Trojan mi bloccano il pc

**massimo68** · 27-10-2010, 21:40

ComboFix 10-10-26.04 - fabio 27/10/2010 21.22.55.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.554 [GMT 2:00]
Eseguito da: c:\documents and settings\fabio\desktop\abc.exe
Opzioni usate :: /killall
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\documents and settings\All Users\Documenti\Server\admin.txt
c:\documents and settings\fabio\Impostazioni locali\Dati applicazioni\cshwfb.dat
c:\documents and settings\fabio\Impostazioni locali\Dati applicazioni\cshwfb_nav.dat
c:\documents and settings\fabio\Impostazioni locali\Dati applicazioni\cshwfb_navps.dat
c:\programmi\WinPCap
c:\programmi\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\whtc432.dll

c:\windows\explorer.exe . . . è infetto!!

c:\windows\system32\winlogon.exe . . . è infetto!!

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf

((((((((((((((((((((((((( Files Creati Da 2010-09-27 al 2010-10-27 )))))))))))))))))))))))))))))))))))
.

2010-10-27 11:20 . 2010-10-27 11:20 -------- d-----w- C:\TDSSKiller_Quarantine
2010-10-27 05:55 . 2010-10-27 05:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-08-17 13:17 . 2009-04-04 12:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

------- Sigcheck -------

[-] 2008-04-14 . 12969C17F80AB594E63D184FF98B9818 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 703DC53D3A51A21E2DEC3328F916C156 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SmpcSys"="c:\programmi\Packard Bell\SetupmyPC\SmpSys.exe" [2009-03-18 1160736]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\programmi\Realtek\Audio\Drivers\A zMixerSel.exe" [2006-01-25 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2008-04-14 455168]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2009-02-06 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-17 862728]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_0 7\bin\jusched.exe" [2008-06-10 144784]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATIADE.EXE" [2005-02-02 98304]
"PCSuiteTrayApplication"="c:\programmi\Nokia\N okia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\P DVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\programmi\CyberLink\PowerDV D\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="c:\programmi\lg_fwupdate\fwupdate.e xe" [2010-02-21 557056]
"UpdatePSTShortCut"="c:\programmi\CyberLink\DV D Suite\MUITransfer\MUIStartMenu.exe" [2009-05-07 210216]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-03-19 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\fabio\Menu Avvio\Programmi\Esecuzione automatica\
PMCRemoteLauncher.lnk - c:\documents and settings\fabio\Impostazioni locali\Dati applicazioni\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe [2009-8-30 54544]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [25/12/2009 14.49.34 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24/12/2009 20.31.34 207792]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [06/06/2009 21.02.52 108289]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\Spyware Doctor\BDT\BDTUpdateService.exe [24/12/2009 20.31.49 198608]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\T omTom HOME 2\TomTomHOMEService.exe [13/11/2009 13.31.14 92008]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sy s [04/04/2009 14.56.26 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [22/04/2009 23.49.08 145152]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate. exe [03/08/2010 15.08.24 136176]
S2 Norton Internet Security;Norton Internet Security;"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [04/04/2009 7.39.03 1684736]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [30/08/2009 21.16.09 13824]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [24/12/2009 20.31.14 359624]
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-08-03 13:08]

2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-08-03 13:08]

2010-10-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1182671931-3652652152-3399203189-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-10-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1182671931-3652652152-3399203189-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Wninafiqeji - c:\windows\whtc432.dll
AddRemove-cshwfb - c:\documents and settings\fabio\impostazioni locali\dati applicazioni\cshwfb.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-27 21:33
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N orton Internet Security]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3420)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\windows\WebCam\M3000\M3000Mnt.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\igfxext.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\NclBTHandler.exe
c:\programmi\Java\jre1.6.0_07\bin\jucheck.exe
.
************************************************** ************************
.
Ora fine scansione: 2010-10-27 21:38:12 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-10-27 19:38

Pre-Run: 126.762.254.336 byte disponibili
Post-Run: 126.877.937.664 byte disponibili

- - End Of File - - F3B3C55C2364302DD9B469433C274E61

Discussione: Trojan mi bloccano il pc

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

ecco il log di combofix

Permessi di invio