Condividi:        

mi esaminate questo log?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

mi esaminate questo log?

Postdi giancai » 11/02/12 22:16

salve a tutti, ho un problema con un pc con win7 che presenta l'errore bsod con 0x0000006b. riesco a farlo ripartire solo quando copio il file bootcat.cache da un pc funzionante, però mi crea dei problemi. il problema è che se lo spengo e poi lo riaccendo, lo uso tranquillamente, ma se lo riavvio, va in crash. ho fatto scansione con combofix e ha rilevato dei virus ma non so come eliminarli. allego log.

ComboFix 12-02-11.02 - FILIPPO 11/02/2012 16:26:18.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3070.2123 [GMT 1:00]
Eseguito da: c:\users\FILIPPO\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\PresentationHost.exe . . . è infetto!!
.
c:\windows\System32\sdclt.exe . . . è infetto!!
.
c:\windows\System32\migwiz\PostMig.exe . . . è infetto!!
.
c:\windows\System32\Speech\SpeechUX\SpeechUXTutorial.exe . . . è infetto!!
.
c:\windows\System32\spool\tools\PrintBrmEngine.exe . . . è infetto!!
.
c:\windows\system32\d3d9.dll . . . è infetto!!
.
.
((((((((((((((((((((((((( Files Creati Da 2012-01-11 al 2012-02-11 )))))))))))))))))))))))))))))))))))
.
.
2012-02-11 15:41 . 2012-02-11 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 14:32 . 2012-02-11 14:32 -------- d-----w- c:\windows\system32\EventProviders
2012-02-10 16:51 . 2012-02-10 16:51 -------- d-----w- c:\windows\CheckSur
2012-02-10 16:45 . 2011-10-15 08:53 487232 ----a-w- c:\windows\system32\nvhotkey.dll
2012-02-10 16:45 . 2011-10-15 08:53 123712 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 16:45 . 2011-10-15 08:53 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 16:45 . 2011-10-15 08:53 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 16:45 . 2011-10-15 08:53 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 16:45 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-10 16:45 . 2011-10-15 08:53 203072 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 16:45 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2012-02-10 11:10 . 2012-02-10 11:30 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\Wise Registry Cleaner
2012-02-10 11:10 . 2012-02-10 11:10 -------- d-----w- c:\program files\Wise Registry Cleaner
2012-02-09 12:08 . 2012-02-09 12:08 -------- d-----w- c:\users\FILIPPO\AppData\Local\VirtualStore
2012-02-06 09:17 . 2012-02-06 09:17 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-02-06 09:17 . 2012-02-06 09:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-02-06 09:13 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod178.dll
2012-02-05 11:02 . 2010-11-20 21:29 153984 ----a-w- c:\windows\system32\drivers\pci.sys
2012-02-02 01:38 . 2012-02-02 01:38 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81FD3E5E-324B-413B-B690-82778599D263}\offreg.dll
2012-02-02 01:37 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81FD3E5E-324B-413B-B690-82778599D263}\mpengine.dll
2012-01-27 17:17 . 2012-01-27 17:17 -------- d-----w- c:\windows\Sun
2012-01-25 14:04 . 2012-01-25 14:04 -------- d-----w- c:\program files\1ClickDownload
2012-01-18 20:39 . 2012-01-18 20:39 -------- d-----r- c:\users\FILIPPO\AppData\Roaming\Brother
2012-01-18 20:26 . 2012-01-18 20:26 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\FLEXnet
2012-01-18 20:26 . 2012-01-18 20:27 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\ControlCenter4
2012-01-18 20:19 . 2012-01-18 20:19 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\InstallShield
2012-01-18 20:18 . 2012-01-18 20:18 -------- d-----w- c:\programdata\zeon
2012-01-18 20:17 . 2012-01-18 20:17 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\Nuance
2012-01-18 20:17 . 2012-01-18 20:17 -------- d-----w- c:\programdata\ScanSoft
2012-01-18 20:17 . 2012-01-18 20:19 -------- d-----w- c:\program files\Nuance
2012-01-18 20:17 . 2012-01-18 20:17 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2012-01-18 20:17 . 2012-01-18 20:17 -------- d-----w- c:\programdata\FLEXnet
2012-01-18 20:17 . 2012-01-18 20:29 -------- d-----w- c:\programdata\Nuance
2012-01-18 20:14 . 2012-01-18 20:22 -------- d-----w- c:\programdata\Brother
2012-01-18 10:42 . 2012-01-18 10:42 53248 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll
2012-01-18 10:42 . 2012-01-18 10:42 126976 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
2012-01-18 10:42 . 2012-01-18 10:42 114688 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll
2012-01-18 10:41 . 1999-05-26 08:46 212480 ----a-w- c:\windows\pcdlib32.dll
2012-01-18 10:41 . 1996-06-30 23:00 77312 ----a-w- c:\windows\system32\TWAIN_32.DLL
2012-01-18 10:41 . 1995-07-31 12:44 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2012-01-18 10:41 . 2012-01-18 10:41 -------- d-----w- c:\program files\ArcSoft
2012-01-18 10:41 . 2001-09-05 04:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-01-18 10:41 . 2001-09-05 04:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-01-18 10:41 . 2001-09-05 04:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-01-18 10:41 . 2001-09-05 04:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-01-18 10:40 . 2012-02-09 12:14 -------- d-----w- C:\CanoScan
2012-01-18 10:40 . 2002-05-24 02:04 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2012-01-15 14:01 . 2012-01-15 14:01 -------- d-----w- c:\program files\Google
2012-01-14 23:32 . 2012-01-14 23:32 -------- d-----w- c:\programdata\DivX
2012-01-14 20:21 . 2012-01-14 20:21 -------- d-----w- c:\program files\Veetle
2012-01-14 17:53 . 2012-01-14 17:53 -------- d--h--w- c:\programdata\CanonBJ
2012-01-14 17:53 . 2009-07-14 01:15 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
2012-01-14 17:09 . 2012-01-14 17:09 -------- d-----w- c:\program files\uTorrent
2012-01-14 17:08 . 2012-02-06 08:42 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\uTorrent
2012-01-14 12:50 . 2012-01-14 18:38 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\Windows Live Writer
2012-01-14 12:50 . 2012-01-14 12:50 -------- d-----w- c:\users\FILIPPO\AppData\Local\Windows Live Writer
2012-01-14 12:48 . 2012-01-14 12:48 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\c7f2e7911ccd2ba04\MeshBetaRemover.exe
2012-01-14 12:44 . 2012-01-16 08:03 -------- d-----w- c:\users\FILIPPO\AppData\Local\Adobe
2012-01-14 12:43 . 2012-01-15 14:02 -------- d-----w- c:\users\FILIPPO\AppData\Local\Google
2012-01-14 12:43 . 2012-01-14 12:43 -------- d-----w- c:\users\FILIPPO\AppData\Local\Deployment
2012-01-14 12:43 . 2012-01-14 12:43 -------- d-----w- c:\users\FILIPPO\AppData\Local\Apps
2012-01-13 20:47 . 2012-01-13 20:47 -------- d-----w- c:\program files\CCleaner
2012-01-13 14:12 . 2012-01-13 14:28 -------- d-----w- c:\windows\Acronis
2012-01-13 14:09 . 2012-01-13 14:09 -------- d-----w- c:\users\FILIPPO\AppData\Local\LogMeIn
2012-01-13 14:09 . 2012-01-31 20:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-01-13 14:09 . 2012-01-31 20:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-01-13 14:09 . 2012-01-31 20:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-01-13 14:09 . 2011-09-16 14:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-01-13 14:09 . 2012-01-31 20:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-13 14:09 . 2012-02-11 08:50 -------- d-----w- c:\programdata\LogMeIn
2012-01-13 14:09 . 2012-02-10 10:49 -------- d-----w- c:\program files\LogMeIn
2012-01-13 12:17 . 2012-02-10 16:44 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-01-13 12:16 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-01-13 12:16 . 2011-10-15 08:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2012-01-13 12:16 . 2011-10-15 08:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2012-01-13 12:16 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2012-01-13 12:11 . 2012-02-10 16:45 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-13 12:09 . 2012-02-06 09:17 -------- d-----w- C:\NVIDIA
2012-01-13 11:34 . 2012-01-13 11:34 -------- d-----w- c:\users\FILIPPO\AppData\Local\ESET
2012-01-13 10:38 . 2012-01-14 17:24 -------- d-----w- c:\users\FILIPPO\AppData\Local\Ahead
2012-01-13 10:26 . 2012-01-14 17:25 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\Ahead
2012-01-13 10:26 . 2012-01-13 10:26 -------- d-----w- c:\programdata\Ahead
2012-01-13 10:25 . 2012-01-13 10:26 -------- d-----w- c:\program files\Common Files\Ahead
2012-01-13 10:25 . 2012-01-13 10:25 -------- d-----w- c:\programdata\Nero
2012-01-13 10:25 . 2012-01-13 10:25 -------- d-----w- c:\program files\Nero
2012-01-13 09:54 . 2012-02-05 11:48 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-13 09:54 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-13 09:54 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-13 09:54 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-13 09:54 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-13 09:54 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-13 09:54 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-13 09:54 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-13 09:54 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-13 09:54 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-13 09:16 . 2012-01-18 20:15 -------- d-----w- c:\program files\MSXML 4.0
2012-01-13 09:12 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-13 09:12 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-13 09:12 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-13 09:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 09:27 . 2011-06-14 17:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-05 11:52 . 2009-07-13 23:32 50688 ----a-w- c:\windows\system32\psbase.dll
2012-02-05 11:51 . 2009-07-13 23:54 90624 ----a-w- c:\windows\system32\rasauto.dll
2012-02-05 11:50 . 2009-07-13 23:21 526848 ----a-w- c:\windows\system32\ntvdm.exe
2012-02-05 11:45 . 2009-07-13 23:27 531968 ----a-w- c:\windows\system32\ddraw.dll
2012-02-05 11:45 . 2010-11-20 21:29 551424 ----a-w- c:\windows\system32\samsrv.dll
2012-02-05 11:45 . 2009-07-13 23:12 191488 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-02-05 11:44 . 2011-06-14 17:12 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-05 11:44 . 2010-11-20 21:29 1414144 ----a-w- c:\windows\system32\ole32.dll
2012-01-12 11:47 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-12 11:21 . 2011-06-14 17:39 544656 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-12-07 09:08 . 2011-06-14 16:52 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:25 . 2011-12-31 17:23 2342912 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-13 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385] . . c:\windows\System32\drivers\asyncmac.sys
[-] 2009-07-13 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_242e2506962cd3e0\asyncmac.sys
.
[-] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\System32\drivers\beep.sys
[-] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys
.
[-] 2009-07-13 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385] . . c:\windows\System32\drivers\null.sys
[-] 2009-07-13 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_a93c43a07c50a038\null.sys
.
[-] 2009-07-14 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385] . . c:\windows\System32\netman.dll
[-] 2009-07-14 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll
.
[-] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\System32\comres.dll
[-] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll
.
[-] 2010-11-20 . 0AFBE7743E05C20E0D012EE6FE60F0CC . 585728 . . [7.5.7600.16385] . . c:\windows\System32\qmgr.dll
[-] 2010-11-20 . 0AFBE7743E05C20E0D012EE6FE60F0CC . 585728 . . [7.5.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll
.
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\System32\es.dll
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll
.
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\System32\cngaudit.dll
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[-] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\System32\regsvc.dll
[-] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_893c5bdce4cae672\regsvc.dll
.
[-] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\System32\ssdpsrv.dll
[-] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_7f9fc90f328bdf26\ssdpsrv.dll
.
[-] 2009-07-14 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385] . . c:\windows\System32\hnetcfg.dll
[-] 2009-07-14 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_b00c9bd7f5ed1c02\hnetcfg.dll
.
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\System32\upnphost.dll
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_c1be8a9895d79340\upnphost.dll
.
[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\System32\dsound.dll
[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[-] 2010-11-20 . C9D89535F7959A7F6988BBAFB464D236 . 1828352 . . [6.1.7601.17514] . . c:\windows\System32\d3d9.dll
[-] 2010-11-20 . C9D89535F7959A7F6988BBAFB464D236 . 1828352 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll
.
[-] 2012-02-05 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\System32\ddraw.dll
[-] 2012-02-05 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\System32\perfctrs.dll
[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_314993e6be6d6809\perfctrs.dll
.
[-] 2009-07-14 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385] . . c:\windows\System32\w32time.dll
[-] 2009-07-14 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_887db9d2ce9e3aa0\w32time.dll
.
[-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] . . c:\windows\System32\midimap.dll
[-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
2011-03-31 20:45 286208 ----a-w- c:\program files\Classic Shell\ClassicIE9DLL_32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-03-31 20:45 501760 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-12-20 2696512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-03-31 91648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 08:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-03-08 23:37 46368 ----a-w- c:\program files\Nuance\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2009-05-05 15:06 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-03-08 23:42 29984 ----a-w- c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-03-05 18:11 62752 ----a-w- c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-03-05 19:11 636192 ----a-w- c:\program files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort12reminder]
2010-02-09 12:42 328992 ----a-w- c:\program files\Nuance\PaperPort\Ereg\Ereg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-01-31 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-710450500-849374731-4109036366-1000Core.job
- c:\users\FILIPPO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 12:43]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-710450500-849374731-4109036366-1000UA.job
- c:\users\FILIPPO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 12:43]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
TCP: DhcpNameServer = 192.168.10.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000410
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{BCB0D944-D27E-451C-A1A5-F31C7589F14E}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.67.10"
"UniqueId"="0055E8AA4F1015EE"
"ScannerBuild"=dword:00001fb5
"ScannerVersionId"=dword:000015d7
"ScannerVersion"="Open window for status."
"ei2"=hex(b):56,2d,f4,ba,a4,6c,a7,2d
"ei1"=hex(b):00,1e,68,7f,3c,5b,00,00
"ei3"=hex(b):20,16,10,4f,00,00,00,00
"ei4"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(496)
c:\windows\system32\pku2u.DLL
.
Ora fine scansione: 2012-02-11 16:57:46
ComboFix-quarantined-files.txt 2012-02-11 15:57
.
Pre-Run: 44.725.489.664 byte disponibili
Post-Run: 53.036.052.480 byte disponibili
.
- - End Of File - - 51137A445C493B5FE83DA9180042ABAD
giancai
Newbie
 
Post: 7
Iscritto il: 01/02/12 23:08

Sponsor
 

Re: mi esaminate questo log?

Postdi FrancescoFDAC » 12/02/12 10:33

ComboFix ha trovato dei file legittimi che sono stati attaccati da un Virus, pertanto non ha potuto rimuoverli.
Disinstalla questo software aggressivo, basta ccleaner che non fa danni:
Wise Registry Cleaner

Cos'è questo programma? wLite

Infine;
Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53


Torna a Sicurezza e Privacy


Topic correlati a "mi esaminate questo log?":


Chi c’è in linea

Visitano il forum: Nessuno e 71 ospiti

cron