Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » VIRUS IN DISCO LOCALE C

VIRUS IN DISCO LOCALE C

Opzioni

Topic Precedente · Topic Sucessivo

jacopopisu

Inviato: Saturday, October 23, 2010 3:02:12 PM

Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38

SALVE
potete controllarmi il log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.02.15, on 23/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32kui.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Lexmark 3500-4500 Series\lxdimon.exe
C:\Programmi\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\JAC\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Microsoft Office\Office14\MSOSYNC.EXE
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Microsoft Office\Office14\GROOVE.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\JAC\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JAC\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Programmi\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Programmi\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [BCSSync] "C:\Programmi\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JAC\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:ita
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Programmi\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Programmi\Microsoft Office\Office14\GROOVE.EXE
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B5FF208-AB71-4514-BB1D-02AF9014A4CF}: NameServer = 8.8.8.8,8.8.4.4
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 9433 bytes

Torna in alto

Sponsor

Inviato: Saturday, October 23, 2010 3:02:12 PM

Torna in alto

maopapof

Inviato: Saturday, October 23, 2010 3:08:13 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185

quali problemi riscontri sul pc ?

ps ...è sempre meglio postare il log con hijack ... quello aggiornato ..... grazie :O)

Torna in alto

jacopopisu

Inviato: Saturday, October 23, 2010 3:40:20 PM

Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38

in pratica va molto più lento e a volte si blocca all'accensione
ho provato a fare una scansione con combofix ecco il log

ComboFix 10-10-22.05 - JAC 23/10/2010 15.28.55.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1673 [GMT 2:00]
Eseguito da: c:\documents and settings\JAC\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Creato nuovo punto di ripristino
* Resident AV is active

.

((((((((((((((((((((((((( Files Creati Da 2010-09-23 al 2010-10-23 )))))))))))))))))))))))))))))))))))
.

2010-10-23 12:58 . 2010-10-23 12:58 -------- d-----w- c:\programmi\Trend Micro
2010-10-23 12:27 . 2010-10-23 12:27 -------- d-----w- C:\FOUND.000
2010-10-19 13:23 . 2010-10-19 13:23 -------- d-----w- c:\programmi\7-Zip
2010-10-18 06:06 . 2010-10-18 06:06 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2010-10-13 18:25 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 18:25 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 18:23 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-05 04:36 . 2010-10-05 04:36 -------- d-----w- c:\programmi\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 1979-12-31 22:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 1979-12-31 22:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 1979-12-31 22:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 1979-12-31 22:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:33 . 1979-12-31 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:33 . 1979-12-31 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:33 . 1979-12-31 22:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:33 . 1979-12-31 22:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 1979-12-31 22:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 1979-12-31 22:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 1979-12-31 22:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 1979-12-31 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 1979-12-31 22:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 1979-12-31 22:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 1979-12-31 22:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 1979-12-31 22:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 1979-12-31 22:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\JAC\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-03-04 135664]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2010-08-29 328568]
"OfficeSyncProcess"="c:\programmi\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2010-03-03 949376]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"LogitechCommunicationsManager"="c:\programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe" [2006-10-30 284184]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520]
"LVCOMSX"="c:\programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"lxdimon.exe"="c:\programmi\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]
"lxdiamon"="c:\programmi\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
"FaxCenterServer"="c:\programmi\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240]
"BCSSync"="c:\programmi\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\JAC\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft SharePoint Workspace.lnk - c:\programmi\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\System32\\lxdicoms.exe"=
"c:\\Programmi\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\Programmi\\Lexmark 3500-4500 Series\\App4R.exe"=
"c:\\Programmi\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxditime.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdijswx.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDIwbgw.exe"=
"c:\\Programmi\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [03/03/2010 17.14.49 15424]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [24/04/2010 14.49.48 99248]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [04/03/2010 16.33.47 26752]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [04/03/2010 15.21.39 8192]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmi\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 10.25.22 30969208]
S3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21.37.50 4640000]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/03/2010 8.37.03 691696]
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21489301-1486246795-135365387-1005Core1cb6d3c1c307356.job
- c:\documents and settings\JAC\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-04 14:37]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
LSP: c:\windows\system32\imon.dll
TCP: {4B5FF208-AB71-4514-BB1D-02AF9014A4CF} = 8.8.8.8,8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-LogitechSetup - d:\setup\Setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 15:34
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89B57446]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74c6852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: ASUS NX1001 Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf743cbd4
PacketIndicateHandler -> NDIS.sys @ 0xf7448a21
SendHandler -> NDIS.sys @ 0xf743cd44
user & kernel MBR OK

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(596)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\WININET.dll
c:\progra~1\FILECO~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1040\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-10-23 15:36:30
ComboFix-quarantined-files.txt 2010-10-23 13:36

Pre-Run: 57.019.990.016 byte disponibili
Post-Run: 56.994.168.832 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0345AC40D86261977AB7DC7200C0AD18

Torna in alto

maopapof

Inviato: Saturday, October 23, 2010 8:06:27 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185

e possibille avere una schermata con il soft aggiornato di hijackthis ....grazie :O)

da quando hai notato che il pc è lento ?
hai già fatto la deframmentazione ?

ho visto che hai itunes in accensione .... start ...esegui ...msconfig .... avvio e togli la spunta su i tunes ...spegni e riaccendi e poi ci lavori un pò al pc e mi dici come và ....grazie :O)

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » VIRUS IN DISCO LOCALE C

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded