View Full Version : Virus o problema HD?
Rivendell
12-12-2009, 19:23
Premetto che ho già postato questo messaggio in un'altra sezione del forum ed un utente gebtilissimo mi ha suggerito (e purtroppo mi sa che ha ragione) che forse il mio HD sta per morire. In ogni caso volevo sottoporre il prob. anche a voi.
da un pò di tempo a questa parte quando avvio Win xp ho notato che l'HD rimane attivo e lavora pesantemente (spia rossa e rumore) per un bel pò di minuti (dai 10 ai 20). Durante questo periodo in cui L'HD è così attivo tutto il resto sembra rallentato e dal Case sembrano provenire anche rumorini piuttosto sinistri (un "tac" a intervalli irregolari).
La cosa ancora + sinistra è che molto spesso nei primi 15 minuti dopo l'accensione, soprattutto navigo su internet (ho installato e reinstallato sia firefox sia explorer), la spia del'HD si stoppa di colpo e l'HD smette di fare rumore. A questo punto il Pc si impalla, solo il muose si muove e l'unica soluzione è il riavvio. Se premo ctrl+alt+canc spesso si blocca anche il mouse e dal case esce un fischio continuo. Anche qui l'unica soluzione è il riavvio.
Dal menu di avvio ho disattivato il disattivabile, ho fatto scansioni varie e ieri a-squared mi ha trovato un trojan (agent 32) che ha eliminato. Tra l'altro l'altra cosa che ho notato è che quando uso poste pay su internet esce spesso un opzione per digitare il mio pin (cosa che non ho mai fatto e mai farò!!).
Sono sul disperatello....da una parte penso sia l'HD ma visto che nessuno dei programmi ha trovato errori sull'HD ora mi chiedo...che sia un virus?
Spero che il messaggio non sia troppo incasinato.
Grazie
effettivamente i segnali che il tuo HD ti stia abbandonando ci sono... Intanto ti consiglio di salvarti i dati importanti (foto,documenti,video,musica ecc) su un HD esterno oppure su CD/DVD o penne USB...
Ad ogni modo, dato che a-squared aveva trovato qualcosa di infetto, segui la semplice Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737) e pubblica tutti i log richiesti facendo attenzione alle Regole di Sezione (http://www.hwupgrade.it/forum/showthread.php?t=1751598), così potrai ricevere aiuto.
Mi raccomando non saltare nessun passaggio della guida. Rifai anche a-squared:)
Rivendell
12-12-2009, 19:33
effettivamente i segnali che il tuo HD ti stia abbandonando ci sono... Intanto ti consiglio di salvarti i dati importanti (foto,documenti,video,musica ecc) su un HD esterno oppure su CD/DVD o penne USB...
Ad ogni modo, dato che a-squared aveva trovato qualcosa di infetto, segui la semplice Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737) e pubblica tutti i log richiesti facendo attenzione alle Regole di Sezione (http://www.hwupgrade.it/forum/showthread.php?t=1751598), così potrai ricevere aiuto.
Mi raccomando non saltare nessun passaggio della guida. Rifai anche a-squared:)
Grazie per la risposta. Vado a leggermi la guida almeno posto qualcosa di + costruttivo.
xcdegasp
14-12-2009, 00:40
occhio che potrebbe lasciarti pure la scheda madre! ;)
al pc di mio padre era successo proprio l'estate del 2008, l'hdd primario ha cominciato per un periodo a lavorare sotto pesante sforzo era anche caldo a toccarlo molto di più del secondario.
poi un giorno il pc si è spento e non si è più riacceso.
hdd montati su un altro pc andavano tranquillamente, avevano qualche settore danneggiato ma nulla di che..
comunque era un pc con 4 anni alle spalle ma usato pochissimo.
Rivendell
21-12-2009, 19:50
Inizio a postare un pò di log.
Ho usato COMBOFIX che a quanto sembra ha trovato e eliminato un rootkit.
ComboFix 09-12-19.03 - Gamer 20/12/2009 18.32.14.2.2 - x86
Microsoft Windows XP Home Edition Running from: c:\documents and settings\Gamer\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 )))))))))))))))))))))))))))))))
.
2009-12-20 17:16 . 2009-12-20 17:16 -------- d-----w- c:\documents and settings\Gamer\Application Data\Avira
2009-12-19 18:49 . 2009-12-19 18:49 -------- d-----w- c:\program files\GRETECH
2009-12-10 17:08 . 2009-12-10 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\media center programs
2009-12-10 17:08 . 2009-12-10 17:08 -------- d-----w- c:\program files\Funcom
2009-12-09 21:48 . 2009-12-09 21:48 -------- dc----w- c:\documents and settings\All Users\Application Data\{787D8BC4-68CA-4839-A1F7-947E42850681}
2009-12-09 21:48 . 2009-12-09 21:48 -------- d-----w- c:\documents and settings\Gamer\Application Data\Fighters
2009-12-09 20:51 . 2009-12-09 20:52 -------- d-----w- c:\program files\HD Tune
2009-12-09 17:19 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-09 17:19 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-09 17:19 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-09 17:19 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-09 17:19 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-09 17:19 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-12-08 21:14 . 2009-12-08 21:14 45312 ----a-w- c:\windows\system32\drivers\viragtlt.sys
2009-12-08 17:47 . 2009-12-08 18:37 3328 ----a-w- c:\windows\listcmd.bin
2009-12-07 18:39 . 2009-12-07 18:39 -------- d-----w- c:\documents and settings\Gamer\Local Settings\Application Data\PackageAware
2009-12-07 18:34 . 2009-12-18 20:15 -------- d-----w- c:\program files\a-squared Anti-Malware
2009-12-07 18:32 . 2009-12-08 08:35 79488 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-06 18:06 . 2009-12-06 18:08 -------- dc-h--w- c:\windows\ie8
2009-12-06 11:23 . 2009-03-08 04:33 18944 -c--a-w- c:\windows\system32\dllcache\corpol.dll
2009-12-05 21:42 . 2009-12-05 21:42 0 ----a-w- c:\windows\nsreg.dat
2009-12-05 21:42 . 2009-12-05 21:42 -------- d-----w- c:\documents and settings\Gamer\Local Settings\Application Data\Mozilla
2009-12-05 19:42 . 2009-12-05 19:44 -------- d-----w- c:\documents and settings\Gamer\.housecall6.6
2009-12-04 12:42 . 2009-12-04 12:42 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-28 17:56 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-11-28 17:56 . 2009-11-21 02:34 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-28 17:56 . 2009-11-21 02:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-28 17:56 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-11-28 17:56 . 2009-11-21 02:34 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-28 17:56 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-28 17:56 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-28 17:56 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-11-28 17:56 . 2009-11-21 02:34 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-28 17:56 . 2009-11-21 02:34 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-11-28 17:56 . 2009-11-28 17:56 -------- d-----w- C:\NVIDIA
2009-11-20 20:32 . 2009-11-20 20:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-20 20:32 . 2009-11-20 20:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-20 20:32 . 2009-11-20 20:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-20 20:32 . 2009-11-20 20:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 20:32 . 2009-11-20 20:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-20 20:32 . 2009-11-20 20:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 18:13 . 2008-11-15 12:04 -------- d-----w- c:\program files\Steam
2009-12-20 16:22 . 2008-06-01 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-09 21:51 . 2009-09-21 17:54 -------- d-----w- c:\program files\NCSoft
2009-12-09 17:43 . 2009-03-21 15:55 -------- d-----w- c:\documents and settings\Gamer\Application Data\Skype
2009-12-09 17:43 . 2007-11-28 16:53 -------- d-----w- c:\documents and settings\Gamer\Application Data\skypePM
2009-12-09 17:07 . 2009-01-13 18:40 -------- d-----w- c:\program files\Yahoo!
2009-11-28 17:58 . 2007-11-20 17:02 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-28 17:53 . 2008-05-23 17:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-25 18:15 . 2007-11-16 23:21 77392 ----a-w- c:\documents and settings\Gamer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-24 21:48 . 2008-10-29 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-24 21:47 . 2008-10-29 23:01 -------- d-----w- c:\program files\Microsoft Works
2009-11-23 19:51 . 2008-06-01 07:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-21 02:34 . 2009-10-17 17:20 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-21 02:34 . 2009-07-07 19:21 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-10-30 12:36 . 2008-11-15 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-10-30 12:35 . 2007-11-27 17:41 -------- d-----w- c:\documents and settings\Gamer\Application Data\Sports Interactive
2009-10-29 07:45 . 2007-08-07 12:04 916480 ------w- c:\windows\system32\wininet.dll
2009-10-25 10:39 . 2009-10-25 10:39 62732 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-25 09:25 . 2009-10-25 09:23 -------- d-----w- c:\documents and settings\Gamer\Application Data\HpUpdate
2009-10-25 09:25 . 2009-10-25 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-10-25 09:23 . 2007-12-19 19:27 -------- d-----w- c:\program files\HP
2009-10-21 05:38 . 2004-08-04 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-08-07 12:02 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 20:28 . 2009-08-09 08:43 152576 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-13 10:30 . 2007-08-07 12:03 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 11:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 11:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 14:57 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 14:57 . 2004-08-04 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 14:56 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-27 17:20 . 2009-09-27 17:20 2505320 ----a-w- c:\windows\system32\nvcpluir.dll
2009-09-27 17:20 . 2009-09-27 17:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 17:19 . 2009-09-27 17:19 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-24 06:45 . 2009-09-24 06:45 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-30 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2007-11-29 1481984]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-07-23 266497]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2009-11-05 3279192]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2010\\fm.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7320:TCP"= 7320:TCP:Services
"4410:TCP"= 4410:TCP:Services
"2479:TCP"= 2479:TCP:Services
"6163:TCP"= 6163:TCP:Services
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [29/11/2007 13.30.48 79096]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [29/11/2007 13.30.48 23672]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [07/12/2009 18.34.55 1858144]
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [31/05/2008 22.47.55 164097]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [31/05/2008 22.47.55 41217]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [03/07/2008 17.33.33 86656]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [03/07/2008 17.33.33 28928]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [25/12/2007 15.00.01 163840]
S4 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [31/05/2008 22.52.00 258305]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
LSP: avsda.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 18:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\avsda.dll
- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-20 18:36:29
ComboFix-quarantined-files.txt 2009-12-20 18:36
ComboFix2.txt 2009-12-20 18:17
Pre-Run: 98.712.313.856 bytes free
Post-Run: 98.700.423.168 bytes free
- - End Of File - - 85115B56D8452728390717F73DA664EC
E ora il log di hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.49.28, on 21/12/2009
Platform: Windows XP SP3
MSIE: Internet Explorer v8.00
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195315772091
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195315152841
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
--
End of file - 10602 bytes
grazie per ora
i log caricati secondo le regole di sezione, grazie
Rivendell
21-12-2009, 21:07
http://wikisend.com/download/457390/log.txt
http://wikisend.com/download/508526/hij.txt
Rivendell
27-12-2009, 17:48
nessuno che mi da un'occhio a questi due log?
grazie
lord_nerevar
27-12-2009, 18:10
Per vedere fino a che punto è danneggiato l'hard disk puoi provare a lanciare un sistema operativo live di linux (ubuntu in live va benissimo) e vedere i messaggi di errore. Se fa un rumoraccio tipo testina che scatta ci puoi fare poco, ma se sono errori logici sul disco non è detto che và buttato.
Scarica Ubuntu 9.10, masterizza l'immagine su un cd e boota dal cd.
In alto a destra ti uscirà sicuramente l'icona dell'hard disk con un messaggio di errore, prova a leggere cosa dice.
Ciao
Lancia HiJackThis -> Clicca Do a scan only -> Metti la spunta a fianco delle righe che ti segnalo qui sotto -> Clicca su Fix Checked
Riavvia il pc -> Lancia HiJackThis -> Do a system scan and save a logfile
Controlla che tutte le voci fixate siano sparite altrimenti carica il nuovo log rinominato in .txt con la funzione Gestisci allegati che trovi nelle Opzioni aggiuntive o cliccando sull'icona del fermaglio (http://www.hwupgrade.it/forum/images_hwu/editor/attach.gif)
_______________________________________________________________________________
Tutte le eventuali voci O4 fixate non cancellano i programmi ma semplicemente evitano che questi partano in automatico inutilmente, rallentando l'avvio del sistema.
Di default segnalo sempre i programmi di messaggistica, ma se li ritieni strettamente necessari non fixarli.
Se hai installato toolbar varie (google, yahoo, ask ecc.) e non le usi disinstallale pure nel modo classico.
Le eventuali voci O16 dovranno essere fixate con IE chiuso.
Eventuali voci che ti segnalo, che invece hai impostato tu o che comunque conosci e provengono da fonti sicure, lasciale se le ritieni veramente importanti.
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Logfile of Trend Micro HijackThis v2.0.2
Platform: Windows XP SP3
MSIE: Internet Explorer v8.00
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1195315772091
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195315152841
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5033/CTPID.cab
per tenere aggiornati i programmi installati tra cui quelli più vulnerabili e per consigli vari leggi qui (http://www.hwupgrade.it/forum/showthread.php?t=1726383)
di combo dovresti avere un combofix2.txt nella cartella combofix dove si vedono le parti eliminate
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.