Olimpo Informatico

vincycefa91 · Eroe Registrato: 14/04/07 13:19 Messaggi: 54 Residenza: Siracusa

salve a tutti...ho un problema....il pc da un po' di giorni è strano.....
1. è lentissimo...la musica si sente a tratti e carica carica carica....e il bello è ke sul task manager nn si vedono picchi...boh
2. mentre si vede la skermata di windows xp (apparte starci 1 minuto di orologio davanti alla scritta windows xp) si stacca e si riattacca il monitor...e minuti ke si perdono.....poi accede e si avvia e altri minuti ke si perdono...boh
3. ho fatto varie scansioni...con nod32 tutto apposto e cn hijackthis nn mi pare ci siano problemi...

midate una mano? grazie

bdoriano

I logs servono per capire come poterti aiutare. Wink

Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Fai una scansione cone Norman Malware Cleaner.
- Scarica il programma
- Avvia il pc in modalità provvisoria.
- Avvia Norman Malware Cleaner e fagli fare la scansione completa.
- Alla fine della scansione viene generato un log sul desktop chiamato NFix_2008-MM-gg_hh-mm-ss.log.
Riavvia il computer in modalità normale
Segui le istruzioni di questo topic per eseguire combofix.
Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di Norman Malware Cleaner su FreeFileHosting come indicato qui e posta il link che ti viene assegnato
- Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio

vincycefa91 · Eroe Registrato: 14/04/07 13:19 Messaggi: 54 Residenza: Siracusa

li ho fatti da poco Very Happy

precisamente 1 settimana fa....da quando ovviamente avevo questi problemi!

http://www.freefilehosting.net/download/3hdm3

ComboFix 08-05-12.1 - ViNcY 2008-05-14 15.37.57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.195 [GMT 2:00]
Eseguito da: C:\Documents and Settings\ViNcY\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\win.exe
C:\WINDOWS\win.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-04-14 al 2008-05-14 )))))))))))))))))))))))))))))))))))
.

2008-05-12 18:31 . 2008-05-12 18:31 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-05-12 18:31 . 2008-05-12 18:31 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
2008-05-11 19:37 . 2008-05-11 19:37 <DIR> d-------- C:\Documents and Settings\NetworkService\Dati applicazioni\DivX
2008-05-11 19:22 . 2008-05-11 19:25 <DIR> dr------- C:\Documents and Settings\NetworkService\Documenti
2008-05-11 19:10 . 2008-05-13 15:58 <DIR> dr------- C:\Documents and Settings\NetworkService\Preferiti
2008-05-11 19:10 . 2008-05-11 19:10 <DIR> d-------- C:\Documents and Settings\NetworkService\Menu Avvio
2008-05-11 18:58 . 2008-05-11 18:58 471 --a------ C:\WINDOWS\system32\Datei4
2008-05-11 18:58 . 2008-05-11 18:58 471 --a------ C:\WINDOWS\system32\Datei2
2008-05-11 18:58 . 2008-05-11 18:58 470 --a------ C:\WINDOWS\system32\Datei3
2008-05-11 18:58 . 2008-05-11 18:58 470 --a------ C:\WINDOWS\system32\Datei1
2008-05-11 18:58 . 2008-05-11 18:58 469 --a------ C:\WINDOWS\system32\Datei7
2008-05-11 18:58 . 2008-05-11 18:58 469 --a------ C:\WINDOWS\system32\Datei5
2008-05-11 18:58 . 2008-05-11 18:58 468 --a------ C:\WINDOWS\system32\Datei0
2008-05-11 18:58 . 2008-05-11 18:58 467 --a------ C:\WINDOWS\system32\Datei9
2008-05-11 18:58 . 2008-05-11 18:58 467 --a------ C:\WINDOWS\system32\Datei8
2008-05-11 18:58 . 2008-05-11 18:58 467 --a------ C:\WINDOWS\system32\Datei10
2008-05-11 18:58 . 2008-05-11 18:58 465 --a------ C:\WINDOWS\system32\Datei6
2008-05-05 18:53 . 2008-05-05 18:53 <DIR> d-------- C:\Programmi\WLAN Technology Corporation
2008-05-05 18:52 . 2008-05-05 18:52 <DIR> d-------- C:\Programmi\ZyDAS
2008-05-05 18:52 . 2004-04-28 16:32 81,920 --a------ C:\WINDOWS\system32\ZDBRGDLL.dll
2008-05-05 18:52 . 2004-06-30 13:54 19,200 --a------ C:\WINDOWS\system32\ZDBRGSYS.sys
2008-04-28 19:40 . 2008-04-28 19:40 <DIR> d-------- C:\Programmi\3.0M SD DSC
2008-04-28 12:16 . 2003-02-11 12:29 110,592 -ra------ C:\WINDOWS\system32\MKCoInstaller.dll
2008-04-28 12:16 . 2004-08-04 00:53 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-04-28 12:16 . 2004-08-04 00:53 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-04-28 12:16 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-04-28 12:16 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-04-28 12:16 . 2002-12-04 16:38 11,144 -ra------ C:\WINDOWS\system32\drivers\Bulk533.sys
2008-04-28 12:16 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-28 12:16 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-04-28 12:16 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-28 12:16 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-04-28 10:37 . 2008-05-05 09:46 2,232 --a------ C:\drmHeader.bin
2008-04-28 10:16 . 2008-04-28 10:16 1,314,564 --a------ C:\divx player.divx
2008-04-28 09:58 . 2008-04-28 09:57 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-28 09:58 . 2008-04-28 09:58 2,551 --a------ C:\WINDOWS\unins000.dat
2008-04-27 19:08 . 2008-04-27 19:08 <DIR> d-------- C:\Programmi\directx
2008-04-27 19:07 . 2008-04-28 10:01 <DIR> d-------- C:\Programmi\Ulead Systems
2008-04-27 18:08 . 2008-04-28 09:52 204 --a------ C:\WINDOWS\struct~.ini
2008-04-27 15:42 . 2008-04-27 15:42 <DIR> d-------- C:\Programmi\SopCast
2008-04-27 15:39 . 2008-04-27 15:39 <DIR> d-------- C:\Documents and Settings\papy\LocalLow
2008-04-27 15:39 . 2008-04-27 15:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TVU Networks
2008-04-23 20:01 . 2008-05-13 18:00 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-23 18:59 . 2008-04-23 18:59 <DIR> d-------- C:\WINDOWS\system32\languages
2008-04-23 18:59 . 2008-04-23 18:54 696,882 --a------ C:\WINDOWS\system32\unins000.exe
2008-04-23 18:59 . 2008-03-28 19:02 397,312 --a------ C:\WINDOWS\system32\ff_libfaad2.dll
2008-04-23 18:59 . 2008-03-28 19:03 102,912 --a------ C:\WINDOWS\system32\ff_tremor.dll
2008-04-23 18:59 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-04-23 18:59 . 2008-04-23 18:59 47,732 --a------ C:\WINDOWS\system32\unins000.dat
2008-04-23 18:59 . 2007-10-20 13:04 1,708 --a------ C:\WINDOWS\system32\openIE.js
2008-04-23 18:55 . 2008-04-23 18:57 <DIR> d-------- C:\Documents and Settings\ViNcY\Dati applicazioni\FLV Extract
2008-04-21 16:27 . 2008-04-21 16:27 10 -r------- C:\WINDOWS\ABC3D.SN
2008-04-21 16:20 . 2008-04-21 16:19 176,128 --a------ C:\WINDOWS\system32\vjunjszw.exe
2008-04-17 18:23 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-17 18:23 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-17 18:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-17 18:12 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-15 21:13 . 2008-05-05 19:12 <DIR> d-------- C:\Programmi\Motive
2008-04-14 13:17 . 2008-05-05 19:10 <DIR> d-------- C:\Programmi\Telecom Italia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 17:08 --------- d-----w C:\Documents and Settings\ViNcY\Dati applicazioni\Canon
2008-05-13 14:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-05-12 10:07 --------- d-----w C:\Documents and Settings\papy\Dati applicazioni\Canon
2008-05-11 17:30 --------- d-----w C:\Documents and Settings\ViNcY\Dati applicazioni\TeamViewer
2008-05-10 18:08 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-05-10 15:55 --------- d-----w C:\Programmi\eMule
2008-05-08 14:23 --------- d-----w C:\Programmi\WMR11
2008-05-07 06:18 --------- d-----w C:\Programmi\Alice ti aiuta
2008-05-05 17:11 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-28 10:12 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-04-28 10:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-28 08:12 --------- d-----w C:\Programmi\DivX
2008-04-28 08:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ulead Systems
2008-04-27 13:39 --------- d-----w C:\Programmi\TVUPlayer
2008-04-24 19:41 --------- d-----w C:\Programmi\KONAMI
2008-04-23 16:45 3,086,336 ----a-w C:\WINDOWS\system32\flvvideo.dll
2008-04-17 14:46 695,296 ----a-w C:\WINDOWS\system32\ff_x264.dll
2008-04-17 14:44 710,656 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-04-17 14:33 455,168 ----a-w C:\WINDOWS\system32\libmplayer.dll
2008-04-17 13:42 3,567,616 ----a-w C:\WINDOWS\system32\libavcodec.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-30 18:09 --------- d-----w C:\Programmi\Audacity
2008-03-30 13:35 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-03-30 13:33 --------- d-----w C:\Programmi\BitComet
2008-03-30 13:15 --------- d-----w C:\Documents and Settings\ViNcY\Dati applicazioni\Motive
2008-03-30 10:34 --------- d-----w C:\Programmi\Java
2008-03-28 18:14 221,184 ----a-w C:\WINDOWS\system32\ff_kernelDeint.dll
2008-03-28 18:03 200,704 ----a-w C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-03-28 17:43 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-28 17:04 188,416 ----a-w C:\WINDOWS\system32\ff_theora.dll
2008-03-28 17:04 126,976 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll
2008-03-28 17:04 118,784 ----a-w C:\WINDOWS\system32\ff_realaac.dll
2008-03-28 17:03 56,832 ----a-w C:\WINDOWS\system32\ff_unrar.dll
2008-03-28 17:03 172,032 ----a-w C:\WINDOWS\system32\ff_libdts.dll
2008-03-28 17:03 135,168 ----a-w C:\WINDOWS\system32\ff_samplerate.dll
2008-03-28 17:02 51,712 ----a-w C:\WINDOWS\system32\ff_liba52.dll
2008-03-28 17:02 143,360 ----a-w C:\WINDOWS\system32\ff_libmad.dll
2008-03-23 14:19 --------- d-----w C:\Programmi\File comuni\Adobe
2008-03-22 17:13 --------- d-----w C:\Programmi\Mio Technology
2008-03-22 16:19 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-03-22 16:11 --------- d-----w C:\Programmi\Microsoft.NET
2008-03-22 16:11 --------- d-----w C:\Programmi\Microsoft SQL Server
2008-03-22 16:10 --------- d-----w C:\Programmi\MSXML 6.0
2008-03-22 15:39 --------- d-----w C:\Documents and Settings\ViNcY\Dati applicazioni\Sony
2008-03-22 15:36 --------- d-----w C:\Programmi\Sony Setup
2008-03-22 15:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony
2008-03-22 15:25 --------- d-----w C:\Programmi\Sony
2008-03-22 15:05 --------- d-----w C:\Programmi\MSBuild
2008-03-22 15:01 --------- d-----w C:\Programmi\Reference Assemblies
2008-03-22 14:49 --------- d-----w C:\Documents and Settings\ViNcY\Dati applicazioni\Sony Setup
2008-03-22 11:05 --------- d-----w C:\Programmi\PowerISO
2008-03-22 10:38 --------- d-----w C:\Programmi\CCleaner
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 09:22 --------- d-----w C:\Documents and Settings\ViNcY\Dati applicazioni\ScanSoft
2008-03-20 09:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft
2008-03-20 08:45 --------- d-----w C:\Documents and Settings\papy\Dati applicazioni\ArcSoft
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-21 07:41 155,995 ----a-w C:\WINDOWS\java\Packages\237P75RL.ZIP
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

------- Sigcheck -------

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-03-30 15:35 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\dllcache\tcpip.sys
2008-03-30 15:35 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\drivers\tcpip.sys

2007-12-26 16:26 504832 2e4b40a64c2fafd29480d6516b993b09 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-12-26 17:59 949376]
"tea timer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Programmi\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 05:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-03-25 08:38 2196280 C:\Programmi\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-17 23:40 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 09:57 143360 C:\Programmi\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"wfxsvc"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\PPMate\\ppmate.exe"=
"C:\\Programmi\\PPMate\\ppamnet.exe"=
"C:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:BitComet 5000 TCP
"5000:UDP"= 5000:UDP:BitComet 5000 UDP
"1000:TCP"= 1000:TCP:BitComet 1000 TCP
"1000:UDP"= 1000:UDP:BitComet 1000 UDP
"3000:UDP"= 3000:UDP:emule
"2000:UDP"= 2000:UDP:BitComet 2000 UDP
"4000:TCP"= 4000:TCP:BitComet 4000 TCP
"4000:UDP"= 4000:UDP:BitComet 4000 UDP

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 05:22]
S2 Ca533av;3.0M SD DSC WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 13:37]
S2 SQLWriter;SQL Server VSS Writer;"c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe" []
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 USBCamera;3.0M SD DSC WDM Bulk Driver;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-12-04 16:38]
S4 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 18:06]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 15:42:51
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-14 15.46.01
ComboFix-quarantined-files.txt 2008-05-14 13:45:41

15 Directory 71,804,571,648 byte disponibili
20 Directory 71,963,766,784 byte disponibili

257 --- E O F --- 2008-05-13 18:03:31

bdoriano

E sono già troppo vecchi. Razz

Rifalli con le versioni aggiornate dei programmi.

Vedo che combofix ha eliminato un paio di files. Think

Ma ne noto almeno un altro da eliminare... potrò essere più preciso dopo aver visto i logs aggiornati. Wink

vincycefa91 · Eroe Registrato: 14/04/07 13:19 Messaggi: 54 Residenza: Siracusa

ok xrò siccome nn è cambiato niente pensavo potessero lo stesso utili...cmq li rifaccio domani...ci vuole 1 ora x il norman....ed è tardi!

vincycefa91 · Eroe Registrato: 14/04/07 13:19 Messaggi: 54 Residenza: Siracusa

ecco i due log fatti qlk ora fa...spero ke vi saranno di aiuto

ComboFix 08-05-21.3 - ViNcY 2008-05-22 20.45.53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.198 [GMT 2:00]
Eseguito da: C:\Documents and Settings\ViNcY\Desktop\Nuova cartella (4)\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-22 al 2008-05-22 )))))))))))))))))))))))))))))))))))
.

2008-05-21 18:29 . 2008-05-21 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-05-21 17:43 . 2008-05-21 17:43 <DIR> d-------- C:\VundoFix Backups
2008-05-20 11:53 . 2001-08-30 20:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-20 11:53 . 2001-08-30 20:41 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-12 18:31 . 2008-05-12 18:31 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-05-12 18:31 . 2008-05-12 18:31 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
2008-05-11 19:37 . 2008-05-11 19:37 <DIR> d-------- C:\Documents and Settings\NetworkService\Dati applicazioni\DivX
2008-05-11 19:22 . 2008-05-11 19:25 <DIR> dr------- C:\Documents and Settings\NetworkService\Documenti
2008-05-11 19:10 . 2008-05-13 15:58 <DIR> dr------- C:\Documents and Settings\NetworkService\Preferiti
2008-05-11 19:10 . 2008-05-11 19:10 <DIR> d-------- C:\Documents and Settings\NetworkService\Menu Avvio
2008-05-05 18:53 . 2008-05-05 18:53 <DIR> d-------- C:\Programmi\WLAN Technology Corporation
2008-05-05 18:52 . 2008-05-05 18:52 <DIR> d-------- C:\Programmi\ZyDAS
2008-05-05 18:52 . 2004-04-28 16:32 81,920 --a------ C:\WINDOWS\system32\ZDBRGDLL.dll
2008-05-05 18:52 . 2004-06-30 13:54 19,200 --a------ C:\WINDOWS\system32\ZDBRGSYS.sys
2008-04-28 19:40 . 2008-04-28 19:40 <DIR> d-------- C:\Programmi\3.0M SD DSC
2008-04-28 12:16 . 2003-02-11 12:29 110,592 -ra------ C:\WINDOWS\system32\MKCoInstaller.dll
2008-04-28 12:16 . 2004-08-04 00:53 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-04-28 12:16 . 2004-08-04 00:53 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-04-28 12:16 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-04-28 12:16 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-04-28 12:16 . 2002-12-04 16:38 11,144 -ra------ C:\WINDOWS\system32\drivers\Bulk533.sys
2008-04-28 12:16 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-28 12:16 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-04-28 12:16 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-28 12:16 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-04-28 10:37 . 2008-05-05 09:46 2,232 --a------ C:\drmHeader.bin
2008-04-28 10:16 . 2008-04-28 10:16 1,314,564 --a------ C:\divx player.divx
2008-04-28 09:58 . 2008-04-28 09:57 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-28 09:58 . 2008-04-28 09:58 2,551 --a------ C:\WINDOWS\unins000.dat
2008-04-27 19:08 . 2008-04-27 19:08 <DIR> d-------- C:\Programmi\directx
2008-04-27 19:07 . 2008-04-28 10:01 <DIR> d-------- C:\Programmi\Ulead Systems
2008-04-27 15:42 . 2008-04-27 15:42 <DIR> d-------- C:\Programmi\SopCast
2008-04-27 15:39 . 2008-04-27 15:39 <DIR> d-------- C:\Documents and Settings\papy\LocalLow
2008-04-27 15:39 . 2008-04-27 15:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TVU Networks
2008-04-23 20:01 . 2008-05-22 20:19 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-23 18:59 . 2008-04-23 18:59 <DIR> d-------- C:\WINDOWS\system32\languages
2008-04-23 18:59 . 2008-04-23 18:54 696,882 --a------ C:\WINDOWS\system32\unins000.exe
2008-04-23 18:59 . 2008-03-28 19:02 397,312 --a------ C:\WINDOWS\system32\ff_libfaad2.dll
2008-04-23 18:59 . 2008-03-28 19:03 102,912 --a------ C:\WINDOWS\system32\ff_tremor.dll
2008-04-23 18:59 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-04-23 18:59 . 2008-04-23 18:59 47,732 --a------ C:\WINDOWS\system32\unins000.dat
2008-04-23 18:59 . 2007-10-20 13:04 1,708 --a------ C:\WINDOWS\system32\openIE.js
2008-04-23 18:55 . 2008-04-23 18:57 <DIR> d-------- C:\Documents and Settings\ViNcY\Dati applicazioni\FLV Extract
2008-04-23 17:17 . 2008-04-23 17:17 693,792 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 17:17 . 2008-04-23 17:17 504,864 --a------ C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 17:17 . 2008-04-23 17:17 504,352 --a------ C:\WINDOWS\system32\OGAAddin.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 16:38 --------- d-----w C:\Documents and Settings\ViNcY\Dati applicazioni\Canon
2008-05-21 14:22 --------- d-----w C:\Programmi\eMule
2008-05-15 12:01 --------- d-----w C:\Programmi\Windows Live
2008-05-14 16:05 --------- d-----w C:\Programmi\PPMate
2008-05-13 14:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-05-12 10:07 --------- d-----w C:\Documents and Settings\papy\Dati applicazioni\Canon
2008-05-11 17:30 --------- d-----w C:\Documents and Settings\ViNcY\Dati applicazioni\TeamViewer
2008-05-10 18:08 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-05-08 14:23 --------- d-----w C:\Programmi\WMR11
2008-05-07 06:18 --------- d-----w C:\Programmi\Alice ti aiuta
2008-05-05 17:12 --------- d-----w C:\Programmi\Motive
2008-05-05 17:11 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-05 17:10 --------- d-----w C:\Programmi\Telecom Italia
2008-04-28 10:12 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-04-28 10:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-28 08:12 --------- d-----w C:\Programmi\DivX
2008-04-28 08:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ulead Systems
2008-04-27 13:39 --------- d-----w C:\Programmi\TVUPlayer
2008-04-24 19:41 --------- d-----w C:\Programmi\KONAMI
2008-04-23 16:45 3,086,336 ----a-w C:\WINDOWS\system32\flvvideo.dll
2008-04-17 14:46 695,296 ----a-w C:\WINDOWS\system32\ff_x264.dll
2008-04-17 14:44 710,656 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-04-17 14:33 455,168 ----a-w C:\WINDOWS\system32\libmplayer.dll
2008-04-17 13:42 3,567,616 ----a-w C:\WINDOWS\system32\libavcodec.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-30 18:09 --------- d-----w C:\Programmi\Audacity
2008-03-30 13:35 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-03-30 13:33 --------- d-----w C:\Programmi\BitComet
2008-03-30 13:15 --------- d-----w C:\Documents and Settings\ViNcY\Dati applicazioni\Motive
2008-03-30 10:34 --------- d-----w C:\Programmi\Java
2008-03-28 18:14 221,184 ----a-w C:\WINDOWS\system32\ff_kernelDeint.dll
2008-03-28 18:03 200,704 ----a-w C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-03-28 17:43 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-28 17:04 188,416 ----a-w C:\WINDOWS\system32\ff_theora.dll
2008-03-28 17:04 126,976 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll
2008-03-28 17:04 118,784 ----a-w C:\WINDOWS\system32\ff_realaac.dll
2008-03-28 17:03 56,832 ----a-w C:\WINDOWS\system32\ff_unrar.dll
2008-03-28 17:03 172,032 ----a-w C:\WINDOWS\system32\ff_libdts.dll
2008-03-28 17:03 135,168 ----a-w C:\WINDOWS\system32\ff_samplerate.dll
2008-03-28 17:02 51,712 ----a-w C:\WINDOWS\system32\ff_liba52.dll
2008-03-28 17:02 143,360 ----a-w C:\WINDOWS\system32\ff_libmad.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 14:19 --------- d-----w C:\Programmi\File comuni\Adobe
2008-03-22 17:13 --------- d-----w C:\Programmi\Mio Technology
2008-03-22 16:19 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-03-22 16:11 --------- d-----w C:\Programmi\Microsoft.NET
2008-03-22 16:11 --------- d-----w C:\Programmi\Microsoft SQL Server
2008-03-22 16:10 --------- d-----w C:\Programmi\MSXML 6.0
2008-03-22 15:39 --------- d-----w C:\Documents and Settings\ViNcY\Dati applicazioni\Sony
2008-03-22 15:36 --------- d-----w C:\Programmi\Sony Setup
2008-03-22 15:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony
2008-03-22 15:25 --------- d-----w C:\Programmi\Sony
2008-03-22 15:05 --------- d-----w C:\Programmi\MSBuild
2008-03-22 15:01 --------- d-----w C:\Programmi\Reference Assemblies
2008-03-22 14:49 --------- d-----w C:\Documents and Settings\ViNcY\Dati applicazioni\Sony Setup
2008-03-22 11:05 --------- d-----w C:\Programmi\PowerISO
2008-03-22 10:38 --------- d-----w C:\Programmi\CCleaner
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

------- Sigcheck -------

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-03-30 15:35 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\dllcache\tcpip.sys
2008-03-30 15:35 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\drivers\tcpip.sys

2007-12-26 16:26 504832 2e4b40a64c2fafd29480d6516b993b09 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-14_15.45.30,59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2007-11-01 05:15:52 183,072 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-11-01 05:15:53 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:48:10 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:48:15 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:48:08 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:49:24 390,880 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
- 2008-05-14 12:11:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 18:19:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2004-08-03 22:37:42 41,088 -c--a-w C:\WINDOWS\system32\dllcache\amdk6.sys
+ 2004-09-07 12:00:00 41,088 -c--a-w C:\WINDOWS\system32\dllcache\amdk7.sys
- 2004-09-07 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2004-09-07 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-09-07 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2004-09-07 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-09-07 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-09-07 12:00:00 176,159 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:51:31 183,072 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-09-07 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-09-07 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-09-07 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-09-07 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2004-09-07 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-09-07 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-09-07 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-09-07 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2004-09-07 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-09-07 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:51:32 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-09-07 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2004-09-07 12:00:00 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk.sys
- 2004-09-07 12:00:00 41,088 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
+ 2004-08-03 22:37:42 41,088 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
- 2004-09-07 12:00:00 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
+ 2004-09-07 12:00:00 41,088 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-09-07 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-09-07 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-09-07 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-09-07 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-09-07 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-09-07 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-09-07 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-09-07 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-09-07 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-09-07 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-09-07 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-09-07 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-09-07 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-09-07 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2004-09-07 12:00:00 41,088 ----a-w C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\amdk7.sys
+ 2008-04-23 15:17:42 909,864 ----a-w C:\WINDOWS\system32\WGATray.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 14:00 15360]
"BitComet"="C:\Programmi\BitComet\BitComet.exe" [2008-03-25 08:38 2196280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-12-26 17:59 949376]
"tea timer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Programmi\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 05:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-03-25 08:38 2196280 C:\Programmi\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-17 23:40 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 09:57 143360 C:\Programmi\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"wfxsvc"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:BitComet 5000 TCP
"5000:UDP"= 5000:UDP:BitComet 5000 UDP
"1000:TCP"= 1000:TCP:BitComet 1000 TCP
"1000:UDP"= 1000:UDP:BitComet 1000 UDP
"3000:UDP"= 3000:UDP:emule
"2000:UDP"= 2000:UDP:BitComet 2000 UDP
"4000:TCP"= 4000:TCP:BitComet 4000 TCP
"4000:UDP"= 4000:UDP:BitComet 4000 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 05:22]
S2 Ca533av;3.0M SD DSC WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 13:37]
S2 SQLWriter;SQL Server VSS Writer;"c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe" []
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 USBCamera;3.0M SD DSC WDM Bulk Driver;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-12-04 16:38]
S4 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 18:06]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-21 14:31:39 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-05-21 14:31:39 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 20:49:54
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-22 20.53.25
ComboFix-quarantined-files.txt 2008-05-22 18:52:56
ComboFix2.txt 2008-05-14 13:46:02

16 Directory 73,051,787,264 byte disponibili
21 Directory 73,041,698,816 byte disponibili

347 --- E O F --- 2008-05-21 14:32:12

http://www.freefilehosting.net/download/3hf00

bdoriano

Appena puoi, fai questo controllo:

Scarica questo programma e salvalo in C:\
Clicca Start
Clicca Esegui...
Digita:
Codice:

cmd
Clicca su ok
si apre la finestra DOS, digita:

Codice:

CD \

premi invio
digita:

Codice:

mbr -f

premi invio
digita:

Codice:

exit

premi invio
Riavvia il pc
Posta qui il contenuto del log C:\mbr.log

vincycefa91 · Eroe Registrato: 14/04/07 13:19 Messaggi: 54 Residenza: Siracusa

eccolo qui...è uguale a quello della figura

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

vincycefa91 · Eroe Registrato: 14/04/07 13:19 Messaggi: 54 Residenza: Siracusa

ciao bdoriano...so ke ci vuole molto tempo x farti analizzare il problema xrò è quasi una settimana ke nn dici niente.....mi fai preoccupare! Razz

bdoriano

Ciao vincycefa91, Ciao

scusa, dimenticato mi sono... Embarassed

Fai questa scansione con SystemScan e carica il log su WikiSend. Posta qui il link al forum che ti viene assegnato.

vincycefa91 · Eroe Registrato: 14/04/07 13:19 Messaggi: 54 Residenza: Siracusa

tranquillo...ecco qui

http://wikisend.com/download/524066/report.txt

trova qualcosa ti prego....questo pc rallenta sempre più...a volte addirittura si blocca all'improvviso (schermata fissa...il mouse non si muove...)!

bdoriano

Ho dato un'occhiata veloce al log di SystemScan, vedo rimasugli di vecchie infezioni ma, apparentemente, nulla di attualmente attivo. Think

Comunque, domani o dopo saprò dirti qualcosa di più preciso. Wink

vincycefa91 · Eroe Registrato: 14/04/07 13:19 Messaggi: 54 Residenza: Siracusa

ho capito ke per il pc nn c'è niente da fare....peccato...meglio ke formatto...

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Non preoccuparti, non sono questi i casi per cui bisogna formattare (sperando che tu non lo abbia già fatto);

segui tranquillamente i suggerimenti di bdoriano....

Ciao

bdoriano

Scusa vincycefa91, Embarassed

ogni tanto il mondo reale mi reclama e perdo di vista il forum...

ho dato un'occhiata al log e ho visto alcuni rimasugli di precedenti infezioni.
Prima di farti fare una pulizia manuale, segui le istruzioni di questo topic per usare MBAM.
Alla fine, rifai la scansione con SystemScan così vediamo che cosa è rimasto da eliminare.

vincycefa91 · Eroe Registrato: 14/04/07 13:19 Messaggi: 54 Residenza: Siracusa

ecco qui il log di mbam

Malwarebytes' Anti-Malware 1.14
Versione del database: 816

11.15.44 03/06/2008
mbam-log-6-3-2008 (11-15-44).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 39751
Tempo trascorso: 30 minute(s), 24 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

qui il log di systemscan
http://wikisend.com/download/574192/report.txt

comunque pensavo che il pc si blocca perchè cerca qualcosa ma non la trova......ultimamente ho smanettato cn il pc togliendo qualche servizio per allegerire il pc.....può essere dovuto a qualche servizio mancante? ho preso spunto da qui: http://www.megalab.it/articoli.php?id=250