Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Per r16:Pc lento.

Per r16:Pc lento. Opzioni
Topic Precedente · Topic Sucessivo
wolfestein
Inviato: Tuesday, September 29, 2009 12:18:52 AM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,949
Per cortesia mi controlli questo log,è del pc di mia figlia che è di una lentezza mostruosa.MalwareBytes su C non ha riscontrato niente e anche Norton tace.Ti ringrazio in anticipo.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23.10.50, on 28/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Vanessa\Documenti\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-80cd9950526d4470.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{251801CD-F1AE-4D31-AA27-9BAE1BF08D00}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Programmi\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7385 bytes
Torna in alto
 
Sponsor
Inviato: Tuesday, September 29, 2009 12:18:52 AM

 
Torna in alto
 
simo95
Inviato: Tuesday, September 29, 2009 2:44:45 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Hai una versione beta di hijackthis, magari sostituiscila con la 2.0.2

Ciao
Torna in alto
 
r16
Inviato: Tuesday, September 29, 2009 3:02:42 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
In che senso "lento" Rudy.
All'avvio, all'apertura delle cartelle, la navigazione....
Questo Software: Alcohol Soft\Alcohol 120 è originale?
La figlia, ha scaricato qualcosa, ultimamente? (E-Mule ecc..)

Elimina tutte le voci 016 di HJT.

Fai una scansione con Combofix, e vediamo cosa è sfuggito a HJT:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)

Fai tutte le pulizie che conosci, e poi uno ScanDisk, infine una deframmentazione del HD.
Torna in alto
 
wolfestein
Inviato: Tuesday, September 29, 2009 3:13:19 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,949
Inanzi tutto grazie per la tua disponibilità.Il pc è lento in tutto tranne che nella navigazione,quell'Alcohol 120 penso sia una versione di prova non disinstallata,qualcosa penso che abbia scaricato ma il problema è da un bel pezzo che si presenta.Eseguirò quello che mi hai detto e ti farò sapere.Di nuovo grazie.
Torna in alto
 
wolfestein
Inviato: Tuesday, September 29, 2009 4:53:11 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,949
ComboFix 09-09-28.01 - Vanessa 29/09/2009 16.09.18.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1024.601 [GMT 2:00]
Eseguito da: c:\documents and settings\Vanessa\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Vanessa\Dati applicazioni\inst.exe
c:\windows\Installer\1093a72.msi
c:\windows\Installer\12a1c2e.msi
c:\windows\Installer\1b5b41.msi
c:\windows\Installer\275eb1.msi
c:\windows\Installer\5c1c6.msi
c:\windows\Installer\68226.msp
c:\windows\Installer\68244.msp
c:\windows\Installer\88cff.msi
c:\windows\Installer\e2a5f.msi

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Creati Da 2009-08-28 al 2009-09-29 )))))))))))))))))))))))))))))))))))
.

2009-09-28 20:58 . 2009-09-28 20:57 35888 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-09-28 20:58 . 2009-09-29 14:06 -------- d-----w- c:\programmi\Symantec
2009-09-28 20:58 . 2009-09-29 14:06 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-28 20:58 . 2009-09-29 14:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-28 20:57 . 2009-09-28 20:57 -------- d-----w- c:\programmi\Norton AntiVirus
2009-09-28 20:50 . 2009-09-28 20:50 -------- d-----w- c:\programmi\NortonInstaller
2009-09-10 15:06 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 14:06 . 2009-09-28 20:58 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-29 14:06 . 2009-09-28 20:58 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-29 13:57 . 2006-01-29 15:31 -------- d-----w- c:\documents and settings\Vanessa\Dati applicazioni\Skype
2009-09-29 13:57 . 2007-12-12 16:02 -------- d-----w- c:\documents and settings\Vanessa\Dati applicazioni\skypePM
2009-09-28 20:58 . 2008-01-07 21:14 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-09-28 20:50 . 2009-01-04 18:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-09-28 20:39 . 2008-01-07 21:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-09-28 19:17 . 2009-08-22 16:08 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-09-16 07:39 . 2008-06-04 20:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-09-10 12:54 . 2009-08-22 16:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-08-22 16:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 19:39 . 2005-12-23 22:33 90616 ----a-w- c:\documents and settings\Vanessa\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-25 12:21 . 2001-08-31 12:00 84910 ----a-w- c:\windows\system32\perfc010.dat
2009-08-25 12:21 . 2001-08-31 12:00 491894 ----a-w- c:\windows\system32\perfh010.dat
2009-08-25 12:11 . 2009-08-25 12:11 -------- d-----w- c:\programmi\MSBuild
2009-08-25 12:11 . 2009-08-25 12:11 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-22 17:41 . 2009-02-17 18:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-22 16:24 . 2005-12-23 23:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-22 16:21 . 2006-08-06 22:51 -------- d-----w- c:\programmi\CCleaner
2009-08-22 16:08 . 2009-08-22 16:08 -------- d-----w- c:\documents and settings\Vanessa\Dati applicazioni\Malwarebytes
2009-08-22 16:08 . 2009-08-22 16:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-08-22 16:04 . 2006-01-29 15:26 -------- d-----w- c:\documents and settings\Vanessa\Dati applicazioni\Lavasoft
2009-08-05 08:59 . 2001-08-31 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2001-08-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2005-12-23 22:28 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2007-01-29 14:51 . 2007-01-29 14:51 336 ----a-w- c:\programmi\3D Arredafacile2.ini
2006-02-26 21:25 . 2007-04-22 17:08 2431 ----a-r- c:\programmi\alcohol_120%_activator.nfo
2006-02-26 21:23 . 2007-04-22 17:08 138 ----a-w- c:\programmi\Serial.txt
2006-02-26 07:03 . 2007-04-22 17:08 5989248 ----a-w- c:\programmi\Alcohol120_retail_1.9.5.3823.exe
2005-11-12 06:40 . 2007-04-22 17:08 463360 ----a-w- c:\programmi\Alcohol120_activator.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-08-22 149280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Vanessa\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Programmi\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\Utils\\Detection\\detectionui_r.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"d:\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:TCP
"4672:UDP"= 4672:UDP:UDP
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1007020.00B\SymEFA.sys [29/09/2009 16.06.43 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1007020.00B\BHDrvx86.sys [29/09/2009 16.06.42 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1007020.00B\cchpx86.sys [29/09/2009 16.06.13 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [28/09/2009 23.01.08 329080]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [30/12/2006 19.40.48 3712]
R2 Norton AntiVirus;Norton AntiVirus;c:\programmi\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [29/09/2009 16.06.24 117640]
S1 sp_rsdrv2;Spyware Terminator Driver 2; [x]
S2 DirectCufp;DirectX Service; [x]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);c:\windows\system32\drivers\atirtcap.sys [24/12/2005 0.03.42 49920]
S3 ldiskl;ldiskl; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-08-25 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {251801CD-F1AE-4D31-AA27-9BAE1BF08D00} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Vanessa\Dati applicazioni\Mozilla\Firefox\Profiles\j0iw2df8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 16:16
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\programmi\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\programmi\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-73586283-1123561945-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FC1C137-1713-BCAC-23AE-58D27C726F1F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"haadnmgfhkjfankd"=hex:61,61,00,7c
"jaadnmgfhkjfankdggnb"=hex:63,61,6c,6d,6a,6c,00,7c
"paidogghbanlgllcfijjmhbedejnflib"=hex:65,61,68,6e,6f,64,65,61,67,63,00,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1344)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-09-29 16.25.04 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-09-29 14:25

Pre-Run: 17.212.608.512 byte disponibili
Post-Run: 17.185.333.248 byte disponibili

205 --- E O F --- 2009-09-16 08:02
Torna in alto
 
simo95
Inviato: Tuesday, September 29, 2009 4:56:20 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Questo era rognosetto: inst.exe

inst.exe è un process che è registrato come Trojan. Questo Trojan permette che gli attaccanti accedano al vostro calcolatore dalle posizioni a distanza, rubanti le parole d'accesso, le attività bancarie del Internet ed i dati personali. Questo processo è un rischio per la sicurezza e dovrebbe essere rimosso dal vostro sistema.


Rischio sicurezza (da 0 a 5) : 4

Magari è meglio se cambi le password.

Ciao
Torna in alto
 
r16
Inviato: Tuesday, September 29, 2009 10:56:27 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Rudy.
Và meglio?
Se Vanessa non usa Alcohol, possiamo levarlo.
Torna in alto
 
wolfestein
Inviato: Tuesday, September 29, 2009 11:10:22 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,949
r16 ha scritto:
Ciao Rudy.
Và meglio?Se Vanessa non usa Alcohol, possiamo levarlo.

Va un poco meglio,Alcohol l'ho gia tolto di mezzo.
Mi sono dimenticato di dirti che avevo trovato l'antivirus disattivato e ho dovuto reinstallarlo.
Io volevo formattarlo ma mia figlia ha detto che ha molte cose sul pc e vuole salvarle(quando io non lo so)e allora mi son rivolto a te.
P.S.Questo inst.exe che dice simo è veramente pericoloso?
Ciao r16 e un bacetto al giovanotto.(Com'è gia grande).
Torna in alto
 
r16
Inviato: Tuesday, September 29, 2009 11:20:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Si, quel eseguibile è pericoloso. (di solito, lo si becca con Messenger)
Ma non è quello che mi dà da pensare.
Sono questi Driver che mi danno da pensare:
\Legacy_IPRIP
\Service_Iprip
Sembra un'infezione da Rootkit.

Che ne dici di fare una scansione con Dr.WEB CureIt.
Se ci sono dei "compari", è in grado di rilevarli.
Scarica sul desktop DoctorWeb: (in fondo pagina trovi il Download)
http://www.drweb-antivirus.it/index.php?option=com_content&task=view&id=3&Itemid=0
Clicca su Avvia.
Farà una scansione preliminare.
Quando sarà finita, seleziona Scansione completa e clicca sul triangolino verde.
Se trova infezioni, usa il tasto [b]"Sposta".[/b]
Non postare il log (sarà lunghissimo) posta solo gli eventuali file infetti che trova.
Il log lo trovi in:
C:\Documents and Settings\nomeutente\DoctorWeb\CureIt.log



Torna in alto
 
wolfestein
Inviato: Thursday, October 01, 2009 1:12:57 AM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,949
DrWebCureit ha trovato solo un trojan e lo ha rimosso,domani vedrò come va il computer e ancora grazie di tutto.
Torna in alto
 
r16
Inviato: Thursday, October 01, 2009 1:45:35 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Fammi sapere.
Ciao.
Torna in alto
 
wolfestein
Inviato: Thursday, October 01, 2009 2:44:51 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,949
La velocità del pc è migliorata,non è il massimo ma in confronto a prima delle scansioni è un missile.
Dimmi se ti devo postare un nuovo log di Hijack.Un grazie anche da mia figlia e a buon rendere.
Torna in alto
 
r16
Inviato: Thursday, October 01, 2009 2:52:21 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ti dico la verità Rudy:
Ne vorrei 2 di log.
Uno nuovo, con una scansione di Combofix.
E poi uno di HJT.
Ma, se Vanessa è contenta cosi, mi accontento di quello di HJT.
Torna in alto
 
wolfestein
Inviato: Thursday, October 01, 2009 5:05:54 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,949
Ecco i due log da te richiesti.
ComboFix 09-09-28.01 - Vanessa 01/10/2009 16.35.20.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1024.625 [GMT 2:00]
Eseguito da: c:\documents and settings\Vanessa\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-09-01 al 2009-10-01 )))))))))))))))))))))))))))))))))))
.

2009-09-30 18:44 . 2009-09-30 18:44 -------- d-----w- c:\documents and settings\Vanessa\DoctorWeb
2009-09-29 14:19 . 2009-08-25 23:34 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-09-28 20:58 . 2009-09-29 14:06 -------- d-----w- c:\programmi\Symantec
2009-09-28 20:58 . 2009-09-29 14:06 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-28 20:58 . 2009-09-29 14:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-28 20:57 . 2009-09-28 20:57 -------- d-----w- c:\programmi\Norton AntiVirus
2009-09-28 20:50 . 2009-09-28 20:50 -------- d-----w- c:\programmi\NortonInstaller
2009-09-10 15:06 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 14:27 . 2006-01-29 15:31 -------- d-----w- c:\documents and settings\Vanessa\Dati applicazioni\Skype
2009-10-01 14:26 . 2007-12-12 16:02 -------- d-----w- c:\documents and settings\Vanessa\Dati applicazioni\skypePM
2009-10-01 12:37 . 2008-06-15 13:22 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-01 12:36 . 2006-08-06 22:52 -------- d-----w- c:\programmi\SpywareBlaster
2009-10-01 12:31 . 2005-12-23 23:08 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-10-01 12:30 . 2005-12-23 23:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-09-30 18:50 . 2008-01-07 21:14 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-09-29 14:06 . 2009-09-28 20:58 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-29 14:06 . 2009-09-28 20:58 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-28 20:50 . 2009-01-04 18:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-09-28 20:39 . 2008-01-07 21:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-09-28 19:17 . 2009-08-22 16:08 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-09-16 07:39 . 2008-06-04 20:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-09-10 12:54 . 2009-08-22 16:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-08-22 16:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 19:39 . 2005-12-23 22:33 90616 ----a-w- c:\documents and settings\Vanessa\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-25 12:21 . 2001-08-31 12:00 84910 ----a-w- c:\windows\system32\perfc010.dat
2009-08-25 12:21 . 2001-08-31 12:00 491894 ----a-w- c:\windows\system32\perfh010.dat
2009-08-25 12:11 . 2009-08-25 12:11 -------- d-----w- c:\programmi\MSBuild
2009-08-25 12:11 . 2009-08-25 12:11 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-22 17:41 . 2009-02-17 18:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-22 16:21 . 2006-08-06 22:51 -------- d-----w- c:\programmi\CCleaner
2009-08-22 16:08 . 2009-08-22 16:08 -------- d-----w- c:\documents and settings\Vanessa\Dati applicazioni\Malwarebytes
2009-08-22 16:08 . 2009-08-22 16:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-08-22 16:04 . 2006-01-29 15:26 -------- d-----w- c:\documents and settings\Vanessa\Dati applicazioni\Lavasoft
2009-08-05 08:59 . 2001-08-31 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2001-08-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2005-12-23 22:28 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2007-01-29 14:51 . 2007-01-29 14:51 336 ----a-w- c:\programmi\3D Arredafacile2.ini
2006-02-26 21:25 . 2007-04-22 17:08 2431 ----a-r- c:\programmi\alcohol_120%_activator.nfo
2006-02-26 21:23 . 2007-04-22 17:08 138 ----a-w- c:\programmi\Serial.txt
2006-02-26 07:03 . 2007-04-22 17:08 5989248 ----a-w- c:\programmi\Alcohol120_retail_1.9.5.3823.exe
2005-11-12 06:40 . 2007-04-22 17:08 463360 ----a-w- c:\programmi\Alcohol120_activator.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-08-22 149280]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Vanessa\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Programmi\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\Utils\\Detection\\detectionui_r.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"d:\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:TCP
"4672:UDP"= 4672:UDP:UDP
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1007020.00B\SymEFA.sys [29/09/2009 16.06.43 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1007020.00B\BHDrvx86.sys [29/09/2009 16.06.42 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1007020.00B\cchpx86.sys [29/09/2009 16.06.13 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [28/09/2009 23.01.08 329080]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [30/12/2006 19.40.48 3712]
R2 Norton AntiVirus;Norton AntiVirus;c:\programmi\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [29/09/2009 16.06.24 117640]
S1 sp_rsdrv2;Spyware Terminator Driver 2; [x]
S2 DirectCufp;DirectX Service; [x]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);c:\windows\system32\drivers\atirtcap.sys [24/12/2005 0.03.42 49920]
S3 ldiskl;ldiskl; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-08-25 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {251801CD-F1AE-4D31-AA27-9BAE1BF08D00} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Vanessa\Dati applicazioni\Mozilla\Firefox\Profiles\j0iw2df8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-01 16:40
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\programmi\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\programmi\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-73586283-1123561945-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FC1C137-1713-BCAC-23AE-58D27C726F1F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"haadnmgfhkjfankd"=hex:61,61,00,7c
"jaadnmgfhkjfankdggnb"=hex:63,61,6c,6d,6a,6c,00,7c
"paidogghbanlgllcfijjmhbedejnflib"=hex:65,61,68,6e,6f,64,65,61,67,63,00,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2752)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-10-01 16.43.42
ComboFix-quarantined-files.txt 2009-10-01 14:43

Pre-Run: 18.402.107.392 byte disponibili
Post-Run: 18.393.063.424 byte disponibili

175 --- E O F --- 2009-10-01 12:20

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.46.17, on 01/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Vanessa\Documenti\HiJackThis_v2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{251801CD-F1AE-4D31-AA27-9BAE1BF08D00}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Programmi\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6335 bytes
Torna in alto
 
r16
Inviato: Thursday, October 01, 2009 9:01:20 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Rudy.
Ci sono dei "rimasugli" vari.

c:\programmi\alcohol_120%_activator.nfo
c:\programmi\Serial.txt
c:\programmi\Alcohol120_retail_1.9.5.3823.exe
c:\programmi\Alcohol120_activator.exe
c:\documents and settings\Vanessa\Dati applicazioni\Lavasoft
C:\WINDOWS\system32\drivers\sp_rsdrv2.sys (Spyware Terminator Driver )

Come vedi, ci sono ancora eseguibili.
Io li toglierei.
Per il resto, mi sembra tutto a posto.
Torna in alto
 
wolfestein
Inviato: Thursday, October 01, 2009 10:00:24 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,949
Ok,li tolgo!
Il pc va molto meglio,ti ringrazio ancora per la tua disponibilità.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Per r16:Pc lento.


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.