Aller au contenu

miki2011

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par miki2011

  1. miki2011
    da qualche giorno appare e scompare subito dopo sulla parte sx del desktop(neanche il tempo di leggere qualcosa) una piccola finestra con sfondo nero. La cosa si ripete con una certa peiodicità (sembrerebbe 20 - 25 minuti). Ho lanciato combofix ed ha generato il file log.txt che allego. Sul sito di combofix ho letto che voi potete darmi una mano. In attesa porgo i miei più cordiali saluti ComboFix 11-03-24.03 - User 25/03/2011 10.34.09.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2574 [GMT 1:00] Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\User\Dati applicazioni\RegistrySmart c:\documents and settings\User\Dati applicazioni\RegistrySmart\Log\2008 Nov 29 - 07_40_45 PM_875.log c:\documents and settings\User\Dati applicazioni\RegistrySmart\Log\2008 Nov 29 - 07_58_17 PM_890.log c:\documents and settings\User\Dati applicazioni\RegistrySmart\Log\2008 Nov 29 - 08_02_57 PM_296.log c:\documents and settings\User\Dati applicazioni\RegistrySmart\Log\2008 Nov 29 - 08_12_45 PM_859.log c:\documents and settings\User\Dati applicazioni\RegistrySmart\Registry Backups\2008-11-29_19-41-39.reg c:\documents and settings\User\Impostazioni locali\Temporary Internet Files\plot.log c:\gerico2007\Gerico2007.exe c:\gerico2008\Gerico2008.exe c:\windows\install.exe c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((((( Files Creati Da 2011-02-25 al 2011-03-25 ))))))))))))))))))))))))))))))))))) . . 2011-03-24 17:51 . 2011-03-24 17:51 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-03-19 10:51 . 2011-03-19 10:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-03-19 10:49 . 2011-03-22 03:37 326144 ----a-w- c:\windows\system32\ssclient32.dll 2011-03-19 10:49 . 2011-03-22 03:37 326144 ----a-w- c:\windows\ssclient32.dll 2011-03-19 10:38 . 2004-03-26 12:29 8464 ----a-w- c:\windows\system32\sswbase.dll 2011-03-19 10:38 . 2011-03-25 09:41 -------- d-----w- C:\ssclitmp 2011-03-09 10:19 . 2011-02-09 13:54 270848 ------w- c:\windows\system32\dllcache\sbe.dll 2011-03-09 10:19 . 2011-02-09 13:54 186880 ------w- c:\windows\system32\dllcache\encdec.dll 2011-03-09 10:19 . 2011-02-02 07:58 2067456 ------w- c:\windows\system32\dllcache\lhmstscx.dll 2011-03-09 10:19 . 2011-01-27 11:57 677888 ------w- c:\windows\system32\dllcache\lhmstsc.exe 2011-02-25 05:42 . 2009-07-27 23:16 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:54 . 2004-08-19 13:39 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-08-19 13:39 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-03 18:59 . 2011-02-03 19:04 286720 ----a-w- c:\windows\iun506.exe 2011-02-02 20:40 . 2010-04-22 15:30 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 18:19 . 2008-11-05 15:48 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2001-12-31 22:25 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2001-12-31 22:25 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-19 13:39 440832 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-10 08:42 . 2011-01-10 08:42 61440 ----a-w- c:\windows\system32\bitdll.dll 2011-01-07 14:09 . 2004-08-19 13:37 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2007-01-03 10:52 1854976 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872] "Google Update"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-01-22 135664] "swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-01 39408] "UIWatcher"="c:\programmi\Ashampoo\Ashampoo UnInstaller 2010\UIWatcher.exe" [2009-11-17 2530656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792] "NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160] "RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "LanguageShortcut"="c:\programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe" [2006-03-17 1102171] "AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe" [2006-03-17 1827640] "Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2006-03-17 126976] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13574144] "nwiz"="nwiz.exe" [2008-06-26 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 86016] "Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-12-27 524288] "Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "DefragTaskBar"="c:\programmi\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408] "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2009-1-3 25214] CN405WLUSB54 Utility LAN wireless.lnk - c:\programmi\CONITECH\CN405WLUSB54.exe [2008-11-29 704512] EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-2-22 131584] Tasto di scelta rapida per l'avvio di AutoCAD.lnk - c:\programmi\File comuni\Autodesk Shared\acstart16.exe [2005-3-5 10872] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Programmi\\Java\\jre1.5.0_16\\bin\\javaw.exe"= "c:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Programmi\\TeamViewer\\Version5\\TeamViewer_Service.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18.29.38 36880] R2 ACMLIGHT;ACMLIGHT;c:\ssclitmp\AcmLight\ACMLIGHT.exe [10/03/2011 18.26.24 1216000] R2 SERVICECHECKER;SERVICECHECKER;c:\windows\system32\ServiceChecker.exe [18/02/2010 15.59.52 207872] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [31/12/2001 23.58.44 38656] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19.02.46 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 20.07.10 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472] S2 CPUSB;CPUsb.Sys driver;c:\windows\system32\drivers\CPUSB.sys [27/09/2010 16.30.46 17080] S2 cpwnt;cpwnt;c:\windows\system32\drivers\CPWNT.SYS [27/09/2010 16.27.00 21824] S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [01/04/2010 8.15.11 135664] S2 KeyP;KeyP;c:\windows\system32\drivers\KEYP.SYS [07/05/2001 17.07.28 14232] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] . Contenuto della cartella 'Scheduled Tasks' . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-01 07:15] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-01 07:15] . 2011-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1580436667-725345543-1003Core.job - c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-22 16:38] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1580436667-725345543-1003UA.job - c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-22 16:38] . . ------- Scansione supplementare ------- . uStart Page = about:blank mStart Page = about:blank IE: Aggiungi ad Anti-Banner - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} - hxxps://servizi.inps.it/servizi/ParlaConNoi/VoipFiles/IPhona.cab . . ------- Associazioni dei file ------- . .scr=AutoCADScriptFile . - - - - CHIAVI ORFANE RIMOSSE - - - - . URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file) HKCU-Run-FlashCAD - c:\programmi\FlashCAD\FlashCAD.exe HKLM-Run-ACMLIGHTCU - c:\ssclitmp\AcmLight\ACMLIGHTcu.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-25 10:41 Windows 5.1.2600 Service Pack 3 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************** . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*] "0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'Explorer.EXE'(244) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\programmi\File comuni\EPSON\EBAPI\eEBSVC.exe c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe c:\programmi\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe c:\programmi\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe c:\programmi\Java\jre6\bin\jqs.exe c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\programmi\CyberLink\Shared files\RichVideo.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\programmi\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\ssclitmp\ssclient.exe c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe c:\programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Ora fine scansione: 2011-03-25 10:44:53 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2011-03-25 09:44 . Pre-Run: 455.878.135.808 byte disponibili Post-Run: 456.024.141.824 byte disponibili . WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 448D6F8A55273B8AEEA1076B77130165
×
×
  • Créer...