Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log

Controllo Log Opzioni
Topic Precedente · Topic Sucessivo
farenzi
Inviato: Sunday, May 10, 2009 10:09:43 PM
Rank: Member

Iscritto dal : 10/31/2004
Posts: 13
Buonasera a tutti...potreste controllarmi gentilmente il Log?....ho dei problemi ad installare DivXBundle7, mi va in blocco il computer durante l'installazione..altro problema con VLC, lo installo ma il computer va in blocco quando cerco di aprire qualche file video...sul computer ho installato PinnacleTVCenter non è che per caso vanno in conflitto?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.47.34, on 10/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PMCLoader] C:\Programmi\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Programmi\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241797714984
O17 - HKLM\System\CCS\Services\Tcpip\..\{0465A23E-3223-4DE3-9130-A5CD1857D6BD}: NameServer = 85.37.17.17 85.38.28.72
O17 - HKLM\System\CS1\Services\Tcpip\..\{0465A23E-3223-4DE3-9130-A5CD1857D6BD}: NameServer = 85.37.17.17 85.38.28.72
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servizio di Google Update (gupdate1c9d0238a0843c0) (gupdate1c9d0238a0843c0) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe

--
End of file - 6461 bytes
Torna in alto
 
Sponsor
Inviato: Sunday, May 10, 2009 10:09:43 PM

 
Torna in alto
 
tool
Inviato: Sunday, May 10, 2009 10:48:45 PM

Rank: AiutAmico

Iscritto dal : 2/18/2007
Posts: 337
Il log è pulito,che problemi hai??
Torna in alto
 
farenzi
Inviato: Monday, May 11, 2009 12:40:48 PM
Rank: Member

Iscritto dal : 10/31/2004
Posts: 13
Grazie tool...riscontro dei problemi nell'installazione di DivX Bundle7, mi si blocca il computer durante l'installazione e poi anche con VLC mi va in blocco il computer quando tento di aprire qualche file video...non riesco a capire se c'è qualche conflitto con qualche altro programma che ho installato sul pc...visto che il Log è pulito non dovrebbe essere un problema di virus...
Torna in alto
 
r16
Inviato: Monday, May 11, 2009 1:08:02 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Non sempre HJT riesce a rilevare le infezioni.
Esegui queste scansioni per sicurezza:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.


Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix, (qoobox)

P.S:
Questo programma con relativa Toolbar, lo hai installato tu ?
AskTBar
Torna in alto
 
farenzi
Inviato: Monday, May 18, 2009 2:21:54 PM
Rank: Member

Iscritto dal : 10/31/2004
Posts: 13
Grazie r16...ti allego di seguito i due log, per quanto riguarda "askTbar" non l'ho installata io a meno che non si sia instalata con qualche programma che ho scaricato..MalwareBytes ha comunque rilevato un errore alla fine della scansione..

Malwarebytes' Anti-Malware 1.36
Versione del database: 2147
Windows 5.1.2600 Service Pack 3

18/05/2009 13.23.17
mbam-log-2009-05-18 (13-23-11).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 121876
Tempo trascorso: 25 minute(s), 10 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)



...Log di Combofix :

ComboFix 09-05-17.04 - Administrator 18/05/2009 13.29.36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1791.1218 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Documenti\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\MFC70.DLL

.
((((((((((((((((((((((((( Files Creati Da 2009-04-18 al 2009-05-18 )))))))))))))))))))))))))))))))))))
.

2009-05-18 10:45 . 2009-05-18 10:45 -------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-05-18 10:45 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-18 10:45 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-18 10:45 . 2009-05-18 10:45 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-05-18 10:45 . 2009-05-18 10:45 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-05-16 08:13 . 2009-05-16 08:13 -------- d-----w c:\documents and settings\Administrator\Dati applicazioni\dvdcss
2009-05-15 10:43 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-15 10:43 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-14 14:03 . 2009-05-18 10:39 -------- d-----w c:\documents and settings\Administrator\Tracing
2009-05-14 14:02 . 2009-05-14 14:02 -------- d-----w c:\programmi\Microsoft
2009-05-14 14:02 . 2009-05-14 14:02 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-05-14 14:02 . 2009-05-14 14:02 -------- d-----w c:\programmi\Windows Live
2009-05-14 14:00 . 2009-05-14 14:00 -------- d-----w c:\programmi\File comuni\Windows Live
2009-05-11 12:03 . 2003-04-24 11:26 11520 ----a-w c:\windows\system32\drivers\PL2501NW.sys
2009-05-11 12:03 . 2003-05-07 13:54 8960 ----a-w c:\windows\system32\drivers\usbbc2.sys
2009-05-11 12:03 . 2009-05-11 12:03 -------- d-----w c:\programmi\Hi-Speed USB Bridge-Network Cable
2009-05-11 11:24 . 2009-05-11 11:24 -------- d-----w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Pinnacle
2009-05-11 11:21 . 1998-11-02 18:57 138752 ------w c:\windows\system32\MASE32.DLL
2009-05-11 11:21 . 1998-11-02 18:57 57856 ------w c:\windows\system32\MASD32.DLL
2009-05-11 11:21 . 1998-11-02 18:57 136192 ------w c:\windows\system32\MAMC32.DLL
2009-05-11 11:21 . 1998-11-02 18:57 196096 ------w c:\windows\system32\MACD32.DLL
2009-05-11 11:21 . 1998-11-02 18:57 27648 ------w c:\windows\system32\MA32.DLL
2009-05-11 11:20 . 2004-06-03 10:47 385100 ------w c:\windows\system32\MSVCRTD.DLL
2009-05-11 11:20 . 2003-03-19 03:03 544768 ------w c:\windows\system32\msvcr71d.dll
2009-05-11 11:20 . 2002-01-05 19:16 536576 ------w c:\windows\system32\msvcr70d.dll
2009-05-11 11:20 . 2003-03-19 03:04 765952 ------w c:\windows\system32\msvcp71d.dll
2009-05-11 11:20 . 2002-01-05 19:16 737280 ------w c:\windows\system32\msvcp70d.dll
2009-05-11 11:20 . 2003-03-19 04:28 2179072 ------w c:\windows\system32\mfc71d.dll
2009-05-11 11:16 . 2009-05-11 11:16 -------- d-----w c:\documents and settings\Administrator\Dati applicazioni\vlc
2009-05-11 11:16 . 2009-05-11 11:16 -------- d-----w c:\programmi\VideoLAN
2009-05-11 10:47 . 2009-05-11 10:47 -------- d-----w c:\documents and settings\Administrator\Dati applicazioni\DivX
2009-05-11 10:47 . 2009-05-11 10:47 -------- d-----w c:\programmi\DivX
2009-05-10 22:26 . 2009-05-10 22:26 -------- d-----w c:\documents and settings\Administrator\Dati applicazioni\AdobeUM
2009-05-10 22:25 . 2009-05-10 22:25 -------- d-----w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Adobe
2009-05-10 22:24 . 2009-05-10 22:24 -------- d-----w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Pinnacle Systems
2009-05-10 20:29 . 2009-05-10 20:29 -------- d-----w c:\programmi\Axon Data
2009-05-10 19:46 . 2009-05-10 19:46 -------- d-----w c:\programmi\Trend Micro
2009-05-10 00:25 . 2009-05-10 00:26 -------- d-----w c:\programmi\CCleaner
2009-05-10 00:09 . 2009-05-10 00:09 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-05-10 00:02 . 2009-05-10 00:02 -------- d-----w c:\programmi\vso
2009-05-08 23:07 . 2009-05-15 23:57 -------- d--h--w C:\$AVG8.VAULT$
2009-05-08 22:10 . 2009-05-08 22:10 -------- d-----w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\IsolatedStorage
2009-05-08 21:44 . 2004-07-02 14:28 84992 ----a-w c:\windows\system32\ATL70.DLL
2009-05-08 21:44 . 2005-02-09 09:59 14165 ----a-w c:\windows\system32\drivers\Pclepci.sys
2009-05-08 21:43 . 2009-05-08 21:43 -------- d-----w c:\windows\Downloaded Installations
2009-05-08 21:43 . 2002-01-05 00:38 54784 ----a-w c:\windows\system32\MSVCI70.DLL
2009-05-08 21:43 . 2003-11-21 14:48 49152 ----a-w c:\windows\system32\MFC71JPN.DLL
2009-05-08 21:43 . 2003-11-21 14:48 49152 ----a-w c:\windows\system32\MFC71KOR.DLL
2009-05-08 21:43 . 2003-11-21 14:48 61440 ----a-w c:\windows\system32\MFC71ESP.DLL
2009-05-08 21:43 . 2003-11-21 14:48 61440 ----a-w c:\windows\system32\MFC71FRA.DLL
2009-05-08 21:43 . 2003-11-21 14:48 61440 ----a-w c:\windows\system32\MFC71ITA.DLL
2009-05-08 21:43 . 2003-11-21 14:48 65536 ----a-w c:\windows\system32\MFC71DEU.DLL
2009-05-08 21:43 . 2003-11-21 14:48 57344 ----a-w c:\windows\system32\MFC71ENU.DLL
2009-05-08 21:43 . 2003-11-21 14:48 40960 ----a-w c:\windows\system32\MFC71CHS.DLL
2009-05-08 21:43 . 2003-11-21 14:48 45056 ----a-w c:\windows\system32\MFC71CHT.DLL
2009-05-08 21:43 . 2002-01-05 01:36 964608 ----a-w c:\windows\system32\MFC70U.DLL
2009-05-08 21:42 . 2009-05-10 00:18 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio
2009-05-08 21:39 . 2007-06-13 17:30 13440 ----a-w c:\windows\system32\drivers\Ltn_stkrc.sys
2009-05-08 21:38 . 2007-06-14 12:41 466048 ----a-w c:\windows\system32\drivers\Ltn_stk7070P.sys
2009-05-08 21:38 . 2009-05-08 21:38 -------- d-----w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Downloaded Installations
2009-05-08 21:37 . 2009-05-08 21:38 -------- d-----w c:\windows\system32\drivers\UMDF
2009-05-08 21:37 . 2009-05-08 21:37 -------- d-----w c:\windows\system32\LogFiles
2009-05-08 21:34 . 2004-07-23 07:00 446464 ------w c:\windows\system32\HHActiveX.dll
2009-05-08 21:34 . 2005-03-21 21:26 1047552 ----a-w c:\windows\system32\MFC71u.DLL
2009-05-08 21:34 . 2004-05-14 03:07 1060864 ----a-w c:\windows\system32\MFC71.DLL
2009-05-08 21:34 . 2006-12-01 21:54 548864 ------w c:\windows\system32\msvcp80.dll
2009-05-08 21:34 . 2003-03-26 04:58 487424 ----a-w c:\windows\system32\MSVCP70.DLL
2009-05-08 21:34 . 2006-12-01 21:54 626688 ------w c:\windows\system32\msvcr80.dll
2009-05-08 21:34 . 2003-02-04 03:08 344064 ----a-w c:\windows\system32\MSVCR70.DLL
2009-05-08 21:32 . 2009-05-11 11:19 -------- d-----w c:\programmi\Pinnacle
2009-05-08 21:31 . 2009-05-11 11:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Pinnacle
2009-05-08 21:27 . 2009-05-08 22:16 -------- d-----w c:\programmi\eMule
2009-05-08 21:21 . 2009-05-08 21:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-05-08 21:21 . 2009-05-08 21:23 -------- d-----w c:\programmi\File comuni\Nero
2009-05-08 21:13 . 2009-05-08 21:13 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-08 21:13 . 2009-05-08 21:13 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-08 21:13 . 2009-05-08 21:13 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-08 21:13 . 2009-05-18 10:40 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-08 21:11 . 2009-05-08 21:11 -------- d-----w c:\documents and settings\Administrator\Dati applicazioni\PCToolsFirewallPlus
2009-05-08 21:09 . 2009-05-18 11:28 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avg8
2009-05-08 21:07 . 2009-05-11 11:08 -------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-05-08 21:07 . 2009-05-11 12:53 -------- d-----w c:\programmi\File comuni\PC Tools
2009-05-08 21:03 . 2008-02-14 06:12 1389056 ----a-r c:\windows\system32\drivers\monfilt.sys
2009-05-08 21:03 . 2008-04-13 17:13 4096 ----a-w c:\windows\system32\ksuser.dll
2009-05-08 21:03 . 2008-04-13 09:45 60160 ----a-w c:\windows\system32\drivers\drmk.sys
2009-05-08 21:03 . 2008-07-09 07:42 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-08 21:03 . 2009-05-08 15:34 -------- d-----w c:\programmi\VIA
2009-05-08 21:02 . 2009-05-11 11:00 -------- d-----w c:\programmi\File comuni\InstallShield
2009-05-08 21:02 . 2009-05-08 21:02 -------- d-----w c:\windows\nview
2009-05-08 21:02 . 2009-01-21 16:08 453152 ----a-w c:\windows\system32\nvudisp.exe
2009-05-08 20:59 . 2008-03-25 03:47 200704 ----a-r c:\windows\system32\fdco1ins.dll
2009-05-08 20:59 . 2008-03-25 03:47 200704 ----a-r c:\windows\system32\fdco1.dll
2009-05-08 20:59 . 2008-03-25 03:48 54400 ----a-r c:\windows\system32\drivers\NVENETFD.sys
2009-05-08 20:59 . 2008-03-12 04:14 3948 ----a-r c:\windows\system32\drivers\nvphy.bin
2009-05-08 20:59 . 2008-03-14 02:47 442368 ----a-w c:\windows\system32\nvunrm.exe
2009-05-08 20:59 . 2008-03-14 02:47 35840 ----a-r c:\windows\system32\nvconrm.dll
2009-05-08 20:59 . 2008-03-25 03:46 9216 ----a-r c:\windows\system32\bdco1ins.dll
2009-05-08 20:59 . 2008-03-25 03:46 9216 ----a-r c:\windows\system32\bdco1.dll
2009-05-08 20:59 . 2008-03-25 03:47 953088 ----a-r c:\windows\system32\drivers\nvnrm.sys
2009-05-08 20:59 . 2008-03-25 03:48 22016 ----a-r c:\windows\system32\drivers\nvnetbus.sys
2009-05-08 20:59 . 2008-01-10 06:30 442368 ----a-r c:\windows\system32\nvusmb.exe
2009-05-08 20:59 . 2009-01-07 09:28 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-05-08 20:58 . 2006-10-11 03:33 10288 ----a-w c:\windows\system32\drivers\ASUSHWIO.SYS
2009-05-08 20:40 . 2009-05-08 20:40 -------- d-----w c:\programmi\Telecom Italia
2009-05-08 20:37 . 2009-05-11 11:24 70768 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 08:08 . 2009-05-08 21:25 -------- d-----w c:\programmi\Google
2009-05-13 21:33 . 2001-08-31 16:00 70766 ----a-w c:\windows\system32\perfc010.dat
2009-05-13 21:33 . 2001-08-31 16:00 440500 ----a-w c:\windows\system32\perfh010.dat
2009-05-11 12:03 . 2009-05-08 21:04 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-05-11 10:47 . 2009-05-08 21:25 -------- d-----w c:\programmi\File comuni\DivX Shared
2009-05-08 22:16 . 2009-05-08 18:45 90112 ----a-w c:\windows\DUMP6f54.tmp
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
2009-03-06 14:19 . 2004-08-19 13:39 286208 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:09 . 2004-08-19 13:39 668672 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:09 . 2004-08-19 13:39 81920 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"PMCLoader"="c:\programmi\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 109640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-21 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-21 86016]
"HDAudDeck"="c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-02-27 33599488]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-21 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Pinnacle Streaming Server.lnk - c:\programmi\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2007-9-21 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 21:13 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\DivX\\DivX Player\\DivX Player.exe"=
"c:\\Programmi\\CCleaner\\CCleaner.exe"=
"c:\\Programmi\\Axon Data\\AxCrypt\\1.6.4.4\\AxDecrypt.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\DivX\\DivXBundleUninstall.exe"=
"c:\\Programmi\\eMule\\Uninstall.exe"=
"c:\\Programmi\\CCleaner\\uninst.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/05/2009 23.13.05 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/05/2009 23.13.05 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/05/2009 23.12.54 298776]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [08/05/2009 17.34.40 1057024]
S2 gupdate1c9d0238a0843c0;Servizio di Google Update (gupdate1c9d0238a0843c0);c:\programmi\Google\Update\GoogleUpdate.exe [08/05/2009 23.25.40 133104]
S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [08/05/2009 23.38.59 466048]
S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [08/05/2009 23.39.01 13440]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [11/05/2009 14.03.36 8960]
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-08 21:25]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-PMCRemote - (no file)


.
------- Scansione supplementare -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 13:30
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,04,5a,71,43,d6,
aa,94,a2,e2,63,26,f1,3f,c8,ff,68,4c,82,ef,e7,f6,85,97,b8,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,8a,88,9a,e3,cc,
cc,d6,34,6a,9c,d6,61,af,45,84,18,51,c8,ba,3a,a3,2d,0d,65,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,b4,31,84,6a,40,
38,cd,03,ff,7c,85,e0,43,d4,0e,fe,fe,0d,fe,08,00,55,19,5b,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,04,ae,90,5b,5c,
4f,26,9e,86,8c,21,01,be,91,eb,e7,fd,ef,41,a0,94,13,92,80,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,10,45,54,9f,b8,
ff,53,c3,f5,1d,4d,73,a8,13,5c,05,6e,52,73,8e,7d,29,c2,1d,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,21,8a,73,d7,1c,
11,29,c7,df,20,58,62,78,6b,cf,c8,4b,69,e3,f4,42,52,f0,ef,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,70,5c,c0,76,0e,
7a,ec,24,fb,a7,78,e6,12,2f,9a,ea,06,96,02,9c,6f,02,cc,39,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,97,cd,a0,c3,f9,
09,42,62,01,3a,48,fc,e8,04,4a,f1,a2,45,d9,59,08,cf,8c,07,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,cf,fa,9c,b6,8e,
7d,a6,cd,f6,0f,4e,58,98,5b,89,c9,2a,1a,74,4a,fb,c3,c3,85,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,4c,bc,5c,6c,a4,
83,04,c1,3d,ce,ea,26,2d,45,aa,78,ed,f7,18,1c,35,9b,4a,c2,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,35,04,9a,7b,f1,
f5,74,56,2a,b7,cc,b5,b9,7f,41,e7,e4,d3,3e,88,f2,11,41,76,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,08,c9,d7,72,06,
4e,04,08,6c,43,2d,1e,aa,22,2f,9c,b8,84,35,b9,21,17,51,13,6c,43,2d,1e,aa,22,\
.
Ora fine scansione: 2009-05-18 13.31.29
ComboFix-quarantined-files.txt 2009-05-18 11:31

Pre-Run: 226.501.488.640 byte disponibili
Post-Run: 226.496.962.560 byte disponibili

279 --- E O F --- 2009-05-16 09:03
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.