Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

ComboFix controllo log

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

ComboFix controllo log

Messaggioda Roberto88 » ven gen 22, 2010 2:15 pm

i problemi che ho riscontrato da un mesetto a questa parte sono svariati ecco un breve elenco:

- sia audio che video riprodotti a scatti o al rallentatore ma non nell'immediato, sia sul web che sul pc
- spegnimenti improvvisi ma le temperature sono tutte perfettamente nella norma ed inoltre la tempistica degli spegnimenti non suggerice come causa l'aumento di temperature
- rallentamenti generali anche dopo aver deframmentato ed eliminato tutti i processi in avvio automatico non strettissimamente necessari
- la scansione con GMER non viene mai completata, il pc s'inchioda verso metà scansione
- a volte la connessione alla rete pur essendoci risulta disabilitata in molti processi di aggiornamento di numerosi programmi (non sempre ma spesso)
- alcuni processi come explorer.exe e svchost.exe (con una decina di voci presenti) arrivano a consumare insieme numeose risorse (sui 150MB o più), ho visto le dipendenze con Process Explorer ma non ho notato nulla di anormale [boh]

pensando ad un virus ho fatto la scansione con ComboFix (che non capisco per quale miracolo, dato che non me lo faceva avviare un mesetto fa, ha potuto portare a termine) ed ecco il log

ComboFix 10-01-21.01 - Roberto 22/01/2010 13.28.34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.670 [GMT 1:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\fanculizzatore.exe
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((( Files Creati Da 2009-12-22 al 2010-01-22 )))))))))))))))))))))))))))))))))))
.

2010-01-21 23:45 . 2010-01-21 23:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-21 14:49 . 2010-01-21 14:50 -------- d-----w- c:\programmi\WinUtilities
2010-01-20 19:39 . 2010-01-21 23:39 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\TeraCopy
2010-01-20 19:39 . 2010-01-20 19:39 -------- d-----w- c:\programmi\TeraCopy
2010-01-20 19:17 . 2010-01-20 19:17 50354 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Facebook\uninstall.exe
2010-01-20 19:17 . 2010-01-20 19:17 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Facebook
2010-01-14 13:11 . 2010-01-14 13:11 -------- d-----w- c:\programmi\Glary Utilities
2010-01-13 19:33 . 2010-01-13 19:33 -------- d-----w- c:\programmi\AnVir Task Manager
2010-01-13 19:32 . 2010-01-13 19:45 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\AnVir
2010-01-13 12:48 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 13:36 . 2010-01-08 13:36 83 ----a-w- c:\windows\system32\gpupdate.bin
2010-01-08 13:35 . 2010-01-08 13:35 -------- d-----w- c:\programmi\SoundTaxi Media Suite
2010-01-08 13:35 . 2010-01-08 13:36 -------- d-----w- c:\programmi\RadioGet
2010-01-08 12:33 . 2010-01-06 11:08 4726272 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-08 12:33 . 2010-01-06 11:08 103424 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-08 12:33 . 2010-01-06 11:08 545280 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-08 12:33 . 2010-01-06 11:08 4725760 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-08 12:33 . 2010-01-06 11:08 57856 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-08 12:33 . 2010-01-06 11:08 153600 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-08 12:33 . 2010-01-06 11:08 344064 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-07 17:24 . 2010-01-05 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-07 17:13 . 2010-01-17 14:03 -------- d-----w- c:\programmi\MyDefrag v4.2.7
2010-01-06 13:07 . 2009-12-17 23:08 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-05 20:03 . 2001-12-28 19:59 151552 ----a-w- c:\windows\system32\setuplib.dll
2010-01-05 20:03 . 2001-11-23 11:43 6071 ----a-w- c:\windows\system32\InstFunc.dll
2010-01-05 20:03 . 2001-07-23 08:42 86275 ----a-w- c:\windows\system32\waitwnd.exe
2010-01-05 20:03 . 2001-08-06 19:43 308227 ----a-w- c:\windows\IsUn0410.exe
2010-01-05 20:03 . 2010-01-05 20:03 -------- d-----w- c:\documents and settings\Roberto\WINDOWS
2010-01-05 19:56 . 2009-04-02 15:43 520 ----a-w- c:\windows\system32\drivers\SamSfPa.dat
2010-01-05 19:56 . 2008-10-23 16:42 290816 ----a-w- c:\windows\vncutil.exe
2010-01-05 19:56 . 2009-04-20 14:13 36864 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-01-05 19:56 . 2009-03-17 13:07 122880 ----a-w- c:\windows\RtkAudioService.exe
2010-01-05 19:56 . 2006-01-04 14:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-01-05 19:56 . 2008-08-05 19:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-01-05 19:56 . 2010-01-05 19:56 -------- d-----w- c:\programmi\Realtek
2010-01-05 19:56 . 2010-01-05 19:56 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-05 19:55 . 2009-04-16 16:23 540672 ----a-w- c:\windows\RtlExUpd.dll
2010-01-05 19:37 . 2010-01-05 19:37 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\DeviceDoctorSoftware
2010-01-05 19:37 . 2010-01-05 19:37 -------- d-----w- c:\programmi\Device Doctor
2009-12-27 00:16 . 2009-12-27 00:16 6064 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 00:17 . 2009-11-18 00:29 753936 ----a-w- c:\windows\cscmondump.bin
2010-01-22 00:05 . 2009-10-03 11:56 -------- d-----w- c:\programmi\Unlocker
2010-01-21 23:18 . 2009-10-02 16:46 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\uTorrent
2010-01-21 22:45 . 2009-11-02 17:44 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\vlc
2010-01-21 15:30 . 2009-10-03 12:20 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-21 14:47 . 2009-11-17 23:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-20 18:27 . 2009-11-16 07:40 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Ketarin
2010-01-16 14:42 . 2009-10-31 13:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-01-16 14:41 . 2009-10-04 21:56 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-01-11 17:17 . 2009-10-24 14:00 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-09 15:02 . 2009-10-02 16:39 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-09 15:01 . 2009-12-19 15:57 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 17:25 . 2009-10-20 14:54 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-01-07 17:11 . 2009-10-02 16:44 -------- d-----w- c:\programmi\Notepad++
2010-01-07 15:07 . 2009-10-02 16:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-10-02 16:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 13:08 . 2009-11-14 15:08 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-01-05 19:55 . 2009-10-01 19:29 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-01-05 19:36 . 2004-08-19 12:00 81240 ----a-w- c:\windows\system32\perfc010.dat
2010-01-05 19:36 . 2004-08-19 12:00 482458 ----a-w- c:\windows\system32\perfh010.dat
2010-01-05 19:27 . 2009-10-02 16:46 -------- d-----w- c:\programmi\uTorrent
2010-01-01 23:11 . 2009-12-13 15:46 -------- d-----w- c:\programmi\Crayon Physics Deluxe
2009-12-27 13:18 . 2009-10-02 14:05 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-12-27 13:18 . 2009-10-02 14:05 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-12-27 13:17 . 2009-10-02 14:05 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-12-22 23:36 . 2009-11-17 23:36 138828 ----a-w- c:\windows\cscmon.bin
2009-12-18 21:31 . 2009-12-14 17:54 -------- d-----w- c:\programmi\Avidemux 2.5
2009-12-17 23:14 . 2009-11-14 15:09 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 06:50 . 2009-12-17 06:50 847040 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Facebook\axfbootloader.dll
2009-12-17 06:49 . 2009-12-17 06:49 5562368 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Facebook\npfbplugin_1_0_0.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 17:55 . 2009-12-14 17:55 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\avidemux
2009-12-13 17:32 . 2009-12-13 17:32 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Icevc
2009-12-13 17:32 . 2009-12-13 17:32 -------- d-----w- c:\programmi\Icevc
2009-12-13 16:45 . 2009-12-13 15:47 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Crayon Physics Deluxe
2009-12-12 14:15 . 2009-10-20 14:54 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-12 14:12 . 2009-12-12 14:11 -------- d-----w- c:\programmi\HD Tune Pro
2009-12-12 12:33 . 2009-12-12 12:33 3584 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-12-12 12:33 . 2009-12-12 12:33 -------- d-----w- c:\programmi\Windows Installer Clean Up
2009-12-12 12:32 . 2009-12-12 12:32 -------- d-----w- c:\programmi\MSECACHE
2009-12-10 19:16 . 2009-12-10 19:16 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Thunderbird
2009-12-09 19:36 . 2009-12-09 19:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Returnil
2009-12-09 19:30 . 2009-12-09 19:30 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Returnil
2009-12-08 14:11 . 2009-12-08 14:11 -------- d-----w- c:\programmi\Sandboxie
2009-12-08 14:09 . 2009-12-08 14:08 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\FILEminimizerPictures
2009-12-08 14:08 . 2009-12-08 14:08 -------- d-----w- c:\programmi\FILEminimizer Pictures
2009-12-08 13:34 . 2009-11-17 23:54 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-06 18:38 . 2009-10-02 16:59 1 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-06 13:56 . 2009-12-06 13:56 -------- d-----w- c:\programmi\NKProds
2009-12-02 17:31 . 2009-12-02 17:31 -------- d-----w- c:\programmi\PowerISO
2009-12-01 16:37 . 2009-12-01 16:32 -------- d-----w- c:\programmi\jv16 PowerTools 2009
2009-12-01 16:32 . 2009-12-01 16:32 23 --sha-w- c:\windows\system32\edacded0.dat
2009-11-30 14:04 . 2009-11-30 14:04 -------- d-----w- c:\programmi\SpeedFan
2009-11-29 20:57 . 2009-11-29 20:54 -------- d-----w- c:\programmi\ATI
2009-11-29 20:44 . 2009-10-03 18:41 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Inkscape
2009-11-29 20:43 . 2009-11-29 20:27 -------- d-----w- c:\programmi\Inkscape
2009-11-25 23:58 . 2009-11-25 23:58 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\dvdcss
2009-11-25 21:59 . 2009-11-11 20:01 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\IObit
2009-11-25 21:59 . 2009-11-11 20:01 -------- d-----w- c:\programmi\IObit
2009-11-23 19:40 . 2009-11-23 19:40 -------- d-----w- c:\programmi\Opera
2009-11-22 11:43 . 2004-08-19 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-11-21 15:54 . 2004-08-19 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 16:52 . 2009-11-19 16:52 25214 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{1B54FF9E-5FDD-11DE-8B01-005056C00008}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7.exe
2009-11-19 16:52 . 2009-11-19 16:52 25214 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{1B54FF9E-5FDD-11DE-8B01-005056C00008}\RunProductName_985F828E0E98429F9C05EF3BDE7568F7.exe
2009-11-19 16:52 . 2009-11-19 16:52 10134 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{1B54FF9E-5FDD-11DE-8B01-005056C00008}\ARPPRODUCTICON.exe
2009-11-16 12:42 . 2009-11-16 12:42 4248840 ----a-w- c:\windows\system32\qtp-mt334.dll
2009-11-16 12:41 . 2009-11-16 12:41 248584 ----a-w- c:\windows\system32\prgiso.dll
2009-11-14 14:02 . 2009-11-09 14:58 45 ----a-w- c:\windows\system32\_WDYSZYG.sys
2009-11-09 03:21 . 2009-11-09 03:21 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-11-07 19:53 . 2009-11-07 19:53 673280 ----a-w- c:\windows\is-Q8I59.exe
2009-11-07 12:13 . 2009-10-03 12:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-07 12:12 . 2009-11-07 12:12 152576 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-05 15:38 . 2009-11-20 18:46 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-10-29 07:40 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 14:46 . 2009-11-17 23:35 132424 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2009-10-27 08:53 . 2009-10-27 08:53 8192 ----a-w- c:\windows\system32\CSC.exe
.

------- Sigcheck -------

[7] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-08-04 . C41D026393C36632F704567966F31C2B . 2310144 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-08-04 . C41D026393C36632F704567966F31C2B . 2310144 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . C41D026393C36632F704567966F31C2B . 2310144 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[7] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-08-04 . 996066D6DC908136C3A54236F4D3BDD1 . 2188800 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-08-04 . 996066D6DC908136C3A54236F4D3BDD1 . 2188800 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 996066D6DC908136C3A54236F4D3BDD1 . 2188800 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-17 17880576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-27 923336]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Roberto^Menu Avvio^Programmi^Esecuzione automatica^ERUNT AutoBackup.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Roberto^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2009-12-27 13:19 6722760 ----a-w- c:\programmi\Tall Emu\Online Armor\oaui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 12:51 2335880 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnVir Task Manager]
2009-12-28 20:37 3313888 ----a-w- c:\programmi\AnVir Task Manager\AnVir.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 ----a-w- c:\programmi\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-02 12:34 133104 ----atw- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx]
2009-08-20 06:38 1075888 ----a-w- c:\programmi\My Lockbox\mylbx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-20 17:15 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-07 12:13 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-22 15:37 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe"
"RegistryMechanic"=c:\programmi\Registry Mechanic\RegMech.exe /H
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe"
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Collegamento alla pagina delle proprietà di High Definition Audio"=HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [18/11/2009 0.35.45 132424]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [02/10/2009 17.48.11 43792]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [02/10/2009 15.05.07 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [02/10/2009 15.05.07 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [02/10/2009 15.05.07 29776]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [02/10/2009 17.48.12 73392]
R2 OAcat;Online Armor Helper Service;c:\programmi\Tall Emu\Online Armor\oacat.exe [02/10/2009 15.05.06 1282248]
R2 SvcOnlineArmor;Online Armor;c:\programmi\Tall Emu\Online Armor\oasrv.exe [02/10/2009 15.05.06 3431112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/01/2010 20.56.06 1684736]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [20/11/2009 19.46.38 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [20/11/2009 19.46.39 8456]
S3 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [22/10/2009 16.37.59 133104]
S3 RGService;RGService;c:\programmi\RadioGet\RGService.exe [08/01/2010 14.35.10 335872]
S3 SbieDrv;SbieDrv;c:\programmi\Sandboxie\SbieDrv.sys [01/12/2009 14.55.10 119296]
S3 STSService;STSService;c:\programmi\SoundTaxi Media Suite\STSService.exe [29/09/2009 11.41.04 335872]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18/12/2009 0.12.10 1044808]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 7.24.44 10064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-22 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-01-14 11:09]

2010-01-22 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-02 15:37]

2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-22 15:37]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-22 15:37]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-682003330-911625447-1004Core.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-02 12:34]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-682003330-911625447-1004UA.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-02 12:34]

2010-01-10 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-11-29 12:48]
.
.
------- Scansione supplementare -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\
FF - component: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\programmi\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\programmi\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-avgnt - c:\programmi\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-F - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 13:36
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\My Lockbox

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2724)
c:\windows\system32\WININET.dll
c:\programmi\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-01-22 13:41:48
ComboFix-quarantined-files.txt 2010-01-22 12:41

Pre-Run: 94.346.657.792 byte disponibili
Post-Run: 94.369.054.720 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3F5BC3432C97000957755C7D0FC31BE5


[grazie] mille in anticipo a tutti! [std]
within the truth of evil and good there's more than you see
....much more than you should
Avatar utente
Roberto88
Bronze Member
Bronze Member
 
