Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Rogue Residue

Rogue Residue Opzioni
Topic Precedente · Topic Sucessivo
giovanitasca
Inviato: Thursday, April 23, 2009 3:12:07 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ho installato (ma poi disinstallato) il programma Live Player. Viene propagandato come Visus free. Ho notato tuttavia che il programma che regolarmente uso Malwarebytes' Anti-Malware mi segnala un Rogue Residue e nache se lo cancello puntualmente lo ritrovo. Non è che abbia notato malfunzionamenti o altro, ma alla fine che cos'é?
Allelo LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.10.04, on 23/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Messenger\msmsgs.exe
C:\documents and settings\tascapane\impostazioni locali\dati applicazioni\wwwiuwq.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Mozilla Firefox\firefox.exe
F:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Programmi\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wwwiuwq] "c:\documents and settings\tascapane\impostazioni locali\dati applicazioni\wwwiuwq.exe" wwwiuwq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Outpost Firewall Pro Regolazione rapida - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programmi\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239469460484
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FC698AD-972E-434D-AD94-E8526C8D5F62}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{5FC698AD-972E-434D-AD94-E8526C8D5F62}: NameServer = 192.168.1.254
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Servizio di Google Update (gupdate1c9c383d9272c48) (gupdate1c9c383d9272c48) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe

--
End of file - 6591 bytes



LOG DI Malwarebytes' Anti-Malware 1.36
Versione del database: 2026
Windows 5.1.2600 Service Pack 3

23/04/2009 15.10.36
mbam-log-2009-04-23 (15-10-27).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 65890
Tempo trascorso: 2 minute(s), 24 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
Sponsor
Inviato: Thursday, April 23, 2009 3:12:07 PM

 
Torna in alto
 
r16
Inviato: Thursday, April 23, 2009 4:28:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
giovanitasca
Inviato: Thursday, April 23, 2009 10:18:03 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ecco il LOG di Combofix

ComboFix 09-04-23.A3 - Tascapane 23/04/2009 22.10.38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1407.900 [GMT 2:00]
Eseguito da: c:\documents and settings\Tascapane\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated)
FW: ActiveArmor Firewall *disabled*
FW: Outpost Firewall Pro *disabled*
* Creato nuovo punto di ripristino
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tascapane\Impostazioni locali\Dati applicazioni\wwwiuwq.dat
c:\documents and settings\Tascapane\Impostazioni locali\Dati applicazioni\wwwiuwq.exe
c:\documents and settings\Tascapane\Impostazioni locali\Dati applicazioni\wwwiuwq_nav.dat
c:\documents and settings\Tascapane\Impostazioni locali\Dati applicazioni\wwwiuwq_navps.dat
c:\windows\system32\javan.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-05-23 al 2009-4-23 )))))))))))))))))))))))))))))))))))
.

2009-04-23 12:53 . 2009-04-23 12:53 -------- d-----w c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2009-04-22 19:52 . 2009-04-22 19:52 -------- d-----w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2009-04-22 19:52 . 2009-04-22 19:52 -------- d-----w c:\documents and settings\Tascapane\Impostazioni locali\Dati applicazioni\Google
2009-04-22 19:44 . 2009-04-22 19:52 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-04-21 10:04 . 2009-04-22 17:30 -------- d-----w c:\documents and settings\Tascapane\Dati applicazioni\dvdcss
2009-04-20 17:30 . 2009-04-20 17:30 0 ----a-w c:\windows\nsreg.dat
2009-04-20 17:30 . 2009-04-20 17:30 -------- d-----w c:\documents and settings\Tascapane\Impostazioni locali\Dati applicazioni\Mozilla
2009-04-20 17:15 . 2009-04-20 17:15 -------- d-----w c:\documents and settings\Tascapane\Dati applicazioni\Sonic
2009-04-20 16:58 . 2009-04-20 16:58 -------- d-----w c:\documents and settings\Tascapane\Dati applicazioni\Ahead
2009-04-20 02:18 . 2009-04-20 02:19 -------- d-----w c:\documents and settings\Tascapane\Dati applicazioni\vlc
2009-04-20 01:50 . 2009-04-22 19:36 116 ----a-w c:\windows\NeroDigital.ini
2009-04-20 01:33 . 2008-04-13 18:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-20 01:33 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-20 01:33 . 2000-03-24 16:18 13824 ----a-r c:\windows\system32\FB63UCPL.DLL
2009-04-20 01:33 . 2000-03-24 16:10 271872 ----a-r c:\windows\system32\UCS32P.DLL
2009-04-20 01:33 . 2000-03-24 16:08 98816 ----a-r c:\windows\system32\FB63UUSD.dll
2009-04-20 01:33 . 2000-03-24 16:08 155648 ----a-r c:\windows\system32\MG600.DLL
2009-04-20 01:31 . 2003-01-10 19:52 13997 ----a-w c:\windows\system32\ssgb7mon.dll
2009-04-20 01:31 . 2003-11-17 18:24 208896 ------w c:\windows\system32\SSRemove.exe
2009-04-20 01:31 . 2003-07-21 18:50 8478 ------w c:\windows\system32\SP119.ICO
2009-04-20 01:31 . 2004-05-17 20:04 41984 ------w c:\windows\system32\drivers\DGIVECP.SYS
2009-04-20 01:31 . 2009-04-20 01:31 -------- d-----w c:\windows\Samsung
2009-04-20 01:29 . 2008-04-13 18:47 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-20 01:29 . 2008-04-13 18:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-20 01:20 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-20 01:20 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-20 01:20 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-20 01:20 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-20 01:20 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-20 01:20 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-20 01:20 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-20 01:20 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-20 01:20 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-20 01:19 . 2009-03-27 06:48 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-20 01:19 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 08:00 . 2004-08-20 09:41 86092 ----a-w c:\windows\system32\ImageDrive.cpl
2009-04-12 07:53 . 2004-09-08 19:00 52447 ------w c:\windows\UNNMP.cfg
2009-04-12 07:53 . 2004-09-02 12:43 2142208 ------w c:\windows\UNNMP.exe
2009-04-12 07:52 . 2004-03-02 15:37 125184 ------w c:\windows\system32\drivers\imagesrv.sys
2009-04-12 07:52 . 2004-03-02 15:37 5504 ------w c:\windows\system32\drivers\imagedrv.sys
2009-04-12 07:51 . 2001-07-09 09:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-04-12 07:49 . 2004-09-08 19:00 147046 ------w c:\windows\UNNeroVision.cfg
2009-04-12 07:49 . 2004-09-08 18:33 2142208 ------w c:\windows\UNNeroVision.exe
2009-04-12 07:49 . 2001-03-08 17:30 24064 ------w c:\windows\system32\msxml3a.dll
2009-04-12 07:48 . 2009-04-12 07:48 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-04-12 07:48 . 2004-07-26 15:16 471040 ------w c:\windows\system32\ImagXRA7.dll
2009-04-12 07:48 . 2004-07-09 07:43 364544 ------w c:\windows\system32\TwnLib4.dll
2009-04-12 07:48 . 2004-07-26 15:16 476320 ------w c:\windows\system32\ImagXpr7.dll
2009-04-12 07:48 . 2004-07-26 15:16 262144 ------w c:\windows\system32\ImagXR7.dll
2009-04-12 07:48 . 2004-07-26 15:16 1568768 ------w c:\windows\system32\ImagX7.dll
2009-04-12 07:48 . 2001-06-26 06:15 38912 ------w c:\windows\system32\picn20.dll
2009-04-12 07:48 . 2000-06-26 09:45 106496 ----a-w c:\windows\system32\TwnLib20.dll
2009-04-12 07:40 . 2003-06-18 23:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-04-12 07:36 . 2009-04-12 07:38 -------- d-----w c:\windows\SHELLNEW
2009-04-11 19:46 . 2009-04-11 19:46 -------- d-----w c:\documents and settings\Tascapane\Impostazioni locali\Dati applicazioni\Identities
2009-04-11 19:44 . 2009-04-11 19:44 -------- d-----w c:\documents and settings\Tascapane\Dati applicazioni\Yahoo!
2009-04-11 19:40 . 2009-04-11 19:40 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-11 19:40 . 2009-04-11 19:40 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-11 19:36 . 2009-04-11 19:38 28276 ----a-w c:\windows\system32\drivers\MxlW2k.sys
2009-04-11 19:31 . 2009-04-20 02:23 775 ----a-w c:\windows\CLARIS.INI
2009-04-11 19:31 . 2009-04-20 02:22 -------- d-----w c:\windows\CLARIS
2009-04-11 19:31 . 2009-04-11 19:31 -------- d-----w C:\FMPRO
2009-04-11 19:30 . 2005-10-15 10:32 196608 ----a-w c:\windows\system32\pdfcmnnt.dll
2009-04-11 19:30 . 2005-04-15 17:58 1071088 ----a-w c:\windows\system32\MSCOMCTL.OCX
2009-04-11 19:30 . 2004-03-08 22:00 662288 ----a-w c:\windows\system32\MSCOMCT2.OCX
2009-04-11 19:30 . 1998-06-23 22:00 137000 ----a-w c:\windows\system32\MSMAPI32.OCX
2009-04-11 19:30 . 1998-08-05 05:45 122128 ----a-w c:\windows\system32\VB6IT.DLL
2009-04-11 19:30 . 1998-08-05 05:45 150528 ----a-w c:\windows\system32\MSCMCIT.DLL
2009-04-11 19:30 . 1998-08-05 05:45 63488 ----a-w c:\windows\system32\MSCC2IT.DLL
2009-04-11 19:30 . 1998-07-05 22:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL
2009-04-11 19:18 . 2009-04-23 20:08 -------- d-----w c:\documents and settings\Tascapane\Dati applicazioni\uTorrent
2009-04-11 19:16 . 2008-06-14 17:32 272768 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-11 19:16 . 2009-02-20 08:09 668672 -c----w c:\windows\system32\dllcache\wininet.dll
2009-04-11 19:16 . 2009-03-02 23:10 1499648 -c----w c:\windows\system32\dllcache\shdocvw.dll
2009-04-11 19:16 . 2009-02-20 08:09 619520 -c----w c:\windows\system32\dllcache\urlmon.dll
2009-04-11 19:15 . 2009-02-09 11:22 2148864 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-11 19:15 . 2009-02-10 17:02 2069760 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-11 19:15 . 2009-02-09 11:23 2027520 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-11 19:15 . 2009-02-09 11:23 2192768 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-11 19:14 . 2009-02-20 08:09 3089408 -c----w c:\windows\system32\dllcache\mshtml.dll
2009-04-11 19:14 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-11 19:14 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-11 19:14 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-11 19:14 . 2008-05-01 14:34 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-04-11 19:14 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-11 19:13 . 2008-10-15 16:36 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-11 19:13 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-04-11 18:15 . 2009-04-11 18:15 -------- d-----w c:\windows\system32\it-it
2009-04-11 18:15 . 2009-04-11 18:15 -------- d-----w c:\windows\l2schemas
2009-04-11 18:15 . 2009-04-11 18:15 -------- d-----w c:\windows\system32\it
2009-04-11 18:15 . 2009-04-11 18:15 -------- d-----w c:\windows\system32\bits
2009-04-11 18:13 . 2009-04-11 18:13 -------- d-----w c:\windows\ServicePackFiles
2009-04-11 17:14 . 2004-08-19 13:23 701440 ------w c:\windows\system32\drivers\ati2mtag.sys
2009-04-11 17:08 . 2009-04-20 20:01 -------- d--h--w c:\windows\$hf_mig$
2009-04-11 17:06 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-04-11 17:06 . 2008-04-14 01:49 58368 ----a-w c:\windows\system32\drivers\redbook.sys
2009-04-11 17:05 . 2008-04-13 18:45 10624 ----a-w c:\windows\system32\drivers\gameenum.sys
2009-04-11 17:05 . 2008-10-16 12:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-04-11 17:05 . 2008-10-16 12:12 35864 ----a-w c:\windows\system32\wucltui.dll.mui
2009-04-11 17:05 . 2008-10-16 12:08 27672 ----a-w c:\windows\system32\wuapi.dll.mui
2009-04-11 17:05 . 2008-10-16 12:08 27672 ----a-w c:\windows\system32\wuaucpl.cpl.mui
2009-04-11 17:05 . 2008-10-16 12:07 19480 ----a-w c:\windows\system32\wuaueng.dll.mui
2009-04-11 17:04 . 2008-04-14 02:13 76800 ----a-w c:\windows\system32\usbui.dll
2009-04-11 17:04 . 2009-04-11 17:04 -------- d-s---w c:\documents and settings\Tascapane\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 19:52 . 2009-04-22 19:32 -------- d-----w c:\programmi\Google
2009-04-22 13:20 . 2009-04-11 16:31 -------- d-----w c:\programmi\ESET
2009-04-20 20:53 . 2002-10-30 02:45 47592 ----a-w c:\windows\system32\perfc010.dat
2009-04-20 20:53 . 2002-10-30 02:45 345010 ----a-w c:\windows\system32\perfh010.dat
2009-04-20 01:57 . 2009-04-20 01:57 -------- d-----w c:\programmi\VideoLAN
2009-04-20 01:57 . 2009-04-20 01:57 -------- d-----w c:\programmi\File comuni\Sonic Shared
2009-04-20 01:57 . 2009-04-20 01:57 -------- d-----w c:\programmi\Sonic
2009-04-12 08:06 . 2009-04-11 15:49 42552 ----a-w c:\documents and settings\Tascapane\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-12 08:03 . 2009-04-12 08:03 -------- d-----w c:\programmi\File comuni\Kapitol
2009-04-12 08:03 . 2009-04-12 08:03 -------- d-----w c:\programmi\Finson Live Update
2009-04-12 08:03 . 2009-04-12 08:03 -------- d-----w c:\programmi\Finson
2009-04-12 07:53 . 2009-04-12 07:48 -------- d-----w c:\programmi\Ahead
2009-04-12 07:50 . 2009-04-12 07:48 -------- d-----w c:\programmi\File comuni\Ahead
2009-04-12 07:38 . 2009-04-12 07:38 -------- d-----w c:\programmi\Microsoft.NET
2009-04-11 20:51 . 2009-04-11 19:44 -------- d-----w c:\programmi\Yahoo!
2009-04-11 19:46 . 2009-04-11 19:45 -------- d-----w c:\programmi\RegCleaner
2009-04-11 19:44 . 2009-04-11 19:44 -------- d-----w c:\programmi\CCleaner
2009-04-11 19:41 . 2009-04-11 19:41 -------- d-----w c:\programmi\File comuni\xing shared
2009-04-11 19:41 . 2009-04-11 19:40 -------- d-----w c:\programmi\File comuni\Real
2009-04-11 19:40 . 2009-04-11 19:40 -------- d-----w c:\programmi\Real
2009-04-11 19:36 . 2009-04-11 19:36 -------- d-----w c:\programmi\MUSICMATCH
2009-04-11 19:36 . 2009-04-11 15:42 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-11 19:35 . 2009-04-11 15:42 -------- d-----w c:\programmi\File comuni\InstallShield
2009-04-11 19:31 . 2009-04-11 19:30 -------- d-----w c:\programmi\PDFCreator
2009-04-11 19:26 . 2009-04-11 19:26 -------- d-----w c:\programmi\uTorrent
2009-04-11 19:13 . 2009-04-11 19:12 -------- d-----w c:\programmi\eMule
2009-04-11 18:17 . 2009-04-11 15:19 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-11 18:11 . 2004-08-03 20:59 251600 --sha-r C:\ntldr
2009-04-11 16:58 . 2009-04-11 16:25 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-11 16:51 . 2009-04-11 16:51 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-04-11 16:39 . 2009-04-11 16:39 -------- d-----w c:\programmi\Foxit Software
2009-04-11 16:39 . 2009-04-11 16:39 -------- d-----w c:\documents and settings\Tascapane\Dati applicazioni\Foxit
2009-04-11 16:35 . 2009-04-11 16:35 -------- d-----w c:\programmi\File comuni\Agnitum Shared
2009-04-11 16:35 . 2009-04-11 16:35 -------- d-----w c:\programmi\Agnitum
2009-04-11 16:31 . 2009-04-11 16:32 298104 ----a-w c:\windows\system32\imon.dll
2009-04-11 16:31 . 2009-04-11 16:32 512096 ----a-w c:\windows\system32\drivers\amon.sys
2009-04-11 16:31 . 2009-04-11 16:32 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2009-04-11 16:25 . 2009-04-11 16:25 -------- d-----w c:\documents and settings\Tascapane\Dati applicazioni\Malwarebytes
2009-04-11 16:25 . 2009-04-11 16:25 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-11 15:58 . 2009-04-11 15:58 -------- d-----w c:\documents and settings\Tascapane\Dati applicazioni\Acronis
2009-04-11 15:57 . 2009-04-11 15:57 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Acronis
2009-04-11 15:56 . 2009-04-11 15:56 45984 ----a-w c:\windows\system32\ins2.exe
2009-04-11 15:51 . 2009-04-11 15:51 971584 ----a-w c:\windows\system32\drivers\tdrpm147.sys
2009-04-11 15:51 . 2009-04-11 15:51 540000 ----a-w c:\windows\system32\drivers\timntr.sys
2009-04-11 15:51 . 2009-04-11 15:51 44704 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-04-11 15:51 . 2009-04-11 15:51 134272 ----a-w c:\windows\system32\drivers\snman380.sys
2009-04-11 15:51 . 2009-04-11 15:51 -------- d-----w c:\programmi\File comuni\Acronis
2009-04-11 15:51 . 2009-04-11 15:51 -------- d-----w c:\programmi\Acronis
2009-04-11 15:47 . 2009-04-11 15:47 1024 ----a-w C:\.rnd
2009-04-11 15:46 . 2009-04-11 15:46 -------- d-----w c:\programmi\NVIDIA Corporation
2009-04-11 15:42 . 2009-04-11 15:42 -------- d-----w c:\programmi\Realtek
2009-04-11 15:22 . 2009-04-11 15:22 -------- d-----w c:\programmi\microsoft frontpage
2009-04-11 15:18 . 2009-04-11 15:18 -------- d-----w c:\programmi\Servizi in linea
2009-04-11 15:16 . 2009-04-11 15:16 21840 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-06 13:32 . 2009-04-11 16:25 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-04-11 16:25 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-06 14:19 . 2004-08-19 13:39 286208 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:09 . 2004-08-19 13:39 668672 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:09 . 2004-08-19 13:39 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:02 . 2004-08-19 15:34 2069760 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:04 . 2004-08-19 13:31 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-08-19 13:34 2192768 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2004-08-19 13:39 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-08-19 13:39 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-19 13:39 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-08-19 13:39 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-19 13:38 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2002-10-30 02:45 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-08-19 13:39 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-21 4371440]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-21 961208]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2008-11-21 165144]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-04-11 949376]
"Outpost Firewall"="c:\programmi\Agnitum\Outpost Firewall\outpost.exe" [2007-04-05 94720]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2007-06-28 335872]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-04-11 198160]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-01 16049664]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-31 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Google Updater.lnk - c:\programmi\Google\Google Updater\GoogleUpdater.exe [2009-4-22 124912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R2 gupdate1c9c383d9272c48;Servizio di Google Update (gupdate1c9c383d9272c48);c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL [2007-04-05 33568]
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\ARP.DLL [2007-04-05 17632]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\CONTENT.DLL [2007-04-05 4896]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL [2007-04-05 14656]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL [2007-04-05 9248]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL [2007-04-05 11552]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL [2007-04-05 13216]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL [2007-04-05 7168]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL [2007-04-05 14880]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL [2007-04-05 6752]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL [2007-04-05 10048]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\PROTECT.DLL [2007-04-05 15200]
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);c:\programmi\Agnitum\Outpost Firewall\kernel\SECRET.DLL [2007-04-05 13056]
S0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\DRIVERS\snman380.sys [2009-04-11 134272]
S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2009-04-11 971584]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-04-11 15424]
S1 SandBox;Outpost Firewall Sandbox Driver;c:\programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS [2007-06-26 408352]
S1 VFILT;Outpost Firewall Kernel Driver;c:\programmi\Agnitum\Outpost Firewall\kernel\FILTNT.SYS [2007-04-05 163840]

.
Contenuto della cartella 'Scheduled Tasks'

2009-04-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-22 19:52]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-wwwiuwq - c:\documents and settings\tascapane\impostazioni locali\dati applicazioni\wwwiuwq.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {5FC698AD-972E-434D-AD94-E8526C8D5F62} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Tascapane\Dati applicazioni\Mozilla\Firefox\Profiles\nv2qgmx7.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\programmi\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 22:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\programmi\Agnitum\Outpost Firewall\wl_hook.dll

- - - - - - - > 'lsass.exe'(1108)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2009-04-23 22.15.10
ComboFix-quarantined-files.txt 2009-04-23 20:15

Pre-Run: 43.488.935.936 byte disponibili
Post-Run: 43.528.368.128 byte disponibili

289 --- E O F --- 2009-04-22 17:31
Torna in alto
 
r16
Inviato: Thursday, April 23, 2009 10:35:39 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Combofix ti ha levato il navipromo che il programma Live Player ti ha "regalato". (wwwiuwq.exe )
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Dovresti essere a posto.
Torna in alto
 
giovanitasca
Inviato: Friday, April 24, 2009 1:03:38 AM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Fatto tutto. Sembra OK
Grazie
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Rogue Residue


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.