Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Virus in C:\WINDOWS\system32\drivers

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda torch » dom mag 16, 2010 3:52 pm

parte 2di2

Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00618170] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00617B10] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [00617670] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [00617700] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [00617240] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [00617BA0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [00617C60] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [00617E40] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [00617530] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [006175D0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [00617D20] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [00617290] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00618170] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [00617B10] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00618200] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [006181B0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [00617E40] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [00617D20] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [00617240] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [00617530] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [00617C60] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [00617700] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00618170] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [00617B10] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [006181B0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00618200] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [00617B10] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [00618250] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [00617D20] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs FCFBF1E8
Device \FileSystem\Fastfat \FatCdrom FBDB51E8
Device \Driver\USBSTOR \Device\0000009b FC0031E8
Device \Driver\USBSTOR \Device\0000009c FC0031E8

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 FCE891E8
Device \Driver\usbuhci \Device\USBPDO-1 FCE891E8
Device \Driver\usbuhci \Device\USBPDO-2 FCE891E8
Device \Driver\usbuhci \Device\USBPDO-3 FCE891E8
Device \Driver\usbehci \Device\USBPDO-4 FCE9A550

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\Ftdisk \Device\HarddiskVolume1 FCFC11E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 FCFC11E8
Device \Driver\Cdrom \Device\CdRom0 FCF1F790
Device \Driver\Ftdisk \Device\HarddiskVolume3 FCFC11E8
Device \Driver\Cdrom \Device\CdRom1 FCF1F790
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F5F78B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F5F78B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F5F78B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F5F78B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 FCFC11E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 FCFC11E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 FCFC11E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 FCFC11E8
Device \Driver\NetBT \Device\NetBt_Wins_Export FBE66790
Device \Driver\Ftdisk \Device\HarddiskVolume8 FCFC11E8
Device \Driver\Ftdisk \Device\HarddiskVolume9 FCFC11E8
Device \Driver\NetBT \Device\NetbiosSmb FBE66790

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\USBSTOR \Device\00000097 FC0031E8
Device \Driver\Disk \Device\Harddisk1\DR7 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\PCI_NTPNP7344 \Device\0000005f sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 FCE891E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C} FBE66790
Device \Driver\usbuhci \Device\USBFDO-1 FCE891E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FBE561E8
Device \Driver\usbuhci \Device\USBFDO-2 FCE891E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector FBE561E8
Device \Driver\usbuhci \Device\USBFDO-3 FCE891E8
Device \Driver\usbehci \Device\USBFDO-4 FCE9A550
Device \Driver\Ftdisk \Device\FtControl FCFC11E8
Device \Driver\a8fani5g \Device\Scsi\a8fani5g1Port2Path0Target0Lun0 FCDF11E8
Device \Driver\a8fani5g \Device\Scsi\a8fani5g1 FCDF11E8
Device \FileSystem\Fastfat \Fat FBDB51E8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs FBE0C790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Masterizzazione\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x36 0x99 0x9C 0x9F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x58 0x5C 0xFC ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6D 0x70 0xEC 0x3B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x99 0x93 0x84 0x9B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x66 0x6C 0xFF 0x10 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x84 0x83 0x67 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641fadf2a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641fadf2a@0012d248d667 0x6E 0x9A 0xDE 0xB3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641fadf2a@001ea4c68c42 0x09 0xE5 0xC3 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641fadf2a@002243b1ce45 0xCC 0xCE 0x16 0xB0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641fadf2a@00231273e5f9 0x44 0xA5 0x65 0x92 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641fadf2a@0016b821528a 0x56 0xE6 0x83 0x86 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641fadf2a@0021feffe22f 0x40 0x8E 0x00 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Masterizzazione\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x36 0x99 0x9C 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x58 0x5C 0xFC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x01 0x71 0xCD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x99 0x93 0x84 0x9B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x66 0x6C 0xFF 0x10 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x84 0x83 0x67 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641fadf2a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641fadf2a@0012d248d667 0x6E 0x9A 0xDE 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641fadf2a@001ea4c68c42 0x09 0xE5 0xC3 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641fadf2a@002243b1ce45 0xCC 0xCE 0x16 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641fadf2a@00231273e5f9 0x44 0xA5 0x65 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641fadf2a@0016b821528a 0x56 0xE6 0x83 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641fadf2a@0021feffe22f 0x40 0x8E 0x00 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Masterizzazione\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x36 0x99 0x9C 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x58 0x5C 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x01 0x71 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x99 0x93 0x84 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x66 0x6C 0xFF 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x84 0x83 0x67 0x71 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001641fadf2a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001641fadf2a@0012d248d667 0x6E 0x9A 0xDE 0xB3 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001641fadf2a@001ea4c68c42 0x09 0xE5 0xC3 0xF9 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001641fadf2a@002243b1ce45 0xCC 0xCE 0x16 0xB0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001641fadf2a@00231273e5f9 0x44 0xA5 0x65 0x92 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001641fadf2a@0016b821528a 0x56 0xE6 0x83 0x86 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001641fadf2a@0021feffe22f 0x40 0x8E 0x00 0x2D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Masterizzazione\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x36 0x99 0x9C 0x9F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x58 0x5C 0xFC ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x01 0x71 0xCD ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x99 0x93 0x84 0x9B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x66 0x6C 0xFF 0x10 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x84 0x83 0x67 0x71 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\501F49C40D18CFA4F8A08349D90CF756\Usage@default 1018222321

---- EOF - GMER 1.0.15 ----
[/LOG]
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda stevens » dom mag 16, 2010 4:37 pm

se non hai notato voci in rosso dovresti essere pulito, rimane la scansione con avira che devi eseguire

fai anche un controllo con prevx
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda torch » dom mag 16, 2010 6:14 pm

Anche avira ci mette un pochino,

sono trascorsi 2:33 scansionati 1.306.000 file , e siamo al 30,4% .
Al momento ha rilevato 9 files (quando finisce posto il log).

Ho scaricato prevx. qQuando Avira finisce, lo lancio.
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm
Top
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda torch » dom mag 16, 2010 10:00 pm

6ore e 20'... e siamo al 89,9% ... per ora ha fatto 23 rilevamenti...
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda torch » dom mag 16, 2010 10:43 pm

Ok. Scansione con avira terminata.
Ha trovato un po di schifezze che gli ho detto di cancellare. In parte erano dei keygen/falsi positivi.
L'unico file che ha trovato e che mi ha un po insospettito lo trovava sul desktop: un tale sys2438.exe
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda torch » dom mag 16, 2010 10:57 pm

Prevx 3.0 non ha trovato nulla.

Fuori pericolo?
Altre prove?

Grazie
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda stevens » lun mag 17, 2010 9:12 am

analizza quel sys2438.exe su virus total e postami un log aggiornato di hijackthis
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda torch » lun mag 17, 2010 9:26 am

Ciao Stevens,

allora:

il file sys2438.exe lo ha rimosso avira, ed al riavvio del sistema non c'era più (a dirla tutta, anche prima avira l'aveva rilevato, ma su risorse di sistema\desktop , pur rendendo visibili i file nascosti e di sistema, il file non compariva).

Questo è il log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:26:10, on 17/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\Sicurezza\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
E:\Scanner\abbyy\NetworkLicenseServer.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe
C:\WINDOWS\system32\astsrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programmi\Java\jre6\bin\jqs.exe
E:\Architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe
E:\Architettura\3dMax2011Design\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\WINDOWS\system32\MNSFramework.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Manutenzione\PerfectDisk\PDAgent.exe
C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Programmi\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe
C:\Programmi\Dell\QuickSet\Quickset.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
E:\Sistema\Office\Office12\GrooveMonitor.exe
E:\AdobeAcrobatPro\Acrobat\Acrotray.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe
C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe
E:\Audio\iTunes\iTunesHelper.exe
E:\Masterizzazione\DAEMON Tools\daemon.exe
C:\Programmi\I8kfanGUI\I8kfanGUI.exe
C:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Programmi\Mobile Net Switch\MNS.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
C:\Programmi\iPod\bin\iPodService.exe
E:\Internet\freepops\freepopsd.exe
E:\Sistema\Office\Office12\OUTLOOK.EXE
E:\Internet\Skype\Phone\Skype.exe
E:\Internet\Skype\Plugin Manager\skypePM.exe
E:\Internet\Firefox\firefox.exe
C:\Documents and Settings\TRH\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Internet\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SICURE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - E:\Architettura\DIALux\DLXShellExtension.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Sistema\Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmi\IDM\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Sistema\Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\AdobeAcrobatPro\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "E:\Players\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Audio\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Masterizzazione\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [i8kfangui] C:\Programmi\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
O4 - HKCU\..\Run: [MNS] C:\Programmi\Mobile Net Switch\MNS.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O4 - Global Startup: DRSpawner.lnk = C:\Documents and Settings\All Users\Dati applicazioni\ASGvis\DRSpawner\DRSpawner.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Sistema\Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Sistema\Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - E:\Internet\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - E:\Internet\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Internet\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Sistema\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SICURE~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SICURE~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0AFF87D-CBD8-423A-A7C1-99BF03D231A5}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Sistema\Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 - Servizio Gestione licenze (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - E:\Scanner\abbyy\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: ArchVision Content Manager Service - ArchVision - C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe
O23 - Service: AST Service (ASTCC) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - E:\Sicurezza\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - E:\Architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - E:\Architettura\3dMax2011Design\mentalimages\satellite\raysat_3dsmax2011_32server.exe
O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Provider supporto protezione LM NT (NtLmSsp) - Unknown owner - (no file)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - E:\Manutenzione\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Manutenzione\PerfectDisk\PDEngine.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 16563 bytes
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda stevens » lun mag 17, 2010 9:49 am

questo DRSpawner lo usi spesso? ti serve?
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda torch » lun mag 17, 2010 10:01 am

L'ho usato giusto un paio di volte.

Serve per mettere in rete più pc e velocizzare i processi di render.
In effetti, ricordo che prima, subito dopo aver caricato il desktop, si apriva sempre una piccola finestra dos che avvertiva che drspawner era stato lanciato e pronto per essere utilizzato. Da qualche giorno a questa parte, quella finestra non compare più.

Dici che devo cancellarlo?
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda stevens » lun mag 17, 2010 10:10 am

se proprio non ti serve meglio eliminarlo

analizza su virus total questo file

C:\WINDOWS\system32\acaptuser32.dll

analizzalo anche qui
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda torch » lun mag 17, 2010 10:21 am

Ho rimosso drspawner dall'esecuzione automatica.

questo è lo scan del file su virustotal

http://www.virustotal.com/it/analisis/6 ... 1273974727

e questo su jotti

http://virusscan.jotti.org/it/scanresul ... 40e6cd13e5

Sembra pulito
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda stevens » lun mag 17, 2010 10:30 am

sembra che siamo giunti al termine

fai una bella pulizia con ccleaner

Scarica e installa l'ultima versione di adobe reader

scarica la versione aggiornata di java sun

scarica la versione aggiornata di Flash Player per I.E.

e la versione Flash Player per firefox


esegui uno scandisk leggi qui se non sai come fare


se hai altri problemi sono qui


sai dirmi se il pc ora va meglio?
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda torch » lun mag 17, 2010 10:34 am

Stevens, buongiorno.
Ora vedo di eseguire tutti i passaggi che mi hai detto.

Il pc ora è decisamente più rapido a caricare il sistema e ad eseguire le operazioni. A volte si bloccava tutto per alcuni secondi, per poi ripartire.
Per ora non si è bloccato neanche una volta.

Riposto appena termino la "lista della spesa" :-)

Intanto, infinitamente grazie per l'aiuto
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda torch » lun mag 17, 2010 2:20 pm

Eccoci qua.

Ho aggiornato tutto. Eseguito lo scandisk (non ha riscontrato nessun problema con l'hd).

Mi posso ritenere "pulito"?

Secondo te, avira + comodo fw (insieme a spybot s&d, malwarebytes e spywareblaster) possono ancora andare bene? O mi suggerisci dell'altro?

Grazie
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda stevens » lun mag 17, 2010 2:27 pm

puoi tenere quello che hai a parte comodo che e' un po' pesantuccio

l'accoppiata avira- pctools va molto bene: se vuoi puoi scaricarlo da qui ma ripeto sono scelte, e' molto soggettivo
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda torch » lun mag 17, 2010 2:36 pm

OK. Mi scarico pctools ed appena ho un attimo provo a sostituirlo a comodo (in caso si può sempre tornare indietro).

Ti ringrazio infinitamente per la consulenza. Sei stato veramente molto disponibile.

torcH
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm
Top

Re: Virus in C:\WINDOWS\system32\drivers

Messaggioda stevens » lun mag 17, 2010 2:47 pm

[ciao]
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top
Precedente
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising