Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

HELP Il desktop è vuoto !!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

HELP Il desktop è vuoto !!

Messaggioda alverman » dom dic 14, 2008 6:04 pm

Help...ho il sospetto che qualche virus abbia colpito il pc (Windows 2000). Il sistema è diventato lento e facendo una passata con AVG7 mi ha trovato BAT_FTPER.C che credo di aver rimosso.(avg non riusciva a metterlo in quarantena).Alla successiva riaccensione il sistema dopo una breve visualizzazione fa sparire dal desktop tutte le icone e la barra dei comandi ed il pc è inutilizzabile. FAcendolo partire in modalità provvisoria riesco a far partire avg che però analizza solo una minima parte dei files presenti ed in ogni caso non trova virus. Utilizzando il pacchetto EXTERMINATE.IT mi identifica sul sistema dei trojan VUNDO e ZLOB che però non riesco a rimuovere. Ricordo che qualche tempo fa grazie al forum riuscii a risolvere un problema sempre di virus con hijackthis associato ad un altro pacchetto...avete dritte da darmi??grazie.
Avatar utente
alverman
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: ven gen 25, 2008 3:46 pm
Località: roma

Re: HELP Il desktop è vuoto !!

Messaggioda Amantide » dom dic 14, 2008 6:10 pm

Dai un occhiata a questo articolo, altrimenti scarica direttamente ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: HELP Il desktop è vuoto !!

Messaggioda alverman » lun dic 15, 2008 10:15 am

..niente con le operazioni indicate nell'articolo, bene invece con il combofix che sembra aver fatto il suo lavoro (ti allego il log).
SOno riuscito a connettermi nuovamente ad internet ed ho subito aggiornato avg. Alla prima scansione ha trovato alcuni trojan (BHO ?) sparsi uno anche nell'eseguibile EXPLORER che sono stati eliminati, almeno spero.
C'è qualcos'altro che posso fare per bonificare ulteriormente la situazione?

ComboFix 08-12-14.01 - Administrator 14/12/2008 20.49.56.1 - FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1040.18.255.48 [GMT 0:00]
Eseguito da: f:\aavv\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\IMPOST~1\Temp\tmp2.tmp
c:\documents and settings\Administrator\Menu Avvio\Programmi\Videos.url
c:\documents and settings\Administrator\Preferiti\Videos.url
C:\InfoSat.txt
c:\winnt\fxstaller.exe
c:\winnt\IE4 Error Log.txt
c:\winnt\system32\4XXh34X1.exe.a_a
c:\winnt\system32\ddcBUmLe.dll
c:\winnt\system32\drivers\fad.sys
c:\winnt\system32\dvtwqx.dll
c:\winnt\system32\eLmUBcdd.ini
c:\winnt\SYSTEM32\eLmUBcdd.ini2
c:\winnt\system32\firefoxV2.exe
c:\winnt\system32\kanfdkku.ini
c:\winnt\system32\qfgdlfnb.dll
c:\winnt\system32\ukkdfnak.dll
c:\winnt\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DISTRIBUTED_ALLOCATED_MEMORY_UNIT
-------\Legacy_MSN_RAV
-------\Legacy_{BDD0D2A1-17BD-47B5-A803-7E58A24073D9}
-------\Legacy_{FBE1D620-5418-4AAE-A0F0-316D590663A1}
-------\Service_{FBE1D620-5418-4aae-A0F0-316D590663A1}
-------\Service_Distributed Allocated Memory Unit
-------\Service_MSN RAV


((((((((((((((((((((((((( Files Creati Da 2008-11-14 al 2008-12-14 )))))))))))))))))))))))))))))))))))
.

2008-12-14 01:25 . 08-12-14 01:25 <DIR> d-------- C:\hij
2008-12-14 01:01 . 07-06-28 14:36 401,720 --------- C:\HijackThis.exe
2008-12-12 23:56 . 08-12-12 23:19 119,808 --------- C:\VundoFix.exe
2008-12-12 23:47 . 08-12-12 23:47 <DIR> d-------- C:\VundoFix Backups
2008-12-12 23:16 . 08-12-12 23:16 <DIR> d-------- c:\programmi\Exterminate It!
2008-12-12 21:24 . 08-12-12 21:24 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-12 21:24 . 08-12-12 21:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-12 21:24 . 08-12-12 21:24 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2008-12-12 21:24 . 08-12-03 19:52 38,496 --a------ c:\winnt\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-12-12 21:24 . 08-12-03 19:52 15,504 --a------ c:\winnt\SYSTEM32\DRIVERS\mbam.sys
2008-12-11 12:52 . 08-12-11 12:52 <DIR> d-------- C:\FOUND.006
2008-12-10 15:07 . 08-12-10 15:07 <DIR> d-------- C:\FOUND.005
2008-12-10 14:53 . 08-12-10 14:53 <DIR> d-------- C:\FOUND.004
2008-12-09 20:27 . 08-12-09 20:27 <DIR> d-------- C:\FOUND.003
2008-12-09 15:06 . 08-12-09 15:06 35,328 --a------ c:\winnt\SYSTEM32\yaywwWPF.dll
2008-12-09 14:39 . 08-12-09 14:39 35,328 --a------ c:\winnt\SYSTEM32\urqNFyXq.dll
2008-12-08 16:26 . 08-12-08 16:26 <DIR> d---s---- C:\SYSTEM
2008-12-08 16:08 . 08-12-08 16:08 1,025 --------- C:\osy.exe
2008-12-08 15:07 . 08-12-08 15:07 <DIR> d---s---- C:\CONFIG
2008-12-08 15:07 . 08-12-08 16:26 29,703 --------- C:\msv2008.exe
2008-12-08 13:36 . 08-12-08 13:36 <DIR> d-------- C:\FOUND.002
2008-12-07 14:50 . 08-12-07 14:50 <DIR> d-------- C:\FOUND.001
2008-12-06 12:49 . 08-12-06 12:49 <DIR> d-------- C:\FOUND.000
2008-11-28 23:36 . 08-11-28 23:36 0 --a------ c:\winnt\nsreg.dat
2008-11-22 23:36 . 08-11-22 23:36 <DIR> d-------- C:\APPOGGIO
2008-11-22 22:26 . 08-11-22 22:26 <DIR> d--h----- c:\winnt\PIF
2008-11-22 21:41 . 08-11-22 21:41 225,011 --------- C:\rep.zip
2008-11-22 21:35 . 08-11-22 21:36 <DIR> d-------- C:\AIDA 32ee_370

