impossibilità installazione antivirus
Inviato: gio feb 27, 2014 6:09 pmda marma93
Buona sera a tutti, come da titolo il mio pc ha l'impossibilità di installare nuovi antivirus, mi spiego meglio:
ho tentato diversi download di diversi software antivirus quali avg esito installazione completa impossibile attivare resident shield ed altre opzioni
avast avira norton dopo riavvio del pc impossibile completare l'installazione
kasperski dopo riavvio impossbile completare l'installazione, consiglia altri software li provo ma non cambia niente.
al che ho utilizzato combofix ed ecco il risultato:
oltre a questo problema aggiungo che da quando è scaduto l'ultimo antivirus e sono iniziati i primi problemi descritti precedentemente
non funzionano più le reti wireless con chiave wep e sono obbligato all' ethernet
la chiave wpa resta bloccata con una X rossa
mouse e tastiera si impallano continuamente o si connettono disconnettono
viene riconosciuto un errore nell'hackshield di diversi giochi online con cause ignote.
Ringrazio in anticipo ... sperando in vostre risposte
ho tentato diversi download di diversi software antivirus quali avg esito installazione completa impossibile attivare resident shield ed altre opzioni
avast avira norton dopo riavvio del pc impossibile completare l'installazione
kasperski dopo riavvio impossbile completare l'installazione, consiglia altri software li provo ma non cambia niente.
al che ho utilizzato combofix ed ecco il risultato:
ComboFix 13-03-21.02 - Utente 22/03/2013 12.10.27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2528 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Dati applicazioni\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\Utente\Dati applicazioni\.#
c:\documents and settings\Utente\Dati applicazioni\.#\MBX@A4C@93CFA8.###
c:\documents and settings\Utente\Dati applicazioni\.#\MBX@A4C@93E868.###
c:\documents and settings\Utente\Dati applicazioni\.#\MBX@A4C@93EAC8.###
c:\documents and settings\Utente\Dati applicazioni\kikin
c:\documents and settings\Utente\Dati applicazioni\kikin\ie_configuration.xml
c:\documents and settings\Utente\Dati applicazioni\kikin\ie_kkes.xml
c:\documents and settings\Utente\Dati applicazioni\kikin\ie_settings.xml
c:\documents and settings\Utente\Dati applicazioni\OfferBox
c:\documents and settings\Utente\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\country.sxe
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\extracountry.sxe
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\history.db
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\profile.sxe
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\sdch\1347809401
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\update.sxe
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\update.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\1.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\1731.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\407.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\a.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\b.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\c.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\d.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\e.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\f.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\g.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\h.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\i.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\j.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\k.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\l.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\m.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\n.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\o.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\p.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\q.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\r.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\s.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\t.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\u.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\v.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\w.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\wlu.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\x.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\y.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\z.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\z.xml
c:\documents and settings\Utente\Dati applicazioni\Toolbar4
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\favicon16.png
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\logo16.png
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\searchbut16.png
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\searchbut16on.png
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\TbHelper2.exe
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\uninstall.exe
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\uninstaller.exe
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\update.exe
c:\windows\IsUn0410.exe
c:\windows\system32\CddbCdda.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
c:\windows\system32\tmp12F.tmp
c:\windows\system32\tmp130.tmp
c:\windows\system32\tmp4.tmp
c:\windows\system32\tmpAE.tmp
c:\windows\system32\tmpAF.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2013-02-22 al 2013-03-22 )))))))))))))))))))))))))))))))))))
.
.
2013-03-21 15:24 . 2013-03-21 15:23 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-20 22:36 . 2013-03-20 22:36 -------- d-----w- c:\windows\system32\wbem\Repository
2013-03-20 22:28 . 2013-03-20 22:28 -------- d-----w- c:\programmi\Rockstar Games
2013-03-20 22:28 . 2013-03-20 22:28 -------- d-----w- c:\programmi\Avira
2013-03-20 22:28 . 2013-03-20 22:28 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Avira
2013-03-20 22:28 . 2013-03-20 22:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2013-03-20 22:21 . 2013-03-20 22:21 -------- d-----w- c:\programmi\TornTV.com
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Badoo
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\programmi\File comuni\Skype
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\programmi\Koingo Software
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\programmi\Object Desktop
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Karen's Power Tools
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Updater21810
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\PDF Reader Packages
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- C:\Games
2013-03-20 15:57 . 2013-03-20 22:16 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\LogMeIn Hamachi
2013-03-20 15:57 . 2013-03-20 22:16 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\LogMeIn Hamachi
2013-03-20 15:54 . 2013-03-20 22:18 -------- d-----w- c:\programmi\Yahoo!
2013-03-13 16:38 . 2013-03-20 22:32 -------- d-----w- c:\programmi\LyricsFinder
2013-03-13 16:32 . 2013-03-20 22:32 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\BabSolution(2)
2013-03-13 16:31 . 2013-03-13 16:31 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Babylon(2)
2013-03-13 16:11 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-13 16:11 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-21 15:30 . 2012-10-20 19:07 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-21 15:30 . 2011-06-14 18:03 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-21 15:23 . 2012-06-08 10:47 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-21 15:23 . 2010-05-05 01:50 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-21 15:23 . 2009-11-18 03:05 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-12 00:32 . 2008-04-13 18:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-03 21:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 19:57 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 19:57 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet(6)(2).dll
2013-02-05 19:57 . 2004-08-19 13:39 1212928 ----a-w- c:\windows\system32\urlmon(5)(2).dll
2013-02-05 19:57 . 2004-08-19 13:39 105984 ----a-w- c:\windows\system32\url(2)(2).dll
2013-02-05 19:57 . 2009-03-08 03:32 2004992 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2013-02-05 19:57 . 2004-08-19 13:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 19:57 . 2004-08-19 13:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 19:57 . 2009-03-08 03:39 11111424 ----a-w- c:\windows\system32\ieframe(2)(2).dll
2013-02-05 05:54 . 2004-08-19 13:26 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-19 13:39 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-17 18:49 . 2012-09-23 18:51 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-01-07 07:24 . 2004-08-19 13:34 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:24 . 2004-08-19 15:34 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:09 . 2004-08-19 13:31 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-19 13:39 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-19 13:39 1297408 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:06 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet(10).dll
2012-12-26 20:06 . 2004-08-19 13:39 1212928 ----a-w- c:\windows\system32\urlmon(9).dll
2012-12-26 20:06 . 2004-08-19 13:39 105984 ----a-w- c:\windows\system32\url(5).dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 3D46C53CA961C49272037F98807537BD . 978432 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 3D46C53CA961C49272037F98807537BD . 978432 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . AAA621C010DADDF653DB1854C8825D57 . 229376 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AAA621C010DADDF653DB1854C8825D57 . 229376 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-19 . 2452458A26C4DD00E68F060870317675 . 151552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2010-04-16 . 9B9E11304DF13254CF177F95F7A33D9B . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9B9E11304DF13254CF177F95F7A33D9B . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . EC73FF04C4700137413C48DAE1F7756A . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[7] 2004-08-19 . D80FEA125DC5860E4BC786AE07DE6DB8 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-19 13680640]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Utente\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Programmi\\1ClickDownload\\1ClickDownloader.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2013\\pes2013.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Call of Duty\\CoDMP.exe"=
"c:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Programmi\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16.27.24 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 3.48.50 26064]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys ![[?]](http://www.megalab.it/forum/images/smilies/confused.gif "Confuso")
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 3.49.00 299984]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [23/10/2009 11.18.33 38144]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\programmi\File comuni\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [08/09/2012 17.33.39 927840]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 4.33.54 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21.42.36 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21.42.38 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21.42.34 26192]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [23/10/2009 11.03.03 1086208]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 3.48.54 249424]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys c:\windows\system32\drivers\avgtpx86.sys
S2 avgfws;AVG Firewall;c:\programmi\AVG\AVG10\avgfws.exe c:\programmi\AVG\AVG10\avgfws.exe
S2 AVGIDSAgent;AVGIDSAgent;"c:\programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" c:\programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
S2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG10\avgwdsvc.exe c:\programmi\AVG\AVG10\avgwdsvc.exe
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_4ed3d6bd\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_4ed3d6bd\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" c:\windows\TEMP\AVSETUP_4ed3d6bd\avupgsvc.exe
S2 ServUpdater;Serv Updater;c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [18/10/2012 4.34.15 156160]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [08/01/2013 12.55.20 161536]
S2 SoftwareUpd;Software Upd;c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [19/01/2013 4.03.40 161280]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 4.33.54 30432]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys c:\windows\system32\drivers\EagleXNt.sys
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys c:\windows\system32\DRIVERS\ew_jucdcacm.sys
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys c:\windows\system32\DRIVERS\ew_jubusenum.sys
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [17/11/2009 22.31.40 31872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-21 15:48 1629648 ----a-w- c:\programmi\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 15:30]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-09-06 00:15]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-09-06 00:15]
.
.
------- Scansione supplementare -------
.
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6320AB9E-6592-4DB7-A439-E1B0D4FDA6B9}: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\p976yxva.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.fbdownloader.com/search.p ... fbdgy11&q=
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=1193 ... 064F8035B0
FF - prefs.js: keyword.URL - hxxp://search.fbdownloader.com/search.p ... fbdgy11&q=
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-L&H Power Translator Pro 7.0 - c:\windows\IsUn0410.exe
AddRemove-PDF Reader Packages - c:\documents and settings\Utente\Dati applicazioni\PDF Reader Packages\uninstaller.exe
AddRemove-PDF Reader Packages 1 - c:\documents and settings\Utente\Dati applicazioni\PDF Reader Packages\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-22 12:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-1563985344-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-746137067-1563985344-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC633E56-B653-5584-3AD9-8C602762D27B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaobbpoiagllnglkjjnc"=hex:62,61,62,69,00,00
"jaobbpoiagllnglkjjbd"=hex:62,61,64,69,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2013-03-22 12:16:00
ComboFix-quarantined-files.txt 2013-03-22 11:15
.
Pre-Run: 372.782.092.288 byte disponibili
Post-Run: 372.855.033.856 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 45FCC4FDD20D212FAC96823561EF1CA7
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2528 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Dati applicazioni\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\Utente\Dati applicazioni\.#
c:\documents and settings\Utente\Dati applicazioni\.#\MBX@A4C@93CFA8.###
c:\documents and settings\Utente\Dati applicazioni\.#\MBX@A4C@93E868.###
c:\documents and settings\Utente\Dati applicazioni\.#\MBX@A4C@93EAC8.###
c:\documents and settings\Utente\Dati applicazioni\kikin
c:\documents and settings\Utente\Dati applicazioni\kikin\ie_configuration.xml
c:\documents and settings\Utente\Dati applicazioni\kikin\ie_kkes.xml
c:\documents and settings\Utente\Dati applicazioni\kikin\ie_settings.xml
c:\documents and settings\Utente\Dati applicazioni\OfferBox
c:\documents and settings\Utente\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\country.sxe
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\extracountry.sxe
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\history.db
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\profile.sxe
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\sdch\1347809401
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\update.sxe
c:\documents and settings\Utente\Dati applicazioni\OfferBox\http_app.offerbox.com\update.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\1.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\1731.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\407.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\a.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\b.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\c.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\d.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\e.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\f.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\g.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\h.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\i.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\j.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\k.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\l.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\m.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\n.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\o.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\p.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\q.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\r.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\s.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\t.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\u.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\v.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\w.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\wlu.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\x.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\y.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\z.txt
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\z.xml
c:\documents and settings\Utente\Dati applicazioni\Toolbar4
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\favicon16.png
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\logo16.png
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\searchbut16.png
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\searchbut16on.png
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\TbHelper2.exe
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\uninstall.exe
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\uninstaller.exe
c:\documents and settings\Utente\Dati applicazioni\Toolbar4\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}\update.exe
c:\windows\IsUn0410.exe
c:\windows\system32\CddbCdda.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
c:\windows\system32\tmp12F.tmp
c:\windows\system32\tmp130.tmp
c:\windows\system32\tmp4.tmp
c:\windows\system32\tmpAE.tmp
c:\windows\system32\tmpAF.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2013-02-22 al 2013-03-22 )))))))))))))))))))))))))))))))))))
.
.
2013-03-21 15:24 . 2013-03-21 15:23 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-20 22:36 . 2013-03-20 22:36 -------- d-----w- c:\windows\system32\wbem\Repository
2013-03-20 22:28 . 2013-03-20 22:28 -------- d-----w- c:\programmi\Rockstar Games
2013-03-20 22:28 . 2013-03-20 22:28 -------- d-----w- c:\programmi\Avira
2013-03-20 22:28 . 2013-03-20 22:28 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Avira
2013-03-20 22:28 . 2013-03-20 22:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2013-03-20 22:21 . 2013-03-20 22:21 -------- d-----w- c:\programmi\TornTV.com
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Badoo
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\programmi\File comuni\Skype
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\programmi\Koingo Software
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\programmi\Object Desktop
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Karen's Power Tools
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Updater21810
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\PDF Reader Packages
2013-03-20 22:18 . 2013-03-20 22:18 -------- d-----w- C:\Games
2013-03-20 15:57 . 2013-03-20 22:16 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\LogMeIn Hamachi
2013-03-20 15:57 . 2013-03-20 22:16 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\LogMeIn Hamachi
2013-03-20 15:54 . 2013-03-20 22:18 -------- d-----w- c:\programmi\Yahoo!
2013-03-13 16:38 . 2013-03-20 22:32 -------- d-----w- c:\programmi\LyricsFinder
2013-03-13 16:32 . 2013-03-20 22:32 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\BabSolution(2)
2013-03-13 16:31 . 2013-03-13 16:31 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Babylon(2)
2013-03-13 16:11 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-13 16:11 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-21 15:30 . 2012-10-20 19:07 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-21 15:30 . 2011-06-14 18:03 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-21 15:23 . 2012-06-08 10:47 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-21 15:23 . 2010-05-05 01:50 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-21 15:23 . 2009-11-18 03:05 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-12 00:32 . 2008-04-13 18:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-03 21:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 19:57 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 19:57 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet(6)(2).dll
2013-02-05 19:57 . 2004-08-19 13:39 1212928 ----a-w- c:\windows\system32\urlmon(5)(2).dll
2013-02-05 19:57 . 2004-08-19 13:39 105984 ----a-w- c:\windows\system32\url(2)(2).dll
2013-02-05 19:57 . 2009-03-08 03:32 2004992 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2013-02-05 19:57 . 2004-08-19 13:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 19:57 . 2004-08-19 13:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 19:57 . 2009-03-08 03:39 11111424 ----a-w- c:\windows\system32\ieframe(2)(2).dll
2013-02-05 05:54 . 2004-08-19 13:26 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-19 13:39 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-17 18:49 . 2012-09-23 18:51 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-01-07 07:24 . 2004-08-19 13:34 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:24 . 2004-08-19 15:34 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:09 . 2004-08-19 13:31 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-19 13:39 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-19 13:39 1297408 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:06 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet(10).dll
2012-12-26 20:06 . 2004-08-19 13:39 1212928 ----a-w- c:\windows\system32\urlmon(9).dll
2012-12-26 20:06 . 2004-08-19 13:39 105984 ----a-w- c:\windows\system32\url(5).dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 3D46C53CA961C49272037F98807537BD . 978432 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 3D46C53CA961C49272037F98807537BD . 978432 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . AAA621C010DADDF653DB1854C8825D57 . 229376 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AAA621C010DADDF653DB1854C8825D57 . 229376 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-19 . 2452458A26C4DD00E68F060870317675 . 151552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2010-04-16 . 9B9E11304DF13254CF177F95F7A33D9B . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9B9E11304DF13254CF177F95F7A33D9B . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . EC73FF04C4700137413C48DAE1F7756A . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[7] 2004-08-19 . D80FEA125DC5860E4BC786AE07DE6DB8 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-19 13680640]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Utente\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Programmi\\1ClickDownload\\1ClickDownloader.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2013\\pes2013.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Call of Duty\\CoDMP.exe"=
"c:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Programmi\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16.27.24 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 3.48.50 26064]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 3.49.00 299984]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [23/10/2009 11.18.33 38144]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\programmi\File comuni\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [08/09/2012 17.33.39 927840]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 4.33.54 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21.42.36 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21.42.38 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21.42.34 26192]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [23/10/2009 11.03.03 1086208]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 3.48.54 249424]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys
c:\windows\system32\drivers\avgtpx86.sys S2 avgfws;AVG Firewall;c:\programmi\AVG\AVG10\avgfws.exe
c:\programmi\AVG\AVG10\avgfws.exe S2 AVGIDSAgent;AVGIDSAgent;"c:\programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"
c:\programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe S2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG10\avgwdsvc.exe
c:\programmi\AVG\AVG10\avgwdsvc.exe S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_4ed3d6bd\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_4ed3d6bd\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"
c:\windows\TEMP\AVSETUP_4ed3d6bd\avupgsvc.exe S2 ServUpdater;Serv Updater;c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [18/10/2012 4.34.15 156160]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [08/01/2013 12.55.20 161536]
S2 SoftwareUpd;Software Upd;c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [19/01/2013 4.03.40 161280]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 4.33.54 30432]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys
c:\windows\system32\drivers\EagleXNt.sys S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys
c:\windows\system32\DRIVERS\ew_jucdcacm.sys S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys
c:\windows\system32\DRIVERS\ew_jubusenum.sys S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [17/11/2009 22.31.40 31872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-21 15:48 1629648 ----a-w- c:\programmi\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 15:30]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-09-06 00:15]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-09-06 00:15]
.
.
------- Scansione supplementare -------
.
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6320AB9E-6592-4DB7-A439-E1B0D4FDA6B9}: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\p976yxva.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.fbdownloader.com/search.p ... fbdgy11&q=
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=1193 ... 064F8035B0
FF - prefs.js: keyword.URL - hxxp://search.fbdownloader.com/search.p ... fbdgy11&q=
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-L&H Power Translator Pro 7.0 - c:\windows\IsUn0410.exe
AddRemove-PDF Reader Packages - c:\documents and settings\Utente\Dati applicazioni\PDF Reader Packages\uninstaller.exe
AddRemove-PDF Reader Packages 1 - c:\documents and settings\Utente\Dati applicazioni\PDF Reader Packages\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-22 12:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-1563985344-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-746137067-1563985344-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC633E56-B653-5584-3AD9-8C602762D27B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaobbpoiagllnglkjjnc"=hex:62,61,62,69,00,00
"jaobbpoiagllnglkjjbd"=hex:62,61,64,69,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2013-03-22 12:16:00
ComboFix-quarantined-files.txt 2013-03-22 11:15
.
Pre-Run: 372.782.092.288 byte disponibili
Post-Run: 372.855.033.856 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 45FCC4FDD20D212FAC96823561EF1CA7
oltre a questo problema aggiungo che da quando è scaduto l'ultimo antivirus e sono iniziati i primi problemi descritti precedentemente
non funzionano più le reti wireless con chiave wep e sono obbligato all' ethernet
la chiave wpa resta bloccata con una X rossa
mouse e tastiera si impallano continuamente o si connettono disconnettono
viene riconosciuto un errore nell'hackshield di diversi giochi online con cause ignote.
Ringrazio in anticipo ... sperando in vostre risposte