Saluti a tutti . Ho il secondo hd che è la sintesi della lentezza e uno scan con clamwin mi ha trovato diversi trojan che ho in parte eliminato , poi ho usato combofix ma non sono in grado di interpretare il log che allego , sempre grazie !
ComboFix 11-03-26.02 - claudios 27/03/2011 20.39.42.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1791.1319 [GMT 2:00]
Eseguito da: c:\documents and settings\claudios\Documenti\ComboFix.exe
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\IDropPTB.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-27 al 2011-03-27 )))))))))))))))))))))))))))))))))))
.
.
2011-03-27 17:12 . 2011-03-27 17:12 709456 ----a-w- c:\windows\isRS-000.tmp
2011-03-27 14:34 . 2008-12-11 12:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-27 10:57 . 2011-03-27 10:57 -------- d-----w- c:\documents and settings\claudios\Impostazioni locali\Dati applicazioni\Help
2011-03-26 19:28 . 2011-03-26 19:28 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2011-03-26 19:00 . 2011-03-26 19:00 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\TuneUp Software
2011-03-26 17:20 . 2011-03-26 17:20 -------- d-----w- c:\programmi\Bonjour
2011-03-26 16:42 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-03-26 16:38 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:54 . 2009-10-30 07:18 186880 ------w- c:\windows\system32\encdec.dll
2011-02-09 13:54 . 2009-10-30 07:18 270848 ------w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2009-10-29 09:14 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-10-29 09:14 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2001-08-31 12:00 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2001-08-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2001-08-31 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="soundman.exe" [2001-05-29 124416]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"SamsungSM PanelMgr"="c:\windows\SamsungSM\PanelMgr\SSMMgr.exe" [2008-07-31 536576]
"WHITNEY_S2P"="c:\programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 229376]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2010-05-24 86016]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\claudios\Menu Avvio\Programmi\Esecuzione automatica\
_uninst_setup_9.0.0.722_11.08.2010_12-47.exe.lnk - c:\documents and settings\claudios\Impostazioni locali\Temp\_uninst_setup_9.0.0.722_11.08.2010_12-47.exe.bat [N/A]
_uninst_setup_9.0.0.722_27.07.2010_09-30(2).exe.lnk - c:\documents and settings\claudios\Impostazioni locali\Temp\_uninst_setup_9.0.0.722_27.07.2010_09-30(2).exe.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [30/10/2009 10.06.23 159600]
R2 Iprip;Listener RIP;c:\windows\System32\svchost.exe -k netsvcs [31/08/2001 14.00.00 14336]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;c:\programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> c:\programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [30/10/2009 10.06.24 73840]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [07/02/2010 10.30.35 135664]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [30/10/2009 10.05.58 95640]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;c:\programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> c:\programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
S3 uti3ndu1;AVZ Kernel Driver;c:\windows\system32\drivers\uti3ndu1.sys [03/08/2010 16.28.04 7168]
S4 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe --> c:\programmi\AskBarDis\bar\bin\AskService.exe [?]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\programmi\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 8.01.16 2799808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-07 08:30]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-07 08:30]
.
2011-03-27 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:55]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\claudios\Dati applicazioni\Mozilla\Firefox\Profiles\qvizqnfh.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL -
hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-HijackThis - c:\documents and settings\claudios\Documenti\Download\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-03-27 20:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1556)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2011-03-27 20:50:47
ComboFix-quarantined-files.txt 2011-03-27 18:50
.
Pre-Run: 65.192.824.832 byte disponibili
Post-Run: 65.204.817.920 byte disponibili
.
- - End Of File - - 18B6B9A670C5CF7CF22B5EFF0928E1C1
Forum
Login
Iscriviti
FAQ
Cerca
