Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

maschere che scompaiono

miki2011

Par miki2011
dans Sécurisation, prévention

 Partager

Messages recommandés

miki2011 Junior Member

miki2011

Posté(e)
Posté(e)

da qualche giorno appare e scompare subito dopo sulla parte sx del desktop(neanche il tempo di leggere qualcosa) una piccola finestra con sfondo nero. La cosa si ripete con una certa peiodicità (sembrerebbe 20 - 25 minuti). Ho lanciato combofix ed ha generato il file log.txt che allego.

Sul sito di combofix ho letto che voi potete darmi una mano.

In attesa porgo i miei più cordiali saluti

ComboFix 11-03-24.03 - User 25/03/2011 10.34.09.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2574 [GMT 1:00]

Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\User\Dati applicazioni\RegistrySmart

c:\documents and settings\User\Dati applicazioni\RegistrySmart\Log\2008 Nov 29 - 07_40_45 PM_875.log

c:\documents and settings\User\Dati applicazioni\RegistrySmart\Log\2008 Nov 29 - 07_58_17 PM_890.log

c:\documents and settings\User\Dati applicazioni\RegistrySmart\Log\2008 Nov 29 - 08_02_57 PM_296.log

c:\documents and settings\User\Dati applicazioni\RegistrySmart\Log\2008 Nov 29 - 08_12_45 PM_859.log

c:\documents and settings\User\Dati applicazioni\RegistrySmart\Registry Backups\2008-11-29_19-41-39.reg

c:\documents and settings\User\Impostazioni locali\Temporary Internet Files\plot.log

c:\gerico2007\Gerico2007.exe

c:\gerico2008\Gerico2008.exe

c:\windows\install.exe

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Creati Da 2011-02-25 al 2011-03-25 )))))))))))))))))))))))))))))))))))

.

.

2011-03-24 17:51 . 2011-03-24 17:51 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-03-19 10:51 . 2011-03-19 10:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-03-19 10:49 . 2011-03-22 03:37 326144 ----a-w- c:\windows\system32\ssclient32.dll

2011-03-19 10:49 . 2011-03-22 03:37 326144 ----a-w- c:\windows\ssclient32.dll

2011-03-19 10:38 . 2004-03-26 12:29 8464 ----a-w- c:\windows\system32\sswbase.dll

2011-03-19 10:38 . 2011-03-25 09:41 -------- d-----w- C:\ssclitmp

2011-03-09 10:19 . 2011-02-09 13:54 270848 ------w- c:\windows\system32\dllcache\sbe.dll

2011-03-09 10:19 . 2011-02-09 13:54 186880 ------w- c:\windows\system32\dllcache\encdec.dll

2011-03-09 10:19 . 2011-02-02 07:58 2067456 ------w- c:\windows\system32\dllcache\lhmstscx.dll

2011-03-09 10:19 . 2011-01-27 11:57 677888 ------w- c:\windows\system32\dllcache\lhmstsc.exe

2011-02-25 05:42 . 2009-07-27 23:16 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:54 . 2004-08-19 13:39 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54 . 2004-08-19 13:39 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-03 18:59 . 2011-02-03 19:04 286720 ----a-w- c:\windows\iun506.exe

2011-02-02 20:40 . 2010-04-22 15:30 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 18:19 . 2008-11-05 15:48 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58 . 2001-12-31 22:25 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2001-12-31 22:25 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2004-08-19 13:39 440832 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-10 08:42 . 2011-01-10 08:42 61440 ----a-w- c:\windows\system32\bitdll.dll

2011-01-07 14:09 . 2004-08-19 13:37 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 14:04 . 2007-01-03 10:52 1854976 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]

"Google Update"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-01-22 135664]

"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-01 39408]

"UIWatcher"="c:\programmi\Ashampoo\Ashampoo UnInstaller 2010\UIWatcher.exe" [2009-11-17 2530656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]

"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]

"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]

"LanguageShortcut"="c:\programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]

"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe" [2006-03-17 1102171]

"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe" [2006-03-17 1827640]

"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2006-03-17 126976]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13574144]

"nwiz"="nwiz.exe" [2008-06-26 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 86016]

"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-12-27 524288]

"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"DefragTaskBar"="c:\programmi\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]

"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2009-1-3 25214]

CN405WLUSB54 Utility LAN wireless.lnk - c:\programmi\CONITECH\CN405WLUSB54.exe [2008-11-29 704512]

EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-2-22 131584]

Tasto di scelta rapida per l'avvio di AutoCAD.lnk - c:\programmi\File comuni\Autodesk Shared\acstart16.exe [2005-3-5 10872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Programmi\\Java\\jre1.5.0_16\\bin\\javaw.exe"=

"c:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Programmi\\TeamViewer\\Version5\\TeamViewer_Service.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18.29.38 36880]

R2 ACMLIGHT;ACMLIGHT;c:\ssclitmp\AcmLight\ACMLIGHT.exe [10/03/2011 18.26.24 1216000]

R2 SERVICECHECKER;SERVICECHECKER;c:\windows\system32\ServiceChecker.exe [18/02/2010 15.59.52 207872]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [31/12/2001 23.58.44 38656]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19.02.46 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 20.07.10 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472]

S2 CPUSB;CPUsb.Sys driver;c:\windows\system32\drivers\CPUSB.sys [27/09/2010 16.30.46 17080]

S2 cpwnt;cpwnt;c:\windows\system32\drivers\CPWNT.SYS [27/09/2010 16.27.00 21824]

S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [01/04/2010 8.15.11 135664]

S2 KeyP;KeyP;c:\windows\system32\drivers\KEYP.SYS [07/05/2001 17.07.28 14232]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

.

Contenuto della cartella 'Scheduled Tasks'

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-01 07:15]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-01 07:15]

.

2011-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1580436667-725345543-1003Core.job

- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-22 16:38]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1580436667-725345543-1003UA.job

- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-22 16:38]

.

.

------- Scansione supplementare -------

.

uStart Page = about:blank

mStart Page = about:blank

IE: Aggiungi ad Anti-Banner - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} - hxxps://servizi.inps.it/servizi/ParlaConNoi/VoipFiles/IPhona.cab

.

.

------- Associazioni dei file -------

.

.scr=AutoCADScriptFile

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

HKCU-Run-FlashCAD - c:\programmi\FlashCAD\FlashCAD.exe

HKLM-Run-ACMLIGHTCU - c:\ssclitmp\AcmLight\ACMLIGHTcu.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-25 10:41

Windows 5.1.2600 Service Pack 3 NTFS

.

scansione processi nascosti ...

.

scansione entrate autostart nascoste ...

.

Scansione files nascosti ...

.

Scansione completata con successo

Files nascosti: 0

.

**************************************************************************

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*]

"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

.

- - - - - - - > 'Explorer.EXE'(244)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\programmi\File comuni\EPSON\EBAPI\eEBSVC.exe

c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe

c:\programmi\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

c:\programmi\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe

c:\programmi\Java\jre6\bin\jqs.exe

c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\programmi\CyberLink\Shared files\RichVideo.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\programmi\Microsoft ActiveSync\wcescomm.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\ssclitmp\ssclient.exe

c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe

c:\programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Ora fine scansione: 2011-03-25 10:44:53 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2011-03-25 09:44

.

Pre-Run: 455.878.135.808 byte disponibili

Post-Run: 456.024.141.824 byte disponibili

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 448D6F8A55273B8AEEA1076B77130165

Rejoindre la conversation

Vous publiez en tant qu’invité. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...