www.MegaLab.it

da **coolman** » mar apr 14, 2009 5:13 pm

Ciao a tutti
Ho questo problema.ad ogni scansione del mio antivirus(avast 4) viene rilevato il virus Win32 :VB-BLQ (Trj).
E' sempre nella stessa cartella ovvero:
C:\Programmi\Alwil Software\Avast4\DATA\log\aswAr1.log
lo sposto nel cestino e sistematicamente la volta seguente lo ritrovo .
Cosa si puo' fare?E' pericoloso?
a presto

da **stevens** » mar apr 14, 2009 5:59 pm

ciao

scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Per eseguirlo,doppio click su Combofix.exe
Si aprirà una finestra blu....Attendere....
Dopo qualche attimo apparirà l'avviso che declina l'autore da ogni problema legato ad una errata utilizzazione del tool.
A questo punto selezionate 1 quindi ENTER per lanciare lo scan..
Attendere.....(non fare altre manovre duante lo scan, se spariscono le icone dal desktop è del tutto normale)
Un avviso ti segnalerà la fine dell'operazione e dopo qualche attimo apparirà il log con i dettagli dello scan.
IL log verrà memorizzato in C:\Combofix.txt
Allegalo o incollalo a un post

da **coolman** » mar apr 14, 2009 6:05 pm

ok grazie steve
ma devo poi fare un nuovo post?

da **stevens** » mar apr 14, 2009 6:20 pm

una volta eseguita la scansione devi postare qui il report, senza aprire altre discussioni

da **coolman** » mar apr 14, 2009 6:26 pm

ecco il report ci combofix:

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-04-14 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxone:8080
uInternet Settings,ProxyOverride = hotspot;192;168;192;254;*.local
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Aggiungi sito di supporto RSS a VAIO Information FLOW - c:\programmi\Sony\VAIO Information FLOW\aiesc.html
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?a71d97f80d544702a9200ca75133c563
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?a71d97f80d544702a9200ca75133c563
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
FF - ProfilePath - c:\documents and settings\sony-pc\Dati applicazioni\Mozilla\Firefox\Profiles\4braiout.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programmi\Mozilla Firefox\components\SABFF20.DLL
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 19:15
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(4436)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\programmi\WIBU-SYSTEMS\System\WibuShellExt.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Ora fine scansione: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-14 17:18

Pre-Run: 17.597.411.328 byte disponibili
Post-Run: 17.603.735.552 byte disponibili

211 --- E O F --- 2009-04-09 18:47

aspetta una vostra
grazie

da **ste_95** » mar apr 14, 2009 6:33 pm

Hai tagliato il log.

da **coolman** » mar apr 14, 2009 6:35 pm

azzz
scusate:

ComboFix 09-04-14.09 - sony-pc 14/04/2009 19.12.21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.165 [GMT 2:00]
Eseguito da: c:\documents and settings\sony-pc\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090414-0] *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2009-03-14 al 2009-04-14 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 16:38 . 2007-08-30 16:56 -------- d-----w c:\documents and settings\sony-pc\Dati applicazioni\Skype
2009-04-14 15:34 . 2007-08-28 06:01 -------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-04-14 14:39 . 2008-04-28 11:14 -------- d-----w c:\documents and settings\sony-pc\Dati applicazioni\skypePM
2009-04-14 12:05 . 2007-08-30 18:01 -------- d-----w c:\programmi\Mozilla Thunderbird
2009-04-14 09:39 . 2008-05-02 13:24 -------- d-----w c:\programmi\Spyware Doctor
2009-04-14 09:33 . 2008-01-14 15:06 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-04-12 17:35 . 2007-09-09 16:07 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-04-10 18:22 . 2007-12-26 15:11 8613 ----a-w C:\VCIError.log
2009-04-06 10:22 . 2006-07-31 03:37 73958 ----a-w c:\windows\system32\perfc010.dat
2009-04-06 10:22 . 2006-07-31 03:37 449782 ----a-w c:\windows\system32\perfh010.dat
2009-03-25 17:29 . 2007-08-30 18:21 -------- d-----w c:\documents and settings\sony-pc\Dati applicazioni\foobar2000
2009-03-19 20:25 . 2006-08-01 08:15 -------- d-----w c:\programmi\File comuni\Symantec Shared
2009-03-19 20:23 . 2008-01-14 15:27 -------- d-----w c:\programmi\Norton Security Scan
2009-03-16 18:05 . 2008-04-25 14:27 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-25 18:04 . 2006-08-01 08:13 -------- d-----w c:\programmi\Google
2009-02-19 23:29 . 2009-02-19 23:29 1119 ----a-w C:\INSTALL.LOG
2009-02-09 15:44 . 2008-05-08 16:28 0 ----a-w C:\ctapi_out_gr.txt
2009-02-09 14:04 . 2006-07-31 03:37 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 15:25 . 2007-09-01 17:25 7662 ----a-w c:\documents and settings\sony-pc\Dati applicazioni\wklnhst.dat
2008-07-09 09:36 . 2007-08-31 09:03 77640 ----a-w c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-04-28 11:14 . 2008-04-28 11:14 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-01-16 17:17 . 2008-01-16 17:17 21504 ----a-w c:\programmi\FLV PlayerRCATSetup.exe
2008-01-16 17:15 . 2008-01-16 17:10 411248 ----a-w c:\programmi\FLV PlayerRCSetup.exe
2008-01-14 17:36 . 2008-01-14 17:36 38304 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-12-26 14:52 . 2007-08-28 04:41 136 ----a-w c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\fusioncache.dat
2006-07-31 11:49 . 2006-07-31 11:49 142 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\fusioncache.dat
2008-04-28 13:2007-10-06 13:56 24:13 . c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2004-05-07 13:2007-08-30 18:01 31:40 . c:\programmi\mozilla firefox\components\MSVCR71.DLL
2006-11-07 10:2007-08-30 18:01 58:44 . c:\programmi\mozilla firefox\components\SABFF20.DLL
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"VAIOCameraUtility"="c:\programmi\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"vsc32cnf.exe"="c:\programmi\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\programmi\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-28 29744]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe" [2008-11-13 1168264]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"VAIO Update 4"="c:\programmi\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"MySpaceIM"="c:\programmi\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"Picasa Media Detector"="c:\programmi\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Audio Filter.lnk - c:\programmi\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2007-8-28 5649408]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 12:51 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\FILECO~1\SONYSH~1\VideoLib\sonydv.dll
"MIDI3"= vscapi.dll
"WAVE3"= vscapi.dll
"wave8"= fireface_mme.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R3 cc5f4ad3-754d-4552-8b24-413359a0fd24;cc5f4ad3-754d-4552-8b24-413359a0fd24; [x]
R3 fireface;Service for Fireface (WDM); [x]
S1 Asapi;Asapi; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-12-18 33792]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WIN31.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22714561-6614-11dc-821a-0013a94a6c15}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31dad33c-f2bd-11dc-834a-0013a94a6c15}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf103fe3-d5bd-11dd-a072-0013a94a6c15}]
\Shell\Shell00\Command - G:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c43fe1b2-9156-11dd-a05e-0013a94a6c15}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2009-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-30 18:41]

2009-04-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-02-20 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe [2007-09-18 22:42]

2009-03-21 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-04-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-04-14 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxone:8080
uInternet Settings,ProxyOverride = hotspot;192;168;192;254;*.local
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Aggiungi sito di supporto RSS a VAIO Information FLOW - c:\programmi\Sony\VAIO Information FLOW\aiesc.html
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?a71d97f80d544702a9200ca75133c563
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?a71d97f80d544702a9200ca75133c563
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
FF - ProfilePath - c:\documents and settings\sony-pc\Dati applicazioni\Mozilla\Firefox\Profiles\4braiout.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programmi\Mozilla Firefox\components\SABFF20.DLL
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 19:15
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(4436)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\programmi\WIBU-SYSTEMS\System\WibuShellExt.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Ora fine scansione: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-14 17:18

Pre-Run: 17.597.411.328 byte disponibili
Post-Run: 17.603.735.552 byte disponibili

211 --- E O F --- 2009-04-09 18:47

da **ste_95** » mar apr 14, 2009 6:50 pm

Com'è possibile?? Quello è un file di log di Avast, ed è giusto che si ricrei ogni volta.
Quando ti viene rilevato, posta qui il suo contenuto.

da **coolman** » mar apr 14, 2009 7:25 pm

il log di avast e' quello che ho scritto nel primo messaggio...

da **ste_95** » mar apr 14, 2009 7:28 pm

All'interno del file di testo c'è solo quello?

da **coolman** » mar apr 14, 2009 7:28 pm

si

da **Amantide** » mar apr 14, 2009 7:53 pm

Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.

Codice: Seleziona tutto: File:: c:\windows\system32\sxs.exe c:\windows\sxs.exe c:\sxs.exe c:\WIN31.dll.vbs c:\windows\WIN31.dll.vbs c:\autorun.inf c:\Recycled\ctfmon.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22714561-6614-11dc-821a-0013a94a6c15}] Folder:: c:\Recycled

Ora trascina il file CFScript.txt sull'icona di ComboFix. Aspetta il termine della scansione e posta il nuovo log di Combofix.

Dopo aver fatto questo, metti a portata di mano tutte le chiavette USB, hard disk esterni e lettori mp3 che hai ed esegui questo tool http://download.bleepingcomputer.com/sU ... fector.exe
Ad un certo punto ti dovrebbe chiedere di collegarle al pc per procedere con la disinfettazione.

da **coolman** » mar apr 14, 2009 8:34 pm

ecco il nuovo log di combo fix

ComboFix 09-04-14.09 - sony-pc 14/04/2009 21.27.48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.276 [GMT 2:00]
Eseguito da: c:\documents and settings\sony-pc\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\sony-pc\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090414-0] *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino

FILE ::
c:\autorun.inf
c:\recycled\ctfmon.exe
c:\sxs.exe
c:\WIN31.dll.vbs
c:\windows\sxs.exe
c:\windows\system32\sxs.exe
c:\windows\WIN31.dll.vbs
.

((((((((((((((((((((((((( Files Creati Da 2009-03-14 al 2009-04-14 )))))))))))))))))))))))))))))))))))
.

2009-04-14 19:25 . 2009-04-14 19:25 -------- d-----w C:\32788R22FWJFW.0.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 19:27 . 2007-08-30 16:56 -------- d-----w c:\documents and settings\sony-pc\Dati applicazioni\Skype
2009-04-14 19:01 . 2007-08-30 18:01 -------- d-----w c:\programmi\Mozilla Thunderbird
2009-04-14 15:34 . 2007-08-28 06:01 -------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-04-14 14:39 . 2008-04-28 11:14 -------- d-----w c:\documents and settings\sony-pc\Dati applicazioni\skypePM
2009-04-14 09:39 . 2008-05-02 13:24 -------- d-----w c:\programmi\Spyware Doctor
2009-04-14 09:33 . 2008-01-14 15:06 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-04-12 17:35 . 2007-09-09 16:07 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-04-10 18:22 . 2007-12-26 15:11 8613 ----a-w C:\VCIError.log
2009-04-06 10:22 . 2006-07-31 03:37 73958 ----a-w c:\windows\system32\perfc010.dat
2009-04-06 10:22 . 2006-07-31 03:37 449782 ----a-w c:\windows\system32\perfh010.dat
2009-03-25 17:29 . 2007-08-30 18:21 -------- d-----w c:\documents and settings\sony-pc\Dati applicazioni\foobar2000
2009-03-19 20:25 . 2006-08-01 08:15 -------- d-----w c:\programmi\File comuni\Symantec Shared
2009-03-19 20:23 . 2008-01-14 15:27 -------- d-----w c:\programmi\Norton Security Scan
2009-03-16 18:05 . 2008-04-25 14:27 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-25 18:04 . 2006-08-01 08:13 -------- d-----w c:\programmi\Google
2009-02-19 23:29 . 2009-02-19 23:29 1119 ----a-w C:\INSTALL.LOG
2009-02-09 15:44 . 2008-05-08 16:28 0 ----a-w C:\ctapi_out_gr.txt
2009-02-09 14:04 . 2006-07-31 03:37 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 15:25 . 2007-09-01 17:25 7662 ----a-w c:\documents and settings\sony-pc\Dati applicazioni\wklnhst.dat
2008-07-09 09:36 . 2007-08-31 09:03 77640 ----a-w c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-04-28 11:14 . 2008-04-28 11:14 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-01-16 17:17 . 2008-01-16 17:17 21504 ----a-w c:\programmi\FLV PlayerRCATSetup.exe
2008-01-16 17:15 . 2008-01-16 17:10 411248 ----a-w c:\programmi\FLV PlayerRCSetup.exe
2008-01-14 17:36 . 2008-01-14 17:36 38304 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-12-26 14:52 . 2007-08-28 04:41 136 ----a-w c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\fusioncache.dat
2006-07-31 11:49 . 2006-07-31 11:49 142 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\fusioncache.dat
2008-04-28 13:2007-10-06 13:56 24:13 . c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2004-05-07 13:2007-08-30 18:01 31:40 . c:\programmi\mozilla firefox\components\MSVCR71.DLL
2006-11-07 10:2007-08-30 18:01 58:44 . c:\programmi\mozilla firefox\components\SABFF20.DLL
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"VAIOCameraUtility"="c:\programmi\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"vsc32cnf.exe"="c:\programmi\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\programmi\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-28 29744]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe" [2008-11-13 1168264]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"VAIO Update 4"="c:\programmi\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"MySpaceIM"="c:\programmi\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"Picasa Media Detector"="c:\programmi\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Audio Filter.lnk - c:\programmi\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2007-8-28 5649408]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 12:51 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\FILECO~1\SONYSH~1\VideoLib\sonydv.dll
"MIDI3"= vscapi.dll
"WAVE3"= vscapi.dll
"wave8"= fireface_mme.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R3 cc5f4ad3-754d-4552-8b24-413359a0fd24;cc5f4ad3-754d-4552-8b24-413359a0fd24; [x]
R3 fireface;Service for Fireface (WDM); [x]
S1 Asapi;Asapi; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-12-18 33792]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31dad33c-f2bd-11dc-834a-0013a94a6c15}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf103fe3-d5bd-11dd-a072-0013a94a6c15}]
\Shell\Shell00\Command - G:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c43fe1b2-9156-11dd-a05e-0013a94a6c15}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2009-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-30 18:41]

2009-04-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-02-20 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe [2007-09-18 22:42]

2009-03-21 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-04-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-04-14 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxone:8080
uInternet Settings,ProxyOverride = hotspot;192;168;192;254;*.local
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Aggiungi sito di supporto RSS a VAIO Information FLOW - c:\programmi\Sony\VAIO Information FLOW\aiesc.html
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?a71d97f80d544702a9200ca75133c563
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?a71d97f80d544702a9200ca75133c563
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
FF - ProfilePath - c:\documents and settings\sony-pc\Dati applicazioni\Mozilla\Firefox\Profiles\4braiout.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programmi\Mozilla Firefox\components\SABFF20.DLL
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 21:31
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(3036)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
Ora fine scansione: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-14 19:33
ComboFix2.txt 2009-04-14 17:18

Pre-Run: 17.442.230.272 byte disponibili
Post-Run: 17.494.073.344 byte disponibili

213 --- E O F --- 2009-04-09 18:47

da **coolman** » mar apr 14, 2009 8:36 pm

ok
ho fatto anche la cosa con flash disinfector

da **Amantide** » mar apr 14, 2009 8:50 pm

coolman ha scritto:ok
ho fatto anche la cosa con flash disinfector

Hai fatto caso se questo ha rimosso qualcosa?

Abilita la visualizzazione dei file nascosti e di sistema e vedi se in C:\ è presente la cartella Recycled, con la D finale (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti e togli la spunta a Nascondi i file protetti di sistema (da rimettere dopo).

da **coolman** » mer apr 15, 2009 5:19 pm

ok
grazie .ho guardato facendo quello che mi hai detto ma non c'e recycled.

da **Amantide** » mer apr 15, 2009 5:55 pm

Nel preparare lo script per Combofix mi era sfugita una chiave da rimuovere:

Prepara un altro file CFScript.txt con questo contenuto e trascinalo sull'eseguibile di Combofix:

Codice: Seleziona tutto: registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c43fe1b2-9156-11dd-a05e-0013a94a6c15}]

Postami anche il nuovo log creato.

da **coolman** » mer apr 15, 2009 6:04 pm

ok quando lo faccio poi ti posto il log
buona serata

da **coolman** » ven apr 17, 2009 7:18 pm

ecco il nuovo log di combofix

ComboFix 09-04-14.09 - sony-pc 16/04/2009 15.31.59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.334 [GMT 2:00]
Eseguito da: c:\documents and settings\sony-pc\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\sony-pc\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090415-0] *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2009-03-16 al 2009-04-16 )))))))))))))))))))))))))))))))))))
.

2009-04-15 16:15 . 2009-04-15 16:15 -------- d-sh--w c:\documents and settings\sony-pc\UserData
2009-04-14 19:37 . 2009-04-14 19:37 -------- d-sha-r C:\autorun.inf
2009-04-14 19:25 . 2009-04-14 19:25 -------- d-----w C:\32788R22FWJFW.0.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 17:01 . 2007-08-30 18:01 -------- d-----w c:\programmi\Mozilla Thunderbird
2009-04-15 16:11 . 2008-01-14 15:06 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-04-15 15:14 . 2007-08-28 06:01 -------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-04-15 12:09 . 2007-09-09 16:07 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-04-14 19:27 . 2007-08-30 16:56 -------- d-----w c:\documents and settings\sony-pc\Dati applicazioni\Skype
2009-04-14 14:39 . 2008-04-28 11:14 -------- d-----w c:\documents and settings\sony-pc\Dati applicazioni\skypePM
2009-04-14 09:39 . 2008-05-02 13:24 -------- d-----w c:\programmi\Spyware Doctor
2009-04-10 18:22 . 2007-12-26 15:11 8613 ----a-w C:\VCIError.log
2009-04-06 10:22 . 2006-07-31 03:37 73958 ----a-w c:\windows\system32\perfc010.dat
2009-04-06 10:22 . 2006-07-31 03:37 449782 ----a-w c:\windows\system32\perfh010.dat
2009-03-25 17:29 . 2007-08-30 18:21 -------- d-----w c:\documents and settings\sony-pc\Dati applicazioni\foobar2000
2009-03-19 20:25 . 2006-08-01 08:15 -------- d-----w c:\programmi\File comuni\Symantec Shared
2009-03-19 20:23 . 2008-01-14 15:27 -------- d-----w c:\programmi\Norton Security Scan
2009-03-16 18:05 . 2008-04-25 14:27 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-25 18:04 . 2006-08-01 08:13 -------- d-----w c:\programmi\Google
2009-02-19 23:29 . 2009-02-19 23:29 1119 ----a-w C:\INSTALL.LOG
2009-02-09 15:44 . 2008-05-08 16:28 0 ----a-w C:\ctapi_out_gr.txt
2009-02-09 14:04 . 2006-07-31 03:37 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 15:25 . 2007-09-01 17:25 7662 ----a-w c:\documents and settings\sony-pc\Dati applicazioni\wklnhst.dat
2008-07-09 09:36 . 2007-08-31 09:03 77640 ----a-w c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-04-28 11:14 . 2008-04-28 11:14 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-01-16 17:17 . 2008-01-16 17:17 21504 ----a-w c:\programmi\FLV PlayerRCATSetup.exe
2008-01-16 17:15 . 2008-01-16 17:10 411248 ----a-w c:\programmi\FLV PlayerRCSetup.exe
2008-01-14 17:36 . 2008-01-14 17:36 38304 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-12-26 14:52 . 2007-08-28 04:41 136 ----a-w c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\fusioncache.dat
2006-07-31 11:49 . 2006-07-31 11:49 142 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\fusioncache.dat
2008-04-28 13:2007-10-06 13:56 24:13 . c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2004-05-07 13:2007-08-30 18:01 31:40 . c:\programmi\mozilla firefox\components\MSVCR71.DLL
2006-11-07 10:2007-08-30 18:01 58:44 . c:\programmi\mozilla firefox\components\SABFF20.DLL
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"VAIOCameraUtility"="c:\programmi\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"vsc32cnf.exe"="c:\programmi\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\programmi\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-28 29744]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe" [2008-11-13 1168264]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"VAIO Update 4"="c:\programmi\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"MySpaceIM"="c:\programmi\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"Picasa Media Detector"="c:\programmi\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Audio Filter.lnk - c:\programmi\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2007-8-28 5649408]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 12:51 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\FILECO~1\SONYSH~1\VideoLib\sonydv.dll
"MIDI3"= vscapi.dll
"WAVE3"= vscapi.dll
"wave8"= fireface_mme.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R3 cc5f4ad3-754d-4552-8b24-413359a0fd24;cc5f4ad3-754d-4552-8b24-413359a0fd24; [x]
R3 fireface;Service for Fireface (WDM); [x]
S1 Asapi;Asapi; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-12-18 33792]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31dad33c-f2bd-11dc-834a-0013a94a6c15}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf103fe3-d5bd-11dd-a072-0013a94a6c15}]
\Shell\Shell00\Command - G:\Start.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2009-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-30 18:41]

2009-04-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-02-20 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe [2007-09-18 22:42]

2009-03-21 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-04-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-04-15 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxone:8080
uInternet Settings,ProxyOverride = hotspot;192;168;192;254;*.local
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Aggiungi sito di supporto RSS a VAIO Information FLOW - c:\programmi\Sony\VAIO Information FLOW\aiesc.html
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?a71d97f80d544702a9200ca75133c563
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?a71d97f80d544702a9200ca75133c563
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
FF - ProfilePath - c:\documents and settings\sony-pc\Dati applicazioni\Mozilla\Firefox\Profiles\4braiout.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programmi\Mozilla Firefox\components\SABFF20.DLL
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 15:35
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-16 13:37
ComboFix2.txt 2009-04-14 19:33
ComboFix3.txt 2009-04-14 17:18

Pre-Run: 17.546.305.536 byte disponibili
Post-Run: 17.543.450.624 byte disponibili

203 --- E O F --- 2009-04-09 18:47

da **Amantide** » ven apr 17, 2009 7:27 pm

Il log sembra essere pulito ora, però ti consiglio di sostituire l'antivirus con uno più efficace, ad esempio Avira.

www.MegaLab.it

Win32:VB-BLQ

Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Re: Win32:VB-BLQ

Chi c’è in linea