Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Utilizzo CPU in task manager con percentuale alta
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
checcoline
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 06/08/07 22:56
Messaggi: 133
MessaggioInviato: 12 Feb 2008 20:52    Oggetto: Utilizzo CPU in task manager con percentuale alta Rispondi citando
Ultimamente il mio PC si blocca un pò troppe volte ho fatto un pò di controlli ma non ho trovato niente di anomalo
lascio qui i risultati dei miei controlli

GRAZIE

http://www.freefilehosting.net/download/3c17l



Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report




Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19.51.43, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Programmi\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.PDeskNet.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\ESET\nod32kui.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Utente\Documenti\Progammi\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Matrox PowerDesk 8] C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe /silent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Utilità controllo supporti di Cyber-shot Viewer.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201185630062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 6047 bytes
Top
Profilo Invia messaggio privato MSN
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 13 Feb 2008 12:11    Oggetto: Rispondi citando
Ciao checcoline Ciao
Avvia HJT, seleziona queste righe e premi poi fix Checked;
Citazione:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Riavvia il PC e posta un nuovo log di HJT;
Fai la scansione con GMER
Ricorda che i log di GMER sono due: Autostart e Rootkit. Postali su www.freefilehosting.net come indicato quì
Top
Profilo Invia messaggio privato
checcoline
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 06/08/07 22:56
Messaggi: 133
MessaggioInviato: 13 Feb 2008 21:56    Oggetto: Rispondi citando
Ok grazie Sante ho fatto come mi hai indicato,, aspetto tue novità
CIAO Very Happy


gmer autostart7.txt



gmer rootkit8.txt



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20.43.26, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.PDeskNet.exe
C:\WINDOWS\vsnpstd2.exe
C:\Programmi\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Utente\Documenti\Progammi\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Matrox PowerDesk 8] C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe /silent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Utilità controllo supporti di Cyber-shot Viewer.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201185630062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 5933 bytes
Top
Profilo Invia messaggio privato MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 15 Feb 2008 08:17    Oggetto: Rispondi citando
I logs che hai postato sembrano puliti. Think
Segui le istruzioni di questo topic per postare il log di combofix.
Top
Profilo Invia messaggio privato
checcoline
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 06/08/07 22:56
Messaggi: 133
MessaggioInviato: 15 Feb 2008 19:49    Oggetto: Rispondi citando
ComboFix 08-02-15.2 - Utente 2008-02-15 18.44.14.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1524 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\CPPCFG.DLL
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-01-15 al 2008-02-15 )))))))))))))))))))))))))))))))))))
.

