www.MegaLab.it

da **guglielmotello** » gio nov 29, 2007 9:38 pm

ComboFix 07-11-19.4C - Admin 2007-11-29 21.30.43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.155 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2007-10-28 al 2007-11-29 )))))))))))))))))))))))))))))))))))
.

2007-11-16 22:26 32,760 -r-hs---- C:\WINDOWS\system32\avpo0.dll
2007-11-16 21:59 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Intel
2007-11-16 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2007-11-09 14:33 94,379 -r-hs---- C:\WINDOWS\system32\avpo.exe
2007-11-09 14:30 <DIR> d-------- C:\Documents and Settings\Admin\Dati applicazioni\U3
2007-11-08 22:44 <DIR> d-------- C:\Documents and Settings\Admin\.dia
2007-11-08 22:43 <DIR> d-------- C:\Programmi\Dia
2007-11-01 11:58 <DIR> d-------- C:\Documents and Settings\Admin\Dati applicazioni\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 14:03 --------- d-----w C:\Programmi\Avast4
2007-12-26 21:49 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-26 21:49 --------- d-----w C:\Programmi\WarRock
2007-12-25 21:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2007-12-25 15:19 --------- d-----w C:\Programmi\ATS2
2007-12-24 20:15 --------- d-----w C:\Documents and Settings\Admin\Dati applicazioni\OpenOffice.org2
2007-11-29 14:10 --------- d-----w C:\Documents and Settings\Admin\Dati applicazioni\MegauploadToolbar
2007-11-16 20:45 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2007-11-08 19:55 --------- d-----w C:\Documents and Settings\Admin\Dati applicazioni\AdobeUM
2007-10-29 21:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-29 21:54 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-10-20 13:16 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-19 12:57 --------- d-----w C:\Programmi\Sun
2007-10-19 12:57 --------- d-----w C:\Programmi\Java
2007-10-19 12:29 --------- d-----w C:\Programmi\TextPad 4
2007-10-19 12:29 --------- d-----w C:\Documents and Settings\Admin\Dati applicazioni\TextPad
2007-10-19 12:28 --------- d-----w C:\Programmi\ConTEXT
2007-10-19 09:53 --------- d-----w C:\Programmi\MegauploadToolbar
2007-10-19 09:44 --------- d-----w C:\Programmi\Wolfram Research
2007-10-16 19:59 --------- d-----w C:\Programmi\Spybot
2007-10-16 19:44 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\Intel
2007-10-16 19:40 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-10-15 20:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\EPSON
2007-10-15 20:20 --------- d-----w C:\Documents and Settings\Admin\Dati applicazioni\Skype
2007-10-15 20:19 --------- d-----w C:\Programmi\MSN Messenger
2007-10-15 18:50 --------- d-----w C:\Programmi\MSXML 4.0
2006-08-31 13:29 24,192 -c--a-w C:\Documents and Settings\Admin\usbsermptxp.sys
2006-08-31 13:29 22,768 -c--a-w C:\Documents and Settings\Admin\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 12:00]
"\\Danypc\EPSON Stylus Photo R265 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.exe" [2006-05-19 05:00]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2003-10-31 00:46]
"PadTouch"="C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 22:37 C:\WINDOWS\agrsmmsg.exe]
"CeEKEY"="C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-21 21:48]
"TPNF"="C:\Programmi\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 21:06]
"TOSHIBA Accessibility"="C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-07 20:24]
"Zooming"="ZoomingHook.exe" [2004-07-14 15:07 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-02-16 13:43 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-02-17 10:11 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 10:44]
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 16:57]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 00:05]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 20:05]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-02-16 10:54]
"IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 23:38]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 23:32]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 12:00]

C:\Documents and Settings\Admin\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 2.2.lnk]
path=C:\Documents and Settings\Admin\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 2.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programmi\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"matlabserver"=2 (0x2)

R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys
R1 SrvcEKIOMngr;SrvcEKIOMngr;C:\WINDOWS\system32\Drivers\EKIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
S1 StickyMesger;StickyMesger;\??\C:\Programmi\TOSHIBA\Accessibility\StickyMesger.sys
S3 FVNETusb(505 2958)(R); FVNETusb(505 2958)(R) Service for Wireless LAN 11Mbps USB Adapter;C:\WINDOWS\system32\DRIVERS\vnet558x.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 SIWIO;SIWIO;\??\C:\WINDOWS\TEMP\SiwIo.sys
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5195d6-8eac-11dc-ab28-0008a176f5a5}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16a6d060-4bbf-11da-b0f9-0008a176f5c7}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b25ec89a-b1f7-11db-a9b0-0008a176f5a5}]
\Shell\verb1\command - Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.bat

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 21:33:47
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\Danypc\\EPSON Stylus Photo R265 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBNE.EXE /FU \"C:\\DOCUME~1\\Admin\\IMPOST~1\\Temp\\E_S1A.tmp\" /EF \"HKCU\""
.
Ora fine scansione: 2007-11-29 21.34.49
.
--- E O F ---

da **tecnico24** » gio nov 29, 2007 9:45 pm

prova così:
Start - esegui - regedit e posizionati sulla chiave
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced
Nel frame di destra assicurati che il Valore Reg_Dword "Hidden" sia
impostato a "1"
1) Visualizza file e cartelle nascoste
2) Non Visualizza file e cartelle nascoste
Se hai un valore reg_sz "Hidden" cancellalo.
Riavvia il pc.

da **guglielmotello** » gio nov 29, 2007 9:50 pm

grande tutto risolto....Grazie di cuore e scusa il disturbo.... sei forte grazie ancora....

da **guglielmotello** » gio nov 29, 2007 9:54 pm

una cosa come posso imparare a leggere i log che ho postato prima???

da **tecnico24** » gio nov 29, 2007 9:59 pm

quello di hijackthis?!?:
www.hijackthis.de
quello di combofix si legge per ultimo e te lo dice.

da **ste_95** » ven nov 30, 2007 7:02 am

Sono rimasti alcuni residui che sarebbe bene togliere:

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\avpo0.dll
C:\WINDOWS\system32\avpo.exe

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

www.MegaLab.it

trojan Autorun-C

Chi c’è in linea