www.MegaLab.it

[teresa]

Ho un portatile dell'Acer con sistema operativo Windows 7 Home Premium attualmente protetto da Kaspersky Antivirus e da Superantispyware, ma da ieri si è verificato un problema che non so né risolvere né qualificare: lasciato acceso perché scaricasse da Emule improvvisamente dopo circa mezz'ora ho scoperto che il pc si era spento e riacceso da solo tant'è che al mio ritorno era fisso sulla schermata di avvio di eindows in corso e non procedeva. Questo l'ha fatto per ben due volte. La seconda ho dovuto spegnerlo manualmente e al riavvio mi ha detto che si sono verificati dei problemi per cui ha cominciato un'analisi a cui è seguito un ripristino di sistema che dopo più di mezz'ora ha detto di aver fallito. Ma in realtà ha ripristinato un programma da me precedentemente disinstallato e cancellato uno appena installato. Oltretutto ha danneggiato irrimediabilmente (anche disinstallandolo e reinstallandolo continua a non funzionare) la blacklist degli aggiornamenti di Kaspersky tant'è che non si aggiorna più. Ora ho provvisoriamente installato la versione di prova do Nod32 ed è in corso una scansione, ma non riesco a capire cosa possa aver provocato questo malfunzionamento. Aiutatemi, per favore. Si è infettato? Cos'è successo? Grazie a tutti dell'aiuto.

[farbix89]

Escludiamo subito infezioni gravi con alcune scansioni preliminari

http://www.MegaLab.it/6303/pc-infetto-d ... ntervenire

A termine posta i log di HJT e Combofix qui sul forum seguendo queste istruzioni

topic45943.html

[teresa]

Ho fatto le scansioni con Hijackthis e Combofix. Questi sono i log:
Combofix:

ComboFix 11-11-14.02 - aurora 14/11/2011 18:30:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3767.2140 [GMT 1:00]
Eseguito da: c:\users\aurora\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\mazuki.dll
c:\users\aurora\AppData\Roaming\IDM\idmmzcc3
c:\users\aurora\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\aurora\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\aurora\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\aurora\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\aurora\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\aurora\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\aurora\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\aurora\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\aurora\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
.
.
((((((((((((((((((((((((( Files Creati Da 2011-10-14 al 2011-11-14 )))))))))))))))))))))))))))))))))))
.
.
2011-11-14 17:36 . 2011-11-14 17:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-14 17:36 . 2011-11-14 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 17:26 . 2011-11-14 17:26 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AFD0EB9-E66D-412D-8AFF-9B25B434097A}\offreg.dll
2011-11-14 17:05 . 2011-11-14 17:05 -------- d-----w- c:\users\aurora\AppData\Roaming\f-secure
2011-11-14 17:04 . 2011-11-14 17:04 -------- d-----w- c:\programdata\F-Secure
2011-11-14 14:32 . 2011-11-14 14:32 -------- d-----w- c:\windows\system32\EventProviders
2011-11-14 02:07 . 2011-11-14 02:07 -------- d-----w- c:\users\aurora\AppData\Local\Babylon
2011-11-14 02:05 . 2011-11-14 02:05 -------- d-----w- c:\program files\Babylon
2011-11-14 02:05 . 2011-11-14 02:05 -------- d-----w- c:\program files (x86)\Babylon
2011-11-14 02:05 . 2011-11-14 11:55 -------- d-----w- c:\programdata\Babylon
2011-11-14 02:05 . 2011-11-14 11:55 -------- d-----w- c:\users\aurora\AppData\Roaming\Babylon
2011-11-14 01:56 . 2011-11-14 11:55 -------- d-----w- c:\program files (x86)\MKVtoolnix
2011-11-13 02:01 . 2011-11-13 02:01 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-11-13 01:36 . 2011-11-13 01:36 -------- d-----w- c:\windows\SysWow64\Wat
2011-11-13 01:36 . 2011-11-13 01:36 -------- d-----w- c:\windows\system32\Wat
2011-11-11 16:55 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-11 16:53 . 2011-07-16 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-11-09 20:58 . 2011-11-09 20:58 -------- d-----w- c:\users\aurora\AppData\Local\Windows Live
2011-11-04 18:13 . 2002-07-25 16:06 282624 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2011-11-04 18:13 . 2011-11-04 18:28 -------- d-----w- c:\programdata\Ulead Systems
2011-11-04 18:13 . 2011-11-04 18:13 -------- d-----w- c:\program files (x86)\Ulead Systems
2011-10-31 16:55 . 2011-10-31 16:57 -------- d-----w- c:\users\aurora\AppData\Roaming\PhotoFiltre
2011-10-31 16:54 . 2011-10-31 16:54 -------- d-----w- c:\program files (x86)\PhotoFiltre
2011-10-31 00:37 . 2011-10-31 00:39 -------- d-----w- c:\users\aurora\AppData\Roaming\avidemux
2011-10-30 19:36 . 2011-10-30 19:39 -------- d-----w- c:\users\aurora\AppData\Local\Ashampoo Music Studio 3
2011-10-28 00:08 . 2011-10-28 00:08 -------- d-----w- c:\program files (x86)\ContentaConverter-BASIC
2011-10-26 20:00 . 2011-10-28 00:10 -------- d-----w- C:\ConversionOutput
2011-10-25 19:59 . 2011-10-25 19:59 -------- d-----w- c:\windows\Sun
2011-10-17 19:46 . 2011-10-17 19:47 -------- d-----w- c:\users\aurora\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-03-17 16:15 . 2005-03-17 16:15 70144 ----a-w- c:\program files (x86)\Common Files\IRAMDMTR.DLL
2005-03-17 16:15 . 2005-03-17 16:15 31744 ----a-w- c:\program files (x86)\Common Files\IRAWEBTR.DLL
2005-03-17 16:15 . 2005-03-17 16:15 186368 ----a-w- c:\program files (x86)\Common Files\IRAREG.DLL
2005-03-17 16:15 . 2005-03-17 16:15 17920 ----a-w- c:\program files (x86)\Common Files\IRASRIAL.DLL
2005-03-17 16:15 . 2005-03-17 16:15 99840 ----a-w- c:\program files (x86)\Common Files\IRAABOUT.DLL
2005-03-17 16:15 . 2005-03-17 16:15 48640 ----a-w- c:\program files (x86)\Common Files\IRALPTTR.DLL
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"= "c:\program files (x86)\aTube Catcher 2.1.463\mybarnsl958D.tmp\tbcore3.dll" [2010-06-18 2604032]
.
[HKEY_CLASSES_ROOT\clsid\{c86ff9fa-aeed-451b-a9cc-39a53173ae2e}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [2005-3-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe [x]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-10-27 1620584]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2131731772-2669798211-758661404-1002Core.job
- c:\users\aurora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 23:42]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2131731772-2669798211-758661404-1002UA.job
- c:\users\aurora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 23:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-12-01 206208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Scarica con Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: {{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - c:\program files (x86)\aTube Catcher 2.1.463\mybarnsl958D.tmp\tbcore3.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\aurora\AppData\Roaming\Mozilla\Firefox\Profiles\gukgejki.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - (no file)
WebBrowser-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2131731772-2669798211-758661404-1002_Classes\Wow6432Node\CLSID\{49fad29a-eef4-4a48-a0ed-1ba011b76c17}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000129
"Therad"=dword:00000020
"MData"=hex(0):00,11,c8,66,59,0c,7d,f7,91,73,3f,93,cf,49,bd,46,62,68,30,34,24,
df,a8,44,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2131731772-2669798211-758661404-1002_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e4,8d,ad,e5,42,cd,87,9a,5a,41,0f,6b,66,22,54,4b,60,c7,9d,5e,33,
64,ee,80,4d,31,49,c6,81,06,6d,f3,70,1f,b9,b2,42,36,9e,ae,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-11-14 18:38:29
ComboFix-quarantined-files.txt 2011-11-14 17:38
.
Pre-Run: 315.615.256.576 byte disponibili
Post-Run: 315.527.507.968 byte disponibili
.
- - End Of File - - 02A822925D73CEB9E432A5ACF5A69ADF

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:45:40, on 14/11/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Users\aurora\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O2 - BHO: TBSB07458 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\aTube Catcher 2.1.463\mybarnsl958D.tmp\tbcore3.dll
O3 - Toolbar: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files (x86)\aTube Catcher 2.1.463\mybarnsl958D.tmp\tbcore3.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files (x86)\aTube Catcher 2.1.463\mybarnsl958D.tmp\tbcore3.dll
O9 - Extra 'Tools' menuitem: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files (x86)\aTube Catcher 2.1.463\mybarnsl958D.tmp\tbcore3.dll
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxdp_device - Unknown owner - C:\Windows\system32\lxdpcoms.exe (file missing)
O23 - Service: lxea_device - Unknown owner - C:\Windows\system32\lxeacoms.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10842 bytes

Nel frattempo ho fatto anche la scansione con Nod32 che ora ho disinstallato, ma ha trovato solo un troyan. Sinceramente non so come agire. Grazie.

[ste_95]

Anche a seguito di ComboFix il problema persiste? Controlla anche che le temperature siano nella norma.

[teresa]

Non ho avuto modo di testare se continui a spegnersi da solo, quindi non so rispondere alla prima domanda. Per quanto riguarda le temperature ho visto la pagina da te indicata ma elencano nove programmi. Devo usarli tutti o si può fare una scernita? Quali sono i componenti più a rischio in un pc portatile? Tra l'altro ha solo cinque mesi di vita. Ho sempre avuto pc fissi non portatili e simili problemi non mi si sono mai verificati.
Tra l'altro il pc era infetto o no? Io dai log di Combofix e Hijackthis non ho capito niente. Grazie a tutti.

[crazy.cat]

Scegli speedfan o realteamp.
I log non mostrano niente che giustifichi uno spegnimento è più un problema hardware.