MegaLab.it


http://www.megalab.it/forum/

Aiuto !.... Virtob ?

./viewtopic.php?f=33&t=61581&start=0

Pagina 1 di 1

Aiuto !.... Virtob ?

MessaggioInviato: mer feb 10, 2010 7:22 pm
da tyger
E' da qualche giorno che Avast, sul mio portatile, mi segnala la presenza di worm non meno identificati all'interno di due salvaschermo (.scr)
scaricati da internet. Da ricerche in rete ho scoperto che potrebbe essere il virus/worm "Win32:Virtob",
il quale si annida all'interno di file ".exe" e ".scr".
Allego il log di HiJackThis per un'eventuale anima buona che avrebbe voglia di darmi una mano.
Grazie in anticipo a tutti. [uhm]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.37.38, on 10/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\livemessn.exe
C:\Programmi\File comuni\EPSON\eEBAPI\eEBSVC.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Software\Virus\Trojan_Bagle_1\Troyan_Bagle_Nuovo\MegaLab.it_H_i_J_a_C_k_T_h_I_s.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barra degli Strumenti di IdiomaX - {477A7A3C-8B11-4B02-ADD1-7A01C4D00FA2} - C:\Programmi\File comuni\IdiomaX Shared\Cat 6.0\TrdIEAddIn.dll
O3 - Toolbar: (no name) - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IdiomaX Office] C:\Programmi\IdiomaX\Translation Suite 5.0\IdxOffice.exe
O4 - HKLM\..\Run: [IdiomaX Product Update] C:\Programmi\File comuni\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Programmi\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\livemessn.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Office B40W(Rete)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIELE.EXE /FU "C:\WINDOWS\TEMP\E_S54.tmp" /EF "HKCU"
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\livemessn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Mostra/Nascondi Barra di Traduzione - {FE768A8F-9F88-4511-B28B-552ED2F6B500} - C:\Programmi\File comuni\IdiomaX Shared\Cat 6.0\TrdIEAddIn.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=presario&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 8871 bytes

Re: Aiuto !.... Virtob ?

MessaggioInviato: mer feb 10, 2010 7:44 pm
da gioia271965
L'impressione che ho, a parte l'eccessivo numero di programmi attivi all'avvio, è che il log sia pulito. Prova a fare una scansione completa con Malwarebytes in modalità provvisoria e vedi se risolvi il problema. Prima di iniziare la scansione disattiva il servizio di ripristino di configurazione di sistema. Poi ti consiglio di ridurre sensibilmente i programmi attivi allo start e le troppe start page che hai attive. Questo però, solo per accelerare l'avvio stesso del pc. Per il resto attendiamo altri pareri.

Re: Aiuto !.... Virtob ?

MessaggioInviato: mer feb 10, 2010 9:29 pm
da tiger
Dopo la scansione consigliata con Malwarebytes, effettua una scansione con combofix (se ci sono rootkit li elimina) e posta il risultato finale.

Re: Aiuto !.... Virtob ?

MessaggioInviato: mer feb 10, 2010 10:53 pm
da tyger
tiger ha scritto:Dopo la scansione consigliata con Malwarebytes, effettua una scansione con combofix (se ci sono rootkit li elimina) e posta il risultato finale.

Grazie per l'interessamento.

ComboFix 10-02-10.01 - 1_Maria 10/02/2010 22.51.11.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1014.627 [GMT 1:00]
Eseguito da: c:\documents and settings\1_Maria\Desktop\C-o-m-b-o-F-i-x.exe
AV: avast! antivirus 4.8.1356 [VPS 100210-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db

.
((((((((((((((((((((((((( Files Creati Da 2010-01-10 al 2010-02-10 )))))))))))))))))))))))))))))))))))
.

2010-02-10 21:04 . 2010-02-10 21:03 397824 ----a-w- c:\windows\system32\CF3957.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 22:52 . 2006-03-27 06:03 63600 ----a-w- c:\windows\system32\perfc010.dat
2010-02-09 22:52 . 2006-03-27 06:03 426042 ----a-w- c:\windows\system32\perfh010.dat
2010-01-17 19:04 . 2009-09-07 17:27 -------- d-----w- c:\programmi\Edraw Max
2010-01-10 19:01 . 2006-05-17 10:40 -------- d-----w- c:\programmi\Java
2010-01-10 19:00 . 2010-01-10 19:00 152576 ----a-w- c:\documents and settings\1_Maria\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-10 19:00 . 2010-01-10 19:00 79488 ----a-w- c:\documents and settings\1_Maria\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-06 21:07 . 2009-05-26 19:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-06 15:56 . 2009-05-12 10:29 -------- d---a-w- c:\programmi\mIRC
2010-01-02 19:00 . 2010-01-02 19:00 1675 ----a-w- c:\documents and settings\1_Maria\Application Data\SAS7_000.DAT
2010-01-02 16:42 . 2010-01-02 16:42 -------- d-----w- c:\documents and settings\1_Maria\Application Data\Nuance
2010-01-02 16:41 . 2010-01-02 16:41 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2010-01-02 16:41 . 2010-01-02 16:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2010-01-02 16:41 . 2010-01-02 16:41 -------- d-----w- c:\programmi\File comuni\Nuance
2010-01-02 16:40 . 2010-01-02 16:40 -------- d-----w- c:\programmi\Nuance
2010-01-02 16:40 . 2010-01-02 16:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nuance
2009-12-31 16:51 . 2009-12-31 16:51 -------- d-----w- c:\documents and settings\1_Maria\Application Data\Jasc
2009-12-28 18:13 . 2009-12-28 16:52 12288 ----a-w- c:\windows\impborl.dll
2009-12-26 13:49 . 2009-12-26 13:49 -------- d-----w- c:\programmi\AVIConverter
2009-12-24 16:39 . 2007-03-13 18:06 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-24 16:39 . 2007-03-13 18:06 56 --sh--r- c:\windows\system32\E060BF6625.sys
2009-12-24 16:36 . 2009-12-24 16:36 -------- d-----w- c:\documents and settings\2_Giuseppe\Application Data\Corel
2006-12-28 14:00 . 2006-12-28 14:00 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"IdiomaX Office"="c:\programmi\IdiomaX\Translation Suite 5.0\IdxOffice.exe" [2007-07-15 422448]
"IdiomaX Product Update"="c:\programmi\File comuni\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe" [2007-07-15 533040]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"DNS7reminder"="c:\programmi\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-04-16 259624]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\2_Giuseppe\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Java\\jre1.5.0_16\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:VNC Server
"4662:TCP"= 4662:TCP:eMule
"4672:UDP"= 4672:UDP:eMule

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/08/2008 18.08.11 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/08/2008 18.08.11 20560]
S3 pwalker;Process Walker Driver;\??\c:\docume~1\2_GIUS~1\IMPOST~1\Temp\nsy4.tmp\pwalker.sys --> c:\docume~1\2_GIUS~1\IMPOST~1\Temp\nsy4.tmp\pwalker.sys [?]
S4 Amwup10xtnf;Amwup10xtnf; [x]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-04 c:\windows\Tasks\Aggiornamento dei Prodotti di IdiomaX.job
- c:\programmi\File comuni\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe [2007-07-15 21:40]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.tiscali.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://codecs.r8.org/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\1_Maria\Application Data\Mozilla\Firefox\Profiles\k2go3fic.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-SITEguard - (no file)
HKLM-Run-USB2Check - c:\windows\system32\PCLECoInst.dll
SafeBoot-dllcache
AddRemove-3DNA Loft Package - c:\progra~1\3DNA\UNWISE.EXE
AddRemove-HijackThis - f:\bagle\Troyan_Bagle_vecchio\HijackThis.exe
AddRemove-Living Marine Aquarium 2.0 Animated Wallpaper - c:\progra~1\Freeze.com\LIVING~1.0AN\UNINSTAL.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 22:54
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe?????????? ???@???????????????@??????_??????(?@???????@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2010-02-10 22:55:45
ComboFix-quarantined-files.txt 2010-02-10 21:55

Pre-Run: 18.446.524.416 byte disponibili
Post-Run: 18.402.783.232 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D3092E6F57C1F8CD5486D8E631AEBD49

Re: Aiuto !.... Virtob ?

MessaggioInviato: gio feb 11, 2010 8:04 am
da crazy.cat
Intanto passa ad avast 5 che è meglio del vecchio.
Poi vedi di cancellare anche questo virus che li bello attivo.
tyger ha scritto:O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\livemessn.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\livemessn.exe

Il resto dei log è pulito.
bisognerebbe anche aggiornarsi al sp3 e a ie8 che sarebbe ora, se non si aggiorna il pc si rimane scoperti e i virus entrano meglio.
Tutti gli orari sono UTC + 1 ora [ ora legale ]
Pagina 1 di 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/