www.MegaLab.it

da **hashcat** » mar mag 31, 2011 8:32 pm

ValeRob ha scritto:il computer non è nuovissimo: lo uso dal 2008 e ci faccio le cose più disparate
.. non sono molto abituato a scrivere su un forum.. pensa che vorrei pure fare na faccetta ma non sono capace!

Ecco il report
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.17.19, on 31/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\MENZAT~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\menzatì\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NF8HIBGJ\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?sourceid=nav ... t&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=224f03ad00000000000000215d74da18&tlver=1.4.19.19&ss=1&affID=17982
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {e3393495-8103-46a0-8181-270273eddd60} - (no file)
R3 - URLSearchHook: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O3 - Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Service Location Protocol (slpd) - Unknown owner - C:\Windows\System32\slpd.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9851 bytes

Devi fixare queste voci:

Codice: Seleziona tutto: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=224f03ad000000000 00000215d74da18&tlver=1.4.19.19&ss=1&affID=17982 R3 - URLSearchHook: (no name) - {e3393495-8103-46a0-8181-270273eddd60} - (no file) R3 - URLSearchHook: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file) R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll O3 - Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file) O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)

Fai analizzare su virustotal questo:

Codice: Seleziona tutto: C:\Windows\System32\slpd.exe

Dopo aver aggiornato Malwarebytes esegui una scansione completa, rimuovi tutti gli elementi infetti, sala il log e postalo qui.

da **Berga95** » mar mag 31, 2011 10:06 pm

hashcat ha scritto:Fai analizzare su virustotal questo:

Codice: Seleziona tutto
C:\Windows\System32\slpd.exe

Aggiungerei anche ThreatExpert, già che ci siamo...

hashcat ha scritto:Dopo aver aggiornato Malwarebytes esegui una scansione completa

ValeRob ha scritto:Ho fatto una scansione con antimalware e con avira e pare che non ci siano virus....

Penso l'abbia già fatta [V]

Sento puzza di guasto hardware... poi è solo una sensazione...

da **hashcat** » mer giu 01, 2011 6:36 am

Berga95 ha scritto:
hashcat ha scritto:Dopo aver aggiornato Malwarebytes esegui una scansione completa

ValeRob ha scritto:Ho fatto una scansione con antimalware e con avira e pare che non ci siano virus....

Penso l'abbia già fatta

Ho intravisto nel log tracce di minacce che Malwarebytes dovrebbe rilevare, quindi conviene eseguire di nuovo una scansione completa con gli ultimi aggiornamenti [^]

da **eugenio19911** » mer giu 01, 2011 8:59 am

Se non rileva nulla una una passata con Hitman pro 3.5 dovrebbe trovare qualcosa.

da **ValeRob** » mer giu 01, 2011 3:16 pm

Scusate il ritardo...
Ma che vuol dire che devo fixare i file che mi hai postato?

da **ValeRob** » mer giu 01, 2011 3:25 pm

Questo è il report di virus total
File name: slpd.exe
Submission date: 2011-06-01 14:13:32 (UTC)
Current status: queued (#37) queued (#37) analysing finished

Result: 0/ 43 (0.0%)

MD5 : 03b43a069166ef5813baf75de3a134db
SHA1 : 587d84a60d62dbdbbc547a44e6c6c5a4294fe0dd
SHA256: afe9914b7399ffd5d021eb4e142c699833226419979fd7ad7fb44aca37657295
ssdeep: 1536:FWadCVmm5+Eo2vE/PVrpMSHTTYmUDwWZXv2gzN3J7hJ:0adCVmm5+Eot/dr7vGZ2gjj
File size : 102400 bytes
First seen: 2011-06-01 14:13:32
Last seen : 2011-06-01 14:13:32
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1328E
timedatestamp....: 0x4C49EC31 (Fri Jul 23 19:23:29 2010)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x12A5A, 0x13000, 6.35, b6579b072ca5b0b08f656931f6c8ed99
.rdata, 0x14000, 0x27CA, 0x3000, 4.82, 86bc6b7634da9f4b86340b3de0457a3a
.data, 0x17000, 0x74C0, 0x1000, 0.73, 97cb8f636474d7bfcd7cee53182c4d66
.rsrc, 0x1F000, 0x1B0, 0x1000, 3.47, f659242b9868c504f2583d257e9046d9

[[ 6 import(s) ]]
WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
iphlpapi.dll: NotifyAddrChange
KERNEL32.dll: LeaveCriticalSection, TryEnterCriticalSection, EnterCriticalSection, InitializeCriticalSection, WaitForSingleObject, GetExitCodeThread, CreateThread, OpenProcess, CloseHandle, GetCurrentProcessId, InterlockedExchange, InterlockedCompareExchange, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, IsDebuggerPresent, GetCurrentThreadId, GetSystemTimeAsFileTime, LocalFree, lstrlenA, FormatMessageA, GetLastError, GetModuleFileNameA, Sleep, SetConsoleCtrlHandler, ExpandEnvironmentStringsA, FreeLibrary, GetProcAddress, LoadLibraryA, GetSystemDirectoryA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, DeleteCriticalSection
ADVAPI32.dll: CloseServiceHandle, RegisterServiceCtrlHandlerA, SetServiceStatus, OpenSCManagerA, QueryServiceStatus, ControlService, DeleteService, OpenServiceA, StartServiceA, StartServiceCtrlDispatcherA, CreateServiceA
WS2_32.dll: -, WSAIoctl, -
MSVCR80.dll: _lock, _decode_pointer, _except_handler4_common, _invoke_watson, _controlfp_s, _crt_debugger_hook, _onexit, __dllonexit, _unlock, _terminate@@YAXXZ, __set_app_type, _time64, sprintf, _beginthreadex, fprintf, __iob_func, printf, exit, strncpy, memset, realloc, free, memcpy, malloc, fclose, fopen, _errno, strerror, strcpy_s, calloc, strncpy_s, strtoul, strchr, sprintf_s, strcat_s, strncat, _strdup, _ctime64, fflush, vfprintf, vprintf, fwrite, _strnicmp, isxdigit, tolower, isalpha, memchr, strtol, isdigit, fgets, atoi, strstr, rand, srand, memmove, isspace, strrchr, _snprintf, wcstombs, ceil, _CIlog10, strncmp, getenv, _amsg_exit, __getmainargs, _cexit, _exit, _XcptFilter, __initenv, _initterm, _initterm_e, _configthreadlocale, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, _encode_pointer

ExifTool:
file metadata
CodeSize: 77824
EntryPoint: 0x1328e
FileSize: 100 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 20480
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows command line
SubsystemVersion: 4.0
TimeStamp: 2010:07:23 21:23:29+02:00
UninitializedDataSize: 0

da **ValeRob** » mer giu 01, 2011 3:30 pm

non sò , poi , come postare i risultati del programma threatexpert...

da **ValeRob** » mer giu 01, 2011 3:58 pm

ecco il report di threat

Submission Summary:
Submission details:
Submission received: 1 June 2011, 09:40:32 AM
Processing time: 11 min 6 sec
Submitted sample:
File MD5: 0x03B43A069166EF5813BAF75DE3A134DB
Filesize: 102,400 bytes

Technical Details:

File System Modifications

The following file was created in the system:

# Filename(s) File Size File MD5
1 [file and pathname of the sample #1] 102,400 bytes 0x03B43A069166EF5813BAF75DE3A134DB

da **ValeRob** » mar giu 07, 2011 5:09 pm

Nell'attesa ho scaricato combofix e vi mando il report

ComboFix 11-06-06.01 - menzatì 06/06/2011 20.52.30.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.39.1040.18.3000.1753 [GMT 2:00]
Eseguito da: c:\users\menzatì\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I667S02\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2011-05-06 al 2011-06-06 )))))))))))))))))))))))))))))))))))
.
.
2011-06-06 19:07 . 2011-06-06 19:16 -------- d-----w- c:\users\menzatì\AppData\Local\temp
2011-06-06 19:07 . 2011-06-06 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-06 18:42 . 2011-06-06 18:48 -------- d-----w- C:\32788R22FWJFW
2011-06-06 18:41 . 2011-06-06 18:41 -------- d-----w- c:\users\menzatì\AppData\Roaming\Reviversoft
2011-06-06 18:40 . 2011-05-17 12:51 16704 ----a-w- c:\windows\system32\roboot.exe
2011-06-03 13:17 . 2011-06-03 13:17 -------- d-----w- c:\users\menzatì\AppData\Roaming\Adobe Mini Bridge CS5.1
2011-06-03 13:17 . 2011-06-03 13:17 -------- d-----w- c:\users\menzatì\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-06-03 13:16 . 2011-06-03 13:16 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-06-03 13:00 . 2011-06-03 13:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-06-01 10:21 . 2011-06-02 14:50 -------- d-----w- c:\program files\VectorWorks 11
2011-06-01 10:16 . 2011-06-01 10:16 -------- d-----w- c:\program files\Smart Projects
2011-05-18 09:22 . 2011-05-18 09:22 -------- d-----w- c:\program files\Defraggler
2011-05-14 16:35 . 2011-05-14 16:36 -------- d-----w- c:\users\menzatì\pinocchio
2011-05-14 09:19 . 2007-11-28 09:05 233472 --s-a-w- c:\windows\system32\REX Shared Library.dll
2011-05-13 21:02 . 2011-05-13 21:02 -------- d-----w- c:\users\menzatì\AppData\Local\Ilivid Player
2011-05-13 16:52 . 2011-05-13 16:52 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-13 15:26 . 2011-05-13 15:26 -------- d-----w- c:\program files\uTorrent
2011-05-13 09:55 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{937DF778-DC47-49BA-A8CE-B03C62BF76CF}\mpengine.dll
2011-05-11 15:16 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 15:09 . 2011-04-18 15:09 13719264 ----a-w- c:\program files\aTube_Catcher-2.3.570.exe
2011-04-06 10:20 . 2011-04-14 13:54 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-04-06 10:20 . 2011-04-14 13:54 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2011-04-03 06:15 . 2009-11-18 10:08 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-24 15:29 . 2011-04-22 17:18 25024 ----a-w- c:\windows\system32\udcpm.dll
2011-03-12 21:55 . 2011-04-27 22:53 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 18:14 . 2011-03-10 18:14 40960 ----a-r- c:\users\menzatì\AppData\Roaming\Microsoft\Installer\{828BDC59-1FB1-4AC6-9009-61D54E245396}\NewShortcut5_828BDC591FB14AC6900961D54E245396.exe
2011-03-10 18:14 . 2011-03-10 18:14 40960 ----a-r- c:\users\menzatì\AppData\Roaming\Microsoft\Installer\{828BDC59-1FB1-4AC6-9009-61D54E245396}\NewShortcut5_828BDC591FB14AC6900961D54E245396.exe
2011-03-10 18:14 . 2011-03-10 18:14 40960 ----a-r- c:\users\menzatì\AppData\Roaming\Microsoft\Installer\{828BDC59-1FB1-4AC6-9009-61D54E245396}\NewShortcut2_E9188E2CBF574630A8C27D57CAA43B9A.exe
2011-03-10 18:14 . 2011-03-10 18:14 40960 ----a-r- c:\users\menzatì\AppData\Roaming\Microsoft\Installer\{828BDC59-1FB1-4AC6-9009-61D54E245396}\NewShortcut2_E9188E2CBF574630A8C27D57CAA43B9A.exe
2011-03-10 18:14 . 2011-03-10 18:14 40960 ----a-r- c:\users\menzatì\AppData\Roaming\Microsoft\Installer\{828BDC59-1FB1-4AC6-9009-61D54E245396}\NewShortcut1_E9188E2CBF574630A8C27D57CAA43B9A.exe
2011-03-10 18:14 . 2011-03-10 18:14 40960 ----a-r- c:\users\menzatì\AppData\Roaming\Microsoft\Installer\{828BDC59-1FB1-4AC6-9009-61D54E245396}\NewShortcut1_E9188E2CBF574630A8C27D57CAA43B9A.exe
2011-03-10 17:03 . 2011-04-12 19:29 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-12 19:29 1136640 ----a-w- c:\windows\system32\mfc42.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-07-07 11:52 157168 ----a-w- c:\programdata\Partner\partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-15 3724800]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-06-02 98304]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-03 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-15 02:58 3167744 ----a-r- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^menzatì^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\users\menzatì\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10 1983816 ----a-r- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-r- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-08-01 07:51 405504 ----a-r- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08IXLRD_13247916]
2007-06-12 22:09 351000 ----a-w- c:\program files\Microsoft Student\Microsoft Encarta 2008 - Premium + Student DVD\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-07-25 03:48 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-06-02 15:18 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-07 11:52 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [2008-05-30 27704]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-10-15 42608]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-13 436792]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-10-15 3566080]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-02-04 196912]
S2 slpd;Service Location Protocol;c:\windows\System32\slpd.exe [2010-07-23 102400]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
S3 NETw5v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 12:24]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 12:24]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/webhp?sourceid=nav ... t&ie=UTF-8
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5F69E3B1-1FC4-4C3A-A1B2-6E0459F22CE9}: NameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{e3393495-8103-46a0-8181-270273eddd60} - (no file)
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
HKCU-Run-AdobeBridge - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-06 21:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(2532)
c:\windows\system32\btncopy.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\hasplms.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\HidFind.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Ora fine scansione: 2011-06-06 21:23:09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-06-06 19:23
.
Pre-Run: 74.304.901.120 byte disponibili
Post-Run: 74.001.682.432 byte disponibili
.
- - End Of File - - 083FA76588D8B814BB9F673481EC0398

da **ValeRob** » mar giu 07, 2011 9:24 pm

Salve
ma non capisco perché non c'è più nessuno che possa darmi una mano...

da **Andy97** » mar giu 07, 2011 9:38 pm

Può darsi che gli esperti nel settore sicurezza (sicuramente non io) non siano al momento disponibili. Tranquillo che le risposte arriveranno

da **Berga95** » mar giu 07, 2011 9:46 pm

La cartella C:\32788R22FWJFW sembra sospetta, inoltre c:\windows\system32\roboot.exe non lo conosco... se lo trovi, caricalo su virustotal [;)]

P.S: Questo non è un helpdesk, devi avere un po' di pazienza [^]

da **ValeRob** » mer giu 08, 2011 2:57 pm

report di roboot su virustotal
[MEMOAntivirus Version Last update Result
AhnLab-V3 2011.06.01.00 2011.05.31 -
AntiVir 7.11.8.210 2011.05.31 -
Antiy-AVL 2.0.3.7 2011.05.31 -
Avast 4.8.1351.0 2011.05.31 -
Avast5 5.0.677.0 2011.05.31 -
AVG 10.0.0.1190 2011.05.31 -
BitDefender 7.2 2011.05.31 -
CAT-QuickHeal 11.00 2011.05.31 -
ClamAV 0.97.0.0 2011.05.31 -
Commtouch 5.3.2.6 2011.05.31 -
Comodo 8906 2011.05.31 -
DrWeb 5.0.2.03300 2011.05.31 -
eSafe 7.0.17.0 2011.05.31 -
eTrust-Vet 36.1.8359 2011.05.31 -
F-Prot 4.6.2.117 2011.05.30 -
F-Secure 9.0.16440.0 2011.05.31 -
Fortinet 4.2.257.0 2011.05.31 -
GData 22 2011.05.31 -
Ikarus T3.1.1.104.0 2011.05.31 -
Jiangmin 13.0.900 2011.05.30 -
K7AntiVirus 9.104.4745 2011.05.31 -
Kaspersky 9.0.0.837 2011.05.31 -
McAfee 5.400.0.1158 2011.05.31 -
McAfee-GW-Edition 2010.1D 2011.05.31 -
Microsoft 1.6903 2011.05.31 -
NOD32 6169 2011.05.31 -
Norman 6.07.07 2011.05.30 -
nProtect 2011-05-31.02 2011.05.31 -
Panda 10.0.3.5 2011.05.31 -
PCTools 7.0.3.5 2011.05.19 -
Prevx 3.0 2011.05.31 -
Rising 23.60.01.05 2011.05.31 -
Sophos 4.65.0 2011.05.31 -
SUPERAntiSpyware 4.40.0.1006 2011.05.31 -
Symantec 20111.1.0.186 2011.05.31 -
TheHacker 6.7.0.1.215 2011.05.31 -
TrendMicro 9.200.0.1012 2011.05.31 -
TrendMicro-HouseCall 9.200.0.1012 2011.05.31 -
VBA32 3.12.16.0 2011.05.31 -
VIPRE 9446 2011.05.31 -
ViRobot 2011.5.31.4488 2011.05.31 -
VirusBuster 14.0.59.0 2011.05.31 -
MD5: bf9b9cbb371a72043722a6bdf533cc11
SHA1: 8c5ef2c2a2dc0bd0233c0a12d2f37e7b7c46486a
SHA256: 89521e3068573e6056aab6a01935c1b9e311a91ea926444d206fc4b67351da5f
File size: 16704 bytes
Scan date: 2011-05-31 19:12:48 (UT
][/MEMO]

da **ValeRob** » mer giu 08, 2011 3:24 pm

Altri elementi importangti (forse, credo):
1) ho avviato lo strumento di ricerca malware di windows (prima non sapevo nemmeno della sua esistenza, lo ho socperto da poco). Dunque mi dice che ha rimosso parzialmente un virus e che servono operazioni manuali per rimuoverlo completamente. Il virsu in questione è Trojan:DOS/Alureon.A
Sapete dirmi qualcosa in merito?
2) Ho attivato la protezione Malwarebytes. Ogni volta che faccio un'operazione mi dice che ha bloccato l'accesso a siti dannosi. I processi in questione sono in uscita e il programma che li attiva è un svchost (si scrive così) . I siti sono sempre diversi. Non sò bene che significa.
3)Negli ultimi giorni mi appare il quadratino verde (fra le applicazioni sulla barra degli strumenti in basso a destra) di utilizzo della Cpu. Mi dice che la Cpu è utilizzata quasi sempre al 100% Se vado alle attività del computer mi appaiono circa una decina processi svchost attivi...

Sapete dirmi qualcosa anche in merito a queste cose?
Grazie mille
Vale

da **farbix89** » mer giu 08, 2011 4:14 pm

Prova a rifare tutte le scansioni in provvisoria [:)]

Ecco come procedere

da **hashcat** » mer giu 08, 2011 4:21 pm

farbix89 ha scritto:Prova a rifare tutte le scansioni in provvisoria

Ecco come procedere

Anche una "spolveratina" con TdssKiller è consigliata.

Procedura:

Scarica TDSSKiller da qui
Esegui TDSSKiller e clicca su "Start Scan"
Al termine della scansione verrà mostrata una schermata con i rilevamenti
Seleziona l'opzione "Cure" per i rilevamenti "malicious" e l'opzione "Skip" per quelli "Suspicious"
Clicca su Next/Continue per applicare le azioni
Per portare a termine la disinfezione TDSSKiller potrebbe richiedere un riavvio del computer
Al termine della procedura posta il log di TDSSKiller che si trova in C:\TDSSKillerxxxx

da **ValeRob** » mer giu 08, 2011 10:27 pm

fattto tutto come mi si è consigliato.
avira e malwarebyte non hanno prodotto risultati, combo e ha.. ci sono già i report in post precedenti.
ecco tdsskiller

2011/06/08 23:22:38.0512 5788 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/08 23:22:38.0767 5788 ================================================================================
2011/06/08 23:22:38.0767 5788 SystemInfo:
2011/06/08 23:22:38.0767 5788
2011/06/08 23:22:38.0767 5788 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/08 23:22:38.0767 5788 Product type: Workstation
2011/06/08 23:22:38.0767 5788 ComputerName: AVITA
2011/06/08 23:22:38.0767 5788 UserName: menzatì
2011/06/08 23:22:38.0767 5788 Windows directory: C:\Windows
2011/06/08 23:22:38.0767 5788 System windows directory: C:\Windows
2011/06/08 23:22:38.0767 5788 Processor architecture: Intel x86
2011/06/08 23:22:38.0767 5788 Number of processors: 2
2011/06/08 23:22:38.0767 5788 Page size: 0x1000
2011/06/08 23:22:38.0767 5788 Boot type: Normal boot
2011/06/08 23:22:38.0767 5788 ================================================================================
2011/06/08 23:22:40.0282 5788 Initialize success
2011/06/08 23:22:44.0447 2380 ================================================================================
2011/06/08 23:22:44.0447 2380 Scan started
2011/06/08 23:22:44.0447 2380 Mode: Manual;
2011/06/08 23:22:44.0447 2380 ================================================================================
2011/06/08 23:22:46.0032 2380 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/08 23:22:46.0197 2380 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/08 23:22:46.0332 2380 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/08 23:22:46.0402 2380 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/08 23:22:46.0477 2380 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/08 23:22:46.0622 2380 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/08 23:22:46.0717 2380 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/08 23:22:46.0782 2380 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/08 23:22:46.0917 2380 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys
2011/06/08 23:22:47.0107 2380 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\Drivers\AlfaFF.sys
2011/06/08 23:22:47.0192 2380 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/08 23:22:47.0267 2380 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/08 23:22:47.0312 2380 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/08 23:22:47.0367 2380 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/08 23:22:47.0407 2380 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/08 23:22:47.0577 2380 ApfiltrService (b90e6ec1c41e3c6cc4f69baa9d74515c) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/08 23:22:47.0677 2380 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/08 23:22:47.0727 2380 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/08 23:22:47.0797 2380 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/08 23:22:47.0862 2380 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/08 23:22:48.0092 2380 avgio (594d25ef73f381fd508b8ee04883f90f) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/08 23:22:48.0252 2380 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/08 23:22:48.0372 2380 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/08 23:22:48.0482 2380 b57nd60x (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/08 23:22:48.0562 2380 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/08 23:22:48.0652 2380 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/08 23:22:48.0717 2380 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/08 23:22:48.0817 2380 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/08 23:22:48.0922 2380 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/08 23:22:48.0987 2380 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/08 23:22:49.0037 2380 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/08 23:22:49.0242 2380 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/08 23:22:49.0287 2380 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/08 23:22:49.0382 2380 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/08 23:22:49.0427 2380 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/08 23:22:49.0472 2380 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/08 23:22:49.0617 2380 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/06/08 23:22:49.0692 2380 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/08 23:22:49.0797 2380 btwaudio (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
2011/06/08 23:22:49.0832 2380 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
2011/06/08 23:22:49.0872 2380 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/08 23:22:49.0932 2380 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/08 23:22:49.0967 2380 cdrblock (15e3e2920adac7450e0c7ae5f23a5f53) C:\Windows\system32\DRIVERS\cdrblock.sys
2011/06/08 23:22:50.0027 2380 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/08 23:22:50.0067 2380 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/08 23:22:50.0162 2380 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/08 23:22:50.0247 2380 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/08 23:22:50.0282 2380 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/08 23:22:50.0322 2380 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/08 23:22:50.0477 2380 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/08 23:22:50.0517 2380 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/08 23:22:50.0627 2380 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/06/08 23:22:50.0692 2380 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/08 23:22:50.0777 2380 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/08 23:22:50.0817 2380 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/06/08 23:22:50.0897 2380 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/08 23:22:50.0962 2380 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/08 23:22:51.0067 2380 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/08 23:22:51.0147 2380 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/08 23:22:51.0277 2380 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/08 23:22:51.0372 2380 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/08 23:22:51.0472 2380 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/08 23:22:51.0537 2380 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/08 23:22:51.0632 2380 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/08 23:22:51.0692 2380 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/08 23:22:51.0732 2380 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/08 23:22:51.0767 2380 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/08 23:22:51.0837 2380 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/08 23:22:51.0892 2380 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/08 23:22:51.0927 2380 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/08 23:22:52.0042 2380 Hardlock (2a2448dd47208722c0cf3665687ae9f6) C:\Windows\system32\drivers\hardlock.sys
2011/06/08 23:22:52.0277 2380 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
2011/06/08 23:22:52.0407 2380 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/08 23:22:52.0492 2380 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/08 23:22:52.0562 2380 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/08 23:22:52.0597 2380 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/08 23:22:52.0677 2380 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/08 23:22:52.0727 2380 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/08 23:22:52.0787 2380 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/08 23:22:52.0862 2380 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/08 23:22:52.0972 2380 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/08 23:22:53.0042 2380 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/08 23:22:53.0132 2380 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/08 23:22:53.0197 2380 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/08 23:22:53.0252 2380 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/08 23:22:53.0627 2380 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/08 23:22:54.0112 2380 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/08 23:22:54.0192 2380 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
2011/06/08 23:22:54.0497 2380 IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/08 23:22:54.0697 2380 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
2011/06/08 23:22:54.0772 2380 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/08 23:22:54.0827 2380 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/08 23:22:54.0872 2380 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/08 23:22:54.0932 2380 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/08 23:22:54.0967 2380 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/08 23:22:55.0032 2380 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/06/08 23:22:55.0077 2380 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/08 23:22:55.0117 2380 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/08 23:22:55.0187 2380 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/08 23:22:55.0222 2380 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/08 23:22:55.0282 2380 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/08 23:22:55.0402 2380 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/08 23:22:55.0487 2380 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/06/08 23:22:55.0572 2380 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/08 23:22:55.0657 2380 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/08 23:22:55.0707 2380 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/08 23:22:55.0757 2380 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/08 23:22:55.0797 2380 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/08 23:22:55.0842 2380 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/08 23:22:55.0922 2380 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/06/08 23:22:55.0977 2380 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/08 23:22:56.0032 2380 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/08 23:22:56.0092 2380 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/08 23:22:56.0192 2380 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/08 23:22:56.0267 2380 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/08 23:22:56.0292 2380 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/08 23:22:56.0327 2380 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/08 23:22:56.0362 2380 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/08 23:22:56.0402 2380 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/08 23:22:56.0447 2380 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/08 23:22:56.0507 2380 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/08 23:22:56.0577 2380 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/08 23:22:56.0622 2380 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/08 23:22:56.0672 2380 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/08 23:22:56.0722 2380 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/08 23:22:56.0762 2380 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/06/08 23:22:56.0812 2380 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/08 23:22:56.0872 2380 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/08 23:22:56.0927 2380 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/08 23:22:57.0002 2380 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/08 23:22:57.0057 2380 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/08 23:22:57.0092 2380 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/08 23:22:57.0237 2380 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/08 23:22:57.0307 2380 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/08 23:22:57.0352 2380 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/08 23:22:57.0382 2380 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/08 23:22:57.0462 2380 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/08 23:22:57.0572 2380 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/08 23:22:57.0627 2380 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/08 23:22:57.0667 2380 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/08 23:22:57.0722 2380 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/08 23:22:57.0767 2380 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/08 23:22:57.0807 2380 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/08 23:22:57.0857 2380 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/08 23:22:58.0043 2380 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/06/08 23:22:58.0358 2380 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/08 23:22:58.0453 2380 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/08 23:22:58.0593 2380 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/06/08 23:22:58.0638 2380 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/08 23:22:58.0718 2380 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/08 23:22:58.0868 2380 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/06/08 23:22:58.0928 2380 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/08 23:22:58.0968 2380 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/08 23:22:58.0998 2380 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/08 23:22:59.0058 2380 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/08 23:22:59.0253 2380 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/08 23:22:59.0398 2380 O2MDRDR (78575368974962042472f18b24d3cf28) C:\Windows\system32\DRIVERS\o2media.sys
2011/06/08 23:22:59.0498 2380 O2SDRDR (b6dbda8c79dc4333ad9b0c15067b8247) C:\Windows\system32\DRIVERS\o2sd.sys
2011/06/08 23:22:59.0578 2380 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/08 23:22:59.0633 2380 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/08 23:22:59.0688 2380 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/08 23:22:59.0733 2380 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/08 23:22:59.0778 2380 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/08 23:22:59.0823 2380 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/06/08 23:22:59.0863 2380 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/08 23:22:59.0953 2380 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/08 23:23:00.0128 2380 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/08 23:23:00.0173 2380 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/08 23:23:00.0243 2380 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/08 23:23:00.0448 2380 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/08 23:23:00.0583 2380 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/08 23:23:00.0633 2380 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/08 23:23:00.0658 2380 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/08 23:23:00.0723 2380 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/08 23:23:00.0778 2380 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/08 23:23:00.0813 2380 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/08 23:23:00.0873 2380 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/08 23:23:00.0933 2380 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/08 23:23:00.0993 2380 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/06/08 23:23:01.0038 2380 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/08 23:23:01.0098 2380 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/08 23:23:01.0168 2380 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/08 23:23:01.0228 2380 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/08 23:23:01.0303 2380 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/08 23:23:01.0408 2380 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/08 23:23:01.0508 2380 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/08 23:23:01.0578 2380 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/08 23:23:01.0613 2380 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/08 23:23:01.0648 2380 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/08 23:23:01.0693 2380 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/08 23:23:01.0733 2380 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/08 23:23:01.0778 2380 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/08 23:23:01.0808 2380 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/08 23:23:01.0883 2380 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/08 23:23:01.0928 2380 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/08 23:23:01.0963 2380 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/08 23:23:02.0048 2380 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/08 23:23:02.0103 2380 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/08 23:23:02.0238 2380 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
2011/06/08 23:23:02.0238 2380 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/06/08 23:23:02.0243 2380 sptd - detected LockedFile.Multi.Generic (1)
2011/06/08 23:23:02.0298 2380 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/08 23:23:02.0358 2380 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/08 23:23:02.0398 2380 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/08 23:23:02.0468 2380 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/08 23:23:02.0543 2380 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/08 23:23:02.0618 2380 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/08 23:23:02.0663 2380 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/08 23:23:02.0703 2380 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/08 23:23:02.0798 2380 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/08 23:23:02.0913 2380 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/08 23:23:02.0983 2380 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/08 23:23:03.0033 2380 TcUsb (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
2011/06/08 23:23:03.0078 2380 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/08 23:23:03.0243 2380 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/08 23:23:03.0353 2380 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/08 23:23:03.0408 2380 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/08 23:23:03.0468 2380 TpChoice (3afff25eae28188fa4ecd292658be31b) C:\Windows\system32\DRIVERS\TpChoice.sys
2011/06/08 23:23:03.0553 2380 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/08 23:23:03.0588 2380 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/08 23:23:03.0648 2380 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/08 23:23:03.0693 2380 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/08 23:23:03.0758 2380 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/08 23:23:03.0828 2380 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/08 23:23:03.0883 2380 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/08 23:23:03.0943 2380 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/08 23:23:03.0993 2380 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/08 23:23:04.0033 2380 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/08 23:23:04.0113 2380 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/08 23:23:04.0158 2380 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/08 23:23:04.0288 2380 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/08 23:23:04.0543 2380 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/08 23:23:04.0598 2380 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/08 23:23:04.0648 2380 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/08 23:23:04.0718 2380 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/08 23:23:04.0773 2380 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/08 23:23:04.0818 2380 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/08 23:23:04.0878 2380 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/08 23:23:04.0933 2380 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/08 23:23:04.0968 2380 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/08 23:23:05.0013 2380 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/08 23:23:05.0053 2380 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/08 23:23:05.0108 2380 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/08 23:23:05.0148 2380 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/08 23:23:05.0208 2380 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/08 23:23:05.0288 2380 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/08 23:23:05.0338 2380 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/08 23:23:05.0408 2380 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/08 23:23:05.0493 2380 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/08 23:23:05.0543 2380 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/08 23:23:05.0598 2380 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/08 23:23:05.0663 2380 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/08 23:23:05.0788 2380 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/08 23:23:05.0943 2380 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/08 23:23:06.0013 2380 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/08 23:23:06.0098 2380 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/08 23:23:06.0218 2380 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/08 23:23:06.0298 2380 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/08 23:23:06.0378 2380 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/08 23:23:06.0433 2380 MBR (0x1B8) (036d4ebb79e13e67e78acf2dab65bcc3) \Device\Harddisk0\DR0
2011/06/08 23:23:06.0438 2380 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/08 23:23:06.0438 2380 ================================================================================
2011/06/08 23:23:06.0438 2380 Scan finished
2011/06/08 23:23:06.0438 2380 ================================================================================
2011/06/08 23:23:06.0443 4580 Detected object count: 2
2011/06/08 23:23:06.0443 4580 Actual detected object count: 2
2011/06/08 23:23:50.0804 4580 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/08 23:23:50.0849 4580 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/08 23:23:50.0849 4580 \Device\Harddisk0\DR0 - ok
2011/06/08 23:23:50.0854 4580 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/08 23:24:24.0834 5700 Deinitialize success

da **ValeRob** » mer giu 08, 2011 11:41 pm

report di combofix on modalità provvisoria

ComboFix 11-06-08.03 - menzatì 09/06/2011 0.30.26.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.39.1040.18.3000.2473 [GMT 2:00]
Eseguito da: c:\users\menzatì\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Creati Da 2011-05-08 al 2011-06-08 )))))))))))))))))))))))))))))))))))
.
.
2011-06-08 22:39 . 2011-06-08 22:39 -------- d-----w- c:\users\menzatì\AppData\Local\temp
2011-06-08 22:39 . 2011-06-08 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-06 18:41 . 2011-06-06 18:41 -------- d-----w- c:\users\menzatì\AppData\Roaming\Reviversoft
2011-06-06 18:40 . 2011-05-17 12:51 16704 ----a-w- c:\windows\system32\roboot.exe
2011-06-03 13:17 . 2011-06-03 13:17 -------- d-----w- c:\users\menzatì\AppData\Roaming\Adobe Mini Bridge CS5.1
2011-06-03 13:17 . 2011-06-03 13:17 -------- d-----w- c:\users\menzatì\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-06-03 13:16 . 2011-06-07 11:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-06-03 13:00 . 2011-06-03 13:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-06-01 10:21 . 2011-06-02 14:50 -------- d-----w- c:\program files\VectorWorks 11
2011-06-01 10:16 . 2011-06-01 10:16 -------- d-----w- c:\program files\Smart Projects
2011-05-18 09:22 . 2011-05-18 09:22 -------- d-----w- c:\program files\Defraggler
2011-05-14 16:35 . 2011-05-14 16:36 -------- d-----w- c:\users\menzatì\pinocchio
2011-05-14 09:19 . 2007-11-28 09:05 233472 --s-a-w- c:\windows\system32\REX Shared Library.dll
2011-05-13 21:02 . 2011-05-13 21:02 -------- d-----w- c:\users\menzatì\AppData\Local\Ilivid Player
2011-05-13 16:52 . 2011-05-13 16:52 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-13 15:26 . 2011-05-13 15:26 -------- d-----w- c:\program files\uTorrent
2011-05-13 09:55 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{937DF778-DC47-49BA-A8CE-B03C62BF76CF}\mpengine.dll
2011-05-11 15:16 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2011-05-05 16:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-05-05 16:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-18 15:09 . 2011-04-18 15:09 13719264 ----a-w- c:\program files\aTube_Catcher-2.3.570.exe
2011-04-06 10:20 . 2011-04-14 13:54 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-04-06 10:20 . 2011-04-14 13:54 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2011-04-03 06:15 . 2009-11-18 10:08 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-24 15:29 . 2011-04-22 17:18 25024 ----a-w- c:\windows\system32\udcpm.dll
2011-03-12 21:55 . 2011-04-27 22:53 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-07-07 11:52 157168 ----a-w- c:\programdata\Partner\partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-07 68856]
"L08IXLRD_13247916"="c:\program files\Microsoft Student\Microsoft Encarta 2008 - Premium + Student DVD\EDICT.EXE" [2007-06-12 351000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-15 3724800]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-06-02 98304]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-03 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\users\menzat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-15 02:58 3167744 ----a-r- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [2008-05-30 27704]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-10-15 3566080]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-02-04 196912]
R2 slpd;Service Location Protocol;c:\windows\System32\slpd.exe [2010-07-23 102400]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2011-05-13 436792]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-10-15 42608]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 NETw5v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 12:24]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 12:24]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/webhp?sourceid=nav ... t&ie=UTF-8
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
TCP: DhcpNameServer = 192.168.0.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-09 00:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2011-06-09 00:41:57
ComboFix-quarantined-files.txt 2011-06-08 22:41
ComboFix2.txt 2011-06-06 19:23
.
Pre-Run: 73.843.470.336 byte disponibili
Post-Run: 73.850.044.416 byte disponibili
.
- - End Of File - - 5F06FDC731B0494FFAA73109914A9FB0

da **ValeRob** » gio giu 09, 2011 12:02 am

report hijackthis modalità provvisoria

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1.03.09, on 09/06/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Service Location Protocol (slpd) - Unknown owner - C:\Windows\System32\slpd.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 2221 bytes

www.MegaLab.it

Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Re: Virus che blocca l'avvio di windows 7

Chi c’è in linea