www.MegaLab.it

da **mitrha** » gio feb 20, 2014 10:04 pm

Ciao a tutti, il mio PC è instabile ma nessun antivirus trova niente ne MbaM ne Sophos vi posto un log di aswMBR:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-11 22:45:14
-----------------------------
22:45:14.870 OS Version: Windows 5.1.2600 Service Pack 3
22:45:14.870 Number of processors: 1 586 0x2F02
22:45:14.870 ComputerName: E774BAE2 UserName: Fabio
22:45:15.167 Initialize success
22:57:36.573 AVAST engine defs: 14021101
23:45:43.526 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
23:45:43.526 Disk 0 Vendor: WDC_WD2000BB-55GUC0 08.02D08 Size: 190782MB BusType: 3
23:45:43.745 Disk 0 MBR read successfully
23:45:43.745 Disk 0 MBR scan
23:45:43.760 Disk 0 Windows XP default MBR code
23:45:43.760 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190771 MB offset 63
23:45:43.760 Disk 0 scanning sectors +390700800
23:45:43.932 Disk 0 scanning C:\WINDOWS\system32\drivers
23:46:05.948 Service scanning
23:46:22.182 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:46:27.995 Modules scanning
23:46:37.135 Module: C:\WINDOWS\System32\Drivers\nvatabus.sys **SUSPICIOUS**
23:46:43.479 Disk 0 trace - called modules:
23:46:43.526 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys sptd.sys
23:46:43.542 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870a0600]
23:46:43.557 3 CLASSPNP.SYS[f76bcfd7] -> nt!IofCallDriver -> \Device\0000006a[0x870e2b18]
23:46:43.573 5 ACPI.sys[f7423620] -> nt!IofCallDriver -> \Device\00000068[0x870ab030]
23:46:43.932 AVAST engine scan C:\WINDOWS
23:46:48.635 AVAST engine scan C:\WINDOWS\system32
23:50:03.917 AVAST engine scan C:\WINDOWS\system32\drivers
23:50:27.589 AVAST engine scan C:\Documents and Settings\Manuel Valori.E774BAE2
00:06:13.807 AVAST engine scan C:\Documents and Settings\All Users
00:07:02.854 Scan finished successfully
00:08:20.635 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Manuel Valori.E774BAE2\Desktop\MBR.dat"
00:08:20.635 The log file has been saved successfully to "C:\Documents and Settings\Manuel Valori.E774BAE2\Desktop\aswMBR.txt"

Spero che possiate aiutarmi... [^]

da **mitrha** » sab feb 22, 2014 12:36 am

Ecco un log di Combofix:

ComboFix 14-02-20.01 - Fabio 21/02/2014 1.24.46.11.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.732 [GMT 1:00]
Eseguito da: c:\documents and settings\Manuel Valori.E774BAE2\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Disabled/Outdated* {7698207D-3A00-003E-AC1D-9876381E9876}
AV: AntiVir Desktop *Enabled/Updated* {0012F220-F65C-7C91-61F6-917C340000C0}
AV: Avira Desktop *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\inst.exe
c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\vso_ts_preview.xml
C:\nonficker.dll
c:\programmi\WinRAR\Leggimi.Txt
c:\programmi\WinRAR\Leggimi_1a.Txt
c:\programmi\WinRAR\Licenza.Txt
c:\programmi\WinRAR\NoteTecniche.Txt
c:\programmi\WinRAR\Ordin.htm
c:\programmi\WinRAR\Ordina.htm
c:\programmi\WinRAR\SorgUnRAR.Txt
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\kmon.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\ssprs.dll
c:\windows\system32\tmpPrst.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AAAAANONFICKER
-------\Service_aaaaanonficker
.
.
((((((((((((((((((((((((( Files Creati Da 2014-01-21 al 2014-02-21 )))))))))))))))))))))))))))))))))))
.
.
2014-02-21 00:16 . 2014-02-21 00:16 -------- d--h--w- c:\documents and settings\Manuel Valori.E774BAE2\Risorse di stampa
2014-02-21 00:16 . 2014-02-21 00:16 -------- d--h--w- c:\documents and settings\Manuel Valori.E774BAE2\Risorse di rete
2014-02-21 00:16 . 2014-02-21 00:16 -------- d-----w- c:\documents and settings\All Users\Preferiti
2014-02-20 22:23 . 2014-02-20 22:23 -------- d-----w- c:\documents and settings\Manuel Valori.E774BAE2\.thumbnails
2014-02-20 22:00 . 2014-02-20 22:30 -------- d-----w- c:\documents and settings\Manuel Valori.E774BAE2\.gimp-2.8
2014-02-20 15:41 . 2014-02-20 15:41 -------- d-----w- c:\windows\LastGood
2014-02-20 14:08 . 2014-02-20 14:08 65536 ----a-r- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-02-20 14:08 . 2014-02-20 14:08 65536 ----a-r- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-02-20 14:08 . 2014-02-20 14:08 65536 ----a-r- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe
2014-02-19 17:46 . 2014-02-19 17:46 -------- d-----w- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Avira
2014-02-19 17:40 . 2014-02-19 17:40 -------- d-----w- c:\windows\system32\wbem\mof\good
2014-02-19 17:40 . 2014-02-19 17:40 -------- d-----w- c:\windows\system32\wbem\mof\bad
2014-02-19 17:39 . 2014-02-20 11:57 -------- d--h--w- c:\documents and settings\Manuel Valori.E774BAE2\Modelli
2014-02-19 01:02 . 2014-02-19 17:44 -------- d-----w- c:\windows\system32\wbem\Logs
2014-02-15 23:36 . 2014-02-20 00:35 -------- d-----w- c:\windows\sd
2014-02-15 18:17 . 2014-02-19 00:59 -------- d-----w- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Disk Cleaner
2014-02-15 18:06 . 2014-02-15 18:06 -------- d-----w- C:\56cb05a8670b8a8bc494b8cde62b2f
2014-02-14 23:53 . 2014-02-14 23:53 -------- d-----w- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Ableton
2014-02-14 21:50 . 2014-02-14 21:50 -------- d-----w- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Canneverbe Limited
2014-02-13 21:01 . 2014-02-14 12:26 -------- d-----w- c:\programmi\BringStar
2014-02-13 21:00 . 2014-02-13 21:00 -------- d-----w- c:\programmi\RefreshPC
2014-02-13 21:00 . 2002-06-13 13:02 32768 ----a-w- c:\windows\system32\svcmgr.ocx
2014-02-13 20:08 . 2014-02-13 20:08 -------- d-----w- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\GlarySoft
2014-02-12 20:40 . 2014-02-12 20:40 -------- d-----w- c:\programmi\Yamaha
2014-02-12 20:40 . 2014-02-12 20:40 -------- d-----w- c:\programmi\File comuni\Steinberg
2014-02-11 23:17 . 2010-08-01 21:36 80384 ----a-w- C:\MBRCheck.exe
2014-02-10 22:57 . 2014-02-11 17:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-09 16:06 . 2014-02-09 16:06 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-02-09 15:46 . 2014-02-09 15:46 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-08 18:18 . 2014-02-09 15:46 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-08 17:35 . 2014-02-19 17:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OnlineArmor
2014-02-08 17:35 . 2014-02-08 17:35 -------- d-----w- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\OnlineArmor
2014-02-08 17:34 . 2013-10-11 02:41 44984 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2014-02-08 17:34 . 2013-10-11 02:40 34856 ----a-w- c:\windows\system32\drivers\OAmon.sys
2014-02-08 17:34 . 2013-10-11 02:40 31912 ----a-w- c:\windows\system32\drivers\OAnet.sys
2014-02-08 17:34 . 2013-10-11 02:40 210360 ----a-w- c:\windows\system32\drivers\OADriver.sys
2014-02-08 17:34 . 2014-02-20 20:30 -------- d-----w- c:\programmi\Online Armor
2014-02-08 01:43 . 2014-02-08 01:43 -------- d-----w- C:\TDSSKiller_Quarantine
2014-02-08 01:08 . 2014-02-08 01:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sophos
2014-02-08 01:08 . 2014-02-08 01:08 73728 ----a-r- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-02-08 01:08 . 2014-02-08 01:08 73728 ----a-r- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-02-08 01:08 . 2014-02-08 01:08 73728 ----a-r- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-02-08 01:07 . 2014-02-20 14:08 -------- d-----w- c:\programmi\Sophos
2014-02-08 01:05 . 2014-02-08 01:05 -------- d-----w- c:\documents and settings\All Users\GlarySoft
2014-02-07 12:26 . 2014-01-22 01:16 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-02-07 12:26 . 2014-02-15 18:31 -------- d-----w- c:\programmi\Glary Utilities 4
2014-02-06 18:56 . 2014-02-06 18:56 -------- d-----w- c:\programmi\HitmanPro
2014-02-06 18:51 . 2014-02-07 00:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitmanPro
2014-02-06 17:11 . 2014-02-06 17:11 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2014-02-06 17:11 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-05 18:26 . 2014-02-05 18:26 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2014-02-05 18:26 . 2008-06-10 20:53 580096 ----a-w- c:\windows\system32\drivers\rt2870.sys
2014-02-03 20:31 . 2014-02-03 20:31 -------- d-----w- c:\windows\system32\wbem\Repository
2014-02-03 20:28 . 2014-02-03 20:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ralink Driver
2014-02-03 20:28 . 2014-02-03 20:28 -------- d-----w- c:\programmi\RALINK
2014-02-03 19:32 . 2008-06-16 13:57 4096 ----a-w- c:\windows\system32\drivers\rt2870.bin
2014-02-03 19:32 . 2005-11-30 10:33 2048 ----a-w- c:\windows\system32\drivers\rt73.bin
2014-02-02 05:00 . 2014-02-02 05:00 -------- d-----w- c:\documents and settings\Manuel Valori.E774BAE2\Impostazioni locali\Dati applicazioni\4kdownload.com
2014-02-02 04:40 . 2014-02-02 04:40 -------- d-----w- c:\programmi\4KDownload
2014-02-02 04:09 . 2014-02-02 04:09 -------- d-----w- c:\programmi\ScanSoft
2014-02-02 00:17 . 2014-02-02 00:17 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\COMODO
2014-02-02 00:17 . 2014-02-02 00:17 0 ----a-w- c:\windows\ativpsrm.bin
2014-02-02 00:04 . 2014-02-02 00:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2014-02-02 00:00 . 2014-02-08 01:05 -------- d-----w- c:\documents and settings\Manuel Valori.E774BAE2\Impostazioni locali\Dati applicazioni\COMODO
2014-02-02 00:00 . 2014-02-02 00:00 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-02-01 21:25 . 2014-02-01 21:25 -------- d-----w- c:\programmi\File comuni\Java
2014-02-01 21:25 . 2013-12-18 20:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-01 12:12 . 2014-02-15 18:20 -------- d-----w- C:\AdwCleaner
2014-02-01 02:25 . 2014-02-01 02:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2014-01-31 23:37 . 2014-01-31 23:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AskPartnerNetwork
2014-01-31 19:56 . 2013-12-13 14:04 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-01-31 19:56 . 2013-12-13 14:04 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-01-31 19:56 . 2013-12-13 14:04 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-01-31 19:56 . 2014-01-31 19:56 -------- d-----w- c:\programmi\Avira
2014-01-31 19:45 . 2012-01-30 16:23 151552 ----a-w- c:\windows\system32\RalinkGina.dll
2014-01-31 19:45 . 2011-05-04 12:56 1608768 ----a-w- c:\windows\system32\RaCertMgr.dll
2014-01-31 19:45 . 2011-05-04 12:47 2178112 ----a-w- c:\windows\system32\Scutum.dll
2014-01-31 19:45 . 2010-07-01 16:09 185696 ----a-w- c:\windows\system32\W32N55.dll
2014-01-31 19:45 . 2010-06-29 09:34 480608 ----a-w- c:\windows\system32\DiagFunc.dll
2014-01-31 19:45 . 2009-11-13 12:42 34080 ----a-w- c:\windows\system32\CTAAEI.dll
2014-01-31 19:45 . 2009-04-21 14:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2014-01-31 19:44 . 2008-06-10 20:52 438272 ----a-w- c:\windows\system32\RaCoInst.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-11 17:47 . 2011-05-15 15:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 23:20 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:19 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:19 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:18 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:25 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2014-01-04 03:12 . 2006-03-02 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-31 00:18 . 2013-12-30 23:57 45056 ----a-r- c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Microsoft\Installer\{597BF944-30BE-4E43-854E-F11D066CEC5B}\ARPPRODUCTICON.exe
2013-12-18 19:46 . 2011-05-28 22:04 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-05 11:26 . 2006-03-02 12:00 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-11-27 20:21 . 2006-03-02 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2012-07-22 16:37 . 2012-07-22 16:37 136672 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2013-12-13 684600]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-07-02 254336]
"KORG USB-MIDI Driver"="c:\programmi\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2013-10-03 394096]
"@OnlineArmor GUI"="c:\programmi\Online Armor\OAui.exe" [2013-10-11 7558464]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2013-10-11 1033968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 17:14 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KORG USB-MIDI Driver]
2013-10-03 00:05 394096 ----a-w- c:\programmi\KORG\KORG USB-MIDI Driver\EsHelper2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\RALINK\\Common\\ApUI.exe"=
"c:\\Programmi\\RALINK\\Common\\RaMediaServer.exe"=
"c:\\Programmi\\RALINK\\Common\\RaUI.exe"=
.
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [08/02/2014 18.34.41 34856]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [08/02/2014 18.34.41 31912]
S0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys -->

c:\windows\system32\drivers\BootDefragDriver.sys [?]

S0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys -->

\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [31/01/2014 20.56.22 37352]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [08/02/2014 18.34.40 210360]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [08/02/2014 18.34.41 44984]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [31/01/2014 20.56.28 440376]
S2 AntiVirWebService;Avira Web Protection;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [31/01/2014 20.56.23 1011768]
S2 OAcat;Online Armor Helper Service;c:\programmi\Online Armor\oacat.exe [08/02/2014 18.34.34 584864]
S2 RaMediaServer;Ralink UPnP Media Server;c:\programmi\RALINK\Common\RaMediaServer.exe [31/01/2014 20.45.14 1863680]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [31/01/2014 20.45.10 19072]
S2 SvcOnlineArmor;Online Armor;c:\programmi\Online Armor\oasrv.exe [08/02/2014 18.34.34 4457688]
S2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [19/01/2012 21.51.14 17408]
S2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [19/01/2012 21.51.14 46592]
S2 Update BringStar;Update BringStar;c:\programmi\BringStar\updateBringStar.exe [13/02/2014 2.26.14 80672]
S2 Util BringStar;Util BringStar;c:\programmi\BringStar\bin\utilBringStar.exe [14/02/2014 13.26.06 80672]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [09/02/2014 17.06.59 30976]
S3 KeyControl25;Service for KeyControl25 Driver (WDM);c:\windows\system32\drivers\esikey25.sys [29/07/2012 10.56.14 52608]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [05/10/2012 1.14.00 24536]
S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [19/08/2012 12.31.19 41944]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [22/06/2011 22.55.10 47360]
S3 RDID1064;Roland MC-808;c:\windows\system32\drivers\Rdwm1064.sys [02/01/2014 4.02.21 79153]
S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [19/01/2012 21.51.14 116224]
S3 usbaucmd;usbaucmd;c:\windows\system32\drivers\usbaucmd.sys -->

c:\windows\system32\drivers\usbaucmd.sys [?]

S3 ysusb32;Yamaha Steinberg USB Audio;c:\windows\system32\drivers\ysusb32.sys [27/09/2012 11.38.38 91624]
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-10 17:47]
.
2014-02-20 c:\windows\Tasks\GlaryInitialize 4.job
- c:\programmi\Glary Utilities 4\Initialize.exe [2014-01-22 01:15]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Mozilla\Firefox\Profiles\noojsmhu.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - http://www.google.it
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-02-12 19:18; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\documents and settings\Manuel Valori.E774BAE2\Dati applicazioni\Mozilla\Firefox\Profiles\noojsmhu.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-mbamchameleon
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-21 01:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-261903793-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{85931272-7482-A030-A61B-2BDAA8BBE72F}*]
"hanmfcpejindfapk"=hex:69,61,65,65,64,65,68,6e,6a,61,6a,6f,6e,65,67,66,61,62,
00,00
"iapmpdpihbehbaipoa"=hex:69,61,65,65,64,65,68,6e,6a,61,6a,6f,6e,65,67,66,61,62,
00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*’|8[]]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"="\16"
"MFG"="?????"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\]???\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"\0c\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*’|`³g]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="?????"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\]???\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"\0c\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="0F76B6345D9EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6A0AC4980AC7933BA7FD869164D6794FBAA1211F9C560A6AEEC2F2A1B6594E866D978410A5DD7D1933E9C12B6E2E21BB31AC2C5DDA11BDD3DCB77961977E579E057FBFDCB35580D9AAAD1FEDB79B38614042570B6143039CEDB7BE32E7D9E0A2C663F989FDECE29B81E8EF96729CC5D516862B73234735D0F3B01648F01403C076746285B7687E0E25AB383F6BCE913388657A5512229973CCB81C84291BCD248FB46282B9AC28F22E05381F985393EA463142A69FC0FD32CB32AAA9EC1FDB7D58C297B0DEEB6B793FB353E345A5C178A495E15A26DD3A7C35DDB8453A7DF742D438FE4D31D0BFC6937D4E43C1167FC6F452C1E791B98497F76AD35625DB0BADE104A0DA64DDE28E76262080007E7EF6EA72CE0BE3376926E706801228336DC8E25DF8000B241276812C01E3D9D5818B4863F5917E8F6823403880F3ABBA8D473FA0BAFADFE388AD79D87FE0938AD3D843A77EAFB711B3D0828C06A2B2C32BC5BCC3B6E55E93C8639A283E8CAC04D4FB4609F5D3A06D389B31DF682C4007455A61812F56AAFBBF42001B2FCBD248FDE30D9B3D971E4885219E4C32BAD66030149A067E1B9101652B6DB4840F25144A2F34C63ED18CF9425A844F59B5F11664A4B6F433361CDA040B91CAD9CCCBEACF39321148D758AC7B5EA478CEE28B61A5BC94DE54E533024027BEC7CDF04E37FD0B304DD0F2761645AFBBBBF26A8128D84F2C9C27CD8065F01604006BA24BDE55B90E60EAB1E2021100B32782257E2253A0D397EE70A9B81CAE0484CC20DCD7DD87680A4039D992A73D98153AC7E6A3A13EF3174235745AF118B7E87F0719759B349C65596C0A21DC7C0C5226E3B7017CB080EB2A003DB84A6811E23A3D9237FFA7DF9894D72940E75AA5A6AF9003FFCC355EE7BBAA2B98B86F7283F9B2300E9DD9F99DDF074CE8386186365BF12A39E80EA36C62DA33F464C3861ADFDFB3B85344C6AA2B05BB1F8A81AC502998A7325A7F20C3F17C2D02A381FCFF7D4686C36F7B6F65D9F10A2DCB05A2C61C1D7832D0629DA417E93541F319DC1D88E4029D046A40CC3B14E0C1394128457D73CAEC48CDDD1E04B7CB603BE3AC540F9AE121F61F03A4543A85A716F91026FDECDD371CEF4E464C9B8E6260E0E3150CD3444DFAE895702138202C3FEBB19E5BEF355AB8267C9C62AD6D84F70C59A612424E54539EFFACC4115F448A78884AD42EF995D86407CB581B885B55A23DF00F8279FF3AE3B84AF576C2FB37083C36999500CE759A03C934796E587647A2169AF389E08DF959367BCEAAEAB834A96F6D7FC9A9F9EBC8C77D87AFAE4CBB541140C26920DC3BD0EE2C1C3744CB09106"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(316)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1304)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2014-02-21 01:38:37 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-02-21 00:38
.
Pre-Run: 74 406 821 888 byte disponibili
Post-Run: 74 663 825 408 byte disponibili
.
- - End Of File - - B7D7E002B55F3F4B7D8D572B2C13C4DE
828E02D5C4A4FBE53441EE9DBEE51F43

da **mitrha** » sab feb 22, 2014 1:46 pm

log HitmanPro:

Codice: Seleziona tutto: HitmanPro 3.7.9.212 www.hitmanpro.com Computer name . . . . : E774BAE2 Windows . . . . . . . : 5.1.3.2600.X86/1 Safe Mode Boot . . . : NETWORK User name . . . . . . : E774BAE2\Fabio License . . . . . . . : Trial (14 days left) Scan date . . . . . . : 2014-02-22 01:57:51 Scan mode . . . . . . : Normal Scan duration . . . . : 4m 53s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 871 116 Files scanned . . . . : 29 192 Remnants scanned . . : 106 612 files / 735 312 keys Suspicious files ____________________________________________________________ C:\WINDOWS\system32\drivers\2767017.sys Size . . . . . . . : 315 408 bytes Age . . . . . . . : 980.2 days (2011-06-17 20:08:12) Entropy . . . . . : 5.6 SHA-256 . . . . . : 3CD6FC7D650C8A93A13D3EEBA1F152790B15C30306FD48491F2EE0EE1E2BBD0F Product . . . . . : Kaspersky™ Anti-Virus ® Publisher . . . . : Kaspersky Lab Description . . . : Klif Mini-Filter [fre_wnet_x86] Version . . . . . : 8.4.0.101 Copyright . . . . : Copyright © Kaspersky Lab 1996-2009. RSA Key Size . . . : 1024 Authenticode . . . : Invalid Fuzzy . . . . . . : 22.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. The file is a device driver. Device drivers run as trusted (highly privileged) code. Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\c\ (Claro) Repairs _____________________________________________________________________ Server proxy in questo computer (Utente) localhost:8080

da **mitrha** » dom feb 23, 2014 9:37 pm

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1.38.41, on 20/02/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Online Armor\OAcat.exe
C:\Programmi\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\RALINK\Common\RalinkRegistryWriter.exe
C:\Programmi\BringStar\updateBringStar.exe
C:\Programmi\BringStar\bin\utilBringStar.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\Programmi\Online Armor\OAui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Online Armor\OAhlp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Manuel Valori.E774BAE2\desktop\barra\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KORG USB-MIDI Driver] C:\Programmi\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Programmi\Online Armor\OAui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Programmi\Online Armor\OAcat.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Programmi\RALINK\Common\RalinkRegistryWriter.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Ralink - C:\Programmi\RALINK\Common\RaMediaServer.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Programmi\Online Armor\oasrv.exe
O23 - Service: Update BringStar - Unknown owner - C:\Programmi\BringStar\updateBringStar.exe
O23 - Service: Util BringStar - Unknown owner - C:\Programmi\BringStar\bin\utilBringStar.exe

--
End of file - 5039 bytes

da **mitrha** » lun feb 24, 2014 11:07 pm

da **Hironori** » mar feb 25, 2014 10:06 am

non ne vedo , la scansione con gmer ( guarda il log di combofix) , non trova nulla mi pare ci sia sia solo un adware ( claro )

da **mitrha** » mar feb 25, 2014 9:21 pm

Quindi a cosa credi sia dovuto qiuesto calo repentino di prestazioni,anzi direi questo crollo!!Sopratutto il problema maggiore sono gli Update che proprio nn ne vogliono sapere di istallarsi!E comunque ci sono spesso schermate blu durante le quali il sistema esegue la scrittura di qualcosa... poi sono costretto a riavviare!

da **Hironori** » mar feb 25, 2014 10:10 pm

tutti gli aggiornamenti ?
Io ho formattato per poi accorgermi che un flat di collegamento di un hard disk faceva contatto male [B)]

Circa gli aggiornamenti si era verificato un problema ( ma non a tutti ) , appena mi torna in mente scrivo

da **Hironori** » mer feb 26, 2014 9:30 am

http://support.microsoft.com/kb/949104 prova a eseguire questo , soluzione generica
se ci vogliamo togliere tutti i dubbi su malware usa hitman pro http://www.surfright.nl/it/hitmanpro quando lo lanci tieni premuto il ctrl di sinistra ti dira che sono stati terminati tot servizi http://hitmanpro.wordpress.com/2010/03/ ... each-mode/

da **mitrha** » gio feb 27, 2014 7:26 pm

Hitmanpro l'ho già usato è nn ha trovato nulla,il fix che mi hai postato l'ho provato ma mi da errore,comunque li ho provati tutti e nn hanno funzionato.Gli update che nn si istallano e vengono riproposti continuamente sono relativi a Aggiornamento della sicurezza per Microsoft .NET Framework 2.0 su SP2 su Win Server 2003 e XP x86
Sono i seguenti: KB2604092;KB2729450;KB2742596;KB2789643;KB2844285;KB2863239;KB2898856;KB2901111;KB2836941.
comunque riproverò una scansione con HitmanPro perché nn ho più il log così posso postartelo perché se ricordo bene c'era comunque una traccia sospetta... [;)]

da **mitrha** » gio feb 27, 2014 8:44 pm

Tentando di istallare un Update (KB2604092) manualmente dopo averlo scaricato da Google ho ottenuto un errore irreversibile con conseguente istallazione fallita.
Ecco il log generato:

Action: Install patches
Entering Function: HotIron::Main::Run
(HotIron::Main::Run) new session
Entering Function: HotIron::MetaData::CreateMetaData
(HotIron::ElementUtils::GetOptionalAttributeByName) Optional attribute was not specified - Removable
(HotIron::ElementUtils::GetOptionalAttributeByName) Optional attribute was not specified - UseToDetermineApplicability
(HotIron::ElementUtils::GetOptionalAttributeByName) Optional attribute was not specified - LCIDHint
(HotIron::MetaData::CreateMetaData) succeeded
Entering Function: HotIron::CompositeInstaller::Install
(HotIron::CompositeInstaller::InstallMultiplePatches) about to install 1 patch(es)
Entering Function: HotIron::CBaseMspInstaller::Install
Entering Function: HotIron::MspInstallerT::PerformMsiOperation
Action: Install patches (c:\b725116251c327047b50cad2514a0aa8\NDP20SP2-KB2604092.msp) to Microsoft .NET Framework 2.0 Service Pack 2
(HotIron::MspInstallerT<class HotIron::ApplicablePatchPackages>::PerformMsiOperation) Calling MsiInstallProduct to apply patches {c:\b725116251c327047b50cad2514a0aa8\NDP20SP2-KB2604092.msp} to product {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.
(HotIron::MspInstallerT<class HotIron::ApplicablePatchPackages>::PerformMsiOperation) Patch (c:\b725116251c327047b50cad2514a0aa8\NDP20SP2-KB2604092.msp) install failed on product (Microsoft .NET Framework 2.0 Service Pack 2). Msi Log: Microsoft .NET Framework 2.0-KB2604092_20140227_193413803-Msi0.txt
(HotIron::MspInstallerT<class HotIron::ApplicablePatchPackages>::PerformMsiOperation) MsiInstallProduct returned 0x643
Entering Function: HotIron::MspInstallerT::Rollback
(HotIron::MspInstallerT<class HotIron::ApplicablePatchPackages>::Rollback)
Action complete. Log File: C:\DOCUME~1\MANUEL~1.E7~\IMPOST~1\Temp\Microsoft .NET Framework 2.0-KB2604092_20140227_193413803-Msi0.txt
(HotIron::MspInstallerT<class HotIron::ApplicablePatchPackages>::PerformMsiOperation) failed and rolled back
(HotIron::CBaseMspInstaller::Install) PerformMsiOperation returned 0x643
(HotIron::CBaseMspInstaller::Install) PerformMsiOperation returned 0x643
(HotIron::CompositeInstaller::Install) Composite Installer is reporting 0x80070643 - Errore irreversibile durante l'installazione.
(HotIron::CompositeInstaller::Install) Errore irreversibile durante l'installazione.

Leggendo nel sito mi sono imbattuto in una guida e mi è venuto un dubbio,è se fossi stato infettato da un Bootkit?? [;)]

da **mitrha** » ven feb 28, 2014 12:56 am

Questo è il log della scansione che ho fatto con aswMBR:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-11 22:45:14
-----------------------------
22:45:14.870 OS Version: Windows 5.1.2600 Service Pack 3
22:45:14.870 Number of processors: 1 586 0x2F02
22:45:14.870 ComputerName: E774BAE2 UserName: Fabio
22:45:15.167 Initialize success
22:57:36.573 AVAST engine defs: 14021101
23:45:43.526 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
23:45:43.526 Disk 0 Vendor: WDC_WD2000BB-55GUC0 08.02D08 Size: 190782MB

BusType: 3
23:45:43.745 Disk 0 MBR read successfully
23:45:43.745 Disk 0 MBR scan
23:45:43.760 Disk 0 Windows XP default MBR code
23:45:43.760 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190771 MB offset

63
23:45:43.760 Disk 0 scanning sectors +390700800
23:45:43.932 Disk 0 scanning C:\WINDOWS\system32\drivers
23:46:05.948 Service scanning
23:46:22.182 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED**

32
23:46:27.995 Modules scanning
23:46:37.135 Module: C:\WINDOWS\System32\Drivers\nvatabus.sys

**SUSPICIOUS**
23:46:43.479 Disk 0 trace - called modules:
23:46:43.526 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll

nvatabus.sys sptd.sys
23:46:43.542 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870a0600]
23:46:43.557 3 CLASSPNP.SYS[f76bcfd7] -> nt!IofCallDriver ->

\Device\0000006a[0x870e2b18]
23:46:43.573 5 ACPI.sys[f7423620] -> nt!IofCallDriver ->

\Device\00000068[0x870ab030]
23:46:43.932 AVAST engine scan C:\WINDOWS
23:46:48.635 AVAST engine scan C:\WINDOWS\system32
23:50:03.917 AVAST engine scan C:\WINDOWS\system32\drivers
23:50:27.589 AVAST engine scan C:\Documents and Settings\Manuel

Valori.E774BAE2
00:06:13.807 AVAST engine scan C:\Documents and Settings\All Users
00:07:02.854 Scan finished successfully
00:08:20.635 Disk 0 MBR has been saved successfully to "C:\Documents and

Settings\Manuel Valori.E774BAE2\Desktop\MBR.dat"
00:08:20.635 The log file has been saved successfully to "C:\Documents and

Settings\Manuel Valori.E774BAE2\Desktop\aswMBR.txt"

da **Hironori** » ven feb 28, 2014 10:04 am

http://blogs.msdn.com/b/astebner/archiv ... 04493.aspx una soluzione è usare questo toll per rimuovere tutti framework e istallarli ( provando dal + recente ) guardo una cosa sul mio pc ( scrivo dal lavoro ) mi pare di avere avuto parzialmente lo stesso problema , ho semplicemente impostato win update per non mostrarmeli + ma devo ricontrollare

da **mitrha** » ven feb 28, 2014 6:57 pm

ho semplicemente impostato win update per non mostrarmeli + ma devo ricontrollare

Ho fatto lo stesso ma magicamente riappaiono [bleh]

da **Hironori** » ven feb 28, 2014 7:21 pm

prova con tool sopra

da **mitrha** » ven feb 28, 2014 7:28 pm

Ho usato il tool il log è troppo lungo quindi allego il link se vuoi dargli un'occhiata.http://wikisend.com/download/397238/LogDisisNet.txt
Adesso provo a installare la vers + recente quindi [^]

Speriamo bene.

da **Hironori** » ven feb 28, 2014 7:31 pm

il succo mi sembra sia ho disinstallato il tutto , magari riavvia e poi procedi

da **mitrha** » dom mar 02, 2014 4:12 pm

Bene bene,il problema sembra finalmente essere risolto,ho usato il tool per eliminare tutti i Net Framework istallati sul PC, poi ho istallato il Framework 4 e quando mi suggeriva gli update ho proceduto all'istallazione che finalmente è andata a buon fine e nn si sono più riproposti. Ora però rimane il problema di capire cosa c'è che nn va nel sistema. Mi riferisco a questa probabile infezione subdola e nascosta. Rispetto a quando nn era stato collegato ad internet c'è stato un grave peggioramento ma appunto nulla è stato rilevato da antivirus antimalware e simili... Boh? continuano sporadici crash,problemi di connessione ( a volte si connette alla rete senza fili ma poi il browser nn riesce ad aprire nessuna pagina)lentissimo in avvio e sopratutto nello spegnimento. Alcune scansioni tipo Hitmanpro si impallano 3 volte su 4... [;)]

da **Hironori** » dom mar 02, 2014 11:03 pm

e un problema è cassato . . ti rispondo domani , dopo il lavoro , ora nanna

da **Hironori** » mar mar 04, 2014 2:04 pm

non per forza dietro a un calo di prestazioni è dovuto a un malware che tanto più non abbiamo ancora trovato . Se il pc è quello in firma ti consiglio di investire qualche euro in ram ( sul mio ho 2 banchi da 2 , xp ne vede 3,5 e si difende dignitosamente ).E' rimasto qualche aggiornamento in sospeso ? Lo chiedo perché il mio vecchio portatile quando si aggiornava in automatico rallentava fino alla inusabilità . Hai antivir e online armor ; disattivandolo noti significative differenze ? Ti consiglio solita pulizia con ccleaner o simili . Dai una occhiata al task manager , se navigando e basta se hai la cpu al 50% allora qualcosa è sfuggito

www.MegaLab.it

Possibile rootkit??

Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Re: Possibile rootkit??

Chi c’è in linea