Trojandownloader + Spyware

teri133 · March 11, 2008

salve, per prima cosa mi scuso se ho sbagliato a postare, ma sono nuova!

Ho un grosso problema, tre giorni fa ho acceso il computer e mi sono trovata la sottostante schermata sul desktop (e non va via!!!!) con tanto di collegamente ipertestuale che mi porta ad un sito che vende un programma anti spyware (SPYAWAY), il quale, messo in download contiene un virus, avendo l'antivirus ho voluto vedere quello che succedeva, quindi il computer non l'ha nemmeno caricato.

Oltre a questo mi compaiono schermate dove sono elencati file che dovrebbero essere spyware, ed una in particolare che mi informa della presenza di un Trojandownloader.xs. Per non parlare dei continui fumetti contenenti frasi minatorie!!! Ho provato anche a formattare il computer ma quando entro nel BIOS per cambiare il boot da floppy a cd-rom, non me lo permette. Inoltre il computer mi ha informato che dei file di windows sono stati sostituiti con altri non riconosciuti (e ci voleva che me lo dicesse lui .... si capiva abbondantemente direi!!!)

Ora non so proprio come fare .... disperazione massima .... AIUTO

Modificato March 11, 2008 da teri

$angelique!? · March 11, 2008

[ben]teri[/ben]

Ciao teri,

vai in questa pagina e dopo averlo scaricato, segui la guida per eseguire SmitFraudFix

posta il log

allega un log di Hijackthis

http://forum.wininizio.it/index.php?showtopic=21584

Esegui una scansione online con Kaspersky (su "my computer")ed allega il report in formato HTML

http://forum.wininizio.it/index.php?showtopic=36981&hl=

Se non riesci ad allegare il report,

carica il file su http://www.wikifortio.com/

e poi copia il link per poterlo scaricare

teri133 · March 11, 2008

Intendevi questo? Mamma mia come sono imbranata!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11.31.13, on 11/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\mgmrwmrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\VM_STI.EXE

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\Programmi\Internet Explorer\IEXPLORE.EXE

C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Utente\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)

O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)

O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)

O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)

O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)

O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)

O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)

O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE NoteCam Sm@rt A300

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{42D5E618-9683-4690-BCA3-34B5C4F04442}: NameServer = 85.37.17.9 85.38.28.75

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Prime95 Service - Unknown owner - C:\Documents and Settings\Utente\Desktop\p95v2414\PRIME95.EXE (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 6498 bytes

teri133 · March 11, 2008

COMBO FIX

ComboFix 08-03-10.1 - Utente 2008-03-11 12.49.14.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.601 [GMT 1:00]

Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe

* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\180ax.exe

C:\WINDOWS\2020search.dll

C:\WINDOWS\2020search2.dll

C:\WINDOWS\bjam.dll

C:\WINDOWS\bokja.exe

C:\WINDOWS\cdsm32.dll

C:\WINDOWS\default.htm

C:\WINDOWS\mspphe.dll

C:\WINDOWS\mssvr.exe

C:\WINDOWS\saiemod.dll

C:\WINDOWS\salm.exe

C:\WINDOWS\stcloader.exe

C:\WINDOWS\swin32.dll

C:\WINDOWS\system32\msixu.dll

C:\WINDOWS\system32\wer8274.dll

C:\WINDOWS\TEMP\salm.exe

C:\WINDOWS\updatetc.exe

C:\WINDOWS\voiceip.dll

.

((((((((((((((((((((((((( Files Creati Da 2008-02-11 al 2008-03-11 )))))))))))))))))))))))))))))))))))

.

2008-03-11 11:27 . 2008-03-11 11:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-11 11:27 . 2008-03-11 11:27 <DIR> d-------- C:\WINDOWS\LastGood

2008-03-11 11:27 . 2008-03-11 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab

2008-03-10 23:58 . 2008-03-10 23:59 <DIR> d-------- C:\Program Files

2008-03-10 23:49 . 2008-03-10 23:49 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\DivX

2008-03-09 20:35 . 2001-08-31 13:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex

2008-03-09 20:34 . 2001-08-31 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-03-09 20:33 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll

2008-03-09 20:32 . 2008-03-11 11:38 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

2008-03-09 20:32 . 2008-03-09 20:32 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-03-09 20:32 . 2008-03-09 20:32 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-03-09 20:32 . 2008-03-09 20:32 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-03-09 20:32 . 2008-03-09 20:32 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

2008-03-09 20:32 . 2008-03-09 20:32 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-03-09 20:32 . 2008-03-09 20:32 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-03-09 20:24 . 2001-08-31 13:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

2008-03-09 20:24 . 2001-08-31 13:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll

2008-03-09 20:24 . 2001-08-31 13:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll

2008-03-09 20:24 . 2001-08-31 13:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll

2008-03-09 20:09 . 2008-03-09 20:09 <DIR> d-------- C:\WINDOWS\FLEOK

2008-03-09 15:45 . 2008-03-09 15:45 15,104 --a------ C:\WINDOWS\ntnut.exe

2008-03-08 21:23 . 2008-03-08 21:23 88,587 --a------ C:\WINDOWS\system32\mgmrwmrv.exe

2008-03-08 21:23 . 2008-03-08 21:23 88,587 --a------ C:\WINDOWS\system32\mcvkbmvi.exe

2008-03-08 21:23 . 2008-03-08 21:23 4 --a------ C:\WINDOWS\system32\winfrun32.bin

2008-03-07 16:10 . 2008-03-07 16:10 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\vlc

2008-03-07 16:10 . 2008-03-07 16:10 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\dvdcss

2008-03-07 16:09 . 2008-03-07 16:09 <DIR> d-------- C:\Programmi\VideoLAN

2008-03-07 16:07 . 2008-03-07 16:07 25 --a------ C:\WINDOWS\cdplayer.ini

2008-03-07 16:06 . 2008-03-07 16:06 <DIR> d-------- C:\Programmi\Real

2008-03-07 16:06 . 2008-03-07 16:06 <DIR> d-------- C:\Programmi\File comuni\xing shared

2008-03-07 16:06 . 2008-03-07 16:06 <DIR> d-------- C:\Programmi\File comuni\Real

2008-03-06 15:06 . 2008-03-06 15:06 <DIR> d-------- C:\Programmi\File comuni\Adobe

2008-03-06 15:04 . 2008-03-06 15:04 <DIR> d-------- C:\Programmi\DivX

2008-03-06 14:49 . 2008-03-11 00:06 <DIR> d-------- C:\Programmi\eMule

2008-03-06 14:35 . 2004-08-19 15:39 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax

2008-03-06 14:35 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2008-03-06 14:35 . 2004-08-19 15:39 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax

2008-03-06 14:35 . 2004-08-19 15:39 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2008-03-06 14:35 . 2004-08-19 15:39 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax

2008-03-06 14:35 . 2004-08-19 15:39 28,672 --a------ C:\WINDOWS\system32\vidcap.ax

2008-03-06 14:35 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2008-03-06 14:35 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2008-03-06 14:35 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2008-03-06 14:34 . 2008-03-06 14:34 <DIR> d-------- C:\Programmi\File comuni\SCam300

2008-03-06 14:34 . 2004-07-22 13:22 184,392 --a------ C:\WINDOWS\system32\VM31bPrp.Ax

2008-03-06 14:34 . 2002-08-22 16:34 147,456 --a------ C:\WINDOWS\VMCap.exe

2008-03-06 14:34 . 2004-03-19 18:11 90,968 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys

2008-03-06 14:34 . 2003-05-15 17:17 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll

2008-03-06 14:34 . 2004-02-24 16:00 49,152 --a------ C:\WINDOWS\VM_STI.EXE

2008-03-06 14:34 . 2002-10-16 09:29 49,152 --a------ C:\WINDOWS\amcap.exe

2008-03-06 14:33 . 2008-03-06 14:33 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Canon

2008-03-06 14:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-03-06 14:31 . 2008-03-06 14:31 <DIR> d-------- C:\Programmi\Canon

2008-03-06 14:30 . 2005-02-24 19:14 274,432 --a------ C:\WINDOWS\system32\CNQL1212.dll

2008-03-06 14:30 . 2004-06-15 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL

2008-03-06 14:30 . 2004-06-04 17:34 86,016 --a------ C:\WINDOWS\system32\CNMCP61.exe

2008-03-06 14:30 . 2005-02-02 09:20 57,344 --a------ C:\WINDOWS\system32\CNQU111.DLL

2008-03-06 14:30 . 2004-06-15 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL

2008-03-06 14:21 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-03-06 14:08 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-03-06 14:08 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll

2008-03-06 14:07 . 2008-03-06 14:07 <DIR> d-------- C:\Programmi\MSBuild

2008-03-06 14:07 . 2008-03-06 14:07 <DIR> d-------- C:\Programmi\Microsoft Works

2008-03-06 14:01 . 2008-03-06 14:01 <DIR> d--h----- C:\WINDOWS\ShellNew

2008-03-06 14:01 . 2008-03-06 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help

2008-03-06 14:00 . 2008-03-06 14:00 <DIR> dr-h----- C:\MSOCache

2008-03-06 13:43 . 2008-03-06 13:43 <DIR> d-------- C:\Documents and Settings\Utente\Contacts

2008-03-06 13:43 . 2008-03-06 13:43 268 --ah----- C:\sqmdata00.sqm

2008-03-06 13:43 . 2008-03-06 13:43 244 --ah----- C:\sqmnoopt00.sqm

2008-03-06 13:40 . 2008-03-06 13:42 <DIR> d-------- C:\Programmi\Windows Live

2008-03-06 13:40 . 2008-03-06 13:41 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller

2008-03-06 13:40 . 2008-03-06 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller

2008-03-06 13:38 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-03-06 13:38 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-03-06 13:38 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-03-06 13:38 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-03-06 13:38 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-03-06 13:27 . 2005-04-21 11:52 7,350 --a------ C:\Temp\lang.dat

2008-03-06 13:23 . 2008-03-11 00:07 <DIR> d-------- C:\Temp

2008-03-06 13:07 . 2008-03-11 11:29 <DIR> d-------- C:\Eseguibili vari

2008-03-06 13:03 . 2008-03-06 13:03 <DIR> d-------- C:\Programmi\Lavasoft

2008-03-06 13:03 . 2008-03-06 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft

2008-03-06 13:02 . 2008-03-06 13:02 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard

2008-03-06 12:58 . 2008-03-06 12:58 <DIR> d---s---- C:\Documents and Settings\Utente\UserData

2008-03-06 12:53 . 2008-03-07 16:12 <DIR> d-------- C:\E-mule

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-06 13:34 --------- d--h--w C:\Programmi\InstallShield Installation Information

2008-03-06 13:30 --------- d-----w C:\Programmi\File comuni\InstallShield

2008-03-01 00:50 --------- d-----w C:\Programmi\Alwil Software

2008-03-01 00:47 --------- d-----w C:\Programmi\Intel Desktop Board Audio Driver

2008-03-01 00:47 --------- d-----w C:\Programmi\Analog Devices

2008-03-01 00:45 --------- d-----w C:\Programmi\Intel

2008-03-01 00:32 --------- d-----w C:\Programmi\microsoft frontpage

2008-03-01 00:31 --------- d-----w C:\Programmi\Servizi in linea

2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]

"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48 1388544]

"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 08:27 860160]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-02-24 16:00 49152]

"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-03-07 16:06 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programmi\\eMule\\emule.exe"=

R2 BDRWQVSY;BDRWQVSY;C:\WINDOWS\system32\bdrwqvsy.gkb [2004-08-19 14:39]

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-11 12:51:14

Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BDRWQVSY]

"ImagePath"="\??\C:\WINDOWS\system32\bdrwqvsy.gkb"

.

Ora fine scansione: 2008-03-11 12.51.53

ComboFix-quarantined-files.txt 2008-03-11 11:51:38

teri133 · March 11, 2008

Ho effettuato la scansione, ora che si fa?

Grazie

KASPERSKY.html

$angelique!? · March 11, 2008

Ciao teri,

ti avevo consigliato di eseguire SmitFraudFix, mentre tu hai postato un log di Combofix

ora procediamo in questo modo:

Scarica questi programmi che ti serviranno anche per una futura manutenzione:

Ccleaner (pulizia generale) http://www.ccleaner.com/download/downloadpage.aspx?f=2

Wise Registry Cleaner http://www.wisecleaner.com/soft/WRCSetup.exe

+ Lingua italiana una volta scaricato, (dopo averlo decompresso) copialo nella cartella "Language" del programma

http://www.wisecleaner.com/soft/wrc/Italiano.zip

Quando installi Ccleaner ricordati che se lasci le spunte di default, verrà installata anche la toolbar yahoo (togli le spunte se non la vuoi)

STAMPA queste istruzioni (oppure salvale in un file sul desktop)

Ricordati di mettere Hijackthis.exe in una cartella a lui dedicata (in Programmi o Documenti), l'importante è che non si trovi sul desktop o in cartelle temporanee.... è importante se vuoi salvare i backup

Esegui queste operazioni essendo disconnesso e con tutte le applicazioni chiuse

Avvia Hijack e clicca su "do a system scan only"

Metti la spunta a queste voci (potrebbero non esserci tutte) e clicca su "fix checked"