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 22:45 --------- d-----w c:\programmi\BitTorrent_DNA
2008-11-13 22:45 --------- d-----w c:\programmi\BitTorrent
2008-11-13 22:45 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\BitTorrent DNA
2008-11-13 22:45 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\BitTorrent
2003-07-14 15:20 271 ---h--w c:\programmi\DESKTOP.INI
2003-07-14 15:20 22,075 ---h--w c:\programmi\FOLDER.HTT
2003-06-26 07:00 32,528 ----a-w c:\winnt\INF\WBFIRDMA.SYS
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
08-12-09 14:39 35328 --a------ c:\winnt\system32\urqNFyXq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" [07-09-04 23:40 6856704]
"BitTorrent DNA"="c:\programmi\BitTorrent_DNA\dna.exe" [08-11-13 22:45 286016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_07\bin\jusched.exe" [06-05-03 02:56 36975]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03-07-29 13:30 335872]
"Nokia Connection Monitor"="c:\programmi\File comuni\Nokia\NCLTools\NclConf.exe" [02-01-04 15:59 139264]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [02-02-04 22:32 53248]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [06-01-29 17:18 155648]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [07-06-18 15:10 271360]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [08-10-18 13:30 590848]
"Synchronization Manager"="mobsync.exe" [03-06-26 07:00 111376 c:\winnt\SYSTEM32\MOBSYNC.EXE]
"ATIModeChange"="Ati2mdxx.exe" [01-09-04 16:24 28672 c:\winnt\SYSTEM32\Ati2mdxx.exe]
"PRPCMonitor"="PRPCUI.exe" [02-10-07 03:00 45568 c:\winnt\SYSTEM32\prpcui.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [07-06-19 10:17 1241088]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [08-01-29 21:52 219136]
"msnmsgr"="c:\programmi\MSN Messenger\msnmsgr.exe" [07-09-04 23:40 6856704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-26 07:00 188176]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Digital Line Detect.lnk - c:\programmi\Digital Line Detect\DLG.exe [2004-05-11 24576]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
ZoneAlarm Pro.lnk - c:\programmi\Zone Labs\ZoneAlarm\zapro.exe [2003-12-15 902528]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2005-12-25 241664]
EPSON Status Monitor 3 Environment Check.lnk - c:\winnt\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV03.EXE [1999-10-22 217600]
CN405WLUSB54 Utility LAN wireless.lnk - c:\programmi\CONITECH\CN405WLUSB54.exe [2007-11-24 704512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\winnt\system32\urqNFyXq.dll" [08-12-09 14:39 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqNFyXq]
08-12-09 14:39 35328 c:\winnt\SYSTEM32\urqNFyXq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dvtwqx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.DIVF"= DivX412.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.divxa32"= divxa32.acm
"vidc.3ivx"= 3ivxVfWCodec.dll
"msvideo8"= STV680tg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Apoint"=c:\programmi\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R0 fasttrak;fasttrak;c:\winnt\system32\DRIVERS\fasttrak.sys [1980-01-01 64418]
R0 mraid2k;mraid2k;c:\winnt\system32\DRIVERS\mraid2k.sys [1980-01-01 17258]
R1 Avg7RsNT;AVG7 Resident Driver NT;c:\winnt\system32\Drivers\avg7rsnt.sys [2008-01-29 26944]
R2 NokiaSuite3;NokiaSuite3;c:\winnt\system32\drivers\NokiaSuite3.sys [2003-12-15 837696]
R2 PPPoEService;PPPoE Service;c:\progra~1\Alice\ALICEE~1\app\pppoeservice.exe [2008-01-13 49152]
R2 PRPC;PRPC;c:\winnt\system32\drivers\PRPC.sys [2004-05-11 11951]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;\??\c:\winnt\system32\ZDCNDIS5.sys [2007-11-24 19072]
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\winnt\system32\DRIVERS\ntspppoe.sys [2008-01-13 161640]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\DRIVERS\usbhub20.sys [1980-01-01 49392]
S2 Microsoft PowerPoint Application;Microsoft PowerPoint Application;"c:\winnt\system32\dllcache\winppa.exe" []
S3 EL90BC;Driver scheda 3Com EtherLink XL B/C;c:\winnt\system32\DRIVERS\el90xbc5.sys [1980-01-01 61712]
S3 ENIMSR;ENIMSR;\??\c:\progra~1\Alice\ALICEE~1\app\ENIMSR.SYS [2008-01-13 12924]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\winnt\system32\drivers\mbamswissarmy.sys [2008-12-12 38496]
S3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [2005-08-02 32512]
S3 NTSTAP1;NTSTAP1;\??\c:\progra~1\Alice\ALICEE~1\app\NTSTAP1.SYS [2008-01-13 120128]
S3 NTSTAP2;NTSTAP2;\??\c:\progra~1\Alice\ALICEE~1\app\NTSTAP2.SYS [2005-12-22 120128]
S3 RAWESR;RAWESR;\??\c:\progra~1\Alice\ALICEE~1\app\RAWESR.SYS [2008-01-13 12924]
S3 TAPBIND;TAPBIND;\??\c:\progra~1\Alice\ALICEE~1\app\TAPBIND1.SYS [2005-12-21 44544]
S3 XG762_2K;CONITECH 802.11g XG762N Driver;c:\winnt\system32\DRIVERS\WlanUZ2K.sys [2007-11-24 449536]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67EFG7H6-8IJL-56YT-KLH4-76WE8D3RAM87}]
c:\system\S-3-7-89-2225458569-9856321456-454423558-8896\\explorer.exe
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{83665cc9-2ac3-4b38-b5a8-5d1abc6cdd59} - c:\winnt\system32\dvtwqx.dll
BHO-{A719B361-4BC0-4F71-A4D4-787FF50504DE} - c:\winnt\system32\ddcBUmLe.dll
HKLM-Run-bascstray - BascsTray.exe


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -
LSP: %SystemRoot%\system32\msafd.dll

O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\3ud5uwvw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\programmi\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF - plugin: c:\programmi\BitTorrent_DNA\npbtdna.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 20:57:45
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(204)
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\urqNFyXq.dll
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Ora fine scansione: 2008-12-14 21:00:45 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-14 21:00:44

Pre-Run: 1.124.433.920 byte disponibili
Post-Run: 1,497,694,208 byte disponibili

205
Avatar utente
alverman
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: ven gen 25, 2008 3:46 pm
Località: roma


Re: HELP Il desktop è vuoto !!

Messaggioda Amantide » lun dic 15, 2008 2:16 pm

C'è un altro po' di robaccia da rimuovere, non so se si tratta degli stessi file rilevati da AVG.
Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.
Codice: Seleziona tutto
File::
c:\winnt\SYSTEM32\yaywwWPF.dll
c:\winnt\SYSTEM32\urqNFyXq.dll
C:\osy.exe
C:\msv2008.exe
c:\winnt\SYSTEM32\dvtwqx.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqNFyXq]

Ora trascina il file CFScript.txt sull'icona di ComboFix. Aspetta il termine della scansione e posta il nuovo log di Combofix.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: HELP Il desktop è vuoto !!

Messaggioda alverman » lun dic 15, 2008 8:16 pm

fatto, anche se alcuni dei files nello script erano giA`stati piallati dalla scansione di avg (yaywwWPF.dll, msv2008.exe...).
allego il log di combofix.

ComboFix 08-12-14.01 - Administrator 15/12/2008 20.50.45.2 - FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1040.18.255.120 [GMT 0:00]
Eseguito da: C:\ComboFix.exe
Interruttori di comando utilizzati :: C:\CFScript.txt

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
C:\msv2008.exe
C:\osy.exe
c:\winnt\SYSTEM32\dvtwqx.dll
c:\winnt\SYSTEM32\urqNFyXq.dll
c:\winnt\SYSTEM32\yaywwWPF.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\osy.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-11-15 al 2008-12-15 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 22:39 96,978 ----a-w C:\VirtumundoBeGone.exe
2008-12-14 22:39 119,808 ----a-w C:\VundoFix.exe
2008-12-14 19:11 2,873,189 ----a-r C:\ComboFix.exe
2008-12-12 23:16 --------- d-----w c:\programmi\Exterminate It!
2008-12-12 21:24 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2008-12-12 21:24 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-12 21:24 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2008-12-03 19:52 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2008-12-03 19:52 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys
2008-11-22 21:41 225,011 ------w C:\rep.zip
2008-11-13 22:45 --------- d-----w c:\programmi\BitTorrent_DNA
2008-11-13 22:45 --------- d-----w c:\programmi\BitTorrent
2008-11-13 22:45 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\BitTorrent DNA
2008-11-13 22:45 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\BitTorrent
2003-07-14 15:20 271 ---h--w c:\programmi\DESKTOP.INI
2003-07-14 15:20 22,075 ---h--w c:\programmi\FOLDER.HTT
2003-06-26 07:00 32,528 ----a-w c:\winnt\INF\WBFIRDMA.SYS
.

((((((((((((((((((((((((((((( snapshot@dom 2008-12-14_21.00.13.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-15 20:50:30 16,384 ----a-w c:\winnt\SYSTEM32\Perflib_Perfdata_3fc.dat
+ 2008-12-15 17:06:18 16,384 ----a-w c:\winnt\SYSTEM32\Perflib_Perfdata_5a4.dat
+ 2008-12-14 23:49:48 16,384 ----a-w c:\winnt\SYSTEM32\Perflib_Perfdata_5a8.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" [04/09/07 23.40 6856704]
"BitTorrent DNA"="c:\programmi\BitTorrent_DNA\dna.exe" [13/11/08 22.45 286016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_07\bin\jusched.exe" [03/05/06 02.56 36975]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [29/07/03 13.30 335872]
"Nokia Connection Monitor"="c:\programmi\File comuni\Nokia\NCLTools\NclConf.exe" [04/01/02 15.59 139264]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [04/02/02 22.32 53248]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [29/01/06 17.18 155648]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/07 15.10 271360]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [18/10/08 13.30 590848]
"Synchronization Manager"="mobsync.exe" [26/06/03 07.00 111376 c:\winnt\SYSTEM32\MOBSYNC.EXE]
"ATIModeChange"="Ati2mdxx.exe" [04/09/01 16.24 28672 c:\winnt\SYSTEM32\Ati2mdxx.exe]
"PRPCMonitor"="PRPCUI.exe" [07/10/02 03.00 45568 c:\winnt\SYSTEM32\prpcui.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [19/06/07 10.17 1241088]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [29/01/08 21.52 219136]
"msnmsgr"="c:\programmi\MSN Messenger\msnmsgr.exe" [04/09/07 23.40 6856704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [26/06/03 07.00 188176]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Digital Line Detect.lnk - c:\programmi\Digital Line Detect\DLG.exe [2004-05-11 24576]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
ZoneAlarm Pro.lnk - c:\programmi\Zone Labs\ZoneAlarm\zapro.exe [2003-12-15 902528]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2005-12-25 241664]
EPSON Status Monitor 3 Environment Check.lnk - c:\winnt\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV03.EXE [1999-10-22 217600]
CN405WLUSB54 Utility LAN wireless.lnk - c:\programmi\CONITECH\CN405WLUSB54.exe [2007-11-24 704512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dvtwqx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.DIVF"= DivX412.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.divxa32"= divxa32.acm
"vidc.3ivx"= 3ivxVfWCodec.dll
"msvideo8"= STV680tg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Apoint"=c:\programmi\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R0 fasttrak;fasttrak;c:\winnt\system32\DRIVERS\fasttrak.sys [1980-01-01 64418]
R0 mraid2k;mraid2k;c:\winnt\system32\DRIVERS\mraid2k.sys [1980-01-01 17258]
R1 Avg7RsNT;AVG7 Resident Driver NT;c:\winnt\system32\Drivers\avg7rsnt.sys [2008-01-29 26944]
R2 NokiaSuite3;NokiaSuite3;c:\winnt\system32\drivers\NokiaSuite3.sys [2003-12-15 837696]
R2 PPPoEService;PPPoE Service;c:\progra~1\Alice\ALICEE~1\app\pppoeservice.exe [2008-01-13 49152]
R2 PRPC;PRPC;c:\winnt\system32\drivers\PRPC.sys [2004-05-11 11951]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;\??\c:\winnt\system32\ZDCNDIS5.sys [2007-11-24 19072]
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\winnt\system32\DRIVERS\ntspppoe.sys [2008-01-13 161640]
R3 NTSTAP1;NTSTAP1;\??\c:\progra~1\Alice\ALICEE~1\app\NTSTAP1.SYS [2008-01-13 120128]
R3 TAPBIND;TAPBIND;\??\c:\progra~1\Alice\ALICEE~1\app\TAPBIND1.SYS [2005-12-21 44544]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\DRIVERS\usbhub20.sys [1980-01-01 49392]
R3 XG762_2K;CONITECH 802.11g XG762N Driver;c:\winnt\system32\DRIVERS\WlanUZ2K.sys [2007-11-24 449536]
S2 Microsoft PowerPoint Application;Microsoft PowerPoint Application;"c:\winnt\system32\dllcache\winppa.exe" []
S3 EL90BC;Driver scheda 3Com EtherLink XL B/C;c:\winnt\system32\DRIVERS\el90xbc5.sys [1980-01-01 61712]
S3 ENIMSR;ENIMSR;\??\c:\progra~1\Alice\ALICEE~1\app\ENIMSR.SYS [2008-01-13 12924]
S3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [2005-08-02 32512]
S3 NTSTAP2;NTSTAP2;\??\c:\progra~1\Alice\ALICEE~1\app\NTSTAP2.SYS [2005-12-22 120128]
S3 RAWESR;RAWESR;\??\c:\progra~1\Alice\ALICEE~1\app\RAWESR.SYS [2008-01-13 12924]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67EFG7H6-8IJL-56YT-KLH4-76WE8D3RAM87}]
c:\system\S-3-7-89-2225458569-9856321456-454423558-8896\\explorer.exe
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -
LSP: %SystemRoot%\system32\msafd.dll

O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\3ud5uwvw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\programmi\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF - plugin: c:\programmi\BitTorrent_DNA\npbtdna.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 20:53:58
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(216)
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Ora fine scansione: 15/12/2008 20.54.50
ComboFix-quarantined-files.txt 2008-12-15 20:54:50
ComboFix2.txt 2008-12-14 21:00:48

Pre-Run: 1.123.352.576 byte disponibili
Post-Run: 1,193,705,472 byte disponibili

165
Avatar utente
alverman
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: ven gen 25, 2008 3:46 pm
Località: roma

Re: HELP Il desktop è vuoto !!

Messaggioda Amantide » lun dic 15, 2008 9:22 pm

C'è un valore di registro da modificare.
Apri il REGEDIT, trova e seleziona questa chiave:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
Nella scheda a destra trova il valore AppInit_DLLs, clicca sopra 2 volte e sotto alla voce Dati valori elimina questo dato dvtwqx.dll

Controlla su www.virustotal.com se sono buoni questi file:
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
c:\system\S-3-7-89-2225458569-9856321456-454423558-8896\\explorer.exe

EDIT:
Anzi, senza che controlli, che vista la data della creazione di queste cartelle e vista questa analisi non ci sono più i dubbi che si tratta di un trojan.

Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.
Codice: Seleziona tutto
File::
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
c:\system\S-3-7-89-2225458569-9856321456-454423558-8896\\explorer.exe
C:\rep.zip

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67EFG7H6-8IJL-56YT-KLH4-76WE8D3RAM87}]

Folder::
c:\config
c:\system

Ora trascina il file CFScript.txt sull'icona di ComboFix. Aspetta il termine della scansione e posta il nuovo log di Combofix.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: HELP Il desktop è vuoto !!

Messaggioda alverman » gio dic 18, 2008 11:57 am

fatto...spero che ora sia tutto a posto !
che mi dici?

ComboFix 08-12-14.01 - Administrator 17/12/2008 22.37.12.4 - FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1040.18.255.37 [GMT 0:00]
Eseguito da: C:\ComboFix.exe
Interruttori di comando utilizzati :: C:\CFScript.txt

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
C:\rep.zip
c:\system\S-3-7-89-2225458569-9856321456-454423558-8896\\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\config
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
C:\rep.zip
c:\system
c:\system\S-3-7-89-2225458569-9856321456-454423558-8896\Desktop.ini

.
((((((((((((((((((((((((( Files Creati Da 2008-11-17 al 2008-12-17 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 22:39 96,978 ----a-w C:\VirtumundoBeGone.exe
2008-12-14 22:39 119,808 ----a-w C:\VundoFix.exe
2008-12-14 19:11 2,873,189 ----a-r C:\ComboFix.exe
2008-12-12 23:16 --------- d-----w c:\programmi\Exterminate It!
2008-12-12 21:24 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2008-12-12 21:24 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-12 21:24 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2008-12-03 19:52 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2008-12-03 19:52 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys
2008-11-13 22:45 --------- d-----w c:\programmi\BitTorrent_DNA
2008-11-13 22:45 --------- d-----w c:\programmi\BitTorrent
2008-11-13 22:45 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\BitTorrent DNA
2008-11-13 22:45 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\BitTorrent
2003-07-14 15:20 271 ---h--w c:\programmi\DESKTOP.INI
2003-07-14 15:20 22,075 ---h--w c:\programmi\FOLDER.HTT
2003-06-26 07:00 32,528 ----a-w c:\winnt\INF\WBFIRDMA.SYS
.

((((((((((((((((((((((((((((( snapshot@dom 2008-12-14_21.00.13.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-17 22:36:52 16,384 ----a-w c:\winnt\SYSTEM32\Perflib_Perfdata_388.dat
+ 2008-12-15 20:50:30 16,384 ----a-w c:\winnt\SYSTEM32\Perflib_Perfdata_3fc.dat
+ 2008-12-14 23:49:48 16,384 ----a-w c:\winnt\SYSTEM32\Perflib_Perfdata_5a8.dat
+ 2008-12-17 22:26:44 16,384 ----a-w c:\winnt\SYSTEM32\Perflib_Perfdata_5ec.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" [04/09/07 23.40 6856704]
"BitTorrent DNA"="c:\programmi\BitTorrent_DNA\dna.exe" [13/11/08 22.45 286016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_07\bin\jusched.exe" [03/05/06 02.56 36975]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [29/07/03 13.30 335872]
"Nokia Connection Monitor"="c:\programmi\File comuni\Nokia\NCLTools\NclConf.exe" [04/01/02 15.59 139264]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [04/02/02 22.32 53248]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [29/01/06 17.18 155648]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/07 15.10 271360]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [18/10/08 13.30 590848]
"Synchronization Manager"="mobsync.exe" [26/06/03 07.00 111376 c:\winnt\SYSTEM32\MOBSYNC.EXE]
"ATIModeChange"="Ati2mdxx.exe" [04/09/01 16.24 28672 c:\winnt\SYSTEM32\Ati2mdxx.exe]
"PRPCMonitor"="PRPCUI.exe" [07/10/02 03.00 45568 c:\winnt\SYSTEM32\prpcui.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [19/06/07 10.17 1241088]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [29/01/08 21.52 219136]
"msnmsgr"="c:\programmi\MSN Messenger\msnmsgr.exe" [04/09/07 23.40 6856704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [26/06/03 07.00 188176]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Digital Line Detect.lnk - c:\programmi\Digital Line Detect\DLG.exe [2004-05-11 24576]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
ZoneAlarm Pro.lnk - c:\programmi\Zone Labs\ZoneAlarm\zapro.exe [2003-12-15 902528]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2005-12-25 241664]
EPSON Status Monitor 3 Environment Check.lnk - c:\winnt\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV03.EXE [1999-10-22 217600]
CN405WLUSB54 Utility LAN wireless.lnk - c:\programmi\CONITECH\CN405WLUSB54.exe [2007-11-24 704512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.DIVF"= DivX412.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.divxa32"= divxa32.acm
"vidc.3ivx"= 3ivxVfWCodec.dll
"msvideo8"= STV680tg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Apoint"=c:\programmi\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R0 fasttrak;fasttrak;c:\winnt\system32\DRIVERS\fasttrak.sys [1980-01-01 64418]
R0 mraid2k;mraid2k;c:\winnt\system32\DRIVERS\mraid2k.sys [1980-01-01 17258]
R1 Avg7RsNT;AVG7 Resident Driver NT;c:\winnt\system32\Drivers\avg7rsnt.sys [2008-01-29 26944]
R2 NokiaSuite3;NokiaSuite3;c:\winnt\system32\drivers\NokiaSuite3.sys [2003-12-15 837696]
R2 PPPoEService;PPPoE Service;c:\progra~1\Alice\ALICEE~1\app\pppoeservice.exe [2008-01-13 49152]
R2 PRPC;PRPC;c:\winnt\system32\drivers\PRPC.sys [2004-05-11 11951]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;\??\c:\winnt\system32\ZDCNDIS5.sys [2007-11-24 19072]
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\winnt\system32\DRIVERS\ntspppoe.sys [2008-01-13 161640]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\DRIVERS\usbhub20.sys [1980-01-01 49392]
S2 Microsoft PowerPoint Application;Microsoft PowerPoint Application;"c:\winnt\system32\dllcache\winppa.exe" []
S3 EL90BC;Driver scheda 3Com EtherLink XL B/C;c:\winnt\system32\DRIVERS\el90xbc5.sys [1980-01-01 61712]
S3 ENIMSR;ENIMSR;\??\c:\progra~1\Alice\ALICEE~1\app\ENIMSR.SYS [2008-01-13 12924]
S3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [2005-08-02 32512]
S3 NTSTAP1;NTSTAP1;\??\c:\progra~1\Alice\ALICEE~1\app\NTSTAP1.SYS [2008-01-13 120128]
S3 NTSTAP2;NTSTAP2;\??\c:\progra~1\Alice\ALICEE~1\app\NTSTAP2.SYS [2005-12-22 120128]
S3 RAWESR;RAWESR;\??\c:\progra~1\Alice\ALICEE~1\app\RAWESR.SYS [2008-01-13 12924]
S3 TAPBIND;TAPBIND;\??\c:\progra~1\Alice\ALICEE~1\app\TAPBIND1.SYS [2005-12-21 44544]
S3 XG762_2K;CONITECH 802.11g XG762N Driver;c:\winnt\system32\DRIVERS\WlanUZ2K.sys [2007-11-24 449536]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -
LSP: %SystemRoot%\system32\msafd.dll

O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\3ud5uwvw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\programmi\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF - plugin: c:\programmi\BitTorrent_DNA\npbtdna.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 22:39:42
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(204)
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Ora fine scansione: 17/12/2008 22.40.38
ComboFix-quarantined-files.txt 2008-12-17 22:40:38
ComboFix4.txt 2008-12-14 21:00:48
ComboFix3.txt 2008-12-15 20:54:52
ComboFix2.txt 2008-12-15 21:03:42

Pre-Run: 1.321.304.064 byte disponibili
Post-Run: 1,372,356,608 byte disponibili

164
Avatar utente
alverman
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: ven gen 25, 2008 3:46 pm
Località: roma

Re: HELP Il desktop è vuoto !!

Messaggioda Amantide » gio dic 18, 2008 9:42 pm

Ora il log è pulito, pertanto questi file adesso possono anche essere eliminati:

2008-12-14 22:39 96,978 ----a-w C:\VirtumundoBeGone.exe
2008-12-14 22:39 119,808 ----a-w C:\VundoFix.exe
2008-12-14 19:11 2,873,189 ----a-r C:\ComboFix.exe
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: HELP Il desktop è vuoto !!

Messaggioda alverman » gio dic 18, 2008 11:18 pm

thanks a lot !!!! [applauso+]
Avatar utente
alverman
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: ven gen 25, 2008 3:46 pm
Località: roma


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising