Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Bootkit? Help

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 2:21 pm

Ciao, ecco il log di Prevx, ha trovato qualche file infetto:


http://paste2.org/p/1373873
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)
Top

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 2:22 pm

Controlla su virustotal se questi file sono infetti oppure no:

C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\DRIVERS\05165413.sys
C:\WINDOWS\system32\DRIVERS\05165413.sys

Queste due voci di NovirusThanks non sembrano nulla di rassicurante:

CreateProcess: Address 0x89DD3580 [<empty>]
Hidden Loaded Driver: True

LoadImage: Address 0x89DD35E0 [<empty>]
Hidden Loaded Driver: True

Una domanda: Usi il tuo computer come server?

Se hai tempo salva anche il log di Gmer
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm
Top

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 2:34 pm

Ciao, no non uso il pc come server.

cmss.exe: http://www.virustotal.com/file-scan/rep ... 1303114333

05165413.sys: http://www.virustotal.com/file-scan/rep ... 1300100236

Questo è il log di Gmer:


http://paste2.org/p/1373900
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)
Top
Top

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 2:46 pm

Ciao, controlla su virustotal ed eventualmente elimina questi:

Codice: Seleziona tutto
c:\windows\system32\ep1kssp.dll
c:\programmi\rarmaradio\rarmaradio.exe
c:\windows\guyet.scr
c:\windows\uninstall guyet.exe
c:\windows\system32\set32b.tmp
c:\windows\system32\nvrssk.dll
c:\windows\system32\nvrssv.dll
c:\windows\system32\nvrsth.dll
c:\windows\system32\nvrsda.dll
c:\windows\system32\nvrsde.dll
c:\windows\system32\marineaquarium3.1.scr


Strano perché sul tuo computer sono presenti xampp e Microsoft SQL Server, controlla e al limite disinstalla ed elimina Xampp.
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm
Top

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 2:48 pm

Ah si scusami l'ho usato come server ma più di 1 anno fa... per un sito...non so se fa lo stesso.

Comunque guarda cose mi esce nel visualizzatore eventi di windows [cry]

Immagine

Immagine

Che sono tutti sti errori DCOM?
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)
Top

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 2:51 pm

Guarda il primo file, che faccio elimino?

http://www.virustotal.com/file-scan/rep ... 1303307507
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)
Top

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 2:59 pm

[S] ha scritto:Che sono tutti sti errori DCOM?


Dovrebbero appunto essere causati da "Microsoft SQL Server", comunque possiedi il computer aggiornato?

Per quanto riguarda il file analizzato su vt non saprei con certezza:

Mi insospettisce questa dicitura:
Codice: Seleziona tutto
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)


Inoltre quello menzionato in questo report di Prevx è proprio questo:

http://info.prevx.com/aboutprogramtext.asp?PX5=738DE44B00A3086E6E59013B7269C1005F7AD51A

Però Prevx si serve generalmente di analisi automatiche, quindi potrebbe essere un falso positivo, trendmicro infatti lo rileva come file protetto o cifrato tramite packer.

Se desideri eliminarlo salvane prima una copia su una pennetta, così in caso venga richiesto dal sistema sai come procurartelo, io per il momento ti suggerirei di conservarlo e continuare con le analisi, decideremo dopo. Potresti inviarmi il file in questione tramite messaggio privato?
[grazie]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm
Top

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 3:04 pm

Inviato :)
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)
Top

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 3:08 pm

[S] ha scritto:Inviato :)

Mentre io cerco di analizzare il campione tu continua con le analisi su vt o cerca di rimuovere xampp e microsoft sql server [^]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm
Top

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 3:25 pm

Questi sono i file di virustotal, dimmi tu quali eliminare:

set32b.tmp: http://www.virustotal.com/file-scan/rep ... 1303154019
nvrssk.dll: http://www.virustotal.com/file-scan/rep ... 1301736159
nvrssv.dll http://www.virustotal.com/file-scan/rep ... 1301736235
nvrsth.dll http://www.virustotal.com/file-scan/rep ... 1301736142
nvrsda.dll http://www.virustotal.com/file-scan/rep ... 1302362568
nvrsde.dll http://www.virustotal.com/file-scan/rep ... 1301753793


Gli altri l iho eliminati, erano screensaver che non usavo.
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)
Top

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 3:45 pm

Ho controllato il file precedentemente menzionato e non mi sembra pericoloso, per quanto riguarda i file analizzati su vt sono tutti sicuri appartengono a Nvidia.
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm
Top

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 3:46 pm

Perfetto. Cosa mi consigli di fare ora? [cry] [cry]
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)
Top

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 4:02 pm

[S] ha scritto:Perfetto. Cosa mi consigli di fare ora? [cry] [cry]


Sinceramente non saprei, potresti tramite novirusthanks andando nella sezione">>>Kernel Notify Routines<<<" terminare/rimuovere tutte le voci con attributo:
Hidden Loaded Driver: True e [<empty>] (senza riavviare il computer) provare a rieseguire combofix. Magari è solo un falso riconoscimento del programma [^]

Aspetta anche le risposte di qualcun'altro
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm
Top

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 4:31 pm

Tienici aggiornati su come va [brindisi]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm
Top

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 4:50 pm

Fatta la scansione, niente sempre quell'errore di bootkit:

ComboFix 11-04-19.06 - Administrator 20.04.2011 17:29:32.12.2 - x86
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Creati Da 2011-03-20 al 2011-04-20 )))))))))))))))))))))))))))))))))))
.
.
2011-04-20 13:12 . 2011-04-20 13:12 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-04-20 13:12 . 2011-04-20 13:12 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-04-20 13:12 . 2011-04-20 13:12 -------- d-----w- c:\programmi\Prevx
2011-04-20 12:09 . 2011-04-20 12:09 -------- d-----w- c:\programmi\NoVirusThanks
2011-04-20 12:02 . 2011-04-20 12:02 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-04-20 11:50 . 2011-04-20 12:53 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-20 11:50 . 2011-04-20 12:49 -------- d-----w- c:\programmi\Hitman Pro 3.5
2011-04-20 11:50 . 2011-04-20 12:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hitman Pro
2011-04-20 01:39 . 2011-04-20 01:39 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Mael
2011-04-20 01:31 . 2011-04-20 01:31 -------- d-----w- c:\programmi\HxD
2011-04-20 00:41 . 2008-04-13 17:14 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-04-20 00:41 . 2001-08-30 21:08 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-04-20 00:41 . 2008-04-13 17:14 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-04-20 00:41 . 2001-08-30 21:08 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-04-20 00:41 . 2001-08-30 21:08 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-04-20 00:41 . 2001-08-30 21:08 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-04-20 00:41 . 2001-08-17 18:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-04-20 00:41 . 2008-04-13 07:34 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-04-20 00:41 . 2008-04-13 09:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-04-20 00:41 . 2008-04-13 17:13 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-04-20 00:41 . 2008-04-13 07:34 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-04-20 00:39 . 2008-04-13 09:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-04-20 00:38 . 2008-04-13 07:35 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-04-20 00:38 . 2001-08-30 18:46 35402 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-04-20 00:38 . 2001-08-17 19:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2011-04-20 00:38 . 2001-08-30 21:08 54272 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-04-20 00:38 . 2001-08-30 21:08 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-04-20 00:38 . 2008-04-14 12:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-04-20 00:38 . 2008-04-14 12:00 31360 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-04-20 00:38 . 2008-04-13 16:49 32000 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-04-20 00:38 . 2008-04-13 07:34 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2011-04-20 00:38 . 2001-08-17 19:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2011-04-20 00:38 . 2001-08-17 18:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2011-04-20 00:36 . 2008-04-13 17:13 11325 ----a-w- c:\windows\system32\dllcache\vchnt5.dll
2011-04-20 00:35 . 2001-08-30 21:08 28672 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-04-20 00:34 . 2001-08-17 18:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-04-20 00:33 . 2008-04-14 12:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2011-04-20 00:33 . 2001-08-17 19:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-04-20 00:33 . 2001-08-17 19:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-04-20 00:33 . 2001-08-17 18:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-04-20 00:33 . 2001-08-30 21:07 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-04-20 00:33 . 2001-08-17 20:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-04-20 00:33 . 2001-08-17 20:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2011-04-20 00:33 . 2001-08-17 20:07 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-04-20 00:33 . 2001-08-17 20:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-04-20 00:33 . 2001-08-30 21:08 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2011-04-20 00:31 . 2001-08-30 21:08 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-04-20 00:30 . 2001-08-30 20:37 36937 ----a-w- c:\windows\system32\dllcache\smcirda.sys
2011-04-20 00:29 . 2001-08-17 18:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-04-20 00:29 . 2001-08-30 21:07 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-04-20 00:29 . 2008-04-14 12:00 19456 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-04-20 00:29 . 2001-08-17 18:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-04-20 00:29 . 2008-04-13 17:13 3901 ----a-w- c:\windows\system32\dllcache\siint5.dll
2011-04-20 00:28 . 2001-08-30 20:30 161792 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-04-20 00:28 . 2001-07-21 20:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-04-20 00:28 . 2001-08-17 18:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-04-20 00:28 . 2001-08-30 21:07 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-04-20 00:28 . 2001-08-17 18:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-04-20 00:28 . 2001-08-30 20:28 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-04-20 00:26 . 2001-08-17 18:50 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys
2011-04-20 00:25 . 2008-04-13 09:23 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys
2011-04-20 00:24 . 2008-04-13 17:13 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll
2011-04-20 00:23 . 2001-08-17 20:07 5504 ----a-w- c:\windows\system32\dllcache\perc2hib.sys
2011-04-20 00:22 . 2001-08-17 20:05 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-04-20 00:22 . 2001-08-17 20:05 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2011-04-20 00:22 . 2001-08-30 19:50 54826 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-04-20 00:22 . 2001-08-30 19:50 44361 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2011-04-20 00:22 . 2001-08-17 18:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-04-20 00:22 . 2001-08-17 18:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-04-20 00:22 . 2008-04-13 09:46 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys
2011-04-20 00:21 . 2001-08-17 18:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-04-20 00:21 . 2001-08-30 21:07 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-04-20 00:21 . 2008-04-13 09:23 180360 ----a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2011-04-20 00:21 . 2001-08-17 18:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-04-20 00:20 . 2001-08-30 19:30 9472 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-04-20 00:20 . 2001-08-17 19:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-04-20 00:20 . 2008-04-14 12:00 45056 ----a-w- c:\windows\system32\dllcache\nsepm.dll
2011-04-20 00:20 . 2008-04-13 09:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-04-20 00:20 . 2001-08-17 18:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-04-20 00:20 . 2001-08-17 18:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-04-20 00:20 . 2008-04-14 12:00 53760 ----a-w- c:\windows\system32\dllcache\nextlink.dll
2011-04-20 00:20 . 2001-08-17 18:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-04-20 00:20 . 2008-04-13 16:54 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-04-20 00:18 . 2008-04-13 07:34 452736 ----a-w- c:\windows\system32\dllcache\mtxparhm.sys
2011-04-20 00:18 . 2001-08-17 18:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-04-20 00:18 . 2008-04-13 17:13 1737856 ----a-w- c:\windows\system32\dllcache\mtxparhd.dll
2011-04-20 00:18 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\dllcache\mtstocom.exe
2011-04-20 00:18 . 2008-04-13 09:23 1309184 ----a-w- c:\windows\system32\dllcache\mtlstrm.sys
2011-04-20 00:18 . 2008-04-13 09:23 126686 ----a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2011-04-20 00:18 . 2008-04-13 09:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2011-04-20 00:18 . 2008-04-13 09:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-04-20 00:18 . 2001-08-17 19:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-04-20 00:17 . 2001-08-17 20:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-04-20 00:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\dllcache\msiregmv.exe
2011-04-20 00:17 . 2008-04-13 09:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-04-20 00:17 . 2008-04-14 12:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-04-20 00:16 . 2001-08-17 20:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-04-20 00:16 . 2001-08-17 19:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-04-20 00:16 . 2008-04-13 09:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-04-20 00:16 . 2001-08-17 19:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-04-20 00:15 . 2008-04-13 09:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-04-20 00:15 . 2001-08-17 19:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-04-20 00:15 . 2001-08-17 19:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2011-04-20 00:13 . 2008-04-13 16:54 607292 ----a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2011-04-20 00:12 . 2008-04-14 12:00 5632 ----a-w- c:\windows\system32\dllcache\kbdth1.dll
2011-04-20 00:11 . 2001-08-30 21:07 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
2011-04-20 00:10 . 2001-08-30 21:07 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2011-04-20 00:09 . 2008-04-14 12:00 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-04-20 00:08 . 2001-08-17 19:52 5760 ----a-w- c:\windows\system32\dllcache\hpt4qic.sys
2011-04-20 00:07 . 2008-04-14 12:00 36864 ----a-w- c:\windows\system32\dllcache\hanjadic.dll
2011-04-20 00:06 . 2002-05-14 11:08 94208 ----a-w- c:\windows\system32\dllcache\fpencode.dll
2011-04-20 00:05 . 2001-08-17 18:19 63360 ----a-w- c:\windows\system32\dllcache\ess.sys
2011-04-20 00:04 . 2001-08-30 19:33 44615 ----a-w- c:\windows\system32\dllcache\el515.sys
2011-04-20 00:04 . 2008-04-14 12:00 514587 ----a-w- c:\windows\system32\dllcache\edb500.dll
2011-04-20 00:04 . 2001-08-17 18:12 19594 ----a-w- c:\windows\system32\dllcache\e100isa4.sys
2011-04-20 00:04 . 2001-08-30 19:29 117760 ----a-w- c:\windows\system32\dllcache\e100b325.sys
2011-04-20 00:04 . 2001-08-30 19:29 51743 ----a-w- c:\windows\system32\dllcache\e1000nt5.sys
2011-04-20 00:04 . 2001-08-17 18:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2011-04-20 00:04 . 2001-08-17 20:07 20192 ----a-w- c:\windows\system32\dllcache\dpti2o.sys
2011-04-20 00:04 . 2001-08-17 18:12 28062 ----a-w- c:\windows\system32\dllcache\dp83820.sys
2011-04-20 00:04 . 2001-08-30 19:20 23936 ----a-w- c:\windows\system32\dllcache\dot4usb.sys
2011-04-20 00:04 . 2001-08-17 19:47 8704 ----a-w- c:\windows\system32\dllcache\dot4scan.sys
2011-04-20 00:04 . 2008-04-13 09:39 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys
2011-04-20 00:04 . 2001-08-17 19:47 12928 ----a-w- c:\windows\system32\dllcache\dot4prt.sys
2011-04-20 00:02 . 2001-08-30 21:07 111104 ----a-w- c:\windows\system32\dllcache\dc260usd.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 13:12 . 2010-01-06 16:50 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-04-06 13:46 . 2010-05-11 14:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-06 13:13 . 2011-02-11 19:03 557328 ----a-w- c:\windows\system32\DAO360.DLL
2011-04-02 14:01 . 2009-12-09 06:24 5302 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-24 21:24 . 2009-04-23 20:08 29480 ------w- c:\windows\system32\msxml3a.dll
2011-03-24 21:24 . 2003-02-21 03:42 353576 ------w- c:\windows\system32\msvcr71.dll
2011-03-24 21:24 . 2003-03-18 19:14 505128 ------w- c:\windows\system32\msvcp71.dll
2011-03-15 10:08 . 2011-03-15 10:08 0 ------w- c:\windows\system32\REN4D92.tmp
2011-03-10 19:00 . 2011-03-11 04:08 835480 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-03-10 19:00 . 2011-03-11 04:08 938904 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-03-10 19:00 . 2010-04-04 14:19 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-10 19:00 . 2010-04-04 14:19 2252904 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-03-10 19:00 . 2009-03-27 08:03 4984832 ----a-w- c:\windows\system32\nvcuda.dll
2011-03-10 19:00 . 2009-03-27 08:03 2918504 ----a-w- c:\windows\system32\nvcuvid.dll
2011-03-10 19:00 . 2009-03-27 08:03 14675968 ----a-w- c:\windows\system32\nvoglnt.dll
2011-03-10 19:00 . 2010-04-04 14:19 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-03-10 19:00 . 2009-03-27 08:03 9925408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-03-10 19:00 . 2009-03-27 08:03 6407808 ----a-w- c:\windows\system32\nv4_disp.dll
2011-03-10 19:00 . 2009-03-27 08:03 1974272 ----a-w- c:\windows\system32\nvapi.dll
2011-03-08 11:26 . 2011-03-08 11:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-03-08 11:26 . 2011-03-08 11:26 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-03-08 11:26 . 2011-03-08 11:26 13881448 ----a-w- c:\windows\system32\nvcpl.dll
2011-03-08 11:26 . 2011-03-08 11:26 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-03-08 11:26 . 2011-03-08 11:26 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-03-08 11:26 . 2011-03-08 11:26 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-03-08 11:26 . 2011-03-08 11:26 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-03-08 11:26 . 2011-03-08 11:26 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-03-08 11:26 . 2011-03-08 11:26 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-03-08 11:26 . 2011-03-08 11:26 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-03-08 11:26 . 2011-03-08 11:26 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-03-08 11:26 . 2011-03-08 11:26 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-03-08 11:26 . 2011-03-08 11:26 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-03-08 11:26 . 2011-03-08 11:26 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-03-08 11:26 . 2011-03-08 11:26 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-03-08 11:26 . 2011-03-08 11:26 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-03-08 11:26 . 2011-03-08 11:26 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-03-08 11:26 . 2011-03-08 11:26 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-03-08 11:26 . 2011-03-08 11:26 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-03-08 11:26 . 2011-03-08 11:26 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-03-08 11:26 . 2011-03-08 11:26 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-03-08 11:26 . 2011-03-08 11:26 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-03-08 11:26 . 2011-03-08 11:26 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-03-08 11:26 . 2011-03-08 11:26 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-03-08 11:26 . 2011-03-08 11:26 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-03-08 11:26 . 2011-03-08 11:26 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-03-08 11:26 . 2011-03-08 11:26 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-02-22 06:38 . 2011-02-22 06:38 86016 ------w- c:\windows\system32\frapsvid.dll
2011-02-06 10:40 . 2011-02-06 10:40 93696 ------w- c:\windows\system32\EP1KSSP.DLL
2011-02-06 10:40 . 2011-02-06 10:40 178176 ------w- c:\windows\system32\ep1k_certd.exe
2011-02-06 10:40 . 2011-02-06 10:40 12288 ------w- c:\windows\system32\ep1ksrv.exe
2011-02-06 10:40 . 2011-02-06 10:40 446464 ------w- c:\windows\system32\EP1CSP32.DAT
2011-02-06 10:40 . 2011-02-06 10:40 24064 ------w- c:\windows\system32\JEPSAI20.DLL
2011-02-06 10:40 . 2011-02-06 10:40 180224 ------w- c:\windows\system32\EP1CSP32.DLL
2011-02-06 10:40 . 2011-02-06 10:40 165888 ------w- c:\windows\system32\EP1PK111.DLL
2011-02-06 10:40 . 2011-02-06 10:40 95232 ------w- c:\windows\system32\EP1KDL20.DLL
2011-02-06 10:40 . 2011-02-06 10:40 81920 ------w- c:\windows\system32\EPSMODU.DLL
2011-02-06 10:40 . 2011-02-06 10:40 81920 ------w- c:\windows\system32\EPASMOD.DLL
2011-02-06 10:40 . 2011-02-06 10:40 69632 ------w- c:\windows\system32\EPSMODUE.DLL
2011-02-06 10:40 . 2011-02-06 10:40 53248 ------w- c:\windows\system32\EPASSMDFULL.DLL
2011-02-06 10:40 . 2011-02-06 10:40 45056 ------w- c:\windows\system32\EPASSMD.DLL
2011-02-06 10:40 . 2011-02-06 10:40 4608 ------w- c:\windows\system32\ft1kco.dll
2011-02-06 10:40 . 2011-02-06 10:40 22272 ------w- c:\windows\system32\drivers\eps1k.sys
2011-02-06 10:40 . 2011-02-06 10:40 9856 ------w- c:\windows\system32\drivers\usbic1k.SYS
2011-02-06 10:40 . 2011-02-06 10:40 8832 ------w- c:\windows\system32\drivers\IC1KENUM.SYS
2010-02-18 23:28 . 2010-02-18 23:28 774144 ----a-w- c:\programmi\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-20_04.00.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-20 15:21 . 2011-04-20 15:21 16384 c:\windows\temp\Perflib_Perfdata_544.dat
+ 2011-04-20 15:21 . 2011-04-20 15:21 16384 c:\windows\temp\Perflib_Perfdata_208.dat
+ 2008-09-03 12:58 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2008-09-03 12:58 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2008-09-03 12:58 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2008-09-03 12:58 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2010-11-20 04:00 . 2011-04-20 14:08 3725984 c:\windows\system32\GDIPFONTCACHEV1.DAT
- 2010-11-20 04:00 . 2011-03-09 07:57 3725984 c:\windows\system32\GDIPFONTCACHEV1.DAT
- 2009-06-10 08:27 . 2011-04-20 03:27 3863412768 c:\windows\system32\drivers\fidbox.dat
+ 2009-06-10 08:27 . 2011-04-20 15:18 3863412768 c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:16 64000 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb02.exe" [2001-04-17 192512]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-01 2054360]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-09-07 1976920]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"CanonSolutionMenuEx"="c:\programmi\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-08 13881448]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-06-23 847872]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - c:\programmi\FreePOPs\freepopsd.exe [2008-12-27 49152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\programmi\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^is-6O6IH.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
2011-03-19 23:17 4743240 ----a-w- c:\program files\360Amigo\360Amigo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-10-13 10:16 165144 ----a-w- c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-03-26 22:39 323392 ----a-w- c:\programmi\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
2009-04-14 10:52 86016 ----a-w- c:\programmi\ClamWin\bin\ClamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverChecker.exe]
2009-12-31 15:36 13561856 ----a-w- c:\programmi\Driver Checker\DriverChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-10-28 23:32 1352272 ----a-w- c:\programmi\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-09 17:23 133104 ----atw- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InnoSetupRegFile.0000000001]
2009-09-02 04:30 687104 ----a-w- c:\windows\is-QOJPR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 16:08 963976 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 16:08 443728 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MegakeyUpdater]
2011-01-13 05:38 64000 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegakeyUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-26 22:42 2937528 ----a-w- c:\programmi\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 10:51 25088 ------r- c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-12-10 12:28 247144 ----a-w- c:\documents and settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-06-06 13:03 222504 ----a-w- c:\programmi\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2007-12-20 15:05 77824 ------w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"UxTuneUp"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"ServiceLayer"=3 (0x3)
"gusvc"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DriverUpdate"="c:\programmi\DriverUpdate\DriverUpdate.exe" -boot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\filehippo.com\\UpdateChecker.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\Programmi\\FirefoxPortable\\App\\Firefox\\firefox.exe"=
"c:\\Programmi\\FreePOPs\\freepopsd.exe"=
"c:\\Programmi\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Programmi\\Steam\\Steam.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\RpcAgentSrv.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26731:TCP"= 26731:TCP:*:Disabled:SolidNetworkManager
"26731:UDP"= 26731:UDP:*:Disabled:SolidNetworkManager
"5009:TCP"= 5009:TCP:SolidNetworkManager
"5009:UDP"= 5009:UDP:SolidNetworkManager
"56827:TCP"= 56827:TCP:Pando Media Booster
"56827:UDP"= 56827:UDP:Pando Media Booster
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 as6eio;as6eio;c:\windows\System32\drivers\as6eio.sys [x]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-11-30 1483072]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\File comuni\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gwiopm;gwiopm;c:\programmi\My Drivers\gwiopm.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-05-03 3604720]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Professional Home 2011.SP1a\RpcAgentSrv.exe [2009-08-09 93848]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
R3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2011-04-20 32008]
S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2009-06-12 971232]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-04-03 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-04-03 53248]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-10-01 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-10-01 96408]
S1 is-6O6IHdrv;is-6O6IHdrv;c:\windows\system32\DRIVERS\05165413.sys [2008-07-08 148496]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-04-20 76696]
S1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
S1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2009-09-02 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-01 735960]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\programmi\File comuni\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-06-11 65856]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2005-07-15 45696]
S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\DRIVERS\thdudf.sys [2006-11-11 66944]
S2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S3 ft1kEnum;usb Card Device 1000;c:\windows\system32\DRIVERS\ic1kenum.sys [2011-02-06 8832]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2005-07-15 56960]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-04-20 26096]
S3 Reader_1000;USB SmartCard Reader Device 1000 ;c:\windows\system32\DRIVERS\usbic1k.sys [2011-02-06 9856]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-COMPUTER-A04070-Administrator.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 14:04]
.
2011-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2009-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-842925246-1177238915-500.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-09 17:23]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://mystart.incredimail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Capture Web Page - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\CaptureWebPage.htm
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fetch to Megaupload - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaUpload.htm
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
LSP: c:\documents and settings\All Users\Dati applicazioni\Megamedia\Megakey\msadm.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\ln9e66g5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Cerca
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_ ... ST&search=
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\programmi\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\programmi\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: MegaKey: {1D3DB383-DB45-45b2-9F46-91218CA2CBCB} - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-guyet - c:\windows\uninstall guyet.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-842925246-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-583907252-842925246-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87118821-B996-BE12-BBCA-B6BDF39E5A17}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abpnmffeooajilkcafhegojfckkhekkbkg"=hex:6a,61,6d,6d,6c,66,70,62,6c,70,69,68,
6f,64,6e,6b,66,62,64,67,00,00
"pafncffijobobldilcdhknhghadjfdoo"=hex:6a,61,6d,6d,6c,66,70,62,6c,70,69,68,6f,
64,6e,6b,66,62,64,67,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07A774A0-6047-11D1-BA20-006097D2898E}]
@DACL=(02 0000)
@="Logagent Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AEE3E4A8-EF01-4024-A0F1-809D9B096E14}]
@DACL=(02 0000)
@="Windows Media Player Encoder Helper Class"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dati applicazioni\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Programmi\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000410
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{AC0A97B5-991D-4761-B4E9-B6F9811B6A38}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.468.1"
"UniqueId"="0003DDCE4B12D900"
"ScannerBuild"=dword:0000167c
"ScannerVersionId"=dword:0000117a
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
"ei2"=hex(b):90,5e,74,b8,3a,7a,6a,b0
"ei1"=hex(b):00,1a,92,bb,92,be,00,00
"ei3"=hex(b):fb,8c,7c,4d,00,00,00,00
"ei4"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="4FB598A81C297AD6EE0812567CA44E64AC17A8865E4A138F4F09603F6B6CFA61DF5E03CDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555BA7FD869164D6794533C1902A7B859338BB89CC266D665783264BF73002CFC4F0A9A6B5141C99AD61EFA18840C0C1B89425006EB64724B2CADCC87BE95C3711F211F5B02DB7D75F01CC31542A02291C9A0B71D295044162310F6B75AB0EC37D08C421DA5D757F6D67340AA88A16A11965E6B95FCC416024540473C9AEF73162F05F7FA86753B8EDA4F131A360E86D2E83855C97B2469B1CCAB19286AB353B7DD48A6DC84B6C20FA3DDCE47BFA94D7109EDD7354E117129CCC2B92F48A03BAB4F182AD294623BB02A527CB9AEF9C7ED95C148FA33F41453A57A6A2EC59F1163CD3A510FBA01A70FBCE3179C1D4CB72D04FB6EDC7BF96EFC11CAE2228A5F6D35F478DE6915613C287B4B0F41BDAE8C78186988C50C92CFD71A314B2C4FD01D5C35208ADC5295E260DEC8C79A53F36E7A6F5747C2DCF0BBF721ADC29363A79FF555827D07B3F4397FAE1E1B403633B645769C4F837D8E6958D8C55C40A85E2A85EBF658AB131890B0091353EE5348F44BF00EBADD8D26C355CA029CC095B1A4F068D42F325ADD6E825FF0B1872A52EB66F40815CAC3B96BB0D0ED7DC7B3A2AC8288FB062589E78D697987688B50B31152EEEA6067E80DB3101C9BECAB23F69169E24B5A32321D593B6E28A1A36C948F301C1A9172D827247CAE1E4E64143759B6DEAB1B2EFD277435ADAA789DBBDEC4048FFC91D386557764E28F76124EAFBAE2BB84290FA7743576F86A7C678E43C536307FBC1376269E97628BAF742B73A44687C3DDEF7DB7A302E5C332944833D613B911655DC2EF3C4DADB338F298D6B421A8DB030E6265FDBEDD9B925E6367F34BB825CF8218C8271C19AC42979A72C113D7C2D84F4FB835789ED687A069DACA7292B4B4F8B78EEC844C9DF28EC524D1A521F011B84E31EFDEB961F2D9FBCBBD027CB9415876E04BE5C234E4AB458D25C06664D2F6808D070516A9A7AFCFBD635501B317DEBEA33607CA22A6E35792A835DA20B95696D78863ECA1EEE8ACF787AD00A74BEB8CFDD5908B993951CC5C83B308A6D4CA59D7B453CBBF83F1EE85A6302B9D668572DE8510795614B18E598D534B05A66BA29B02951400165A85B574E28A1FE45594F2D37561922067153A518C55C6267364F51B4EFB60C956F69BD734F7BDB8A5ADB18598640F3BF7EEF212C02AFEBF421FFDDA820F63B8BD5A0EEA74228B4769095190327512370DBE3EC231A2C1D0D86B0CD4202710EC0D5CA97C568C22E7B5894DA2DE5B63DBF5BA980D056B29ACDFF4BF4E74F970E6E2BC4B8D748C1CE8C124"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1976)
c:\windows\system32\sfc_os.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
.
Ora fine scansione: 2011-04-20 17:50:08
ComboFix-quarantined-files.txt 2011-04-20 15:50
ComboFix2.txt 2011-04-20 04:08
ComboFix3.txt 2011-04-19 22:03
.
Pre-Run: 65'549'422'592 byte disponibili
Post-Run: 65'542'770'688 byte disponibili
.
- - End Of File - - 235E34900C4BB14AEA0A5D402E19764E
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)
Top

Re: Bootkit? Help

Messaggioda Uomo_Senza_Sonno » mer apr 20, 2011 5:19 pm

Il disco sembra pulito, tuttavia proviamo con questo tentativo:

Prima di tutto esegui una scansione con il rescue disk di GData, e verifica se trova qualche minaccia; successivamente segui la guida per azzerare i settori che ti indicherò dopo che mi hai postato anche il settore 312581808. Una volta che hai azzerato i settori, esegui nuovamente il comano fixboot e fixmbr dalla consolle di ripristino e verifica se il messaggio appare ancora.
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it
Top

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 5:28 pm

Uomo_Senza_Sonno ha scritto:Il disco sembra pulito, tuttavia proviamo con questo tentativo:

Prima di tutto esegui una scansione con il rescue disk di GData

Preciso che per aggiornare il database del Rescue Cd è necessaria una connessione ad internet tramite lan.
Uomo_Senza_Sonno ha scritto:Una volta che hai azzerato i settori, esegui nuovamente il comano fixboot e fixmbr dalla consolle di ripristino e verifica se il messaggio appare ancora.

Per eseguire questa operazione hai bisogno del cd di windows
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm
Top

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 6:27 pm

Non esiste: 312581808

L'ultimo è questo: 312581807


Immagine


Qui per visualizzare l'intera immagine: http://www.imageurlhost.com/images/h31e ... ex9axu.jpg
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)
Top

Re: Bootkit? Help

Messaggioda Uomo_Senza_Sonno » mer apr 20, 2011 7:48 pm

Beh, è alquanto strano che ci siano tre estremi di partizione, uno dei quali non è nel settore indicato dal MBR. Per cui, se eliminiamo e ripuliamo i settori che sono esterni al filesystem, dovresti risolvere.

Fermo restando che prima di procedere è bene che effettui una scansione approfondita con il rescue disk, segui la guida per azzerare i settori che ti ho linkato nel post precedente ed inserisci i seguenti offset:

Settori 1-62: campo inizio 200, campo fine 7DFF;
Settori 312560640-312581808: campo inizio 2542980000, campo fine 25433D5FFF;

dalla consolle di ripristino esegui i comandi fixboot e fixmbr per sicurezza, e poi controlla se si presenta nuovamente il problema.

Ovviamente, come già scritto ampiamente nell'articolo, il backup di sicurezza è consigliato prima di procedere con la procedura.
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it
Top

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 8:00 pm

Ciao l'antivirus di boot non mi ha trovato nulla. Ho già un backup del disco da parte. Però dalla guida non ci ho capito molto e siccome ho un estrema paura di sbagliare vorrei sapere come settare la tabella seleziona blocco:

Immagine

Devvo mettere

Inizio: 1
Fine: 62
Lunghezza?

Scusa il disturbo.
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)
Top
PrecedenteProssimo
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising