Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » potreste controllarmi il log (da problemi informatici- problemi con i file immagine

potreste controllarmi il log (da problemi informatici- problemi con i file immagine Opzioni
Topic Precedente · Topic Sucessivo
phils
Inviato: Saturday, January 24, 2009 6:55:54 PM
Rank: AiutAmico

Iscritto dal : 3/19/2007
Posts: 166
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:42, on 24/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\File comuni\EPSON\eEBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Installer\MSI20B.tmp
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Armando\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.incredimail.com/page.asp?page=app_welcome&lang=16&version=5703642&setup_id=16000002&aff_id=1&addon=IncrediMail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MediaFace Integration] C:\Programmi\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\eEBAPI\SAgent2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: SolidConverterPDFv4ReadSpool (SCPDFV4ReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI20B.tmp
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8816 bytes
Torna in alto
 
Sponsor
Inviato: Saturday, January 24, 2009 6:55:54 PM

 
Torna in alto
 
pidue
Inviato: Saturday, January 24, 2009 7:40:33 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Il log non presenta particolari problemi.
Dovresti dirmi quando è comparso il problema e se in modo improvviso.
Non penso sia un problema di virus.
Torna in alto
 
phils
Inviato: Saturday, January 24, 2009 7:57:48 PM
Rank: AiutAmico

Iscritto dal : 3/19/2007
Posts: 166
Del problema mi sono accorto oggi :
l'unica cosa che ho fatto prima di accorgermene è stato aggiornare i driver della scheda video (Nvidia geforce 7300 gt agp ) direttamente dal sito nvidia .
Comunque in questi giorni c'era un altro problema (gia segnalato in un altro topic) e tutt'ora non risolto : quando sono in
Internet explorer se tento di salvare un immagine con il tasto dx del mouse cliccando sulla tendina "salva imagine con nome" , il
sistema chiude il browser, cioè mi butta fuori e mi ritrovo sul desktop , come nell' occasione del problema segnalato oggi,
ma in questa occasione almeno non spariscono le icone .
Torna in alto
 
pidue
Inviato: Saturday, January 24, 2009 8:13:19 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Vediamo se si possono escludere virus.

COMBOFIX
Scarica Combofix , salvalo sul desktop, disabilita l'antivirus e chiudi la connessione a internet.
Lancialo in mod normale e segui scrupolosamente le istruzioni a video.
Al termine, verrà creato un log in C:\ComboFix.txt.


VIRIT
Scarica VirIt , installalo e aggiornalo. Fai due scansioni in modalità provvisoria.
Pubblica:
- il log di ComboFix;
- il report di VirIt
Torna in alto
 
phils
Inviato: Sunday, January 25, 2009 7:38:44 PM
Rank: AiutAmico

Iscritto dal : 3/19/2007
Posts: 166
Per Pidue : allego il log combofix, però non posso allegare il report VirIT in quanto lo stesso programma non mi gira , alla fine
dell'installazione compare una finestra di errore aplicazione VirIT , con questa dicitura :

""""" l'istruzione a 0x00000000 ha fatto riferimento alla memoria 0x00000000 , la meemoria non poteva essere "read"

fare click su OK per terminare l'applicazione """"

Comincio a credere che ci siano problemi su qualche file corrotto o danneggiato del sistema (esistono applicazioni in grado di
rilevare questo ?? ).

Grazie Phils

ecco il log. Combofix :

ComboFix 09-01-21.04 - Armando 2009-01-24 22.45.44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.2560.2092 [GMT 1:00]
Eseguito da: c:\documents and settings\Armando\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Armando\Dati applicazioni\inst.exe
C:\InfoSat.txt
c:\windows\msvrc20.dll
c:\windows\system\oeminfo.ini
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
---- Esecuzione precedente -------
.
c:\documents and settings\Proprietario\Dati applicazioni\inst.exe
c:\windows\msvrc20.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Creati Da 2008-12-24 al 2009-01-24 )))))))))))))))))))))))))))))))))))
.

2009-01-20 18:00 . 2008-05-03 05:46 251,599 --a------ c:\windows\system32\nvdspjpn.chm
2009-01-19 20:19 . 2009-01-19 20:19 <DIR> d-------- c:\programmi\Defraggler
2009-01-18 22:14 . 2008-11-12 16:44 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-01-15 08:19 . 2009-01-15 08:19 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2009-01-09 23:24 . 2009-01-24 22:43 <DIR> d-------- c:\windows\system32\CatRoot2
2009-01-08 20:04 . 2009-01-08 20:05 <DIR> d-------- c:\documents and settings\Armando\Dati applicazioni\vlc
2009-01-05 18:49 . 2009-01-10 18:51 <DIR> d-------- c:\programmi\TuxPaint
2009-01-02 16:56 . 2009-01-02 16:57 <DIR> d--h-c--- c:\documents and settings\All Users\Dati applicazioni\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2008-12-27 20:28 . 2008-12-27 20:28 <DIR> d-------- c:\documents and settings\Armando\Dati applicazioni\NeroDigital(TM)
2008-12-27 20:26 . 2009-01-20 18:46 69 --a------ c:\windows\NeroDigital.ini
2008-12-27 14:52 . 2008-12-27 20:32 <DIR> d-------- c:\documents and settings\Armando\Dati applicazioni\Nero
2008-12-27 14:05 . 2008-12-27 14:27 <DIR> d-------- c:\programmi\Nero
2008-12-27 14:04 . 2008-12-27 14:50 <DIR> d-------- c:\programmi\File comuni\Nero
2008-12-27 14:04 . 2008-12-27 14:17 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Nero
2008-12-26 16:10 . 2008-12-26 16:11 <DIR> d-------- c:\documents and settings\Armando\Dati applicazioni\Software Informer
2008-12-24 17:24 . 2009-01-18 22:14 362,240 --a------ c:\windows\system32\TuneUpDefragService.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 19:26 --------- d-----w c:\programmi\Spyware Terminator
2009-01-24 19:26 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-01-24 19:06 --------- d-----w c:\documents and settings\Armando\Dati applicazioni\Spyware Terminator
2009-01-24 18:32 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\DriverScanner
2009-01-24 14:46 --------- d-----w c:\programmi\eMule
2009-01-23 19:13 --------- d-----w c:\documents and settings\Armando\Dati applicazioni\Vso
2009-01-23 17:20 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-01-18 21:34 --------- d-----w c:\programmi\PC Connectivity Solution
2009-01-18 21:34 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2009-01-18 21:30 --------- d-----w c:\programmi\File comuni\PCSuite
2009-01-18 21:14 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-18 21:14 --------- d-----w c:\programmi\TuneUp Utilities 2009
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-07 10:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-01-05 13:23 --------- d-----w c:\programmi\Opera
2009-01-01 15:09 --------- d-----w c:\documents and settings\Armando\Dati applicazioni\SolidDocuments
2008-12-28 17:26 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-27 13:25 --------- d-----w c:\programmi\Windows Sidebar
2008-12-26 22:47 --------- d-----w c:\documents and settings\Alessandro\Dati applicazioni\Ahead
2008-12-24 16:03 --------- d-----w c:\programmi\CCleaner
2008-12-22 10:25 --------- d-----w c:\programmi\CDBurnerXP
2008-12-16 22:11 --------- d-----w c:\documents and settings\Armando\Dati applicazioni\OfficeUpdate12
2008-12-16 22:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-12-15 22:03 --------- d-----w c:\programmi\File comuni\EPSON
2008-12-15 21:56 --------- d-----w c:\programmi\Smart Panel
2008-12-15 21:54 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-15 17:26 --------- d-----w c:\programmi\EPSON
2008-12-14 18:53 --------- d-----w c:\programmi\Uniblue
2008-12-14 18:53 --------- d-----w c:\documents and settings\Armando\Dati applicazioni\Uniblue
2008-12-14 18:50 --------- d-----w c:\programmi\Any Video Converter Professional
2008-12-13 22:10 141,312 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-11 22:42 --------- d-----w c:\programmi\TuneUp Utilities 2008
2008-12-11 22:42 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-12-11 22:12 --------- d-sh--w c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 22:28 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Downloaded Installations
2008-12-07 22:32 --------- dc-h--w c:\documents and settings\All Users\Dati applicazioni\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-06 22:11 --------- d-----w c:\documents and settings\Armando\Dati applicazioni\Any Video Converter Professional
2008-12-05 21:46 --------- d-----w c:\programmi\IObit
2008-12-05 21:46 --------- d-----w c:\documents and settings\Armando\Dati applicazioni\IObit
2008-12-04 18:54 524,288 ----a-w c:\windows\opuc.dll
2008-12-04 17:31 --------- d-----w c:\programmi\cdcover
2008-12-04 15:58 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-04 15:58 --------- d-----w c:\programmi\Java
2008-11-28 22:04 --------- d-----w c:\programmi\ESET
2008-11-28 19:17 81,984 ----a-w c:\windows\system32\bdod.bin
2008-11-28 18:11 --------- d-----w c:\programmi\Tweak-XP Pro 4
2008-11-27 19:47 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-11-25 11:53 66,048 ----a-w C:\mbr.exe
2008-11-24 16:25 --------- d-----w c:\documents and settings\Armando\Dati applicazioni\Nokia
2008-11-07 16:14 219,648 ----a-w c:\windows\system32\uxtheme.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-07-12 14:43 47,360 ----a-w c:\documents and settings\Armando\Dati applicazioni\pcouffin.sys
2007-02-15 18:05 43,280 ----a-w c:\documents and settings\Alessandro\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-12-25 18:44 81,920 ----a-w c:\documents and settings\Armando\Dati applicazioni\ezpinst.exe
2004-09-28 02:00 26,240 ----a-w c:\windows\inf\RAMDSK.SYS
2008-04-13 17:14 1,695,232 --sha-w c:\windows\VistaMizer\old\msmsgs.exe
.

------- Sigcheck -------

2008-04-13 19:14 14336 bb8363abec09aa2f9b363484e282117c c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-13 18:14 14336 bb8363abec09aa2f9b363484e282117c c:\windows\system32\svchost.exe
2008-04-13 18:14 14336 bb8363abec09aa2f9b363484e282117c c:\windows\system32\dllcache\svchost.exe

2008-04-13 19:13 579584 fa94696c0727bd59e517c674cd6e7c72 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-13 18:13 579584 fa94696c0727bd59e517c674cd6e7c72 c:\windows\system32\user32.dll
2008-04-13 18:13 579584 fa94696c0727bd59e517c674cd6e7c72 c:\windows\system32\dllcache\user32.dll

2008-04-13 19:13 82432 d34f635ff28f2aabedc95bfeb891864c c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-13 18:13 82432 d34f635ff28f2aabedc95bfeb891864c c:\windows\system32\ws2_32.dll
2008-04-13 18:13 82432 d34f635ff28f2aabedc95bfeb891864c c:\windows\system32\dllcache\ws2_32.dll

2008-03-01 13:34 827392 93db90be4a10ec784ddc9c8601a28aa6 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 05:19 827392 fe184a2b736f216ccc22abeebb40787d c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 16:39 827904 bf9d17259082632f03f3ff5759c6ae32 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-08-26 10:08 827904 8e694ec9da095e518d9447b3293208ea c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2008-10-16 20:32 827904 f303cfed3d8b8348a54f7a53ddc7cca0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
2008-03-01 13:58 826368 61d4f43d26ec9d21beb6f38f22b396ab c:\windows\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 05:16 927744 d904abd553cf9663ba575f02d6541164 c:\windows\ie7updates\KB953838-IE7\wininet.dll
2008-06-23 17:15 826368 4b54220877703198e55f61cb7b87979e c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 08:57 927744 688c181afb9f94131190322f5875e852 c:\windows\ie7updates\KB958215-IE7\wininet.dll
2008-08-26 08:57 927744 688c181afb9f94131190322f5875e852 c:\windows\ServicePackFiles\i386\wininet.dll
2008-10-16 21:04 826368 a4c79606c0d9835e8a5a8e5e5804ae60 c:\windows\system32\wininet.dll
2008-10-16 21:04 826368 a4c79606c0d9835e8a5a8e5e5804ae60 c:\windows\system32\dllcache\wininet.dll
2008-08-26 08:57 826368 d590241cadec69a1bc157dc0452c92d1 c:\windows\VistaMizer\old\wininet.dll

2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-05-10 17:45 361344 68f06fe0021b01e670af37b8c5964fdf c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys

2008-04-13 18:14 549888 6dc43081c760eec1130d2c8c145df375 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-13 18:14 549888 6dc43081c760eec1130d2c8c145df375 c:\windows\system32\winlogon.exe
2008-04-13 18:14 510464 9259170d29b5a256735fcb8b80280857 c:\windows\VistaMizer\old\winlogon.exe

2008-04-13 12:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2008-04-13 11:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\dllcache\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

2008-08-14 18:25 2069760 c812d8551fd3b6acdbf7eb6b18b1b992 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2008-04-13 18:25 2285056 8cc0025157619bec389dff02e208c05e c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-08-14 14:22 2285056 8a421a1910d3f371974259102fe1173a c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\system32\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 14:22 2027520 bc8d2ff46d42b76655f443ef1386930f c:\windows\VistaMizer\old\ntkrnlpa.exe

2008-08-14 18:25 2192896 0ee73494680235d59f4e57301d7ad580 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2008-04-13 17:54 2406400 8af9297be7a43354c3cf4bcc9078dfbe c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-08-14 14:22 2406400 a9d63f5944e0b56cf15659d1659f8f9c c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-08-14 14:22 2148864 15315cdc4a67dcbbae59967f08129499 c:\windows\system32\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 14:22 2148864 15315cdc4a67dcbbae59967f08129499 c:\windows\VistaMizer\old\ntoskrnl.exe

2008-04-13 18:14 1554944 19cb8aa5b83d0017eb9a9126aa2eeb55 c:\windows\explorer.exe
2008-04-13 18:14 1554944 19cb8aa5b83d0017eb9a9126aa2eeb55 c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-13 18:14 1036288 70d7f99d95615c3c278367756287db71 c:\windows\VistaMizer\old\explorer.exe

2008-04-13 19:14 109056 dac0440c89b1ea4e35684896d5bf856e c:\windows\ServicePackFiles\i386\services.exe
2008-04-13 18:14 109056 dac0440c89b1ea4e35684896d5bf856e c:\windows\system32\services.exe
2008-04-13 18:14 109056 dac0440c89b1ea4e35684896d5bf856e c:\windows\system32\dllcache\services.exe

2008-04-13 19:14 13312 0fba335727905de8e4cb5a2cf438abf5 c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-13 18:14 13312 0fba335727905de8e4cb5a2cf438abf5 c:\windows\system32\lsass.exe
2008-04-13 18:14 13312 0fba335727905de8e4cb5a2cf438abf5 c:\windows\system32\dllcache\lsass.exe

2008-04-13 18:14 25088 91b6aac828f8bbe1796275424e44dfb0 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 18:14 25088 91b6aac828f8bbe1796275424e44dfb0 c:\windows\system32\ctfmon.exe
2008-04-13 18:14 15360 f53cddef33a4c41336a782be3d170158 c:\windows\VistaMizer\old\ctfmon.exe

2008-04-13 19:14 57856 60977c9bae8f86f9075829325303d0c9 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 18:14 57856 60977c9bae8f86f9075829325303d0c9 c:\windows\system32\spoolsv.exe
2008-04-13 18:14 57856 60977c9bae8f86f9075829325303d0c9 c:\windows\system32\dllcache\spoolsv.exe

2008-04-13 19:14 26624 df69726907357c3add243f48902b0331 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 18:14 26624 df69726907357c3add243f48902b0331 c:\windows\system32\userinit.exe
2008-04-13 18:14 26624 df69726907357c3add243f48902b0331 c:\windows\system32\dllcache\userinit.exe

2008-04-13 19:13 296960 fe5a5329ccfc33d645c33077ff04f052 c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-13 18:13 296960 fe5a5329ccfc33d645c33077ff04f052 c:\windows\system32\termsrv.dll
2008-04-13 18:13 296960 fe5a5329ccfc33d645c33077ff04f052 c:\windows\system32\dllcache\termsrv.dll

2008-04-13 19:13 1033728 06157539ebb8b87d47b9b6c5da44b62f c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-13 18:13 1033728 06157539ebb8b87d47b9b6c5da44b62f c:\windows\system32\kernel32.dll
2008-04-13 18:13 1033728 06157539ebb8b87d47b9b6c5da44b62f c:\windows\system32\dllcache\kernel32.dll

2008-04-13 19:13 17408 2f331374433e3fe176bee155d9be83e1 c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-13 18:13 17408 2f331374433e3fe176bee155d9be83e1 c:\windows\system32\powrprof.dll
2008-04-13 18:13 17408 2f331374433e3fe176bee155d9be83e1 c:\windows\system32\dllcache\powrprof.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 25088]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="c:\programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"MediaFace Integration"="c:\programmi\Fellowes\MediaFACE 5.0\SetHook.exe" [2008-01-07 53248]
"SMSERIAL"="c:\programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"EPSON Stylus C62 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-10-16 c:\windows\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"bdss"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Magentic\\bin\\MgImp.exe"=
"c:\\Programmi\\Magentic\\bin\\Magentic.exe"=
"c:\\Programmi\\Magentic\\bin\\MgApp.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R4 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R4 SCPDFV4ReadSpool;SolidConverterPDFv4ReadSpool;c:\windows\Installer\MSI20B.tmp [2008-08-13 189688]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-11 603904]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-09-28 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-09-28 8320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2008-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-23 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]

2008-12-14 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.incredimail.com/page.asp?page=app_welcome&lang=16&version=5703642&setup_id=16000002&aff_id=1&addon=IncrediMail
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 22:47:35
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SCPDFV4ReadSpool]
"ImagePath"="c:\windows\Installer\MSI20B.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\scecli.dll
.
Ora fine scansione: 2009-01-24 22.49.33
ComboFix-quarantined-files.txt 2009-01-24 21:49:31

Pre-Run: 49.813.938.176 byte disponibili
Post-Run: 49,830,088,704 byte disponibili

308 --- E O F --- 2009-01-14 18:55:56
Torna in alto
 
phils
Inviato: Wednesday, January 28, 2009 10:07:08 AM
Rank: AiutAmico

Iscritto dal : 3/19/2007
Posts: 166
Risolti i problemi di cui sopra con una installazione tipo AGGIORNAMENTO di windows xp SP3 , sopra quella esistente, senza formattare
(cosa che odio e alla quale sono contrario se non in casi estremi ), quindi tutte le impostazioni e i programmi installati sono
rimasti come erano.

Comunque alcuni problemi spero minori (di cui al topic " schermate blu con pause e schermate nere") ,
sono rimasti speriamo di poterli risolvere .
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » potreste controllarmi il log (da problemi informatici- problemi con i file immagine


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.