.dll!CryptDecrypt 77F5A7B1 2 Bytes JMP 28001060 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] ADVAPI32.dll!CryptDecrypt + 3 77F5A7B4 4 Bytes [ 0A, B0, CC, CC ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] USER32.dll!PeekMessageW 77D19278 5 Bytes JMP 280045E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] USER32.dll!CreateWindowExW 77D21AD5 5 Bytes JMP 28003CA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] USER32.dll!SetWindowRgn 77D21DE0 7 Bytes JMP 28005F00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] USER32.dll!LoadIconW 77D22174 5 Bytes JMP 28006880 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] USER32.dll!LoadImageW 77D242A4 5 Bytes JMP 28006690 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] USER32.dll!CreateDialogParamW 77D3629F 5 Bytes JMP 28006040 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] USER32.dll!SetWindowPlacement 77D3FBEA 5 Bytes JMP 28005DC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] USER32.dll!MessageBoxIndirectW 77D660B7 5 Bytes JMP 28006230 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] USER32.dll!TrackPopupMenuEx 77D6CAFE 5 Bytes JMP 28004EC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] WS2_32.dll!send 71A3428A 5 Bytes JMP 2800B800 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 2800B5E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] WS2_32.dll!recv 71A3615A 5 Bytes JMP 2800B440 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 2800B9E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 2800BC20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 5 Bytes JMP 28003400 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] ole32.dll!CoInitializeEx 774C42F3 5 Bytes JMP 28002260 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] ole32.dll!CoRegisterClassObject 77511BFC 5 Bytes JMP 28002360 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] WININET.dll!HttpOpenRequestA 77194AC5 5 Bytes JMP 2800A2C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] WININET.dll!InternetCloseHandle 771961DC 5 Bytes JMP 2800A600 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] WININET.dll!HttpSendRequestA 771976B8 5 Bytes JMP 2800A530 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2396] WININET.dll!InternetReadFile 77199555 5 Bytes JMP 2800A450 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F732D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F850993C] spqx.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8509990] spqx.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82D132D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F84E9D92] spqx.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 82FDC1F8

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\usbuhci \Device\USBPDO-0 82C491F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82F711F8
Device \Driver\dmio \Device\DmControl\DmConfig 82F711F8
Device \Driver\dmio \Device\DmControl\DmPnP 82F711F8
Device \Driver\dmio \Device\DmControl\DmInfo 82F711F8
Device \Driver\usbuhci \Device\USBPDO-1 82C491F8
Device \Driver\usbuhci \Device\USBPDO-2 82C491F8
Device \Driver\usbuhci \Device\USBPDO-3 82C491F8
Device \Driver\usbehci \Device\USBPDO-4 82C321F8

AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82FDF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 82FDF1F8
Device \FileSystem\Rdbss \Device\FsWrap 82934248
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 82D25008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 82D25008
Device \Driver\atapi \Device\Ide\IdePort0 82D25008
Device \Driver\atapi \Device\Ide\IdePort1 82D25008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 82D25008
Device \Driver\USBSTOR \Device\00000074 82C851F8
Device \Driver\USBSTOR \Device\00000075 82C851F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6E9FE341-0F2A-4D3A-A078-67BD55365748} 829691F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 829691F8
Device \Driver\NetBT \Device\NetbiosSmb 829691F8
Device \FileSystem\Srv \Device\LanmanServer 82C8B988

AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\usbuhci \Device\USBFDO-0 82C491F8
Device \Driver\usbuhci \Device\USBFDO-1 82C491F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{13BD9FF6-15F2-4993-A9CF-D1ACC2698988} 829691F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8289C500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8293C9B8
Device \Driver\usbuhci \Device\USBFDO-2 82C491F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8289C500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8293C9B8
Device \Driver\usbuhci \Device\USBFDO-3 82C491F8
Device \FileSystem\Npfs \Device\NamedPipe 82B84158
Device \Driver\usbehci \Device\USBFDO-4 82C321F8
Device \Driver\Ftdisk \Device\FtControl 82FDF1F8
Device \FileSystem\Msfs \Device\Mailslot 82A0A740
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 82A34748
Device \Driver\viamraid \Device\Scsi\viamraid1 82FDD1F8
Device \Driver\d347prt \Device\Scsi\d347prt1 82A34748
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 829E3268
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 829E3268
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 829E3268
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 829E3268
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 829E3268
Device \FileSystem\Cdfs \Cdfs 828A9500
Device \FileSystem\Cdfs \Cdfs 82EEF850

---- Modules - GMER 1.0.14 ----

Module _________ F83FE000-F8416000 (98304 bytes)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0xE3 0x40 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0xE3 0x40 0xBE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0xE3 0x40 0xBE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0xE3 0x40 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0xE3 0x40 0xBE ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0xE3 0x40 0xBE ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.14 ----
Torna in alto
 
shapiro
Inviato: Saturday, March 21, 2009 5:47:57 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
non sono sparito Marina, sto vedendo il tuo log

intanto fai questo test

scarica questo piccolo programmino stand alone, clicca su monitor\start e controlla se vedi delle voci in rosso

http://wikisend.com/download/461320/DeepMonitor.exe
Torna in alto
 
parthenopea
Inviato: Saturday, March 21, 2009 5:50:13 PM
Rank: Newbie

Iscritto dal : 3/16/2009
Posts: 0
fatto.... nessuna rossa tutte blu
Torna in alto
 
shapiro
Inviato: Saturday, March 21, 2009 5:54:16 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
bene- anche il log di gmer non ha problemi....nessun rootkit

ora ricontrollo bene combofix, voglio vedere due cose #
Torna in alto
 
parthenopea
Inviato: Sunday, March 22, 2009 2:05:31 PM
Rank: Newbie

Iscritto dal : 3/16/2009
Posts: 0
Buongiorno Shapiro# e buona domenica!
Torna in alto
 
Utenti presenti in questo topic
Guest

7 pages: 1 2 3 4 5 6 [7]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Trojan Mebroot.B ha infettato il pc!


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.