www.MegaLab.it

[klaude4d]

Da qualche giorno quando accendo il pc 2 finestre browser Internet explorer si aprono in automatico, la prima fa riferimento ad una stringa che porta la dicitura ajrotator e una about.black pagina vuota, ho cercato in rete e pare si tratti di uno spyware, conoscete il modo di rimuoverlo? che spyware free buoni potrei installare? premetto che avira in modalità provvisoria con cartelle e file nascosti visibili non trova nulla.
Consigli ?

[ste_95]

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto

[LOG]qui va inserito il log[/LOG]

[klaude4d]

in provvisoria devo far girar combo o in modalita' normale?

[ste_95]

in provvisoria devo far girar combo o in modalita' normale?

E' indifferente.

[klaude4d]

lo faccio partire e mi dice in ingle: acluni file sono corrotti scaricare una versione piu aggiornata e ripetere installazione, sono entrato come amministratore e ho fatto clik destro esegui come amministratore, dopo aver scaricato la versione dal sito : http://www.combofix.org/ che mi riporta a http://www.bleepingcomputer.com/combofi ... e-combofix ma no va lo stesso come mai ?

[ste_95]

Scarica GMER, poi segui i seguenti passaggi:

--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.

--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.

[klaude4d]

ComboFix 09-12-10.01 - SS-dobermann-SS 11/12/2009 13.51.26.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3070.2262 [GMT 1:00]
Eseguito da: c:\users\SS-dobermann-SS\Desktop\dobermann.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {006135A8-077F-0000-0000-000000006100}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00310034-0034-0034-6300-630066003100}
SP: AntiVir Desktop *disabled* (Outdated) {006135A8-077F-0000-0000-000000006100}
SP: AntiVir Desktop *enabled* (Updated) {00310034-0034-0034-6300-630066003100}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

.
((((((((((((((((((((((((( Files Creati Da 2009-11-11 al 2009-12-11 )))))))))))))))))))))))))))))))))))
.

2009-12-11 09:08 . 2009-12-11 09:08 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Local\Western_Digital
2009-12-11 09:07 . 2009-12-11 09:07 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\Western Digital
2009-12-11 09:07 . 2009-12-11 09:07 -------- d-----w- c:\program files\Western Digital
2009-12-11 09:07 . 2009-12-11 09:07 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Local\Western DigitalTemp
2009-12-11 09:06 . 2009-12-11 09:06 -------- d-----w- c:\programdata\Western Digital
2009-12-11 08:25 . 2009-12-11 08:25 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Local\Western Digital
2009-12-10 23:47 . 2009-12-10 23:47 -------- d-----w- c:\program files\Marvell
2009-12-10 23:47 . 2009-12-10 23:48 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\TMP
2009-12-10 16:47 . 2009-12-10 16:47 -------- d-----w- c:\programdata\WindowsSearch
2009-12-10 13:09 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 13:09 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 13:09 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 03:32 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 03:32 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-10 02:43 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 01:52 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 22:48 . 2009-12-09 22:48 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\TIAB
2009-12-09 18:50 . 2009-12-09 18:49 24445536 ----a-w- c:\programdata\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\NokiaSoftwareUpdaterSetup_2.4.1IT.exe
2009-12-09 18:50 . 2009-12-09 18:50 36864 ----a-w- c:\programdata\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\Installer\CommonCustomActions\Sleep.exe
2009-12-09 18:50 . 2009-12-09 18:50 3351812 ----a-w- c:\programdata\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\Installer\CommonCustomActions\msxml6Exec.exe
2009-12-09 18:50 . 2009-12-09 18:50 3203453 ----a-w- c:\programdata\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\Installer\CommonCustomActions\vcredistExec.exe
2009-12-08 04:05 . 2009-12-08 11:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-08 02:03 . 2009-12-08 02:03 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-12-07 19:19 . 2009-12-07 19:51 -------- d-----w- c:\windows\Lhsp
2009-12-07 19:02 . 2009-12-07 19:03 -------- d-----w- c:\program files\NextUp Talker
2009-12-07 13:54 . 2009-12-08 04:04 -------- d-----w- c:\program files\Microsoft
2009-12-07 12:16 . 2009-12-07 12:16 -------- d-----w- c:\program files\Trend Micro
2009-12-06 16:58 . 2009-12-06 16:58 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\Ahead
2009-12-06 16:39 . 2009-12-06 16:39 -------- d-----w- c:\program files\PSM5
2009-12-03 05:20 . 2009-12-03 05:20 26694 ----a-r- c:\users\SS-dobermann-SS\AppData\Roaming\Microsoft\Installer\{29622F4A-245C-4126-8764-897E21E888D1}\UNINST_Uninstall_G_29622F4A245C41268764897E21E888D1.exe
2009-12-03 05:20 . 2009-12-03 05:20 26694 ----a-r- c:\users\SS-dobermann-SS\AppData\Roaming\Microsoft\Installer\{29622F4A-245C-4126-8764-897E21E888D1}\googleearth.exe1_29622F4A245C41268764897E21E888D1.exe
2009-12-03 05:20 . 2009-12-03 05:20 26694 ----a-r- c:\users\SS-dobermann-SS\AppData\Roaming\Microsoft\Installer\{29622F4A-245C-4126-8764-897E21E888D1}\googleearth.exe_29622F4A245C41268764897E21E888D1.exe
2009-12-03 05:20 . 2009-12-03 05:20 26694 ----a-r- c:\users\SS-dobermann-SS\AppData\Roaming\Microsoft\Installer\{29622F4A-245C-4126-8764-897E21E888D1}\ARPPRODUCTICON.exe
2009-12-03 05:10 . 2009-12-03 05:10 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\Thinstall
2009-11-28 10:15 . 2009-11-28 10:28 -------- d-----w- c:\program files\SignSIS-GUI
2009-11-27 14:55 . 2009-11-27 14:55 -------- d-----w- c:\program files\PQDVD
2009-11-26 15:54 . 2009-11-26 15:54 -------- d-----w- c:\programdata\OurScreensavers
2009-11-26 03:23 . 2009-11-27 15:33 -------- d-----w- C:\Temp
2009-11-26 03:10 . 2009-11-26 03:10 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-26 03:09 . 2009-11-27 12:55 -------- d-----w- c:\program files\Winnydows
2009-11-24 23:53 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 18:22 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 18:22 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 23:41 . 2009-11-23 23:41 -------- d-----w- c:\users\SS-dobermann-SS\{f90d7655-3dca-4868-8023-3af3588414f2}
2009-11-23 23:40 . 2009-11-23 23:40 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-23 23:40 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-11-23 23:39 . 2009-11-23 23:39 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-23 23:36 . 2009-11-23 23:36 34541248 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ita.exe
2009-11-23 23:36 . 2009-11-23 23:36 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-23 23:36 . 2009-11-23 23:36 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-23 23:36 . 2009-11-23 23:36 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-23 23:36 . 2009-11-23 23:36 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-23 22:39 . 2009-11-23 22:39 -------- d-----w- c:\program files\NSS
2009-11-23 22:28 . 2009-11-23 23:28 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\Nseries
2009-11-23 20:08 . 2009-11-23 20:08 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Local\Apps
2009-11-23 19:57 . 2009-11-23 22:20 -------- d-----w- c:\programdata\OrbNetworks
2009-11-23 19:57 . 2009-11-23 19:57 -------- d-----w- c:\program files\Orb Networks
2009-11-23 19:49 . 2009-11-23 19:49 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-11-23 19:45 . 2009-11-23 23:40 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-23 19:29 . 2009-12-09 18:51 -------- d-----w- c:\program files\Nokia
2009-11-23 18:51 . 2006-08-29 14:56 32377 ----a-w- c:\windows\system32\drivers\prodigy.sys
2009-11-23 00:44 . 2009-11-23 00:44 -------- d-----w- c:\windows\Sun
2009-11-23 00:43 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-11-23 00:43 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-23 00:43 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-23 00:43 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-11-23 00:43 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-11-23 00:43 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-23 00:43 . 2009-11-23 00:43 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-22 12:42 . 2009-08-19 22:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-11-22 12:42 . 2009-08-19 22:50 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2009-11-21 03:33 . 2009-11-21 03:33 -------- d-----w- c:\users\Public\Roaming
2009-11-21 03:33 . 2009-11-21 03:33 -------- d-----w- c:\users\SS-dobermann-SS\Library
2009-11-21 03:33 . 2009-11-21 03:33 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\com.adobe.ExMan
2009-11-21 03:02 . 2009-11-21 03:02 -------- d-----w- c:\programdata\ALM
2009-11-21 02:32 . 2009-11-21 02:32 -------- d-----w- c:\program files\Adobe Media Player
2009-11-21 02:31 . 2009-11-21 02:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-20 05:18 . 2009-11-20 05:18 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Local\Yahoo
2009-11-20 05:12 . 2009-11-20 12:44 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Local\Yahoo!
2009-11-20 05:11 . 2009-11-20 05:18 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\Yahoo!
2009-11-20 05:11 . 2009-11-20 05:11 -------- d-----w- c:\programdata\Yahoo!
2009-11-20 05:11 . 2009-11-10 13:39 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-11-20 05:02 . 2009-11-20 05:11 -------- d-----w- c:\program files\Yahoo!
2009-11-18 13:45 . 2009-11-18 13:45 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\Nokia Ovi Suite
2009-11-18 13:40 . 2009-11-18 13:40 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Local\IsolatedStorage
2009-11-18 13:15 . 2009-11-18 13:15 -------- d-----w- c:\programdata\NokiaMusic
2009-11-18 13:14 . 2009-11-18 13:14 -------- d-----w- c:\windows\Downloaded Installations
2009-11-18 13:02 . 2009-11-18 13:02 94628904 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe
2009-11-17 19:37 . 2009-11-17 19:37 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\Autodesk
2009-11-17 19:34 . 2009-11-21 03:14 -------- d-----w- c:\programdata\FLEXnet
2009-11-17 19:34 . 2009-11-17 19:34 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Local\Autodesk
2009-11-17 13:52 . 2009-11-17 13:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-17 13:51 . 2009-11-17 13:52 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-11-17 13:48 . 2009-11-17 19:37 -------- d-----w- c:\programdata\Autodesk
2009-11-16 18:39 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-16 18:39 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-11-16 18:37 . 2009-12-10 13:06 -------- d-----w- c:\program files\Microsoft Works
2009-11-16 18:34 . 2009-11-16 18:34 -------- d-----w- c:\program files\Microsoft.NET
2009-11-16 18:31 . 2009-11-16 18:31 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-16 18:30 . 2009-11-16 18:30 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Local\Microsoft Help
2009-11-16 18:30 . 2009-12-10 13:13 -------- d-----w- c:\programdata\Microsoft Help
2009-11-16 18:26 . 2009-11-16 18:26 -------- d-----r- C:\MSOCache
2009-11-16 17:36 . 2009-12-10 14:13 -------- d-----w- C:\PoWeR-Script
2009-11-16 13:06 . 2009-11-16 13:08 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Local\Apple Computer
2009-11-16 13:06 . 2009-11-16 13:06 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\Apple Computer
2009-11-16 13:06 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-16 13:06 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-11-16 13:05 . 2009-11-16 13:05 -------- d-----w- c:\program files\iPod
2009-11-16 13:04 . 2009-11-16 13:05 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-16 13:04 . 2009-11-16 13:05 -------- d-----w- c:\program files\iTunes
2009-11-16 13:02 . 2009-11-16 13:02 -------- d-----w- c:\program files\Bonjour
2009-11-16 13:01 . 2009-11-23 13:30 -------- d-----w- c:\program files\QuickTime
2009-11-16 13:01 . 2009-11-16 13:04 -------- d-----w- c:\programdata\Apple Computer
2009-11-16 13:00 . 2009-11-16 13:00 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Local\Apple
2009-11-16 13:00 . 2009-11-16 13:00 -------- d-----w- c:\program files\Apple Software Update
2009-11-16 12:56 . 2009-11-16 13:05 -------- d-----w- c:\program files\Common Files\Apple
2009-11-16 12:56 . 2009-11-16 12:56 -------- d-----w- c:\programdata\Apple
2009-11-15 23:31 . 2009-11-16 16:27 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\Nero
2009-11-15 22:58 . 2008-09-29 04:09 19352 ----a-w- c:\windows\system32\drivers\InCDRec.sys
2009-11-15 22:58 . 2008-09-29 04:09 129560 ----a-w- c:\windows\system32\drivers\InCDFs.sys
2009-11-15 22:58 . 2008-09-29 04:09 41752 ----a-w- c:\windows\system32\drivers\InCDRm.sys
2009-11-15 22:57 . 2008-09-29 04:09 40216 ----a-w- c:\windows\system32\drivers\InCDPass.sys
2009-11-15 22:57 . 2009-11-15 23:14 -------- d-----w- c:\program files\Nero
2009-11-15 22:57 . 2009-11-27 18:59 -------- d-----w- c:\programdata\Nero
2009-11-15 22:57 . 2009-11-15 23:23 -------- d-----w- c:\program files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 12:47 . 2009-11-11 02:43 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\Skype
2009-12-11 11:35 . 2006-11-06 01:52 670934 ----a-w- c:\windows\system32\perfh010.dat
2009-12-11 11:35 . 2006-11-06 01:52 123510 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 11:03 . 2009-11-11 02:47 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\skypePM
2009-12-10 23:59 . 2009-11-11 00:05 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 13:21 . 2009-11-11 00:00 106928 ----a-w- c:\users\SS-dobermann-SS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 13:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-07 13:54 . 2009-11-11 00:35 -------- d-----w- c:\program files\Windows Live
2009-12-04 05:40 . 2009-11-11 02:22 -------- d-----w- c:\program files\Google
2009-11-23 19:51 . 2009-11-23 19:51 52948 ----a-w- c:\windows\inf\Ovi Player\0010\tmp26B7.tmp
2009-11-23 19:51 . 2009-11-23 19:51 52948 ----a-w- c:\windows\inf\Ovi Player\0009\tmp26B7.tmp
2009-11-23 19:51 . 2009-11-23 19:51 52948 ----a-w- c:\windows\inf\Ovi Player\0000\tmp26B7.tmp
2009-11-23 19:51 . 2009-11-23 19:51 1657 ----a-w- c:\windows\inf\Ovi Player\tmp26C8.tmp
2009-11-22 17:00 . 2009-11-22 17:00 -------- d-----w- c:\program files\Free Audio Pack
2009-11-21 02:56 . 2009-11-11 00:24 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-18 02:14 . 2009-11-11 00:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-17 13:53 . 2009-11-17 13:46 -------- d-----w- c:\program files\Autodesk
2009-11-16 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-11-13 13:02 . 2009-11-11 03:17 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-12 21:37 . 2009-11-11 03:18 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-11-12 14:21 . 2009-11-11 03:24 -------- d-----w- c:\program files\ASUS
2009-11-12 13:52 . 2009-11-11 00:24 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\Winamp
2009-11-11 18:52 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-11 18:51 . 2009-11-11 18:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-11 18:51 . 2009-11-11 18:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-11 18:47 . 2009-11-11 03:07 -------- d-----w- c:\programdata\NVIDIA
2009-11-11 18:19 . 2009-11-11 03:10 32821 ----a-w- c:\programdata\nvModes.dat
2009-11-11 17:30 . 2009-11-11 17:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-11-11 17:28 . 2009-11-11 17:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-11 17:28 . 2009-11-11 17:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-11-11 16:57 . 2009-11-11 02:42 -------- d-----r- c:\program files\Skype
2009-11-11 15:11 . 2009-11-11 15:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-11-11 13:34 . 2009-11-11 01:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-11 13:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-11 13:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-11 13:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-11 13:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-11 13:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-11 13:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-11 04:39 . 2009-11-11 04:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-11 04:23 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-11-11 04:23 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-11 04:10 . 2009-11-11 01:37 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\DAEMON Tools Lite
2009-11-11 04:01 . 2009-11-11 04:01 -------- d-----w- c:\users\SS-dobermann-SS\AppData\Roaming\USBSafelyRemove
2009-11-11 04:01 . 2009-11-11 04:01 -------- d-----w- c:\programdata\USBSRService
2009-11-11 04:01 . 2009-11-11 04:00 -------- d-----w- c:\program files\USB Safely Remove
2009-11-11 03:58 . 2009-11-11 03:58 -------- d-----w- c:\programdata\TechSmith
2009-11-11 03:57 . 2009-11-11 03:57 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-11-11 03:57 . 2009-11-11 03:57 -------- d-----w- c:\program files\TechSmith
2009-11-11 03:18 . 2009-11-11 03:18 -------- d-----w- c:\program files\Realtek
2009-11-11 03:17 . 2009-11-11 03:17 315392 ----a-w- c:\windows\HideWin.exe
2009-11-11 03:11 . 2009-11-11 03:11 -------- d-----w- c:\programdata\Messenger Plus!
2009-11-11 02:56 . 2009-11-11 00:58 -------- d-----w- c:\program files\Trillian
2009-11-11 02:52 . 2009-11-11 02:52 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-11-11 02:52 . 2009-11-11 02:52 272896 ----a-w- c:\windows\system32\polstore.dll
2009-11-11 02:50 . 2009-11-10 23:59 680 ----a-w- c:\users\SS-dobermann-SS\AppData\Local\d3d9caps.dat
2009-11-11 02:47 . 2009-11-11 02:47 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-11 02:47 . 2009-11-11 02:47 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-11-11 02:47 . 2009-11-11 02:47 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-11-11 02:47 . 2009-11-11 02:47 17920 ----a-w- c:\windows\system32\netevent.dll
2009-11-11 02:47 . 2009-11-11 02:47 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-11-11 02:47 . 2009-11-11 02:47 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-11-11 02:47 . 2009-11-11 02:47 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-11-11 02:47 . 2009-11-11 02:47 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-11-11 02:47 . 2009-11-11 02:47 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-11-11 02:47 . 2009-11-11 02:47 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-11-11 02:47 . 2009-11-11 02:47 10240 ----a-w- c:\windows\system32\finger.exe
2009-11-11 02:47 . 2009-11-11 02:47 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-11-11 02:43 . 2009-11-11 02:43 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-11-11 02:43 . 2009-11-11 02:43 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-11-11 02:43 . 2009-11-11 02:43 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-11-11 02:43 . 2009-11-11 02:43 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-11-11 02:43 . 2009-11-11 02:43 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-11-11 02:43 . 2009-11-11 02:43 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-11-11 02:43 . 2009-11-11 02:43 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2009-11-11 02:42 . 2009-11-11 02:42 -------- d-----w- c:\program files\Common Files\Skype
2009-11-11 02:42 . 2009-11-11 02:42 -------- d-----w- c:\programdata\Skype
2009-11-11 02:42 . 2009-11-11 02:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-11-11 02:42 . 2009-11-11 02:42 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-11-11 02:42 . 2009-11-11 02:42 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-11-11 02:42 . 2009-11-11 02:42 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-11-11 02:42 . 2009-11-11 02:42 23552 ----a-w- c:\windows\system32\lpk.dll
2009-11-11 02:42 . 2009-11-11 02:42 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-11-11 02:41 . 2009-11-11 02:41 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-11 02:39 . 2009-11-11 02:39 98816 ----a-w- c:\windows\system32\mfps.dll
2009-11-11 02:39 . 2009-11-11 02:39 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-11-11 02:39 . 2009-11-11 02:39 2868224 ----a-w- c:\windows\system32\mf.dll
2009-11-11 02:39 . 2009-11-11 02:39 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-11-11 02:39 . 2009-11-11 02:39 2048 ----a-w- c:\windows\system32\mferror.dll
2009-11-11 02:35 . 2009-11-11 02:35 72704 ----a-w- c:\windows\system32\admparse.dll
2009-11-11 02:35 . 2009-11-11 02:35 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-11-11 02:34 . 2009-11-11 02:34 71680 ----a-w- c:\windows\system32\atl.dll
2009-11-11 02:30 . 2009-11-11 02:30 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-11 02:30 . 2009-11-11 02:30 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-11 02:27 . 2009-11-11 02:27 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-11-11 02:26 . 2009-11-11 02:26 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-11-11 02:26 . 2009-11-11 02:26 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-11-11 02:26 . 2009-11-11 02:26 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-11-11 02:25 . 2009-11-11 02:25 -------- d-----w- c:\program files\Defraggler
2009-11-11 02:25 . 2009-11-11 02:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-09-29 04:09 98328 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Camtasia Recorder"="c:\program files\TechSmith\Camtasia Studio 6\CamRecorder.exe" [2008-10-10 2678104]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2009-10-26 1518352]
"SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2006-09-09 990208]
"Camfrog"="c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2009-10-13 41864]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-10-27 401728]
"Nokia Home Server Manager"="c:\program files\Nokia\Nokia Home Media Server\NHSM.exe" [2009-01-30 558080]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Orb"="c:\program files\Orb Networks\Orb\bin\OrbTray.exe" [2008-05-14 507904]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-11 149280]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\users\SS-dobermann-SS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
JetAudio - collegamento.lnk - c:\program files\JetAudio\JetAudio.exe [2009-11-11 3008512]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2009-9-1 1873272]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-02 22:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 03:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-11 02:22 135664 ----atw- c:\users\SS-dobermann-SS\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-09-29 04:09 1111064 ----a-w- c:\program files\Nero\Nero 9\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBHGui]
2008-09-29 04:09 2079256 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):28,1c,e4,53,d2,62,ca,01

R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [11/11/2009 5.00.58 261392]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [05/11/2009 8.44.16 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 8.58.08 20480]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [11/11/2009 2.37.33 691696]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 17.36.24 86016]
S3 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [11/11/2009 4.36.42 21504]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [06/10/2009 11.56.34 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [06/10/2009 11.56.32 8320]
S3 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [13/02/2009 11.02.52 11520]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 5.46.20 284016]
S4 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 3.22.59 135664]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [29/09/2008 5.09.20 108568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Scansione supplementare -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\SS-dobermann-SS\AppData\Roaming\Mozilla\Firefox\Profiles\dsccuwiu.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\users\SS-dobermann-SS\AppData\Roaming\Mozilla\Firefox\Profiles\dsccuwiu.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\SS-dobermann-SS\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\SS-dobermann-SS\AppData\Roaming\Mozilla\Firefox\Profiles\dsccuwiu.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Ai Nap - c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe
MSConfigStartUp-Cpu Level Up help - c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe
MSConfigStartUp-CPU Power Monitor - c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
MSConfigStartUp-NeroRebootSetup - c:\users\SS-dobermann-SS\AppData\Local\Temp\nro.tmp\SetupX.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 14:00
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-12-11 14:02:27
ComboFix-quarantined-files.txt 2009-12-11 13:02

Pre-Run: 32.221.122.560 byte disponibili
Post-Run: 32.161.927.168 byte disponibili

- - End Of File - - D3D04E2E38C87D0E78B8E7D228B2C686

[klaude4d]

ci sono riuscito hi opstato il log sopra

[klaude4d]

log gmer

http://www.mediafire.com/?4w33wjzw2md

[klaude4d]

mentre eseguira la scansione del mer rootkit il pc e' ritornato alla pagina di accesso utente per inserimento password i mi ha fatto visionare la seguente schermata del risultato che ora posto

GMER 1.0.15.15273 - http://www.gmer.net
Rootkit quick scan 2009-12-11 14:30:31
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\SS-DOB~1\AppData\Local\Temp\kflyqaob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR

---- EOF - GMER 1.0.15 ----

sto rieseguendo la scansione dei rootkit per vedere che era successo questo imprvviso ritorno alla schermata di accesso poi riposto log

[ste_95]

Scarica mbr.exe e salvalo nella directory C:\
Quindi vai su Start>> Esegui e digita mbr.exe -f
Mbr.exe metterà qualche secondo a fare la scansione. Fatto ciò postami qui il contenuto del log creato che troverai in c:\mbr.log

[klaude4d]

sta volta ha finito riposto il log gmer :

GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-11 15:47:30
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\SS-DOB~1\AppData\Local\Temp\kflyqaob.sys


---- System - GMER 1.0.15 ----

SSDT 8AEC08C4 ZwCreateThread
SSDT 8AEC08B0 ZwOpenProcess
SSDT 8AEC08B5 ZwOpenThread
SSDT 8AEC08BF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 820B2964 4 Bytes [C4, 08, EC, 8A]
.text ntkrnlpa.exe!KeSetEvent + 3F1 820B2B34 4 Bytes [B0, 08, EC, 8A]
.text ntkrnlpa.exe!KeSetEvent + 40D 820B2B50 4 Bytes [B5, 08, EC, 8A]
.text ntkrnlpa.exe!KeSetEvent + 621 820B2D64 4 Bytes [BF, 08, EC, 8A]
? C:\Users\SS-DOB~1\AppData\Local\Temp\catchme.sys Impossibile trovare il file specificato. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Impossibile trovare il file specificato. !

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd503334
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB6 0x86 0xA5 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBC 0x81 0x12 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0B 0xF4 0xC8 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF4 0xDB 0x1F 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xF4 0xDB 0x1F 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xF4 0xDB 0x1F 0xC2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd503334 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB6 0x86 0xA5 0xF6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBC 0x81 0x12 0x1A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0B 0xF4 0xC8 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF4 0xDB 0x1F 0xC2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xF4 0xDB 0x1F 0xC2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xF4 0xDB 0x1F 0xC2 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR

---- EOF - GMER 1.0.15 ----

[klaude4d]

mbr con il comando dos da esegui no va con il doppio clik mi ha dato questo

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

[crazy.cat]

mbr con il comando dos da esegui no va con il doppio clik mi ha dato questo

Deve andare, hai lasciato l'opzione finale /f ?
Avevi salvato il file in c:\ ?
Che messaggio ti da?

Con il doppio click non può funzionare.

[klaude4d]

invece a me funziona al contrario il log che ho postato e quello fatto con doppio clik , si avevo fatto tutto come avevi detto, ma dagli altri log combo e avenger non si e' notato nulla di strano ? ora riprovo a farlo di nuovo con il comando esegui ho riavviato

[klaude4d]

niente e' in c:\ m a sia facendo mbr.exe -f oppure /f non succede niente un secondo si apre una finestrella ma non crea nessuna cartella mbr dove posso recuperare il log come mai kribbio

[klaude4d]

riuscito il risultato e' questo log.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[klaude4d]

ragazzi scusate ma sono giorni che provo ma il sito di combo e' sempre in manutenzione per prelevare combofix ce altro modo? qualcuno puoi inviarmelo in privato ne avrei bisogno grazie mille

[crazy.cat]

Il sito di combofix funziona benissimo, comunque scarica questo
http://www.wikifortio.com/785810/ComboFix.exe

[klaude4d]

come funziona benissimo a me da questa pagina quando vado in download http://download.bleepingcomputer.com/sUBs/ComboFix.html a te non dice che finche non si risolve un problema non e' possibile scaricarlo?