Worm Bagle....o altro...

**Pipetto** · 02-01-2010, 14:52

Ho dovuto dividere in due perché troppo lungo

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RDItNET"="c:\programmi\RegistryDoktor 4.1\RegistryDoktor.exe" [2009-12-31 13737056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SMSERIAL"="c:\programmi\Motorola\SMSERIAL\sm56hlp r.exe" [2006-08-06 573440]
"ATKHOTKEY"="c:\programmi\ATK Hotkey\Hcontrol.exe" [2007-08-23 229376]
"ASUS Live Update"="c:\programmi\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"ACMON"="c:\programmi\ASUS\Splendid\ACMON.exe" [2007-07-10 851968]
"Wireless Console 2"="c:\programmi\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2006-05-25 786521]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-09 33136]
"ACU"="c:\programmi\Atheros\ACU.exe" [2007-05-03 376921]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2008-12-28 136600]
"NielsenOnline"="c:\programmi\NetRatingsNetSight\N etSight\NielsenOnline.exe" [2008-10-10 45056]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\Michele\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk - c:\programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
NkbMonitor.exe.lnk - c:\programmi\Nikon\PictureProject\NkbMonitor.exe [2008-11-29 118784]
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-29 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-3992400611-2581929548-1598939756-1005\Scripts\Logon\0\0]
"Script"=C:\vcleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\RM. exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\PMS RegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\umi .exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\Vid eoSpin.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/04/2009 14.30.47 64160]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrn stdi.sys [18/02/2009 15.05.00 15360]
R3 km_filter;km_filter;c:\windows\system32\drivers\km _filter.sys [18/02/2009 15.05.00 9088]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23.34.38 1028432]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\ avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fineco.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: Search Using Copernic Agent - c:\programmi\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
FF - ProfilePath - c:\documents and settings\Michele\Dati applicazioni\Mozilla\Firefox\Profiles\hyagf7po.def ault\
FF - component: c:\programmi\Mozilla Firefox\components\nsgkff30_meter4.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 12:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ***********************

.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3984)
c:\programmi\NetRatingsNetSight\NetSight\nsmmc.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\ACEngSvr.exe
c:\programmi\OpenOffice.org 2.4\program\soffice.exe
c:\programmi\OpenOffice.org 2.4\program\soffice.BIN
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\ATK Hotkey\ATKOSD.exe
c:\programmi\ATK Hotkey\WDC.exe
.
************************************************** ************************
.
Ora fine scansione: 2010-01-02 12:34:48 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-02 11:34

Pre-Run: 127.176.966.144 byte disponibili
Post-Run: 127.171.166.208 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DB6D3449527142BF40E867F0B89C468F

Adesso faccio il resto che mi hai detto e poi ti posto anche quel risultato.
Grazie.

Discussione: Worm Bagle....o altro...

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio