Errore all'avvio di windows C:\WINDOWS\SYSTEM32\SCRNRDR.EXE[controllo log] - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Errore all'avvio di windows C:\WINDOWS\SYSTEM32\SCRNRDR.EXE[controllo log]

Errore all'avvio di windows C:\WINDOWS\SYSTEM32\SCRNRDR.EXE[controllo log]

Opzioni

Topic Precedente · Topic Sucessivo

ninhof9

Inviato: Monday, February 02, 2009 10:07:05 AM

Rank: Newbie

Iscritto dal : 2/1/2009
Posts: 0

Ciao ragazzi all'accensione del pc...mi dice che non si trova il percorso del seguente file...come se mancasse dai registri di windows..ho eseguito il log..secondo le procedure..potreste dirmi che anomalie ho?vi ringrazio in anticipo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.03.39, on 02/02/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Programmi\Vista Drive Icon\DrvIcon.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\LClock\LClock.exe
C:\Programmi\HPQ\shared\hpqwmi.exe
C:\Programmi\ViStart\ViStart.exe
C:\Programmi\ViOrb\ViOrb.exe
C:\Programmi\VisualTooltip\VisualToolTip.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Documents and Settings\alessio grassi\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.calcionapoli1926.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.calcionapoli1926.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.calcionapoli1926.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q105&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programmi\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Programmi\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Rainbar] C:\Programmi\Vista Rainbar\launcher.exe
O4 - HKCU\..\Run: [ViStart] C:\Programmi\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Programmi\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Programmi\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231701659070
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0393E8B-8DFE-4EEC-B70D-8BCC022BAB1E}: NameServer = 192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\shared\hpqwmi.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 10187 bytes

Torna in alto

Sponsor

Inviato: Monday, February 02, 2009 10:07:05 AM

Torna in alto

r16

Inviato: Monday, February 02, 2009 6:20:13 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Il log è pulito.
Quel eseguibile,( C:\WINDOWS\SYSTEM32\SCRNRDR.EXE) sembrerebbe un troyan.
Prova a vedere se seguendo il percorso lo trovi.
Poi fai una scansione con Malwarebytes:

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.malwarebytes.org/
Prima di fare la scansione AGGIORNALO.
Esegui una scansione completa del sistema .
Posta il log.

Torna in alto

ninhof9

Inviato: Tuesday, February 03, 2009 1:14:07 AM

Rank: Newbie

Iscritto dal : 2/1/2009
Posts: 0

Malwarebytes' Anti-Malware 1.33
Versione del database: 1717
Windows 5.1.2600 Service Pack 3

03/02/09 1.13.15
mbam-log-2009-02-03 (01-13-15).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 47435
Tempo trascorso: 5 minute(s), 29 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Non riesco proprio a levare questo problema che sussiste ogni qual volta accendo il pc...mi esce quel fastidioso messaggio di percorso non trovato...

Torna in alto

r16

Inviato: Tuesday, February 03, 2009 1:09:50 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Scarica Combofix, avendo cura di eseguire alla lettera quaste indicazioni:

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)

Torna in alto

ninhof9

Inviato: Tuesday, February 03, 2009 2:06:53 PM

Rank: Newbie

Iscritto dal : 2/1/2009
Posts: 0

ecco il log..eseguito con combo fix..attendo te..per sapere perchè mi esce quel maledetto errore all'accensione di windows e anche per disinstallare combo fix...

ComboFix 09-02-02.04 - alessio grassi 2009-02-03 13.48.33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.510.160 [GMT 1:00]
Eseguito da: c:\documents and settings\alessio grassi\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning disabled* (Updated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-01-03 al 2009-02-03 )))))))))))))))))))))))))))))))))))
.

2009-02-03 01:05 . 2009-02-03 01:05 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-02-03 01:05 . 2009-02-03 01:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-02-03 01:05 . 2009-02-03 01:05 <DIR> d-------- c:\documents and settings\alessio grassi\Dati applicazioni\Malwarebytes
2009-02-03 01:05 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 01:05 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 09:47 . 2009-02-02 09:47 <DIR> d-------- c:\programmi\Windows Media Connect 2
2009-02-02 09:44 . 2009-02-02 09:44 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-02 09:44 . 2009-02-02 09:45 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-01-31 18:10 . 2009-01-31 18:10 <DIR> d-------- c:\programmi\SopCast
2009-01-29 13:03 . 2009-01-29 13:04 <DIR> d-------- c:\programmi\iTunes
2009-01-29 13:03 . 2009-01-29 13:03 <DIR> d-------- c:\programmi\iPod
2009-01-29 13:03 . 2009-01-29 13:04 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-29 13:01 . 2009-01-29 13:01 <DIR> d-------- c:\programmi\Bonjour
2009-01-29 13:00 . 2009-01-29 13:04 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-29 12:59 . 2009-01-29 13:03 <DIR> d-------- c:\programmi\File comuni\Apple
2009-01-28 21:31 . 2009-01-28 21:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-28 21:31 . 2009-01-28 21:31 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-28 09:52 . 2009-01-28 09:57 <DIR> d-------- c:\programmi\XoftSpySE
2009-01-23 14:01 . 2009-01-23 14:02 <DIR> d-------- c:\programmi\QuickTime
2009-01-23 14:00 . 2009-01-23 14:00 <DIR> d-------- c:\programmi\Apple Software Update
2009-01-23 14:00 . 2009-01-23 14:00 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-01-19 15:57 . 2009-01-19 15:57 <DIR> d-------- c:\documents and settings\alessio grassi\Dati applicazioni\ViStart
2009-01-19 15:54 . 2009-01-19 15:54 <DIR> d-------- c:\documents and settings\alessio grassi\Dati applicazioni\Styler
2009-01-19 15:51 . 2009-01-19 18:21 <DIR> d-------- c:\windows\system32\VIRepair
2009-01-19 15:48 . 2009-01-19 15:48 <DIR> d-------- c:\programmi\WinFlip
2009-01-19 15:48 . 2009-01-19 15:54 <DIR> d-------- c:\programmi\VisualTooltip
2009-01-19 15:48 . 2009-02-03 13:45 <DIR> d-------- c:\programmi\ViStart
2009-01-19 15:48 . 2009-01-19 15:48 <DIR> d-------- c:\programmi\Vista Rainbar
2009-01-19 15:48 . 2009-01-19 15:48 <DIR> d-------- c:\programmi\Vista Drive Icon
2009-01-19 15:48 . 2009-01-19 15:48 <DIR> d-------- c:\programmi\ViSplore
2009-01-19 15:48 . 2009-01-19 15:48 <DIR> d-------- c:\programmi\ViOrb
2009-01-19 15:48 . 2009-01-19 15:48 <DIR> d-------- c:\programmi\TrueTransparency
2009-01-19 15:48 . 2009-01-19 15:48 <DIR> d-------- c:\programmi\Styler
2009-01-19 15:48 . 2009-01-19 15:48 <DIR> d-------- c:\programmi\LClock
2009-01-19 15:48 . 2007-04-15 01:30 6,181,376 --a------ c:\windows\system32\vistaui.exe
2009-01-19 15:48 . 2008-11-15 13:29 334,422 --a------ c:\windows\system32\viwc.exe
2009-01-19 15:48 . 2004-09-20 01:27 172,032 --a------ c:\windows\system32\LClock.cpl
2009-01-19 15:48 . 2007-11-25 22:11 49,208 --a------ c:\windows\system32\vistartup.bmp
2009-01-19 15:45 . 2009-01-19 15:48 <DIR> d-------- c:\windows\system32\VITrans
2009-01-19 15:45 . 2009-01-19 15:48 <DIR> d-------- C:\VTPFiles
2009-01-19 15:45 . 2006-12-03 17:15 111,104 --a------ c:\windows\system32\Uharc.exe
2009-01-19 15:45 . 2004-11-27 19:00 94,208 --a------ c:\windows\system32\pskill.exe
2009-01-19 15:45 . 2009-01-19 15:45 78,942 --a------ c:\windows\Icon_1.ico
2009-01-19 15:45 . 2006-12-03 17:15 69,632 --a------ c:\windows\system32\moveex.exe
2009-01-19 15:45 . 2006-12-03 17:15 19,968 --a------ c:\windows\system32\reico.exe
2009-01-19 15:45 . 2006-12-03 17:14 8,636 --a------ c:\windows\system32\modifype.exe
2009-01-19 14:52 . 2009-01-19 15:25 219,648 --a--c--- c:\windows\system32\dllcache\uxtheme.dll
2009-01-16 19:14 . 2009-01-16 19:14 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-01-16 19:02 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll
2009-01-16 19:02 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll
2009-01-16 18:43 . 2009-01-16 18:43 <DIR> d-------- c:\programmi\File comuni\Macrovision Shared
2009-01-14 14:36 . 2009-01-14 14:36 <DIR> d-------- c:\windows\Sun
2009-01-13 22:58 . 2009-01-17 09:49 <DIR> d-------- c:\programmi\File comuni\Adobe
2009-01-13 22:58 . 2009-01-13 22:58 <DIR> d-------- c:\documents and settings\alessio grassi\Dati applicazioni\AdobeUM
2009-01-12 11:58 . 2009-01-19 10:39 <DIR> d-------- c:\documents and settings\alessio grassi\Dati applicazioni\vlc
2009-01-12 11:56 . 2009-01-12 11:56 <DIR> d-------- c:\programmi\VideoLAN
2009-01-12 11:49 . 2009-01-12 11:49 <DIR> d-------- c:\programmi\Youtube Downloader HD
2009-01-12 08:45 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-12 08:45 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-12 08:45 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-12 00:30 . 2009-01-30 12:08 <DIR> d-------- c:\programmi\eMule
2009-01-12 00:21 . 2009-02-03 13:45 <DIR> d-------- c:\documents and settings\alessio grassi\Tracing
2009-01-12 00:19 . 2009-01-12 00:19 <DIR> d-------- c:\programmi\Windows Live SkyDrive
2009-01-12 00:19 . 2009-01-12 00:19 <DIR> d-------- c:\programmi\Windows Live
2009-01-12 00:19 . 2009-01-12 00:19 <DIR> d-------- c:\programmi\Microsoft
2009-01-12 00:09 . 2009-01-12 00:09 <DIR> d-------- c:\programmi\File comuni\Windows Live
2009-01-12 00:03 . 2009-01-12 00:03 0 --a------ c:\windows\nsreg.dat
2009-01-11 22:17 . 2008-10-16 21:04 6,066,176 --a--c--- c:\windows\system32\dllcache\ieframe.dll
2009-01-11 22:17 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-11 22:17 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-11 22:17 . 2008-10-16 21:04 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-01-11 22:17 . 2008-10-16 21:04 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-11 22:17 . 2008-10-16 21:04 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-01-11 22:17 . 2008-10-16 21:04 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-01-11 22:17 . 2008-10-16 21:04 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-11 22:17 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-01-11 21:32 . 2008-06-14 18:32 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-11 21:32 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2009-01-11 21:30 . 2008-10-16 02:00 1,499,648 --a--c--- c:\windows\system32\dllcache\shdocvw.dll
2009-01-11 21:30 . 2008-10-16 21:04 1,160,192 --a--c--- c:\windows\system32\dllcache\urlmon.dll
2009-01-11 21:30 . 2008-10-16 21:04 826,368 --a--c--- c:\windows\system32\dllcache\wininet.dll
2009-01-11 21:30 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-11 21:23 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-11 21:21 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-11 21:21 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-11 21:19 . 2008-12-13 07:36 3,593,216 --a--c--- c:\windows\system32\dllcache\mshtml.dll
2009-01-11 21:17 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-01-11 21:17 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-11 21:17 . 2008-05-01 15:34 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-01-11 21:17 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-01-11 21:16 . 2008-09-04 18:15 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-11 21:16 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-11 21:15 . 2009-01-11 21:15 <DIR> d-------- c:\windows\system32\3Planesoft
2009-01-11 21:15 . 2009-01-11 21:15 <DIR> d-------- c:\programmi\3Planesoft Screensaver Manager
2009-01-11 21:14 . 2009-01-11 21:15 <DIR> d-------- c:\programmi\The Lost Watch 3D Screensaver
2009-01-11 21:13 . 2008-04-14 03:13 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-11 21:03 . 2009-01-11 22:18 <DIR> d-------- c:\windows\system32\it-it
2009-01-11 21:03 . 2009-01-11 21:03 <DIR> d-------- c:\windows\system32\it
2009-01-11 21:03 . 2009-01-11 21:03 <DIR> d-------- c:\windows\system32\bits
2009-01-11 21:03 . 2009-01-11 21:03 <DIR> d-------- c:\windows\l2schemas
2009-01-11 21:00 . 2009-01-11 21:01 <DIR> d-------- c:\programmi\Google
2009-01-11 20:59 . 2009-01-11 21:04 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-11 20:49 . 2009-01-11 20:49 <DIR> d-------- c:\windows\EHome
2009-01-11 20:40 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-01-11 20:39 . 2004-08-19 15:23 327,168 --------- c:\windows\system32\drivers\ati2mtaa.sys
2009-01-11 20:26 . 2009-01-14 13:15 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-11 20:26 . 2007-08-10 08:20 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-01-11 20:22 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-01-11 20:22 . 2008-10-16 14:12 35,864 --a------ c:\windows\system32\wucltui.dll.mui
2009-01-11 20:22 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-01-11 20:22 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-01-11 20:22 . 2008-10-16 14:07 19,480 --a------ c:\windows\system32\wuaueng.dll.mui
2009-01-11 20:20 . 2009-01-11 20:20 <DIR> d--hs---- c:\documents and settings\alessio grassi\UserData
2009-01-11 20:13 . 2009-01-11 20:12 512,096 --a------ c:\windows\system32\drivers\amon.sys
2009-01-11 20:13 . 2009-01-11 20:12 298,104 --a------ c:\windows\system32\imon.dll
2009-01-11 20:13 . 2009-01-11 20:12 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys
2009-01-11 20:12 . 2009-01-28 09:49 <DIR> d-------- c:\programmi\ESET
2009-01-11 20:12 . 2001-08-17 22:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-11 20:11 . 2009-01-11 20:11 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\hpqwmi
2009-01-11 20:11 . 2008-04-14 02:49 58,368 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-11 20:11 . 2004-08-03 23:31 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys
2009-01-11 20:10 . 2008-04-14 03:13 76,800 --a------ c:\windows\system32\usbui.dll
2009-01-11 20:10 . 2008-04-13 19:36 14,208 --a------ c:\windows\system32\drivers\battc.sys
2009-01-11 20:10 . 2008-04-13 19:36 13,952 --a------ c:\windows\system32\drivers\cmbatt.sys
2009-01-11 20:10 . 2008-04-13 19:36 10,240 --a------ c:\windows\system32\drivers\compbatt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 19:06 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-11 19:06 --------- d-----w c:\programmi\HPQ
2009-01-11 19:04 20,576 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-01-11 18:55 --------- d-----w c:\programmi\ATI Technologies
2009-01-11 18:54 --------- d-----w c:\programmi\Synaptics
2009-01-11 18:53 --------- d-----w c:\programmi\File comuni\InstallShield
2009-01-11 18:53 --------- d-----w c:\programmi\AMD
2009-01-11 18:52 --------- d-----w c:\programmi\CONEXANT
2009-01-11 18:49 --------- d-----w c:\programmi\WIDCOMM
2009-01-11 18:38 --------- d-----w c:\programmi\microsoft frontpage
2009-01-11 18:36 --------- d-----w c:\programmi\Servizi in linea
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
.

------- Sigcheck -------

2008-08-14 19:25 2069760 c812d8551fd3b6acdbf7eb6b18b1b992 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2004-08-19 13:00 2060544 4dc3a3626b02c39aa69aae6f64bfbc2d c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-14 02:54 2069632 5e95f445b70adcf8876d1203852262a1 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-08-14 14:22 2075008 2fd30c3ab144a8a77a035ef3f2cf6fcd c:\windows\system32\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\system32\VITrans\ntkrnlpa.exe

2008-08-14 19:25 2192896 0ee73494680235d59f4e57301d7ad580 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2004-08-19 13:00 2184704 4591cf1f202181113de2996e79a2905a c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-14 02:55 2192768 7d804c28404e94f57967de3394201d55 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-08-14 14:22 2198144 79a676aec603c484fa49bba6c3a8fd56 c:\windows\system32\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\system32\VITrans\ntoskrnl.exe

2008-04-14 03:14 1426944 df0540407e77c056ceaebbf8a1a0299a c:\windows\explorer.exe
2004-08-19 13:00 1034752 178d42bd8fc34a9837417a6ce1d6bb7b c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 03:14 1036288 70d7f99d95615c3c278367756287db71 c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-14 03:14 1036288 70d7f99d95615c3c278367756287db71 c:\windows\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2009-02-03_13.38.14,64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-03 12:44:40 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_16c.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"LClock"="c:\programmi\LClock\LClock.exe" [2004-09-20 65536]
"Vista Rainbar"="c:\programmi\Vista Rainbar\launcher.exe" [2008-11-14 131778]
"ViStart"="c:\programmi\ViStart\ViStart.exe" [2008-11-12 602112]
"ViOrb"="c:\programmi\ViOrb\ViOrb.exe" [2008-11-14 69632]
"VisualTooltip"="c:\programmi\VisualTooltip\VisualToolTip.exe" [2007-04-25 956928]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-21 344064]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"WatchDog"="c:\programmi\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 184320]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-01-05 413696]
"eabconfg.cpl"="c:\programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-28 136600]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-01-11 949376]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"DrvIcon"="c:\programmi\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-01-06 290088]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2004-11-29 569405]
DVD Check.lnk - c:\programmi\InterVideo\DVD Check\DVDCheck.exe [2009-01-11 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-01-11 15424]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2009-01-11 192896]
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-03 c:\windows\Tasks\XoftSpySE 2.job
- c:\programmi\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]

2009-01-28 c:\windows\Tasks\XoftSpySE.job
- c:\programmi\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.calcionapoli1926.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.calcionapoli1926.it/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q105&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
TCP: {D0393E8B-8DFE-4EEC-B70D-8BCC022BAB1E} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\alessio grassi\Dati applicazioni\Mozilla\Firefox\Profiles\c9z2za3j.default\
FF - prefs.js: browser.startup.homepage - www.gazzetta.it
FF - prefs.js: keyword.URL - hxxp://www.google-searchbar.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.google-searchbar.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 13:51:22
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????3?7?2?4??????? ?,?B?????????????hLC????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\scecli.dll
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2009-02-03 13.53.10
ComboFix-quarantined-files.txt 2009-02-03 12:53:01
ComboFix2.txt 2009-02-03 12:39:05

Pre-Run: 87.820.177.408 byte disponibili
Post-Run: 87,809,249,280 byte disponibili

290 --- E O F --- 2009-02-03 12:02:28

Torna in alto

ninhof9

Inviato: Wednesday, February 04, 2009 12:02:38 PM

Rank: Newbie

Iscritto dal : 2/1/2009
Posts: 0

che problema c'è secondo te?

Torna in alto

r16

Inviato: Wednesday, February 04, 2009 6:27:15 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Combofix lo puoi disistallare.
Le varie scansioni, non hanno rilevato infezioni.
A parte quel messaggio iniziale, il pc ti dà altri problemi?

Torna in alto

ninhof9

Inviato: Wednesday, February 04, 2009 7:31:20 PM

Rank: Newbie

Iscritto dal : 2/1/2009
Posts: 0

no nessuna..ti ringrazio...comunque..quindi non sai proprio..come posso risolvere quel messaggio iniziale?

Torna in alto

r16

Inviato: Wednesday, February 04, 2009 9:37:42 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

ninhof9 ha scritto:

no nessuna..ti ringrazio...comunque..quindi non sai proprio..come posso risolvere quel messaggio iniziale?

Facciamo 2 conti:
Log di HJT : pulito.
Malwarebytes: pulito.
Combofix: pulito.
Il pc dici che non ha problemi.
Mi dispiace, ma non me la sento di infarcirti il pc di scansioni varie ,rischiando di peggiorare le cose.
Al massimo prova eseguire queste pulizie:

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Prova, non costa nulla.

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Errore all'avvio di windows C:\WINDOWS\SYSTEM32\SCRNRDR.EXE[controllo log]

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded