Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log

2 pages: 1 [2]
Controllo log Opzioni
Topic Precedente · Topic Sucessivo
pinuccio53
Inviato: Monday, January 02, 2012 12:15:55 AM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Ecco il log di TDSSkiller :

00:12:19.0531 1704 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
00:12:19.0796 1704 ============================================================
00:12:19.0796 1704 Current date / time: 2012/01/02 00:12:19.0796
00:12:19.0796 1704 SystemInfo:
00:12:19.0796 1704
00:12:19.0796 1704 OS Version: 5.1.2600 ServicePack: 3.0
00:12:19.0796 1704 Product type: Workstation
00:12:19.0796 1704 ComputerName: PINUCCIO-A6435D
00:12:19.0796 1704 UserName: Pinuccio
00:12:19.0796 1704 Windows directory: C:\WINDOWS
00:12:19.0796 1704 System windows directory: C:\WINDOWS
00:12:19.0796 1704 Processor architecture: Intel x86
00:12:19.0796 1704 Number of processors: 2
00:12:19.0796 1704 Page size: 0x1000
00:12:19.0796 1704 Boot type: Normal boot
00:12:19.0796 1704 ============================================================
00:12:20.0687 1704 Initialize success
00:12:25.0468 3944 ============================================================
00:12:25.0468 3944 Scan started
00:12:25.0468 3944 Mode: Manual;
00:12:25.0468 3944 ============================================================
00:12:25.0984 3944 Abiosdsk - ok
00:12:26.0000 3944 abp480n5 - ok
00:12:26.0031 3944 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:12:26.0031 3944 ACPI - ok
00:12:26.0062 3944 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:12:26.0062 3944 ACPIEC - ok
00:12:26.0078 3944 adpu160m - ok
00:12:26.0109 3944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:12:26.0109 3944 aec - ok
00:12:26.0140 3944 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:12:26.0140 3944 AFD - ok
00:12:26.0156 3944 Aha154x - ok
00:12:26.0171 3944 aic78u2 - ok
00:12:26.0187 3944 aic78xx - ok
00:12:26.0203 3944 AliIde - ok
00:12:26.0234 3944 amsint - ok
00:12:26.0250 3944 asc - ok
00:12:26.0250 3944 asc3350p - ok
00:12:26.0281 3944 asc3550 - ok
00:12:26.0328 3944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:12:26.0328 3944 AsyncMac - ok
00:12:26.0437 3944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:12:26.0437 3944 atapi - ok
00:12:26.0453 3944 Atdisk - ok
00:12:26.0468 3944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:12:26.0468 3944 Atmarpc - ok
00:12:26.0515 3944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:12:26.0515 3944 audstub - ok
00:12:26.0546 3944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:12:26.0546 3944 Beep - ok
00:12:26.0625 3944 catchme - ok
00:12:26.0640 3944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:12:26.0640 3944 cbidf2k - ok
00:12:26.0671 3944 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:12:26.0671 3944 CCDECODE - ok
00:12:26.0687 3944 cd20xrnt - ok
00:12:26.0703 3944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:12:26.0703 3944 Cdaudio - ok
00:12:26.0765 3944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:12:26.0765 3944 Cdfs - ok
00:12:26.0812 3944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:12:26.0812 3944 Cdrom - ok
00:12:26.0812 3944 Changer - ok
00:12:26.0828 3944 CmdIde - ok
00:12:26.0843 3944 Cpqarray - ok
00:12:26.0859 3944 dac2w2k - ok
00:12:26.0859 3944 dac960nt - ok
00:12:26.0875 3944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:12:26.0875 3944 Disk - ok
00:12:26.0921 3944 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
00:12:26.0968 3944 dmboot - ok
00:12:26.0968 3944 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
00:12:26.0984 3944 dmio - ok
00:12:26.0984 3944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:12:26.0984 3944 dmload - ok
00:12:27.0046 3944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:12:27.0062 3944 DMusic - ok
00:12:27.0078 3944 dpti2o - ok
00:12:27.0125 3944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:12:27.0125 3944 drmkaud - ok
00:12:27.0218 3944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:12:27.0218 3944 Fastfat - ok
00:12:27.0250 3944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:12:27.0250 3944 Fdc - ok
00:12:27.0281 3944 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
00:12:27.0281 3944 Fips - ok
00:12:27.0312 3944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:12:27.0312 3944 Flpydisk - ok
00:12:27.0359 3944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:12:27.0359 3944 FltMgr - ok
00:12:27.0390 3944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:12:27.0390 3944 Fs_Rec - ok
00:12:27.0406 3944 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:12:27.0406 3944 Ftdisk - ok
00:12:27.0421 3944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:12:27.0421 3944 Gpc - ok
00:12:27.0468 3944 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:12:27.0468 3944 HDAudBus - ok
00:12:27.0500 3944 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:12:27.0500 3944 HidUsb - ok
00:12:27.0531 3944 hpn - ok
00:12:27.0609 3944 HSFHWBS2 (6312dc46356df3974e88aa51b69360dc) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
00:12:27.0609 3944 HSFHWBS2 - ok
00:12:27.0687 3944 HSF_DPV (daab917eec9849840a13353198d48cc5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
00:12:27.0718 3944 HSF_DPV - ok
00:12:27.0796 3944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:12:27.0796 3944 HTTP - ok
00:12:27.0828 3944 i2omgmt - ok
00:12:27.0843 3944 i2omp - ok
00:12:27.0906 3944 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:12:27.0906 3944 i8042prt - ok
00:12:27.0984 3944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:12:27.0984 3944 Imapi - ok
00:12:28.0000 3944 ini910u - ok
00:12:28.0156 3944 IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:12:28.0187 3944 IntcAzAudAddService - ok
00:12:28.0312 3944 IntelIde - ok
00:12:28.0359 3944 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:12:28.0359 3944 intelppm - ok
00:12:28.0390 3944 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:12:28.0390 3944 Ip6Fw - ok
00:12:28.0437 3944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:12:28.0437 3944 IpFilterDriver - ok
00:12:28.0468 3944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:12:28.0468 3944 IpInIp - ok
00:12:28.0484 3944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:12:28.0484 3944 IpNat - ok
00:12:28.0546 3944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:12:28.0546 3944 IPSec - ok
00:12:28.0593 3944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:12:28.0593 3944 IRENUM - ok
00:12:28.0656 3944 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:12:28.0656 3944 isapnp - ok
00:12:28.0687 3944 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:12:28.0687 3944 Kbdclass - ok
00:12:28.0750 3944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:12:28.0750 3944 kmixer - ok
00:12:28.0796 3944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:12:28.0812 3944 KSecDD - ok
00:12:28.0828 3944 lbrtfdc - ok
00:12:28.0921 3944 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:12:28.0921 3944 mdmxsdk - ok
00:12:28.0968 3944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:12:28.0968 3944 mnmdd - ok
00:12:29.0015 3944 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
00:12:29.0015 3944 Modem - ok
00:12:29.0062 3944 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
00:12:29.0062 3944 MODEMCSA - ok
00:12:29.0109 3944 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:12:29.0109 3944 Mouclass - ok
00:12:29.0171 3944 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:12:29.0171 3944 mouhid - ok
00:12:29.0218 3944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:12:29.0218 3944 MountMgr - ok
00:12:29.0234 3944 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:12:29.0250 3944 MpFilter - ok
00:12:29.0281 3944 MpKsl4d872bf4 - ok
00:12:29.0281 3944 MpKsla011a66a - ok
00:12:29.0328 3944 MpKsld94f87ac (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{8B451964-0493-4D1D-8B32-A8203DE550FB}\MpKsld94f87ac.sys
00:12:29.0328 3944 MpKsld94f87ac - ok
00:12:29.0328 3944 MpKsldf1a2254 - ok
00:12:29.0437 3944 mraid35x - ok
00:12:29.0500 3944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:12:29.0500 3944 MRxDAV - ok
00:12:29.0562 3944 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:12:29.0578 3944 MRxSmb - ok
00:12:29.0640 3944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:12:29.0640 3944 Msfs - ok
00:12:29.0687 3944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:12:29.0687 3944 MSKSSRV - ok
00:12:29.0734 3944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:12:29.0734 3944 MSPCLOCK - ok
00:12:29.0781 3944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:12:29.0781 3944 MSPQM - ok
00:12:29.0843 3944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:12:29.0843 3944 mssmbios - ok
00:12:29.0890 3944 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:12:29.0906 3944 MSTEE - ok
00:12:29.0953 3944 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:12:29.0953 3944 Mup - ok
00:12:30.0000 3944 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:12:30.0000 3944 NABTSFEC - ok
00:12:30.0078 3944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:12:30.0078 3944 NDIS - ok
00:12:30.0140 3944 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:12:30.0140 3944 NdisIP - ok
00:12:30.0171 3944 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:12:30.0171 3944 NdisTapi - ok
00:12:30.0203 3944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:12:30.0203 3944 Ndisuio - ok
00:12:30.0234 3944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:12:30.0234 3944 NdisWan - ok
00:12:30.0296 3944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:12:30.0296 3944 NDProxy - ok
00:12:30.0328 3944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:12:30.0328 3944 NetBIOS - ok
00:12:30.0343 3944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:12:30.0359 3944 NetBT - ok
00:12:30.0390 3944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:12:30.0390 3944 Npfs - ok
00:12:30.0453 3944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:12:30.0500 3944 Ntfs - ok
00:12:30.0546 3944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:12:30.0546 3944 Null - ok
00:12:30.0843 3944 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:12:31.0093 3944 nv - ok
00:12:31.0203 3944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:12:31.0203 3944 NwlnkFlt - ok
00:12:31.0234 3944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:12:31.0234 3944 NwlnkFwd - ok
00:12:31.0296 3944 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
00:12:31.0312 3944 Parport - ok
00:12:31.0328 3944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:12:31.0328 3944 PartMgr - ok
00:12:31.0359 3944 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
00:12:31.0359 3944 ParVdm - ok
00:12:31.0390 3944 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
00:12:31.0390 3944 PCI - ok
00:12:31.0421 3944 PCIDump - ok
00:12:31.0421 3944 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:12:31.0437 3944 PCIIde - ok
00:12:31.0484 3944 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:12:31.0484 3944 Pcmcia - ok
00:12:31.0500 3944 PDCOMP - ok
00:12:31.0515 3944 PDFRAME - ok
00:12:31.0515 3944 PDRELI - ok
00:12:31.0531 3944 PDRFRAME - ok
00:12:31.0531 3944 perc2 - ok
00:12:31.0546 3944 perc2hib - ok
00:12:31.0609 3944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:12:31.0609 3944 PptpMiniport - ok
00:12:31.0609 3944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:12:31.0625 3944 PSched - ok
00:12:31.0640 3944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:12:31.0640 3944 Ptilink - ok
00:12:31.0656 3944 ql1080 - ok
00:12:31.0656 3944 Ql10wnt - ok
00:12:31.0671 3944 ql12160 - ok
00:12:31.0687 3944 ql1240 - ok
00:12:31.0687 3944 ql1280 - ok
00:12:31.0718 3944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:12:31.0718 3944 RasAcd - ok
00:12:31.0734 3944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:12:31.0734 3944 Rasl2tp - ok
00:12:31.0734 3944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:12:31.0734 3944 RasPppoe - ok
00:12:31.0750 3944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:12:31.0750 3944 Raspti - ok
00:12:31.0781 3944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:12:31.0781 3944 Rdbss - ok
00:12:31.0796 3944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:12:31.0796 3944 RDPCDD - ok
00:12:31.0843 3944 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:12:31.0859 3944 rdpdr - ok
00:12:31.0890 3944 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:12:31.0890 3944 RDPWD - ok
00:12:31.0937 3944 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:12:31.0937 3944 redbook - ok
00:12:32.0000 3944 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
00:12:32.0015 3944 RTLE8023xp - ok
00:12:32.0078 3944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:12:32.0078 3944 Secdrv - ok
00:12:32.0125 3944 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:12:32.0125 3944 serenum - ok
00:12:32.0156 3944 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
00:12:32.0156 3944 Serial - ok
00:12:32.0218 3944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:12:32.0218 3944 Sfloppy - ok
00:12:32.0250 3944 Simbad - ok
00:12:32.0312 3944 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:12:32.0312 3944 SLIP - ok
00:12:32.0312 3944 Sparrow - ok
00:12:32.0375 3944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:12:32.0375 3944 splitter - ok
00:12:32.0421 3944 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
00:12:32.0421 3944 sr - ok
00:12:32.0484 3944 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:12:32.0500 3944 Srv - ok
00:12:32.0562 3944 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:12:32.0562 3944 streamip - ok
00:12:32.0609 3944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:12:32.0609 3944 swenum - ok
00:12:32.0656 3944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:12:32.0656 3944 swmidi - ok
00:12:32.0687 3944 symc810 - ok
00:12:32.0687 3944 symc8xx - ok
00:12:32.0703 3944 sym_hi - ok
00:12:32.0703 3944 sym_u3 - ok
00:12:32.0734 3944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:12:32.0750 3944 sysaudio - ok
00:12:32.0796 3944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:12:32.0796 3944 Tcpip - ok
00:12:32.0843 3944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:12:32.0843 3944 TDPIPE - ok
00:12:32.0890 3944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:12:32.0890 3944 TDTCP - ok
00:12:32.0937 3944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:12:32.0937 3944 TermDD - ok
00:12:32.0953 3944 TosIde - ok
00:12:33.0000 3944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:12:33.0000 3944 Udfs - ok
00:12:33.0015 3944 ultra - ok
00:12:33.0062 3944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:12:33.0078 3944 Update - ok
00:12:33.0125 3944 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:12:33.0125 3944 usbaudio - ok
00:12:33.0171 3944 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:12:33.0171 3944 usbccgp - ok
00:12:33.0234 3944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:12:33.0234 3944 usbehci - ok
00:12:33.0265 3944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:12:33.0265 3944 usbhub - ok
00:12:33.0296 3944 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:12:33.0296 3944 usbprint - ok
00:12:33.0312 3944 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:12:33.0312 3944 usbscan - ok
00:12:33.0328 3944 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:12:33.0328 3944 usbstor - ok
00:12:33.0390 3944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:12:33.0390 3944 usbuhci - ok
00:12:33.0421 3944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:12:33.0421 3944 VgaSave - ok
00:12:33.0453 3944 ViaIde - ok
00:12:33.0500 3944 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
00:12:33.0500 3944 VolSnap - ok
00:12:33.0593 3944 VX3000 (13acfed0e6adca97440169dfd127ebcf) C:\WINDOWS\system32\DRIVERS\VX3000.sys
00:12:33.0609 3944 VX3000 - ok
00:12:33.0640 3944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:12:33.0640 3944 Wanarp - ok
00:12:33.0640 3944 WDICA - ok
00:12:33.0703 3944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:12:33.0703 3944 wdmaud - ok
00:12:33.0765 3944 winachsf (be3a842c2f2e87e7c840d36bcf13e8e0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:12:33.0781 3944 winachsf - ok
00:12:33.0828 3944 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:12:33.0828 3944 WSTCODEC - ok
00:12:33.0875 3944 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:12:33.0875 3944 WudfPf - ok
00:12:33.0906 3944 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:12:33.0906 3944 WudfRd - ok
00:12:33.0921 3944 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
00:12:34.0062 3944 \Device\Harddisk0\DR0 - ok
00:12:34.0062 3944 Boot (0x1200) (7cd648f6eead2f48ead5dfa63d9bd304) \Device\Harddisk0\DR0\Partition0
00:12:34.0062 3944 \Device\Harddisk0\DR0\Partition0 - ok
00:12:34.0062 3944 ============================================================
00:12:34.0062 3944 Scan finished
00:12:34.0062 3944 ============================================================
00:12:34.0062 3936 Detected object count: 0
00:12:34.0062 3936 Actual detected object count: 0
00:13:56.0125 3672 Deinitialize success
Torna in alto
 
shapiro
Inviato: Monday, January 02, 2012 12:22:48 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


controllami su virus total questo, sinceramente non lo conosco

c:\progra~1\DOWNLO~1\mdpph.dll
Torna in alto
 
pinuccio53
Inviato: Monday, January 02, 2012 12:28:21 AM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Questo è il risultato datomi da virus total :

mdpph.dll
Submission date: 2010-06-07 10:30:56 (UTC)
Current status: finished
Result: 0 /41 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.07 -
AhnLab-V3 2010.06.06.00 2010.06.06 -
AntiVir 8.2.2.6 2010.06.07 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.06 -
Avast 4.8.1351.0 2010.06.07 -
Avast5 5.0.332.0 2010.06.06 -
AVG 9.0.0.787 2010.06.06 -
BitDefender 7.2 2010.06.07 -
CAT-QuickHeal 10.00 2010.06.07 -
ClamAV 0.96.0.3-git 2010.06.07 -
Comodo 5015 2010.06.07 -
DrWeb 5.0.2.03300 2010.06.07 -
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.06 -
F-Secure 9.0.15370.0 2010.06.07 -
Fortinet 4.1.133.0 2010.06.06 -
GData 21 2010.06.07 -
Ikarus T3.1.1.84.0 2010.06.07 -
Jiangmin 13.0.900 2010.06.07 -
Kaspersky 7.0.0.125 2010.06.07 -
McAfee 5.400.0.1158 2010.06.07 -
McAfee-GW-Edition 2010.1 2010.06.07 -
Microsoft 1.5802 2010.06.07 -
NOD32 5177 2010.06.06 -
Norman 6.04.12 2010.06.06 -
nProtect 2010-06-07.01 2010.06.07 -
Panda 10.0.2.7 2010.06.06 -
PCTools 7.0.3.5 2010.06.07 -
Prevx 3.0 2010.06.07 -
Rising 22.51.00.04 2010.06.07 -
Sophos 4.53.0 2010.06.07 -
Sunbelt 6414 2010.06.07 -
Symantec 20101.1.0.89 2010.06.07 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.07 -
VBA32 3.12.12.5 2010.06.07 -
ViRobot 2010.6.7.2340 2010.06.07 -
VirusBuster 5.0.27.0 2010.06.06 -
Additional informationShow all
MD5 : 2766eac188cbb539b79fd27bf96469e3
SHA1 : 4ffb12be7ed9a26e19f3b09345de307c70a15fae
SHA256: aea8e3a5e59cf7ee7c26a5c845c9f705e825d65fb1b118c9ae0d88a4ea992a36
ssdeep: 1536:ozz9wgigCrDHX3Xk6NT3ul9sXA2/o6Kb8nHnNxb1ZX2QQ:ozhHCn33PoGXA2/o6O8HnL1J
rQ
File size : 114688 bytes
First seen: 2009-10-13 21:22:24
Last seen : 2010-06-07 10:30:56
Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
TrID:
DirectShow filter (50.8%)
Windows OCX File (31.1%)
Win32 Executable MS Visual C++ (generic) (9.5%)
Windows Screen Saver (3.3%)
Win32 Executable Generic (2.1%)
sigcheck:
publisher....: MetaProducts corporation
copyright....: Copyright 2003 MetaProducts corporation
product......: mdpph Module
description..: mdpph Module
original name: mdpph.DLL
internal name: mdpph
file version.: 1, 0, 0, 78
comments.....: Browser download plugin
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x71B9
timedatestamp....: 0x48871C1B (Wed Jul 23 11:55:07 2008)
machinetype......: 0x14C (Intel I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA6F6, 0xB000, 6.41, 9798c0f8487de95626a76914e3f1c7d4
.rdata, 0xC000, 0x16AB, 0x2000, 4.32, ea4304172949e39ac7abaf3af0680e75
.data, 0xE000, 0x2DCC, 0x2000, 3.58, 500cb0bba9365e6bb7eb72a4d73962b4
.rsrc, 0x11000, 0x9CC0, 0xA000, 6.64, e3f362fdb2df402c3251aa3a6f8fb763
.reloc, 0x1B000, 0x1322, 0x2000, 3.21, 7a6693c3f8ea4cd20dfb6d7b81c4b5f5

[[ 8 import(s) ]]
advapi32.dll: RegCloseKey, RegEnumValueA, RegQueryInfoKeyA, RegSetValueExA, RegEnumKeyExA, RegCreateKeyExA, RegDeleteKeyA, RegDeleteValueA, RegOpenKeyExA, RegQueryValueExA
gdi32.dll: SetGraphicsMode, ModifyWorldTransform, SetViewportOrgEx, SetWindowOrgEx, GetDeviceCaps, DPtoLP, CreateFontIndirectA, RestoreDC, DeleteObject, SaveDC
kernel32.dll: LoadResource, FindResourceA, LoadLibraryExA, lstrcmpiA, lstrcpynA, IsDBCSLeadByte, HeapDestroy, GetProcAddress, LoadLibraryA, lstrcpyA, lstrcatA, MulDiv, SizeofResource, InitializeCriticalSection, RtlUnwind, GetStringTypeW, GetStringTypeA, WriteFile, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, TlsGetValue, FreeLibrary, GetModuleFileNameA, GetShortPathNameA, MultiByteToWideChar, lstrlenW, InterlockedDecrement, EnterCriticalSection, InterlockedIncrement, LeaveCriticalSection, DeleteCriticalSection, DisableThreadLibraryCalls, CreateProcessA, Sleep, CloseHandle, WideCharToMultiByte, lstrlenA, GetFileAttributesA, GetModuleHandleA, WinExec, GetLastError, TlsFree, TlsAlloc, TlsSetValue, GetCurrentThreadId, GetCurrentProcess, TerminateProcess, LCMapStringW, LCMapStringA, GetOEMCP, GetACP, GetCPInfo, VirtualAlloc, ExitProcess, VirtualFree, HeapCreate, HeapAlloc, HeapFree, HeapReAlloc, GetCommandLineA, GetVersion
ole32.dll: CoCreateInstance, CoTaskMemRealloc, CoTaskMemAlloc, CoTaskMemFree
oleaut32.dll: -, -, -, -, -, -, -
shell32.dll: ShellExecuteA
user32.dll: SendDlgItemMessageA, PostMessageA, SetFocus, GetForegroundWindow, FindWindowA, SendMessageA, EnumChildWindows, GetClassNameA, GetParent, EnumWindows, GetKeyboardState, CharNextA, WaitForInputIdle, MessageBoxA, DialogBoxParamA, SetForegroundWindow, EndDialog, GetWindowRect, GetSystemMetrics, SetWindowPos, GetDC, ReleaseDC, SetDlgItemTextA, SetWindowTextA, GetDlgItem
wininet.dll: InternetCanonicalizeUrlA

[[ 6 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllShowAboutDialog, DllShowOpenDialog, DllUnregisterServer



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Torna in alto
 
shapiro
Inviato: Monday, January 02, 2012 12:36:35 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

vai nei programmi e rimuovi la cartella di I.E.8

disatttiva il ripristino, riavvia, riattivalo e crea un nuovo punto


scarica e installa ccleaner

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica atf cleaner

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)

Finite le pulizie, postami un nuovo log di hijackthis
Torna in alto
 
pinuccio53
Inviato: Monday, January 02, 2012 12:56:13 AM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Fatta la prima parte dei tuoi consigli. cliccando su atf cleaner mi dice che This ID doesn't exist!, che faccio?
Torna in alto
 
pinuccio53
Inviato: Monday, January 02, 2012 1:37:38 AM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Ok, in modo alternativo sono riuscito a usare atf cleaner. questo è il log di hijachthis :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1.31.44, on 02/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\vVX3000.exe
C:\Programmi\Microsoft Security Client\msseces.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PhotoJoy\bin\PjApp.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [MSC] "C:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoJoy] C:\Programmi\PhotoJoy\bin\PhotoJoy.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-448539723-1957994488-1417001333-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 5441 bytes

E per oggi penso possa bastare , domani è una giornata lavorativa perf tutti e due.
Grazie ancora e ti rinnovo i miei migliori auguri per un sereno e felice 2012.
Pinuccio
Torna in alto
 
shapiro
Inviato: Monday, January 02, 2012 1:45:30 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

una cosa: da dove hai scaricato M.S.E.

Controllami l'eseguibile su virus total

C:\Programmi\Microsoft Security Client\msseces.exe
Torna in alto
 
simo95
Inviato: Monday, January 02, 2012 2:12:21 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
shapiro hai un PM.
Grazie
Ciao
Torna in alto
 
pinuccio53
Inviato: Monday, January 02, 2012 2:46:16 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Eccomi di nuovo qui Shapiro, questo 9 il risultato di Virus total :
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this URL is benign. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this URL is malicious.
Submission date: 2012-01-02 13:36:13 (UTC)
Current status: analysing error, please try again queued analysing finished

Download progress: 0 bytes

Antivirus report: View downloaded file analysis Not available

Webscan result: 0/16 (0.0%) VT Community

not reviewed
Safety score: -
Compact Print results URL analysis tool Result
Avira Clean site
BitDefender Clean site
Dr.Web Error
G-Data Clean site
Malc0de Database Clean site
MalwareDomainList Clean site
Opera Clean site
ParetoLogic Clean site
Phishtank Clean site
TrendMicro Unrated site
Websense ThreatSeeker Unrated site
Wepawet Unrated site
Additional informationShow all
Normalized URL: http://programmi%5Cmicrosoft%20security%20client%5Cmsseces.exe/
URL MD5: 5e57139b81f4a09047700072b613ce1c
Content-Type: text/plain

MSE l'ho scaricato da "Aiutamici"
Grazie ancora del tempo che mi stai dedicando, se c'è altro che devo sono qui a disposizione .
Ciao

Pinuccio
Torna in alto
 
shapiro
Inviato: Monday, January 02, 2012 4:07:08 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

visualizza file e cartelle nascosti e controlla a quale societa' appartiene questo file poi analizzalo sempre sul sito virus total

e' parte degli aggiornamenti ma vorrei che lo controllassi ugualmente

c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{7B4F987A-21BC-4C78-9389-64373AA80018}\MpKsl4d872bf4.sys

Torna in alto
 
pinuccio53
Inviato: Monday, January 02, 2012 6:36:02 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Salve Shapiro questo è il risultato di virus total :
Virus Total
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this URL is benign. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this URL is malicious.
Submission date:
2012-01-02 17:25:52 (UTC)
Current status:
finished
Antivirus report:
Not available
Webscan result:
0 /16 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
URL analysis tool Result
Avira Clean site
BitDefender Clean site
Dr.Web Error
G-Data Clean site
Malc0de Database Clean site
MalwareDomainList Clean site
Opera Clean site
ParetoLogic Clean site
Phishtank Clean site
TrendMicro Error
Websense ThreatSeeker Unrated site
Wepawet Unrated site
Additional information
Normalized URL: http://%7B7b4f987a-21bc-4c78-9389-64373aa80018%7D%5Cmpksl4d872bf4.sys/
URL MD5: 7efccb1146a9faebf77aae2dcf0ff149
Content-Type: text/plain

Non riesco a capire ( scusa la mia cocciutaggine ) come fare a controllare a quale società appartiene il file che mi hai evidenziato.
Pinuccio
Torna in alto
 
shapiro
Inviato: Monday, January 02, 2012 10:03:12 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


vai col tasto destro e scegli proprieta' cosi' puoi controllare a quale societa' appartiene il file


Lancia HiJackThis -> Clicca Do a scan only -> Metti la spunta a fianco della riga che ti segnalo qui sotto -> Clicca su Fix Checked



Code:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)



Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Elimina la cartella qoobox dal disco locale, naviga un po' e controlla se hai ancora problemi
Torna in alto
 
pinuccio53
Inviato: Monday, January 02, 2012 10:30:16 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Fatto shapiro scaricato OTC e eseguito Cleanup, riavviato computer ma non riesco ad eliminare la cartella qoobox, mi appare questa schermata :
http://img805.imageshack.us/img805/1748/invio.png
Torna in alto
 
shapiro
Inviato: Monday, January 02, 2012 10:43:53 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


scarica Inherit

mettilo nella stessa directory della cartella BackEnv e poi trascina la stessa cartella sull'icona di inherinit.Aspetta la scritta OK.

Poi potrai eliminare la cartella qoobox.
Torna in alto
 
pinuccio53
Inviato: Tuesday, January 03, 2012 12:27:37 AM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Scusa il ritardo nella risposta, mi potresti spiegare meglio cosa intendi per " inserire Inherit nella stella directory della cartella di Back Env ?
Sono ,lo avrai capito, molto imbranato.
Grazie
Pinuccio
Torna in alto
 
shapiro
Inviato: Tuesday, January 03, 2012 12:14:40 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


ho sbagliato io

scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio

Avvia il file avenger.exe

Copi e incolli nella finestra: "Imput script here" questo testo

Code:
folders to delete:
C:\Qoobox 
C:\BackEnv


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
Torna in alto
 
pinuccio53
Inviato: Tuesday, January 03, 2012 2:29:53 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Eccomi shapiro, ho potuto solo adesso leggere il tuo post, allego qui di seguito quello che hai chiesto :

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder "C:\Qoobox" deleted successfully.

Error: folder "C:\BackEnv" not found!
Deletion of folder "C:\BackEnv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Grazie
Pinuccio
Torna in alto
 
shapiro
Inviato: Tuesday, January 03, 2012 8:24:37 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


dovrebbe essere tutto a posto, naviga un po' e fammi sapere come va il pc
Torna in alto
 
pinuccio53
Inviato: Tuesday, January 03, 2012 8:51:45 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Sembrerebbe tutto a posto, non ho più avuto rallentamenti, sopratutto su IE.
Se combino altri guai mi rivedrai.Per adesso posso solo dire GRAZIE, sopratutto per la pazienza che hai dimostrato con un'imbranato come me.
Ciao e a presto.... anzi a tardi, per questi problemi, risenterci.
Di nuovo tantissimi auguri per un felice e sereno anno nuovo
Pinuccio
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: 1 [2]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.