2008-02-13 20:46 . 2008-02-13 20:52 250 --a------ C:\WINDOWS\gmer.ini
2008-02-12 18:31 . 2008-02-12 18:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-12 18:31 . 2008-02-12 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-08 15:02 . 2008-02-08 15:03 <DIR> d-------- C:\Programmi\Google
2008-02-08 14:56 . 2008-02-08 14:56 <DIR> d-------- C:\Programmi\Rinera Networks
2008-02-07 19:49 . 2008-02-14 18:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-07 19:49 . 2008-02-07 19:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:47 . 2008-02-07 19:47 <DIR> d-------- C:\Programmi\QuickTime
2008-02-07 19:27 . 2008-02-07 19:28 <DIR> d-------- C:\Programmi\Bonjour
2008-02-07 19:23 . 2008-02-07 19:23 <DIR> d-------- C:\Programmi\File comuni\Macrovision Shared
2008-02-07 18:36 . 2008-02-07 18:36 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\AdobeUM
2008-02-07 18:20 . 2008-02-07 18:20 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-07 18:20 . 2008-02-07 18:20 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-07 18:10 . 2008-02-07 18:10 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-02-07 18:08 . 2008-02-07 18:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-07 18:08 . 2008-02-07 18:08 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-07 17:35 . 2008-02-07 17:35 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\AutoTransfer
2008-02-06 18:46 . 2008-02-06 18:46 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\dvdcss
2008-02-06 17:18 . 2008-02-06 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Minnetonka Audio Software
2008-02-06 17:18 . 2008-02-06 17:18 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-02-06 17:18 . 2008-02-06 17:18 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-02-06 17:18 . 2008-02-06 17:18 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-02-05 16:02 . 2008-02-05 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
2008-02-05 15:58 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-02-05 15:58 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-02-05 15:40 . 2008-02-05 15:40 <DIR> d-------- C:\Programmi\Apple Software Update
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-29 20:45 . 2008-02-05 15:24 6,099 --a------ C:\WINDOWS\system32\QuickTimeFavorites.qtr
2008-01-29 19:35 . 2002-07-10 19:38 435,712 --a------ C:\WINDOWS\system32\QTMPEG2.qtx
2008-01-29 19:34 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-01-29 19:34 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-01-29 19:34 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-01-29 19:34 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-01-29 19:34 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-01-29 19:34 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-01-29 19:34 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-01-29 19:34 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-01-29 18:05 . 2008-02-07 19:41 11,649 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-01-28 16:36 . 2008-01-28 16:36 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\vlc
2008-01-25 12:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-25 12:35 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-24 21:08 . 2004-08-03 23:10 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2008-01-24 21:08 . 2004-08-03 23:10 51,328 --a------ C:\WINDOWS\system32\dllcache\msdv.sys
2008-01-24 21:08 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-01-24 21:08 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\dllcache\61883.sys
2008-01-24 21:08 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2008-01-24 21:08 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\dllcache\avc.sys
2008-01-24 20:05 . 2008-01-24 20:05 <DIR> d-------- C:\Programmi\Sorenson Media
2008-01-24 19:36 . 2008-01-24 19:36 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-01-24 17:08 . 2008-01-24 17:08 <DIR> d-------- C:\Drivers
2008-01-24 17:08 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-01-24 17:08 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-01-24 17:08 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-01-24 17:08 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-01-24 17:08 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-01-24 17:08 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-01-24 17:07 . 2008-01-24 17:07 <DIR> d-------- C:\Programmi\VideoLAN
2008-01-24 16:49 . 2007-12-07 03:04 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-24 16:49 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-24 16:49 . 2007-07-01 04:36 1,032,192 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-24 16:49 . 2007-12-07 03:04 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-24 16:49 . 2007-12-07 03:04 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-24 16:49 . 2007-12-07 03:04 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-24 16:49 . 2007-12-07 03:04 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-24 16:49 . 2007-12-07 03:04 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-24 16:49 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-24 16:48 . 2008-01-24 16:48 <DIR> d-------- C:\WINDOWS\system32\it-it
2008-01-24 15:50 . 2008-01-24 15:50 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-01-24 15:41 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-24 15:38 . 1999-10-15 12:50 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL
2008-01-24 15:38 . 1999-01-28 15:44 49,152 --------- C:\WINDOWS\system32\INETWH32.dll
2008-01-24 15:36 . 2000-06-23 14:05 136,704 --------- C:\WINDOWS\system32\iacenc.dll
2008-01-24 15:36 . 2000-06-22 13:09 56,320 --------- C:\WINDOWS\system32\iyvu9_32.dll
2008-01-24 15:36 . 1997-11-06 14:53 27,648 --a------ C:\WINDOWS\system32\ir50_lcs.dll
2008-01-24 15:32 . 2008-01-24 15:32 <DIR> d-------- C:\Documents and Settings\Utente\WINDOWS
2008-01-24 15:32 . 1998-10-01 15:22 299,520 --a------ C:\WINDOWS\uninst.exe
2008-01-24 15:32 . 1999-03-23 00:19 77,824 --a------ C:\WINDOWS\system32\OptPanel.exe
2008-01-24 15:32 . 1999-12-21 12:09 72,631 --a------ C:\WINDOWS\system32\CvidPro.dll
2008-01-24 15:32 . 2008-01-24 15:32 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-01-24 15:28 . 2008-01-24 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-01-24 15:28 . 2008-01-24 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-01-24 14:49 . 2008-01-24 14:49 <DIR> d--hs---- C:\FOUND.000
2008-01-24 11:43 . 2008-01-24 11:43 <DIR> d-------- C:\Programmi\File comuni\Macromedia(2)
2008-01-24 11:29 . 2008-01-24 11:29 <DIR> d-------- C:\Programmi\Apple Software Update(3)(2)
2008-01-24 11:26 . 2008-01-24 11:26 <DIR> d-------- C:\Programmi\File comuni\Apple(2)
2008-01-24 03:04 . 2008-01-24 03:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer(2)
2008-01-24 02:49 . 2008-01-24 02:49 <DIR> d-------- C:\Programmi\Apple Software Update(2)
2008-01-24 02:25 . 2008-01-24 02:25 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Apple Computer
2008-01-24 00:32 . 2008-01-24 00:32 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
2008-01-24 00:32 . 2008-02-14 18:15 219 --a------ C:\WINDOWS\system32\lsprst7.tgz
2008-01-24 00:32 . 2008-02-14 18:15 87 --a------ C:\WINDOWS\system32\ssprs.tgz
2008-01-23 20:29 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-23 20:05 . 2008-01-23 20:05 <DIR> d-------- C:\Programmi\eMule
2008-01-23 19:57 . 2008-01-23 19:58 <DIR> d-------- C:\Documents and Settings\Utente\Contacts
2008-01-23 19:52 . 2008-01-23 19:52 <DIR> d--hs---- C:\Programmi\File comuni\WindowsLiveInstaller
2008-01-23 19:51 . 2008-01-23 19:51 <DIR> d-------- C:\Programmi\Windows Live
2008-01-23 19:51 . 2008-01-23 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-01-23 19:47 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-23 19:47 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 05:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:50 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:04 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 02:04 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-12-07 02:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-12-07 02:04 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-12-07 02:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-12-07 02:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-12-07 02:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-12-07 02:04 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-12-07 02:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-12-07 02:04 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-12-07 02:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-12-07 02:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-12-07 02:04 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-12-07 02:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-12-07 02:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-12-07 02:04 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-12-07 02:04 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-12-06 11:03 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:27 15360]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-13 16:08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-10-16 15:37 949376]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 14:00 16050176 C:\WINDOWS\RTHDCPL.exe]
"Matrox PowerDesk 8"="C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe" [2005-02-22 17:52 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 16:37 286720]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:27 15360]

C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Utilit? controllo supporti di Cyber-shot Viewer.lnk - C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-01-24 17:08:29 155648]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
R3 MTXPARH;MTXPARH;C:\WINDOWS\system32\DRIVERS\MTXPARHM.sys [2005-02-22 19:07]
R3 snpstd2;Trust WB-3400T Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-07 11:03:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 18:45:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-02-15 18.45.49
ComboFix-quarantined-files.txt 2008-02-15 17:45:48
.
2008-02-15 14:38:09 --- E O F ---
Top
Profilo Invia messaggio privato MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 17 Feb 2008 14:55    Oggetto: Rispondi citando
Scarica Norman Malware Cleaner e drWeb CureIt.
Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria.
Avvia drWeb CureIt e fagli fare la scansione completa.
Avvia Norman Malware Cleaner e fagli fare la scansione completa.
Viene generato un log sul desktop chiamandolo NFix_2008-02-gg_hh-mm-ss.log, alla fine della scansione caricalo su FreeFileHosting come indicato qui e posta il link che ti viene assegnato.

Poi, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
checcoline
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 06/08/07 22:56
Messaggi: 133
MessaggioInviato: 18 Feb 2008 19:33    Oggetto: Rispondi citando
[URL="http://www.freefilehosting.net/files/3c85b"]NFix_2008-02-18_17-39-38.log[/URL]
Top
Profilo Invia messaggio privato MSN
checcoline
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 06/08/07 22:56
Messaggi: 133
MessaggioInviato: 18 Feb 2008 20:14    Oggetto: Rispondi citando
[URL="http://www.freefilehosting.net/files/3c869"]kaspersky30.html[/URL]


spero di aver fatto bene i controlli,, dr web mi dice che non ho virus

a presto

Ciao
Top
Profilo Invia messaggio privato MSN
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 20 Feb 2008 12:38    Oggetto: Rispondi
Il log di Kasper è pulito, mentre Norman ha eliminato qualcos'altro...
Utilizza CCleaner; Avvialo e clicca su opzioni->Avanzate, e togli la spunta da "elimina file solo se più vecchi di 48 ore"
Utilizza l'opzione Pulizia e poi clicca su Analizza; alla fine clicca su Avvia Pulizia. Fai la stessa cosa con l'opzione Trova problemi; eliminerà una serie di chiavi di registro inutili; deframmenta anche il disco...
Riscontri altri problemi?..
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi