Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

due problemi: problemi con cmd.exe e windows firewall

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

due problemi: problemi con cmd.exe e windows firewall

Messaggioda JoJo » mer lug 15, 2009 11:26 am

Ciao a tutti. Vengo subito al sodo, vi scrivo perché da tempo riscontro due problemi al pc:

1) Se digito da esegui il comando cmd.exe, mi si apre la finestra del dos, compare una scritta e poi subito si richiude. Per capire cosa dice la scritta, ho tolto la spunta nella voce "Chiudi all'uscita" dalla scheda "Programma" delle proprietà del file CMD.EXE nella cartella system32.
Ho riaperto cmd.exe e la scritta dice: "Programma troppo grande per la memoria". Mentre nellla barra del titolo c'è scritto "Inattiva CMD.EXE". Il comando "comand.com" invece funziona.

2) Il secondo problema riguarda invece Windows Firewall: all'avvio di windows, nella trayicon compare lo scudo rosso del centro sicurezza che mi avverte che non c'è nessun firewall attivo. Andando a vedere dal centro sicurezza il firewall risulta disattivato; cliccando su consigli e poi su Attiva ora, mi appare il seguente messaggio:

"Impossibile attivare Windows Firewall. Per provare ad attivare il firewall manualmente, aprire Windows Firewall nel Pannello di controllo. Nella scheda Generale della finestra di dialogo Windows Firewall, selezionare Attivato (impostazione consigliata), quindi fare clic su OK."

Andando nelle impostazioni del firewall mi risulta impossibile attivarlo, in quanto le opzioni "Attivato" - "Disattivato" non sono selezionabili.
Ho provato anche a vedere se i servizi "Connessioni di rete" e "Windows Firewall" sono settati correttamente: risultano entrambi attivi.
Prima di rivolgermi a voi ho provato tempo fa a cercare delle soluzioni tramite google, ma non ho avuto successo.

A questo punto ho deciso di fare delle scansioni per verificaree la presenza di malware. Ho eseguito quindi delle scansioni complete del sistema con i seguenti software dopo averli aggiornati: Avira Antivir Personal 9, A - Squared Free 4.5.0.8, Malwarebytes 1.39, Virit Explorer (Lite) 6.4.59, Spyware Terminator 2.5.8.145, Panda Cloud Antivirus, Spybot Search and Destroy 1.6.2, Superantispyware Free 4.26.0.1006, Hijackthis 2.0.2.
Riporto di seguito i log generati dopo le scansioni:

Avira:

Avira AntiVir Personal
Report file date: martedì 14 luglio 2009 19:48

Scanning for 1521000 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PC-GIUSEPPE

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 03/06/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 10/06/2009 13:02:56
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 18:44:58
ANTIVIR2.VDF : 7.1.4.221 1273856 Bytes 12/07/2009 11:43:25
ANTIVIR3.VDF : 7.1.4.229 71680 Bytes 14/07/2009 08:06:10
Engineversion : 8.2.0.204
AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 12:51:08
AESCRIPT.DLL : 8.1.2.13 426362 Bytes 07/07/2009 12:10:44
AESCN.DLL : 8.1.2.3 127347 Bytes 15/05/2009 19:00:18
AERDL.DLL : 8.1.2.2 438642 Bytes 07/07/2009 12:10:42
AEPACK.DLL : 8.1.3.18 401783 Bytes 28/05/2009 13:00:14
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/06/2009 13:00:30
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 26/06/2009 18:32:13
AEHELP.DLL : 8.1.3.6 205174 Bytes 11/06/2009 13:00:14
AEGEN.DLL : 8.1.1.48 348532 Bytes 07/07/2009 12:10:41
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 28/05/2009 13:00:12
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 28/04/2009 13:32:53
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 10/06/2009 13:02:56
RCTEXT.DLL : 9.0.37.0 86785 Bytes 28/04/2009 13:32:53

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programmi\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, J:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: martedì 14 luglio 2009 19:48

Starting search for hidden objects.
'22726' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'PSANToManager.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'SysProtect_Tray.exe' - '1' Module(s) have been scanned
Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'KeePass.exe' - '1' Module(s) have been scanned
Scan process 'CnxDslTb.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'viritsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'SysProtect_srv.exe' - '1' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'PSANHost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '46' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'J:\'


End of the scan: martedì 14 luglio 2009 20:13
Used time: 25:07 Minute(s)

The scan has been done completely.

5989 Scanned directories
381037 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
381035 Files not concerned
2025 Archives were scanned
2 Warnings
1 Notes
22726 Objects were scanned with rootkit scan
0 Hidden objects were found


Malwarebytes':

Malwarebytes' Anti-Malware 1.39
Versione del database: 2424
Windows 5.1.2600 Service Pack 2

14/07/2009 14.23.25
mbam-log-2009-07-14 (14-23-25).txt

Tipo di scansione: Scansione completa (C:\|J:\|)
Elementi scansionati: 127408
Tempo trascorso: 1 hour(s), 23 minute(s), 43 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 9
Elementi dato del registro infetti: 0
Cartelle infette: 1
File infetti: 3

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Services (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Documents and Settings\Giuseppe\Dati applicazioni\nidle (Trojan.Agent) -> Quarantined and deleted successfully.

File infetti:
c:\programmi\filetype verificator\office.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ftv_office.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.


Virit:

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
25/04/2009 - 19:50:26

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 11914.
Files Totali: 11914.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
avgntflt - avgntflt - system32\DRIVERS\avgntflt.sys
avipbb - avipbb - system32\DRIVERS\avipbb.sys

OK
--------------------------------------------------------
26/04/2009 - 11:32:45

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 37.
Files Totali: 37.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
[Hidden Services]
avgntflt - avgntflt - system32\DRIVERS\avgntflt.sys
avipbb - avipbb - system32\DRIVERS\avipbb.sys

OK
--------------------------------------------------------
26/04/2009 - 21:44:15

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]
BOOT SECTOR: OK


[E:]
BOOT SECTOR: OK


[F:]
BOOT SECTOR: OK


[G:]
BOOT SECTOR: OK


[H:]


[I:]


[J:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[K:]


[L:]


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 41554.
Files Totali: 41554.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
[Hidden Services]
avgntflt - avgntflt - system32\DRIVERS\avgntflt.sys
avipbb - avipbb - system32\DRIVERS\avipbb.sys
SASDIFSV - SASDIFSV - \??\C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS

OK
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
avgntflt - avgntflt - system32\DRIVERS\avgntflt.sys
avipbb - avipbb - system32\DRIVERS\avipbb.sys

OK
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
avgntflt - avgntflt - system32\DRIVERS\avgntflt.sys
avipbb - avipbb - system32\DRIVERS\avipbb.sys

OK
--------------------------------------------------------
13/06/2009 - 09:03:03

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 149.
Files Totali: 149.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
[Hidden Services]
avgntflt - avgntflt - system32\DRIVERS\avgntflt.sys
avipbb - avipbb - system32\DRIVERS\avipbb.sys

OK
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
avgntflt - avgntflt - system32\DRIVERS\avgntflt.sys
avipbb - avipbb - system32\DRIVERS\avipbb.sys

OK
--------------------------------------------------------
10/07/2009 - 19:37:24

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]
BOOT SECTOR: OK


[E:]
BOOT SECTOR: OK


[F:]
BOOT SECTOR: OK


[G:]
BOOT SECTOR: OK


[H:]


[I:]


[J:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[K:]


[L:]


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 44960.
Files Totali: 44960.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
[Hidden Services]
avgntflt - avgntflt - system32\DRIVERS\avgntflt.sys
avipbb - avipbb - system32\DRIVERS\avipbb.sys

OK
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
avgntflt - avgntflt - system32\DRIVERS\avgntflt.sys
avipbb - avipbb - system32\DRIVERS\avipbb.sys

OK
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
utnzxtql - system32\drivers\plvf.sys

OK
--------------------------------------------------------
14/07/2009 - 15:20:21

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]
BOOT SECTOR: OK


[E:]
BOOT SECTOR: OK


[F:]
BOOT SECTOR: OK


[G:]
BOOT SECTOR: OK


[H:]


[I:]


[J:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[K:]


[L:]


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 43813.
Files Totali: 43813.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.


Spyware Terminator:

Logfile of Spyware Terminator v2.5.8.145 (db:3.007.010.000)
Scan Time: 14/07/2009 19.40.01 length: 442 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 61986 (Critical:0)
Filter: No System items, No Safe items, No Invalid items

Running Processes
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
agrsmsvc.exe [Agere Systems] : C:\Programmi\LSI SoftModem\agrsmsvc.exe
HPZipm12.exe [HP] : C:\WINDOWS\system32\HPZipm12.exe
StarWindServiceAE.exe [Rocket Division Software] : C:\Programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
viritsvc.exe [TG Soft Sas http://www.tgsoft.it] : C:\VEXPLITE\viritsvc.exe
CnxDslTb.exe [Conexant Systems Inc.] : C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
KeePass.exe [Dominik Reichl] : J:\Miei Software\KeePass-1.11\KeePass.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

StartUps
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, StartupDelayer : [r2 studios] : C:\Programmi\R2 STUDIOS\STARTUP DELAYER\STARTUP LAUNCHER GUI.EXE

Shell Extensions
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - [Alexander Roshal] : C:\Programmi\WinRAR\rarext.dll
- {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} - : C:\Programmi\TeraCopy\TeraCopy.dll
- {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} - : C:\Programmi\TeraCopy\TeraCopyExt.dll
AcDgnImageExtractor - {ADC46291-D8A1-4486-A24C-86FFB392AEFA} - [Autodesk] : C:\Programmi\File comuni\Autodesk Shared\AcDgnCOM17.dll
Cartelle condivise - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} - [Microsoft Corporation] : C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
AcSignIcon - {36A21736-36C2-4C11-8ACB-D4136F2B57BD} - [Autodesk, Inc.] : C:\WINDOWS\system32\AcSignIcon.dll
ACTHUMBNAIL - {AC1DB655-4F9A-4c39-8AD2-A65324A4C446} - [Autodesk, Inc.] : C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
AcColumnHandler - {8A0BC933-7552-42E2-A228-3BE055777227} - [Autodesk] : C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll
AcInfoTipHandler - {5800AD5B-72C1-477B-9A08-CA112DF06D97} - [Autodesk] : C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll
TuneUp Theme Extension - {44440D00-FF19-4AFC-B765-9A0970567D97} - [TuneUp Software GmbH] : C:\WINDOWS\system32\uxtuneup.dll

Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Programmi\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Programmi\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL

Services
23 - [Agere Systems] : C:\Programmi\LSI SoftModem\agrsmsvc.exe
23 - [Agere Systems] : C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23 - [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
23 - [GEAR Software Inc.] : C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23 - [Paragon Software Group] : C:\WINDOWS\system32\DRIVERS\hotcore3.sys
23 - [HP] : C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23 - [Ahead Software AG] : C:\WINDOWS\system32\Drivers\imagedrv.sys
23 - [Ahead Software AG] : C:\WINDOWS\system32\DRIVERS\imagesrv.sys
23 - [HP] : C:\WINDOWS\system32\HPZipm12.exe
23 - [Prevx] : C:\WINDOWS\system32\drivers\pxrts.sys
23 - [Prevx] : C:\WINDOWS\system32\drivers\pxscan.sys
23 - [Prevx] : C:\WINDOWS\system32\drivers\pxsec.sys
23 - : C:\WINDOWS\system32\Drivers\sptd.sys
23 - [Crawler.com] : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
23 - [Rocket Division Software] : C:\Programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
23 - [StorageCraft] : C:\WINDOWS\system32\DRIVERS\symsnap.sys
23 - [Paragon Software Group] : C:\WINDOWS\system32\DRIVERS\UimBus.sys
23 - [Paragon Software Group] : C:\WINDOWS\system32\Drivers\Uim_IM.sys
23 - [Symantec Corporation] : C:\WINDOWS\system32\DRIVERS\v2imount.sys
23 - [TG Soft S.a.s.] : C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
23 - [TG Soft Sas http://www.tgsoft.it] : C:\VEXPLITE\viritsvc.exe

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent, DLLName : [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.dll

Advanced Files Report
%SYSDIR%\Ati2evxx.dll [ATI Technologies Inc.] [ATI External Event Utility for NT, W2K and W9X] MD5=3AE252BE2E40DBA1252D63B60BD8DD94 SIZE=61440
%SYSDIR%\Ati2evxx.exe [ATI Technologies Inc.] [ATI External Event Utility for WindowsNT and Windows9X] MD5=B1C9B1A2EDD766FABFAEF059CB5D5A6E SIZE=405504
%SYSDIR%\Ati2edxx.dll [ATI Technologies, Inc.] [ATI External Device Utility] MD5=2B8F8E19CF979EEBD435154E75966F5E SIZE=40960
%SYSDIR%\uxtuneup.dll [TuneUp Software GmbH] [TuneUp Utilities] MD5=838C97B3D28BFEBDD11D12ADFE957004 SIZE=28416
%SYSDIR%\custmon32.dll MD5=852C0D9FB2CE2A529FBE0DE4B0A5F1C0 SIZE=86016
%SYSDIR%\hpzjrd01.dll [Hewlett Packard] [Hewlett Packard Rediscovery Library] MD5=16FC2C309998C6D55C182652D6A1C5B1 SIZE=139264
%SYSDIR%\hpzsnt12.dll [HP] [HP DeskJet] MD5=A2973A14FD05F6A5BD61F3528DFAE922 SIZE=180315
%SYSDIR%\pdfcmnnt.dll MD5=1574DD9D409F2DC45CF82C22B99164A4 SIZE=116224
%SYSDIR%\AcSignIcon.dll [Autodesk, Inc.] [AutoCAD] MD5=F28ADCF2E9B3574F25089A69B03DC756 SIZE=44648
%COMMONFILES%\Autodesk Shared\AcSignCore16.dll [Autodesk, Inc.] [AutoCAD] MD5=7F317D4826FDA6682B63942D248AF96E SIZE=325736
%COMMONFILES%\Adobe\Acrobat\ActiveX\PDFShell.ITA [Adobe Systems, Inc.] [Adobe PDF Shell Extension] MD5=1562865B44EA686BAF8436DDFE83911F SIZE=311296
%COMMONFILES%\Autodesk Shared\AcShellEx\AcShellExtension.dll [Autodesk] [AutoCAD] MD5=9F06182191C4D861EADAA5B9726F53D8 SIZE=103016
%PROGRAMFILES%\Ashampoo\Ashampoo WinOptimizer 5\ContextHandler.dll MD5=58268F9470D30670D6EEC137CBFC0F9F SIZE=609120
%PROGRAMFILES%\WinRAR\rarext.dll [Alexander Roshal] [WinRAR] MD5=F11FE030158F8EF14A56A3EA9E9BD47D SIZE=132608
%PROGRAMFILES%\TeraCopy\TeraCopyExt.dll MD5=771C906AA119777D3FE7377F9A6A19DC SIZE=305664
%COMMONFILES%\Autodesk Shared\dwf Common\DWFShellExtension.dll [Autodesk, Inc.] [Autodesk DWF Viewer] MD5=B8917A25F748C07D5FE671671AC413D8 SIZE=2915896
%COMMONFILES%\Autodesk Shared\dwf Common\DWFShellExtensionRes.dll [Autodesk, Inc.] [Autodesk DWF Viewer] MD5=2329A957B011A2E70C09547F87276CD5 SIZE=43600
%PROGRAMFILES%\TeraCopy\TeraCopy.dll MD5=AA03C330AC5E0CC34AD53F64250C718B SIZE=324608
%PROGRAMFILES%\LSI SoftModem\agrsmsvc.exe [Agere Systems] [Agere Soft Modem Call Progress Service] MD5=9C9D3B7A05445B1AB2DF4D0C4D6B77E8 SIZE=14336
%PROGRAMFILES%\Panda Security\Panda Cloud Antivirus\pksskp.dll [Panda Security, S.L.] [Panda Anti-Malware] MD5=A7A9F9D37633D82E0CA755F76C098899 SIZE=60472
%SYSDIR%\HPZipm12.exe [HP] [HP PML] MD5=9D84376931440F3679BEEF2A414FA493 SIZE=69632
%PROGRAMFILES%\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [Rocket Division Software] [StarWind Alcohol Edition] MD5=B1691AF4A072CB674D600DB16DD7308E SIZE=275968
%SystemDiskRoot%\VEXPLITE\viritsvc.exe [TG Soft Sas http://www.tgsoft.it] [TG Soft viritsvc] MD5=1B4A565FFC9A7FC4D659CE82199C1F3E SIZE=57344
%PROGRAMFILES%\digicomt\Michelangelo USB ADSL\CnxDslTb.exe [Conexant Systems Inc.] [Conexant AccessRunner ADSL] MD5=1AD45D56472D3C5B4ECD24610765C1D3 SIZE=462848
%PROGRAMFILES%\digicomt\Michelangelo USB ADSL\CnxDslWz.dll [Conexant Systems Inc.] [Conexant AccessRunner ADSL] MD5=FFF38DB5AC9358F958F8C336808F14A4 SIZE=430080
%SYSDIR%\CnxHwIo.dll [Conexant Systems Inc.] [Conexant AccessRunner ADSL] MD5=9B3923982DB727D947F23DE024747653 SIZE=163840
J:\Miei Software\KeePass-1.11\KeePass.exe [Dominik Reichl] [KeePass Password Safe 1.11] MD5=26D687D2A340F1E5E3E3C243EBFFE364 SIZE=743424
%APPDATA%\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MD5=11AB72D5D603DB401C190B454FB935A7 SIZE=117760
deskpan.dll
%COMMONFILES%\Autodesk Shared\AcDgnCOM17.dll [Autodesk] [AcDgnCOM Module] MD5=64140741D0295ABE833D6E72A64C2274 SIZE=19560
%PROGRAMFILES%\Windows Live\Messenger\fsshext.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=8BDE1F61DFBAAE7A2916170E8B75FE0F SIZE=329240
%COMMONFILES%\Autodesk Shared\Thumbnail\AcThumbnail16.dll [Autodesk, Inc.] [AutoCAD] MD5=8037A66AC428DF35662BF18F85859CFC SIZE=20072
%SYSDIR%\DRIVERS\AGRSM.sys [Agere Systems] [Agere SoftModem Driver] MD5=35C391E40471A0B479328FC7B1B5F40F SIZE=1204128
%SYSDIR%\drivers\ALCXWDM.SYS [Realtek Semiconductor Corp.] [Windows (R) WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab)] MD5=DD8520280304B6145A6BE31008748C7C SIZE=4122368
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\GEARAspiWDM.sys [GEAR Software Inc.] [CD DVD Filter] MD5=AB8A6A87D9D7255C3884D5B9541A6E80 SIZE=15464
%SYSDIR%\DRIVERS\hotcore3.sys [Paragon Software Group] [Paragon System Utilities] MD5=257F57981D2FA42051D8676B3543BBF5 SIZE=40464
%SYSDIR%\DRIVERS\HPZipr12.sys [HP] [HP Dot4Print] MD5=F7E3E9D50F9CD3DE28085A8FDAA0A1C3 SIZE=16496
%SYSDIR%\Drivers\imagedrv.sys [Ahead Software AG] [Nero ImageDrive] MD5=25EDD75E23C5EF6B33D0FBCCE125A601 SIZE=5888
%SYSDIR%\DRIVERS\imagesrv.sys [Ahead Software AG] [Nero ImageDrive] MD5=9C4BBACF4E9B9543C3CE23F1FE556941 SIZE=127488
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\drivers\pxrts.sys [Prevx] [Prevx Edge] MD5=1D46A1670B06F97B4E77D2340E4D83DC SIZE=16904
%SYSDIR%\drivers\pxscan.sys [Prevx] [Prevx 3.0] MD5=A5B3922B9F821FC8FF2821423E40026C SIZE=22024
%SYSDIR%\drivers\pxsec.sys [Prevx] [Prevx 3.0] MD5=6613BBED3B306AEE00D8A7B8D4CAD5CD SIZE=27656
%SYSDIR%\svchost -k rpcss
%SYSDIR%\Drivers\sptd.sys SIZE=717296
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\DRIVERS\symsnap.sys [StorageCraft] [StorageCraft Volume Snap-Shot Development Edition] MD5=C9273531EAC75EE225E3170FB6107FA3 SIZE=136416
%SYSDIR%\DRIVERS\UimBus.sys [Paragon Software Group] [Paragon System Utilities] MD5=78B63388550028AED6C52F843ABF6000 SIZE=33072
%SYSDIR%\Drivers\Uim_IM.sys [Paragon Software Group] [Paragon System Utilities] MD5=3412EFAF3CB0B6C21818A3C407714CA1 SIZE=130688
%SYSDIR%\DRIVERS\v2imount.sys [Symantec Corporation] [Symantec Virtual Volume Mounting Driver Development Edition] MD5=B4D63048D6358E7C6AB61B98B8CFF263 SIZE=38112
%SYSDIR%\drivers\VIRAGTLT.SYS [TG Soft S.a.s.] [VirIT Agent System] MD5=D35773E9BD6D463ACC593BC27ABE26BB SIZE=41728
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=56319E6B4D190A2DEB4463A9CE4D4F74 SIZE=66072
%COMMONFILES%\Microsoft Shared\Web Components\10\OWC10.DLL [Microsoft Corporation] [Microsoft Office XP] MD5=AA2204BD7F9FBFAA09EF15C212A67D69 SIZE=7255384

End of Report


Superantispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/14/2009 at 12:19 PM

Application Version : 4.26.1006

Core Rules Database Version : 3992
Trace Rules Database Version: 1932

Scan type : Complete Scan
Total Scan Time : 01:49:44

Memory items scanned : 232
Memory threats detected : 0
Registry items scanned : 6552
Registry threats detected : 19
File items scanned : 15117
File threats detected : 3

Trojan.Agent/Gen-NIDLE
[nidle] C:\DOCUMENTS AND SETTINGS\GIUSEPPE\DATI APPLICAZIONI\NIDLE\NIDLE.EXE
C:\DOCUMENTS AND SETTINGS\GIUSEPPE\DATI APPLICAZIONI\NIDLE\NIDLE.EXE
[nidle] C:\DOCUMENTS AND SETTINGS\GIUSEPPE\DATI APPLICAZIONI\NIDLE\NIDLE.EXE

Trojan.Agent/Gen-FraudLoad
HKLM\System\ControlSet001\Services\tdctxte
C:\WINDOWS\SYSTEM32\TDCTXTE.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_tdctxte
HKLM\System\CurrentControlSet\Services\tdctxte
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_tdctxte

Trojan.Agent/Gen-SOPIDKC
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte#Type
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte#Start
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte\Enum
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte\Security
HKLM\SYSTEM\CurrentControlSet\Services\tdctxte\Security#Security

Rootkit.Agent/Gen-DXO
C:\WINDOWS\SYSTEM32\DXONOOL32.SYS


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.15.09, on 14/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\LSI SoftModem\agrsmsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\System Protect\SysProtect_srv.exe
C:\Programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
J:\Miei Software\KeePass-1.11\KeePass.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\System Protect\SysProtect_Tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Programmi\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_13) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0292551229960682) (0292551229960682mcinstcleanup) - - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Programmi\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - C:\Programmi\System Protect\SysProtect_srv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 6978 bytes


Il log di asquared non sono riuscito a prelevarlo, ma non ha trovato niente; Spybot e Panda non hanno trovato niente.

Le scansioni con Superantispyware, Malwarebytes' e Virit le ho eseguite in modalità provvisoria.
Per quanto riguarda il sistema uso Windows XP Professional Service Pack 2.

Lo so forse ho dato troppe informazioni e sono stato prolisso come al solito.
Vi ringrazio in anticipo per l'aiuto.

P.S. I malware trovati li ho messi tutti in quarantena, ma i problemi che vi ho descritto prima non sono stati risolti, quindi forse non è questione di virus.
Avatar utente
JoJo
 
Top

Re: due problemi: problemi con cmd.exe e windows firewall

Messaggioda Amantide » mar lug 21, 2009 5:36 pm

Non mi prendere per matta, ma ti chiederei di postare il log di scansione con un'altro programma. [:D]

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Re: due problemi: problemi con cmd.exe e windows firewall

Messaggioda JoJo » mer lug 22, 2009 3:22 pm

Grazie per l'interessamento; comunque non ti prendo per matta.
Mi dispiace ma ho risolto i problemi proprio oggi (ci avevo ormai rinuciato) direi quasi per caso. A questo punto mi sembra doveroso postare le soluzioni: il problema di cmd l'ho risolto installando il Service Pack 3 per windows xp (lo so, forse avrei dovuto farlo molto tempo fa, ma avevo letto che poteva causare dei problemi; per questo ho aspettato tanto).
Per il problema del firewall ho eliminato la chiave di registro HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall come descritto in questo articolo http://www.gianniamato.it/2007/04/ripri ... ewall.html. Non so perché non mi sono accorto imbattuto prima in questo articolo!!!
Comunque grazie ancora per l'interessamento; mi dispiace solo di averti fatto perdere un po di tempo.
Ciao.
Avatar utente
JoJo
 
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 13 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising