Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Malware maledetto

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Malware maledetto

Messaggioda ovins » sab lug 31, 2010 6:12 pm

Ciao a tutti, qualche giorno fa, un pendrive solitamente usato ha smesso di funzionare come faceva di solito. L'unico modo per aprirlo era utilizzare l'opzione esplora. Ho formattato il pendrive, ho fatto il controllo con AVG che non ha trovato nulla, ma ogni volta che collego il pendrive incriminato ad un altro pc questo mi segnala la presenza di un malware nel pendrive. A seguito di ricerche su internet ho trovato combofix, il quale mi ha generato un file di log. Qualcuno ha la possibilità di tradurmelo? :D

ComboFix 10-07-30.04 - Utente 31/07/2010 18.47.22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.895.451 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Creati Da 2010-06-28 al 2010-07-31 )))))))))))))))))))))))))))))))))))
.

2010-07-21 07:57 . 2010-07-21 07:57 1615200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssie.dll
2010-07-21 07:57 . 2010-07-21 07:57 921440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgemc.exe
2010-07-21 07:57 . 2010-07-21 07:57 4368224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-07-21 07:57 . 2010-07-21 07:57 1373536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssff.dll
2010-07-21 07:57 . 2010-07-21 07:57 1107296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgxpl.dll
2010-07-17 07:49 . 2010-07-17 07:49 242896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-07-17 07:49 . 2010-07-17 07:49 216200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgldx86.sys
2010-07-17 07:49 . 2010-07-17 07:49 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 07:47 . 2010-07-17 07:47 813336 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avginet.dll
2010-07-17 07:47 . 2010-07-17 07:47 624920 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2010-07-17 07:47 . 2010-07-17 07:47 1690464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-07-17 07:47 . 2010-07-17 07:47 1038688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 16:44 . 2009-12-24 09:38 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Skype
2010-07-31 14:00 . 2010-01-21 09:03 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\skypePM
2010-07-31 07:30 . 2009-12-28 18:35 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\OpenOffice.org2
2010-07-30 15:15 . 2009-12-28 18:36 1 ----a-w- c:\documents and settings\Utente\Dati applicazioni\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-07-17 07:49 . 2010-02-06 11:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 07:48 . 2010-02-06 11:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-02 17:00 . 2009-12-28 18:29 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\LimeWire
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\28997\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\28997\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\28997\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\28997\AcrobatUpdater.exe
2010-06-03 07:29 . 2010-02-06 11:06 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-29 17:24 . 2010-01-29 17:24 12540 ----a-w- c:\programmi\Furnish Pro uninstal.log
.

------- Sigcheck -------

[-] 2007-01-03 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\rpcss.dll

[-] 2007-01-03 10:48 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\es.dll

[-] 2007-01-03 . F959D929A6A22D78E3A6851A9361CE18 . 296960 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-11-10 417792]
"TecneAggiorna"="c:\tecne\Aggiorna\TecneAggiorna.exe" [2010-01-08 1852416]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-01-03 123904]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk - c:\programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 07:49 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [06/02/2010 13.06.40 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [06/02/2010 13.06.34 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [17/07/2010 9.48.48 921952]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [17/07/2010 9.49.20 308136]
R2 MSSQL$TECNE;SQL Server (TECNE);c:\programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 7.29.54 29178224]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [26/08/2009 19.06.44 103552]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2007-07-28 13:53 1230848 ----a-w- c:\programmi\Windows Sidebar\sidebar.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.plusnetwork.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\2gp977im.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 18:49
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\CLBCATQ.DLL
c:\windows\system32\DNSAPI.dll

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\WLDAP32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\ipsecsvc.dll

- - - - - - - > 'explorer.exe'(5924)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\COMRes.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Ora fine scansione: 2010-07-31 18:50:58
ComboFix-quarantined-files.txt 2010-07-31 16:50

Pre-Run: 287.954.030.592 byte disponibili
Post-Run: 288.963.649.536 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 361C0920F561A3D4B7273BBDE207DD45


Grazie mille per l'aiuto
Avatar utente
ovins
Neo Iscritto
Neo Iscritto
 
Messaggi: 1
Iscritto il: sab lug 31, 2010 6:07 pm

Re: Malware maledetto

Messaggioda crazy.cat » sab lug 31, 2010 6:33 pm

Installa Ninja http://www.MegaLab.it/4100/ninja-proteg ... emoria-usb nel tuo pc e poi collega la chiavetta.
Forse è meglio se fai un ulteriore controllo con kaspersky http://www.MegaLab.it/2894/ non serve che disinstalli avg (almeno per il momento)
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising