Esegui 
![[cry]](http://www.megalab.it/forum/images/smilies/crying.gif "Mi metto a piangere...")
Fatto scansione con AntiMalware ed Avira niente.
Poi facendo delle ricerche online ho letto di Combofix che mi ha segnalato l'infezione di questo maledetto.
Ho disistallato Avira come mi chiedeva Combofix e disabilitato PC Tools Firewall.
Terminati tutti gli stage(una 50ntina)e dopo aver riavviato due volte mi dice che il virus è stato eliminato...ma io non riesco a navigare su internet
![[acc2]](http://www.megalab.it/forum/images/smilies/Acc.gif "Oh cacchio!")
La rete funziona con gli altri pc con quello infetto no...il WiFi rileva la connessione ma non si connette proprio(insomma non escono i due computer)!
Anche quando provo a connettermi manualmente non ci riesco.
E al riavvio...il Firewall lo trovo sempre disabilitato,segno che forse il virus c'è ancora?
Non ho provato a rifare una scansione con AntiMalwareBytes...dato che prima non l'ha trovato,deduco neanche ora(l'ultimo aggiornamento risale a 10giorni fa,forse dipende da quello? In ogni caso non funzionandomi internet non posso aggiornarlo).
Leggendo sempre in giro ho usato SystemLook,Avast Antirootkit ed AntizeroAccess e c'ho anche i log delle scansioni:
AntiZeroAccess
Webroot AntiZeroAccess 0.8 Log File
Execution time: 10/12/2011 - 12:03
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
12:03:49 - CheckSystem - Begin to check system...
12:03:49 - OpenRootDrive - Opening system root volume and physical drive....
12:03:49 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x0950A5C1 sectors.
12:03:49 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
12:03:49 - InstallAndStartDriver - Main driver was installed and now is running.
12:03:49 - CheckSystem - Disk class driver state is OK.
12:03:54 - CheckFile - Unable to read "sptd.sys" file. CreateFile last eror: 0x00000020.
12:03:56 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
12:03:56 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
12:03:56 - Execution Ended!
Avast AntiRootkit
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-10 12:02:13
-----------------------------
12:02:13.859 OS Version: Windows 5.1.2600 Service Pack 3
12:02:13.859 Number of processors: 2 586 0xE08
12:02:13.859 ComputerName: UTENTE-89A3A331 UserName: utente
12:02:14.281 Initialize success
12:02:46.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
12:02:46.750 Disk 0 Vendor: FUJITSU_MHV2080AH_PL 000000A0 Size: 76319MB BusType: 3
12:02:46.750 Device \Driver\atapi -> DriverStartIo 86ce531b
12:02:48.750 Disk 0 MBR read successfully
12:02:48.750 Disk 0 MBR scan
12:02:48.750 Disk 0 TDL4@MBR code has been found
12:02:48.750 Disk 0 Windows XP default MBR code found via API
12:02:48.750 Disk 0 MBR hidden
12:02:48.750 Disk 0 MBR [TDL4] **ROOTKIT**
12:02:48.750 Disk 0 trace - called modules:
12:02:48.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86ce54d0]<<
12:02:48.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c82ab8]
12:02:48.750 3 CLASSPNP.SYS[f75e7fd7] -> nt!IofCallDriver -> \Device\00000082[0x86d219e8]
12:02:48.750 5 ACPI.sys[f7353620] -> nt!IofCallDriver -> [0x86d21d98]
12:02:48.750 \Driver\atapi[0x86de0b78] -> IRP_MJ_CREATE -> 0x86ce54d0
12:02:48.750 Scan finished successfully
12:03:16.453 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
12:03:16.468 The log file has been saved successfully to "C:\aswMBR.txt"
System Look
SystemLook 30.07.11 by jpshortstuff
Log created at 12:14 on 10/12/2011 by utente
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]
"DisplayName"="AFD"
"Description"="Ambiente supporto di rete AFD"
"Group"="TDI"
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)
"ErrorControl"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters]
(No values found)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Security]
"Security"=01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Enum]
"0"="Root\LEGACY_AFD\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD]
"NextInstance"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD\0000]
"Service"="AFD"
"Legacy"= 0x0000000001 (1)
"ConfigFlags"= 0x0000000020 (32)
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AFD"
"Capabilities"= 0x0000000000 (0)
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD\0000\LogConf]
(No values found)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD\0000\Control]
"ActiveService"="AFD"
-= EOF =-
ComboFix
ComboFix 11-12-10.01 - utente 10/12/2011 11.15.00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.688 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\CF.exe
AV: AntiVir Desktop *Disabled/Outdated* {7698207D-3A48-003E-AC1D-9876381E9876}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-14EF-9D7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
* Creato nuovo punto di ripristino
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\utente\Dati applicazioni\Remote
c:\documents and settings\utente\Dati applicazioni\Remote\fboyfw_shrd
c:\documents and settings\utente\Dati applicazioni\Remote\isvy
c:\documents and settings\utente\Dati applicazioni\Remote\mnj.dat
c:\documents and settings\utente\Dati applicazioni\Remote\mxd1.txt
c:\documents and settings\utente\Dati applicazioni\Remote\ppkk.dat
c:\documents and settings\utente\Dati applicazioni\Remote\xnhrr.dat
c:\documents and settings\utente\Dati applicazioni\Toolbar4
c:\programmi\Search Settings
c:\programmi\Search Settings\SearchSettingsRes409.dll
c:\windows\$NtUninstallKB56021$
c:\windows\$NtUninstallKB56021$\2808172476
c:\windows\$NtUninstallKB56021$\4008064051\@
c:\windows\$NtUninstallKB56021$\4008064051\cfg.ini
c:\windows\$NtUninstallKB56021$\4008064051\Desktop.ini
c:\windows\$NtUninstallKB56021$\4008064051\keywords
c:\windows\$NtUninstallKB56021$\4008064051\L\nbsmnofz
c:\windows\$NtUninstallKB56021$\4008064051\U\00000001.@
c:\windows\$NtUninstallKB56021$\4008064051\U\00000002.@
c:\windows\$NtUninstallKB56021$\4008064051\U\00000004.@
c:\windows\$NtUninstallKB56021$\4008064051\U\80000000.@
c:\windows\$NtUninstallKB56021$\4008064051\U\80000004.@
c:\windows\$NtUninstallKB56021$\4008064051\U\80000032.@
C:\WinLogon
c:\winlogon\37D497253F38BEE
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-10 al 2011-12-10 )))))))))))))))))))))))))))))))))))
.
.
2011-12-10 09:58 . 2011-12-10 09:59 6160 ----a-w- C:\cc_20111210_105855.reg
2011-12-10 09:27 . 2011-07-25 19:42 1008041 ----a-w- C:\iExplore.exe
2011-12-09 21:19 . 2011-12-09 21:19 -------- d-----w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\SanctionedMedia
2011-11-26 23:47 . 2011-11-26 23:47 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\MAGIX
2011-11-26 23:44 . 2011-11-26 23:44 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\OnDemandDump
2011-11-26 23:44 . 2011-11-26 23:44 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\CrashLog
2011-11-26 23:41 . 2011-11-26 23:42 -------- d-----w- c:\programmi\MAGIX
2011-11-26 23:41 . 2011-11-26 23:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MAGIX
2011-11-26 23:41 . 2011-11-26 23:41 -------- d-----w- c:\programmi\MSXML 4.0
2011-11-21 18:40 . 2011-11-21 18:41 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\PCToolsFirewallPlus
2011-11-21 18:39 . 2011-03-02 11:40 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-21 18:39 . 2010-03-29 10:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-21 18:39 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-21 18:37 . 2011-11-21 18:39 -------- d-----w- c:\programmi\File comuni\PC Tools
2011-11-21 18:37 . 2011-01-12 09:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-11-21 18:37 . 2010-07-08 07:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-11-21 18:37 . 2010-02-05 07:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-11-21 18:37 . 2011-01-17 07:11 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-11-21 18:37 . 2011-11-21 18:41 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2011-11-21 18:30 . 2011-11-21 18:30 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\Common Files
2011-11-21 18:30 . 2011-11-21 18:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2011-11-21 10:29 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-11-21 10:28 . 2011-11-21 10:28 -------- d-----w- c:\programmi\Microsoft Mathematics Add-in
2011-11-16 23:16 . 2011-11-16 23:16 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\KC Softwares
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 21:29 . 2011-06-18 21:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2010-01-05 12:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-03-02 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileBroadband"="c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"PC_Live"="c:\programmi\MAGIX\PC_Live\MxTray.exe" [2011-09-22 464472]
"TkBellExe"="c:\programmi\real\realplayer\update\realsched.exe" [2010-12-23 274608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2011-09-23 07:02 11515184 ----a-w- c:\programmi\BitComet\BitComet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2005-06-24 13:08 860160 ----a-w- c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\BitComet\\BitComet.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Glesius-IRC\\mIRC.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7750:TCP"= 7750:TCP:BitComet 7750 TCP
"7750:UDP"= 7750:UDP:BitComet 7750 UDP
"11955:TCP"= 11955:TCP:BitComet 11955 TCP
"11955:UDP"= 11955:UDP:BitComet 11955 UDP
"15605:TCP"= 15605:TCP:Soulseek TCP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/09/2010 17.38.02 691696]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [21/11/2011 19.39.16 251560]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [16/12/2009 17.38.20 375296]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [16/12/2009 9.11.06 65856]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [21/11/2011 19.39.19 160576]
R2 VmbService;Servizio Vodafone Mobile Broadband;c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [08/09/2010 16.44.16 8704]
R3 cpuz135;cpuz135;\??\c:\docume~1\utente\IMPOST~1\Temp\cpuz135\cpuz135_x32.sys
c:\docume~1\utente\IMPOST~1\Temp\cpuz135\cpuz135_x32.sys ![[?]](http://www.megalab.it/forum/images/smilies/confused.gif "Confuso")
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [21/11/2011 19.37.23 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [21/11/2011 19.37.23 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [21/11/2011 19.37.18 125248]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [05/01/2010 15.21.18 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [05/01/2010 15.21.17 8278]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01/09/2010 14.33.12 80000]
S2 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;c:\programmi\MAGIX\PC_Check_Tuning_2012_Download-Version\MXSAS.exe [25/09/2011 15.06.46 181248]
S3 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [27/04/2010 9.52.38 135664]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [27/04/2010 9.52.38 135664]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [24/07/2010 8.17.30 105344]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [21/11/2011 19.37.23 57536]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [01/09/2010 14.33.10 85888]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [01/09/2010 14.33.12 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [01/09/2010 14.33.12 9728]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\programmi\BatteryCare\WinRing0.sys c:\programmi\BatteryCare\WinRing0.sys
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-27 08:52]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-27 08:52]
.
2011-11-29 c:\windows\Tasks\RealPlayer (32-bit) MAGIX PCCT.job
- c:\programmi\real\realplayer\update\realsched.exe [2010-12-23 22:34]
.
2011-12-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1637723038-682003330-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-12-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1637723038-682003330-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-12-10 c:\windows\Tasks\User_Feed_Synchronization-{F7087696-FF25-4B40-9A30-CC5F075FC92E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.diretta.it/
mStart Page = hxxp://www.bigseekpro.com/kcsoftwares/{908C7B9E-6226-476D-810C-92AC9C14DB26}
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
IE: Scarica tutto usando BitComet - c:\programmi\BitComet\BitComet.exe/AddAllLink.htm
IE: Scarica usando &BitComet - c:\programmi\BitComet\BitComet.exe/AddLink.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FA654601-BC58-4549-9C50-334003E74A77}: NameServer = 192.168.1.1
DPF: {F9BF64A0-5A65-43E0-ACDB-B223E7F9DDD9} - hxxp://camera.aplevante.org/WEBWATCH2.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM_ActiveSetup-{F3F9B82E-834D-4BC1-8C1B-8D010E016873} -SOFTWARE\Microsoft\Active Setup\Installed Components\{F3F9B82E-834D-4BC1-8C1B-8D010E016873}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 11:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2080AH_PL rev.000000A0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
error: Read Una periferica collegata al sistema non è in funzione.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86CE531B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\ping.exe
.
**************************************************************************
.
Ora fine scansione: 2011-12-10 11:43:45 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-12-10 10:43
.
Pre-Run: 5.711.863.808 byte disponibili
Post-Run: 5.876.473.856 byte disponibili
.
- - End Of File - - A6B71E41EDC6E9BA552D9D81E0BED513
Webroot AntiZeroAccess 0.8 Log File
Execution time: 10/12/2011 - 12:03
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
12:03:49 - CheckSystem - Begin to check system...
12:03:49 - OpenRootDrive - Opening system root volume and physical drive....
12:03:49 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x0950A5C1 sectors.
12:03:49 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
12:03:49 - InstallAndStartDriver - Main driver was installed and now is running.
12:03:49 - CheckSystem - Disk class driver state is OK.
12:03:54 - CheckFile - Unable to read "sptd.sys" file. CreateFile last eror: 0x00000020.
12:03:56 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
12:03:56 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
12:03:56 - Execution Ended!
Avast AntiRootkit
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-10 12:02:13
-----------------------------
12:02:13.859 OS Version: Windows 5.1.2600 Service Pack 3
12:02:13.859 Number of processors: 2 586 0xE08
12:02:13.859 ComputerName: UTENTE-89A3A331 UserName: utente
12:02:14.281 Initialize success
12:02:46.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
12:02:46.750 Disk 0 Vendor: FUJITSU_MHV2080AH_PL 000000A0 Size: 76319MB BusType: 3
12:02:46.750 Device \Driver\atapi -> DriverStartIo 86ce531b
12:02:48.750 Disk 0 MBR read successfully
12:02:48.750 Disk 0 MBR scan
12:02:48.750 Disk 0 TDL4@MBR code has been found
12:02:48.750 Disk 0 Windows XP default MBR code found via API
12:02:48.750 Disk 0 MBR hidden
12:02:48.750 Disk 0 MBR [TDL4] **ROOTKIT**
12:02:48.750 Disk 0 trace - called modules:
12:02:48.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86ce54d0]<<
12:02:48.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c82ab8]
12:02:48.750 3 CLASSPNP.SYS[f75e7fd7] -> nt!IofCallDriver -> \Device\00000082[0x86d219e8]
12:02:48.750 5 ACPI.sys[f7353620] -> nt!IofCallDriver -> [0x86d21d98]
12:02:48.750 \Driver\atapi[0x86de0b78] -> IRP_MJ_CREATE -> 0x86ce54d0
12:02:48.750 Scan finished successfully
12:03:16.453 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
12:03:16.468 The log file has been saved successfully to "C:\aswMBR.txt"
System Look
SystemLook 30.07.11 by jpshortstuff
Log created at 12:14 on 10/12/2011 by utente
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]
"DisplayName"="AFD"
"Description"="Ambiente supporto di rete AFD"
"Group"="TDI"
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)
"ErrorControl"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters]
(No values found)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Security]
"Security"=01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Enum]
"0"="Root\LEGACY_AFD\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD]
"NextInstance"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD\0000]
"Service"="AFD"
"Legacy"= 0x0000000001 (1)
"ConfigFlags"= 0x0000000020 (32)
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AFD"
"Capabilities"= 0x0000000000 (0)
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD\0000\LogConf]
(No values found)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD\0000\Control]
"ActiveService"="AFD"
-= EOF =-
ComboFix
ComboFix 11-12-10.01 - utente 10/12/2011 11.15.00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.688 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\CF.exe
AV: AntiVir Desktop *Disabled/Outdated* {7698207D-3A48-003E-AC1D-9876381E9876}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-14EF-9D7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
* Creato nuovo punto di ripristino
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\utente\Dati applicazioni\Remote
c:\documents and settings\utente\Dati applicazioni\Remote\fboyfw_shrd
c:\documents and settings\utente\Dati applicazioni\Remote\isvy
c:\documents and settings\utente\Dati applicazioni\Remote\mnj.dat
c:\documents and settings\utente\Dati applicazioni\Remote\mxd1.txt
c:\documents and settings\utente\Dati applicazioni\Remote\ppkk.dat
c:\documents and settings\utente\Dati applicazioni\Remote\xnhrr.dat
c:\documents and settings\utente\Dati applicazioni\Toolbar4
c:\programmi\Search Settings
c:\programmi\Search Settings\SearchSettingsRes409.dll
c:\windows\$NtUninstallKB56021$
c:\windows\$NtUninstallKB56021$\2808172476
c:\windows\$NtUninstallKB56021$\4008064051\@
c:\windows\$NtUninstallKB56021$\4008064051\cfg.ini
c:\windows\$NtUninstallKB56021$\4008064051\Desktop.ini
c:\windows\$NtUninstallKB56021$\4008064051\keywords
c:\windows\$NtUninstallKB56021$\4008064051\L\nbsmnofz
c:\windows\$NtUninstallKB56021$\4008064051\U\00000001.@
c:\windows\$NtUninstallKB56021$\4008064051\U\00000002.@
c:\windows\$NtUninstallKB56021$\4008064051\U\00000004.@
c:\windows\$NtUninstallKB56021$\4008064051\U\80000000.@
c:\windows\$NtUninstallKB56021$\4008064051\U\80000004.@
c:\windows\$NtUninstallKB56021$\4008064051\U\80000032.@
C:\WinLogon
c:\winlogon\37D497253F38BEE
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-10 al 2011-12-10 )))))))))))))))))))))))))))))))))))
.
.
2011-12-10 09:58 . 2011-12-10 09:59 6160 ----a-w- C:\cc_20111210_105855.reg
2011-12-10 09:27 . 2011-07-25 19:42 1008041 ----a-w- C:\iExplore.exe
2011-12-09 21:19 . 2011-12-09 21:19 -------- d-----w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\SanctionedMedia
2011-11-26 23:47 . 2011-11-26 23:47 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\MAGIX
2011-11-26 23:44 . 2011-11-26 23:44 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\OnDemandDump
2011-11-26 23:44 . 2011-11-26 23:44 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\CrashLog
2011-11-26 23:41 . 2011-11-26 23:42 -------- d-----w- c:\programmi\MAGIX
2011-11-26 23:41 . 2011-11-26 23:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MAGIX
2011-11-26 23:41 . 2011-11-26 23:41 -------- d-----w- c:\programmi\MSXML 4.0
2011-11-21 18:40 . 2011-11-21 18:41 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\PCToolsFirewallPlus
2011-11-21 18:39 . 2011-03-02 11:40 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-21 18:39 . 2010-03-29 10:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-21 18:39 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-21 18:37 . 2011-11-21 18:39 -------- d-----w- c:\programmi\File comuni\PC Tools
2011-11-21 18:37 . 2011-01-12 09:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-11-21 18:37 . 2010-07-08 07:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-11-21 18:37 . 2010-02-05 07:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-11-21 18:37 . 2011-01-17 07:11 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-11-21 18:37 . 2011-11-21 18:41 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2011-11-21 18:30 . 2011-11-21 18:30 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\Common Files
2011-11-21 18:30 . 2011-11-21 18:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2011-11-21 10:29 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-11-21 10:28 . 2011-11-21 10:28 -------- d-----w- c:\programmi\Microsoft Mathematics Add-in
2011-11-16 23:16 . 2011-11-16 23:16 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\KC Softwares
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 21:29 . 2011-06-18 21:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2010-01-05 12:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-03-02 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileBroadband"="c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"PC_Live"="c:\programmi\MAGIX\PC_Live\MxTray.exe" [2011-09-22 464472]
"TkBellExe"="c:\programmi\real\realplayer\update\realsched.exe" [2010-12-23 274608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2011-09-23 07:02 11515184 ----a-w- c:\programmi\BitComet\BitComet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2005-06-24 13:08 860160 ----a-w- c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\BitComet\\BitComet.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Glesius-IRC\\mIRC.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7750:TCP"= 7750:TCP:BitComet 7750 TCP
"7750:UDP"= 7750:UDP:BitComet 7750 UDP
"11955:TCP"= 11955:TCP:BitComet 11955 TCP
"11955:UDP"= 11955:UDP:BitComet 11955 UDP
"15605:TCP"= 15605:TCP:Soulseek TCP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/09/2010 17.38.02 691696]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [21/11/2011 19.39.16 251560]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [16/12/2009 17.38.20 375296]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [16/12/2009 9.11.06 65856]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [21/11/2011 19.39.19 160576]
R2 VmbService;Servizio Vodafone Mobile Broadband;c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [08/09/2010 16.44.16 8704]
R3 cpuz135;cpuz135;\??\c:\docume~1\utente\IMPOST~1\Temp\cpuz135\cpuz135_x32.sys
c:\docume~1\utente\IMPOST~1\Temp\cpuz135\cpuz135_x32.sys R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [21/11/2011 19.37.23 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [21/11/2011 19.37.23 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [21/11/2011 19.37.18 125248]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [05/01/2010 15.21.18 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [05/01/2010 15.21.17 8278]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01/09/2010 14.33.12 80000]
S2 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;c:\programmi\MAGIX\PC_Check_Tuning_2012_Download-Version\MXSAS.exe [25/09/2011 15.06.46 181248]
S3 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [27/04/2010 9.52.38 135664]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [27/04/2010 9.52.38 135664]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [24/07/2010 8.17.30 105344]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [21/11/2011 19.37.23 57536]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [01/09/2010 14.33.10 85888]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [01/09/2010 14.33.12 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [01/09/2010 14.33.12 9728]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\programmi\BatteryCare\WinRing0.sys
c:\programmi\BatteryCare\WinRing0.sys .
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-27 08:52]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-27 08:52]
.
2011-11-29 c:\windows\Tasks\RealPlayer (32-bit) MAGIX PCCT.job
- c:\programmi\real\realplayer\update\realsched.exe [2010-12-23 22:34]
.
2011-12-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1637723038-682003330-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-12-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1637723038-682003330-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-12-10 c:\windows\Tasks\User_Feed_Synchronization-{F7087696-FF25-4B40-9A30-CC5F075FC92E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.diretta.it/
mStart Page = hxxp://www.bigseekpro.com/kcsoftwares/{908C7B9E-6226-476D-810C-92AC9C14DB26}
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
IE: Scarica tutto usando BitComet - c:\programmi\BitComet\BitComet.exe/AddAllLink.htm
IE: Scarica usando &BitComet - c:\programmi\BitComet\BitComet.exe/AddLink.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FA654601-BC58-4549-9C50-334003E74A77}: NameServer = 192.168.1.1
DPF: {F9BF64A0-5A65-43E0-ACDB-B223E7F9DDD9} - hxxp://camera.aplevante.org/WEBWATCH2.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM_ActiveSetup-{F3F9B82E-834D-4BC1-8C1B-8D010E016873} -SOFTWARE\Microsoft\Active Setup\Installed Components\{F3F9B82E-834D-4BC1-8C1B-8D010E016873}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 11:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2080AH_PL rev.000000A0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
error: Read Una periferica collegata al sistema non è in funzione.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86CE531B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\ping.exe
.
**************************************************************************
.
Ora fine scansione: 2011-12-10 11:43:45 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-12-10 10:43
.
Pre-Run: 5.711.863.808 byte disponibili
Post-Run: 5.876.473.856 byte disponibili
.
- - End Of File - - A6B71E41EDC6E9BA552D9D81E0BED513
Ed infine ad ogni riavvio mi esce questa cosa qua(collegata alla Vodafone Key che uso per connettermi in mobilità):
http://imageshack.us/photo/my-images/83 ... inedt.jpg/
Spero di non aver infranto qualche regola del forum nella pubblicazione di quel macello di log...solo che in passato mi era capitato un problema simile con un altro virus e mi erano stati richiesti!
Se ho sbagliato qualcosa,scusatemi.
Però vi prego aiutatemi,non so come fare(ho XP).
![[grazie]](http://www.megalab.it/forum/images/smilies/Grazie.gif "Grazie")
PS=Se dai log trovate pagine/files "strani" o quant'altro è colpa di mio fratello
![[:p]](http://www.megalab.it/forum/images/smilies/thumbdown.gif "Contrario")
![[:)]](http://www.megalab.it/forum/images/smilies/smile.gif "Smile")
![[uhm]](http://www.megalab.it/forum/images/smilies/Dubbio.gif "Uhm...")
![[ciao]](http://www.megalab.it/forum/images/smilies/Ciao.gif "Ciao")
![[;)]](http://www.megalab.it/forum/images/smilies/wink.gif "Occhiolino")
![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")