Messaggi: 968
Iscritto il: mar nov 11, 2008 11:17 pm

Re: ComboFix controllo log

Messaggioda Uomo_Senza_Sonno » ven gen 22, 2010 3:26 pm

Ciao
Roberto88 ha scritto:la scansione con GMER non viene mai completata, il pc s'inchioda verso metà scansione
anche a me era capitato un problema del genere, poi si è rivelato più fastidioso del previsto... comunque prova a rinominare gmer.exe in un altro nome qualsiasi, poi riprova a fare la scansione.
Inoltre, scarica anche mbr.exe e salvalo in C:\ poi posta il log che genera il comando

Codice: Seleziona tutto
start mbr.exe

da dos

riprova a lanciare combofix (meglio se rinominato anch'esso) dopo aver eseguito questo comando e vedi un po' che log ti genera.
Prova anche a fare un controllo con il kaspersky resque disk, giusto per vedere che ti porta fuori
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Re: ComboFix controllo log

Messaggioda tiger » ven gen 22, 2010 8:58 pm

Ti propongo una scansione approfondita con i seguenti step:

1) Disattiva i punti di ripristino di Windows:
cliccare su Start, Fare clic con il pulsante destro del mouse su Risorse del computer,
quindi fare clic su Proprietà. Sulla scheda Ripristino configurazione di sistema, selezionare Disattiva Ripristino configurazione di sistema o Disattiva Ripristino configurazione di sistema su tutte le unità. Se la scheda Ripristino configurazione di sistema non viene visualizzata significa che non si è eseguito l'accesso a Windows come amministratore.
Fare clic su Applica, infine confermare e premere OK.

2) Esegui il tool ccleaner 2.27 per pulizia completa

3) Scarica kaspersky virus removal tool (free) al seguente link: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
ed effettua una in modalita PROVVISIORIA la scansione/clean totale del tuo pc.

4) Infine Scarica Process Hacker (free e anche portable .zip) al link: http://processhacker.sourceforge.net/
e analizza se ci sono rimasti dei processi/service strani che occupano CPU e memoria, compresa l'analisi hidden process.
Avatar utente
tiger
Aficionado
Aficionado
 
Messaggi: 117
Iscritto il: ven gen 01, 2010 7:26 pm

Re: ComboFix controllo log

Messaggioda Roberto88 » sab gen 23, 2010 11:30 am

[grazie] Uomo_Senza_Sonno e tiger per le pronte risposte ma ho tardato nel rispondere perché ho dovuto formattare [V]
era diventato inutilizzabile il pc e nn mi permetteva neanche di aprire un qualsiasi browser (e questo quando non si bloccava all'avio) in mdalità provvisoria nn riuscivo ad entrare [boh] quando inserivo la password si fermava sulla schermata di caricamento, a volte dopo molto tempo entrava ma lo scermo rimaneva nero con le classiche scritte tutt'intorno, adesso dopo la formattazione sembra andare tutto bene...
within the truth of evil and good there's more than you see
....much more than you should
Avatar utente
Roberto88
Bronze Member
Bronze Member
 
Messaggi: 968
Iscritto il: mar nov 11, 2008 11:17 pm

Re: ComboFix controllo log

Messaggioda tiger » sab gen 23, 2010 8:36 pm

Piccoli consigli per proteggere meglio il PC che hai formattato di nuovo:

1) Come antivirus ti propongo Avira 9 (leggero ed efficente)

2) Come firewall pctools firewall plus 6 (ottimo e semplice)

3) Effettuare delle pulizie periodiche con ccleaner

4) non scaricare toolbar da internet molte volte sono portatrici di virus

5) Effettuare in modalita PROVVISIORIA delle scansioni periodiche con Malwarebytes Anti-Malware 1.44
Avatar utente
tiger
Aficionado
Aficionado
 
Messaggi: 117
Iscritto il: ven gen 01, 2010 7:26 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 0 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising