Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
AIUTO.!! PC lento , memoria virtuale insufficiente, etc.
Nuovo argomento   Quest'argomento è chiuso: Non puoi inserire, rispondere o modificare i messaggi.    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
bechecche
Mortale devoto
Mortale devoto


Registrato: 25/05/08 18:32
Messaggi: 5
MessaggioInviato: 26 Mag 2008 17:06    Oggetto: AIUTO.!! PC lento , memoria virtuale insufficiente, etc. Rispondi citando
da qualche tempo ho problemi di pop up, blocchi del computer, memoria virtuale insufficiente e lentezza del Pc
allego i due log di combofix e hjt

ciao a tutti e grazie in anticipo

ComboFix 08-05-24.1 - 2008-05-25 18.17.06.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.510 [GMT 2:00]


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\1.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2


((((((((((((((((((((((((( Files Creati Da 2008-04-25 al 2008-05-25 )))))))))))))))))))))))))))))))))))
.

2008-05-17 17:30 . 2008-05-17 17:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-17 17:30 . 2008-05-17 17:30 <DIR> d-------- C:\fsaua.data
2008-05-17 17:30 . 2008-05-17 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-05-17 15:21 . 2008-05-17 15:21 <DIR> d-------- C:\Programmi\Netlog Music Tool
2008-05-17 13:48 . 2008-05-17 15:50 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-17 13:40 . 2008-05-24 14:12 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-17 13:40 . 2008-05-17 13:40 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-17 13:40 . 2008-05-17 13:40 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-17 13:40 . 2008-05-17 13:40 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-17 13:40 . 2008-05-17 13:40 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-17 13:39 . 2008-05-17 13:39 <DIR> d-------- C:\Programmi\AVG
2008-05-17 13:39 . 2008-05-17 13:39 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-17 13:39 . 2008-05-17 13:39 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-10 00:30 . 2008-05-10 00:30 268 --ah----- C:\sqmdata00.sqm
2008-05-10 00:30 . 2008-05-10 00:30 244 --ah----- C:\sqmnoopt00.sqm
2008-05-06 19:27 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-05-06 19:27 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-05-06 18:34 . 2008-05-06 18:34 <DIR> d-------- C:\WINDOWS\naevius_yt_1
2008-05-06 18:34 . 2008-05-07 22:27 <DIR> d-------- C:\naevius_temp_folder
2008-05-04 15:50 . 2008-05-04 15:50 <DIR> d-------- C:\Documents and Settings\roberto\DoctorWeb
2008-05-03 23:42 . 2008-05-03 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\sentinel
2008-05-03 23:38 . 2008-05-17 13:26 <DIR> d-------- C:\Programmi\File comuni\Panda Software
2008-05-03 23:28 . 2008-05-03 23:28 <DIR> d-------- C:\Programmi\Sophos
2008-05-03 22:23 . 2001-08-31 13:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-05-03 22:22 . 2001-08-31 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-03 22:20 . 2008-05-03 22:20 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-03 22:20 . 2008-05-03 22:20 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-03 22:20 . 2008-05-03 22:20 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-03 22:20 . 2008-05-03 22:20 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-05-03 22:20 . 2008-05-03 22:20 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-03 22:20 . 2008-05-03 22:20 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-03 22:05 . 2001-08-31 13:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-03 22:05 . 2001-08-31 13:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-03 22:05 . 2001-08-31 13:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-03 22:05 . 2001-08-31 13:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-03 20:47 . 2008-05-03 21:49 16,843 --a------ C:\WINDOWS\setupapi.old
2008-04-30 20:54 . 2008-04-30 20:54 <DIR> d-------- C:\Programmi\iPod
2008-04-30 20:37 . 2008-04-30 20:38 <DIR> d-------- C:\Programmi\QuickTime
2008-04-30 19:58 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-04-30 19:58 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-04-30 19:58 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-04-30 19:35 . 2008-05-25 18:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-30 19:35 . 2008-04-30 19:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-29 15:43 . 2008-04-29 15:43 <DIR> d-------- C:\divx
2008-04-29 15:34 . 2008-04-29 15:35 <DIR> d-------- C:\Documents and Settings\roberto\Dati applicazioni\DivX
2008-04-29 15:32 . 2008-03-21 22:30 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-04-27 13:29 . 2008-04-27 13:29 1,144 --a------ C:\WINDOWS\mozver.dat
2008-04-27 13:27 . 2008-04-27 13:27 <DIR> d-------- C:\Documents and Settings\roberto\Dati applicazioni\Talkback
2008-04-27 13:27 . 2008-04-27 13:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-26 15:17 . 2008-05-02 00:01 <DIR> d-------- C:\Documents and Settings\roberto\Dati applicazioni\AVGTOOLBAR
2008-04-26 15:17 . 2008-05-17 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 19:25 --------- d-----w C:\Documents and Settings\roberto\Dati applicazioni\LimeWire
2008-05-08 18:57 --------- d-----w C:\Documents and Settings\roberto\Dati applicazioni\Xfire
2008-05-03 21:39 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-03 21:39 --------- d-----w C:\Programmi\Panda Security
2008-05-03 16:27 --------- d-----w C:\Programmi\Google
2008-05-01 08:42 --------- d-----w C:\Programmi\Apple Software Update
2008-04-26 20:12 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-24 20:44 --------- d-----w C:\Programmi\Java
2008-04-24 17:27 --------- d-----w C:\Programmi\MSN Messenger
2008-04-24 17:27 --------- d-----w C:\Programmi\Bonjour
2008-04-22 22:29 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-04-12 11:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-04-03 19:56 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-04-03 19:51 --------- d-----w C:\Programmi\File comuni\SWF Studio
2008-04-01 14:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 16:54 --------- d-----w C:\Programmi\Steinberg
2008-03-27 16:54 --------- d-----w C:\Programmi\Bias
2008-03-26 19:21 --------- d-----w C:\Programmi\proDAD
2008-03-26 19:21 --------- d-----w C:\Documents and Settings\roberto\Dati applicazioni\proDAD
2008-03-26 19:20 --------- d-----w C:\Programmi\Pinnacle
2008-03-26 19:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
2008-03-26 18:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle Studio
2008-03-26 18:54 --------- d-----w C:\Documents and Settings\roberto\Dati applicazioni\InstallShield
2008-03-26 15:45 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-25 13:39 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-23 21:29 22,328 ----a-w C:\Documents and Settings\roberto\Dati applicazioni\PnkBstrK.sys
2008-03-23 21:07 674,600 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 120,056 ----a-w C:\WINDOWS\system32\PxCpyI64.exe
2008-03-21 20:30 118,520 ----a-w C:\WINDOWS\system32\PxInsI64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 12:45 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-09 18:54 4,988 ---ha-w C:\os136207.bin
2008-03-09 13:59 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 12:04 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2008-02-26 15:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
.
Codice:
<pre>
----a-w 744,853 2008-01-12 14:54:01 C:\Documents and Settings\roberto\Documenti\tools anti spy\AntiRootkit\PAVARK .exe
</pre>



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 14:04 97064 --a------ D:\Programmi\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"nTrayFw"="C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2004-11-20 07:03 266240]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-17 13:40 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:22 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^SATARAID5.lnk]
backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^roberto^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=C:\Documents and Settings\roberto\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=C:\WINDOWS\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^roberto^Menu Avvio^Programmi^Esecuzione automatica^Utilità controllo supporti di Picture Motion Browser.lnk]
backup=C:\WINDOWS\pss\Utilità controllo supporti di Picture Motion Browser.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2006-06-13 06:20 127036 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2008-05-11 13:19 5423104 D:\Programmi\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2008-02-28 14:03 1083176 D:\Programmi\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 18:07 1828136 C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
--a------ 2007-03-21 16:41 145496 C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
--a------ 2002-03-25 03:00 900096 C:\WINDOWS\system32\LXSUPMON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Programmi\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 17:29 2221352 D:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 10:59 570664 C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-12-13 09:49 217088 D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-11-30 17:56 1306624 D:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 20:42 32768 d:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2008-02-28 14:04 2049320 D:\Programmi\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"D:\\Programmi\\Xfire\\xfire.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"D:\\Programmi\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"D:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\crack\\PES2008.exe"=
"D:\\Programmi\\LimeWire\\LimeWire.exe"=
"D:\\Programmi\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"D:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"34424:TCP"= 34424:TCP:Emule
"29421:UDP"= 29421:UDP:Emule2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-17 13:40]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-17 13:40]
R2 app_filter;app_filter;C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-11-20 07:01]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-17 13:40]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-17 13:40]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-17 13:40]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-17 13:40]
R2 NeroRegInCDSrv;Nero Registry InCD Service;D:\Programmi\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 14:04]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-05-03 14:54]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-17 13:39]
R3 ZD1211U(ZyXEL);ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-08-19 03:29]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-17 13:39]
S3 p2pgasvc;Autenticazione gruppo rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]
S3 p2pimsvc;Gestione identità rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]
S3 p2psvc;Rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]
S3 PNRPSvc;Peer Name Resolution Protocol (PNRP);C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-30 18:12:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-04-14 16:04:10 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- d:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-15 16:51:32 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- d:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 18:20:25
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Programmi\Nero\Nero8\InCD\InCDsrv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-25 18:22:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-25 16:22:44
ComboFix2.txt 2008-05-03 23:14:44
ComboFix3.txt 2008-05-03 22:57:14
ComboFix4.txt 2008-05-03 21:13:46
ComboFix5.txt 2008-05-03 19:35:59

19 Directory 35,284,852,736 byte disponibili
24 Directory 35,279,761,408 byte disponibili

317


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.35.50, on 25/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Programmi\Nero\Nero8\InCD\InCDsrv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programmi\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\roberto\Documenti\tools anti spy\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19C12986-0F69-4FB1-AB5E-41B5C5C2979F}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{19C12986-0F69-4FB1-AB5E-41B5C5C2979F}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: app_filter - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programmi\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Programmi\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 10203 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 26 Mag 2008 17:34    Oggetto: Rispondi
Hai già aperto questa discussione.

Non serve aprirne un'altra.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Quest'argomento è chiuso: Non puoi inserire, rispondere o modificare i messaggi.    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi