www.MegaLab.it

da **Klod** » ven mag 21, 2010 11:29 am

Non ho ben capito da quale virus il mio pc sia infetto.. all'inizio credevo fosse un bagle dato che f-secure me lo segnalava, ma dopo aver fatto di tutto, mi sono arresa e ho iniziato a curiosare in giro nella rete per vedere se magari il mio problema fosse un altro e ho trovato gromozon. Ho provato a scaricare il removal tool ma appena lo lancio l'applicazione smette di funzionare e in modalità provvisoria proprio non parte. Non appena digito su google gromozon internet smette di funzionare (inoltre non riesco neanche più a scrivere il mio username che subito si blocca tutto e internet si chiude) e non mi ricordo bene dove ma da qualche parte del mio pc ho visto linkoptimizer ma sinceramente non mi ricordo se l'ho cancellato o no. Non ho visto utenti strani ma avendo già di mio una doppia utenza sul pc probabile che il virus si annidi nell'altra utenza. Virit mi ha trovato un trojan stkTW.ds che non riesco in nessun modo a cancellare manualmente, nè con avenger, revo, in modalità provvisoria.. niente! Leggendo nel vostro sito allora ho fatto una scansione con gmer per poi postarla qui nel forum ma dato che per me niente è semplice, un po' per la mia ignoranza in fatto di computer un po' per il disagio creato da questo virus, non appena spingo il pulsante log e cerco di incollarci il log di gmer non ci riesco perché non mi appare la scritta incolla bensì solo le scritte elimina, seleziona tutto e annulla.
Come faccio?
Grazie mille

da **stevens** » ven mag 21, 2010 12:02 pm

ciao

per prima cosa Disattiva il ripristino configurazione sistema:
Start-->pannello di controllo-->sistema-->ripristino configurazione-->spunta la casella disattiva-->applica--> ok

scarica e avvia rkill

scarica combofix sul desktop ed eseguilo

(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

da **Klod** » ven mag 21, 2010 2:40 pm

eseguiti tutti e due.. combofix mi da come al solito l'errore avira rilevato in real time.. ma questo me l'ha sempre dato come problema anche quando disinstallavo avira ...
Grazie

ComboFix 10-05-20.A1 - Klod 21/05/2010 15.14.54.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.1919.1016 [GMT 2:00]
Eseguito da: c:\users\Klod\Desktop\ComboFix.exe
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2010-04-21 al 2010-05-21 )))))))))))))))))))))))))))))))))))
.

2010-05-21 13:28 . 2010-05-21 13:29 -------- d-----w- c:\users\Klod\AppData\Local\temp
2010-05-21 13:28 . 2010-05-21 13:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-21 13:28 . 2010-05-21 13:28 -------- d-----w- c:\users\Ospiti\AppData\Local\temp
2010-05-21 13:28 . 2010-05-21 13:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-21 13:28 . 2010-05-21 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-21 08:39 . 2010-05-21 08:40 284915 ----a-w- c:\users\Klod\gmer.zip
2010-05-21 08:36 . 2010-05-21 08:36 277 ----a-w- c:\programdata\SecTaskMan\icn_3D8CB5F014732454FA001502A2F93D75.dll
2010-05-20 13:55 . 2010-05-21 13:11 -------- d-----w- C:\VEXPLite
2010-05-20 13:55 . 2010-05-21 13:09 -------- dc-h--w- c:\users\Klod\AppData\Local\~0
2010-05-17 12:23 . 2010-05-17 12:23 -------- d-----w- c:\users\Klod\AppData\Roaming\dvdcss
2010-05-15 17:05 . 2010-05-17 12:08 -------- d-----w- c:\programdata\PrevxCSI
2010-05-15 13:56 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\10526002.sys
2010-05-15 13:56 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\1052600.sys
2010-05-15 13:56 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\10526001.sys
2010-05-13 15:34 . 2010-05-13 15:34 -------- d-----w- c:\users\Klod\AppData\Roaming\Avira
2010-05-13 14:55 . 2010-05-13 14:53 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-13 14:55 . 2010-05-13 14:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-13 14:55 . 2010-05-13 14:53 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-05-13 14:55 . 2010-05-13 14:53 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-05-13 14:55 . 2010-05-13 14:55 -------- d-----w- c:\programdata\Avira
2010-05-13 14:55 . 2010-05-13 14:55 -------- d-----w- c:\program files\Avira
2010-05-12 14:52 . 2010-05-19 13:59 -------- d-----w- c:\program files\VS Revo Group
2010-05-12 14:33 . 2010-05-12 14:33 -------- d-----w- c:\users\Klod\AppData\Local\VS Revo Group
2010-05-12 11:16 . 2010-05-12 14:48 -------- d-----w- c:\program files\Yahoo!
2010-05-12 04:34 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 18:36 . 2010-05-11 18:36 -------- d-----w- c:\users\Ospiti\AppData\Local\Adobe
2010-05-11 15:42 . 2010-05-14 15:04 61440 ----a-w- c:\windows\system32\PxSecure.dll
2010-05-07 12:40 . 2010-05-07 12:40 -------- d-----w- c:\users\Klod\AppData\Local\JollyBear
2010-05-07 12:40 . 2010-05-07 12:40 -------- d-----w- c:\programdata\JollyBear
2010-05-07 12:39 . 2010-05-07 12:40 -------- d-----w- c:\users\Klod\AppData\Roaming\Zylom
2010-05-07 12:39 . 2009-10-26 13:45 102400 ----a-w- c:\users\Klod\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2010-05-07 12:39 . 2006-09-26 10:03 161976 ----a-w- c:\users\Klod\AppData\Roaming\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2010-05-07 12:39 . 2010-05-07 13:47 -------- d-----w- c:\users\Klod\AppData\Local\Zylom Games
2010-05-06 16:24 . 2010-05-06 16:24 -------- d-----w- c:\users\Klod\AppData\Local\Shareaza
2010-05-04 18:30 . 2010-05-04 18:30 -------- d-----w- c:\users\Ospiti\AppData\Local\ArcSoft
2010-04-30 01:30 . 2010-04-30 01:30 -------- d-----w- c:\program files\Windows Portable Devices
2010-04-30 01:10 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-04-30 01:10 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-04-30 01:09 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-04-30 01:08 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2010-04-30 01:08 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2010-04-30 01:08 . 2009-09-25 01:27 37888 ----a-w- c:\windows\system32\cdd.dll
2010-04-30 01:08 . 2009-09-25 01:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-04-30 01:06 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-04-30 01:06 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-04-30 01:06 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-04-30 01:06 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-04-30 01:05 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2010-04-30 01:05 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-04-30 01:05 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-04-30 01:05 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-04-30 01:05 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-04-30 01:05 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-04-30 01:05 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-04-30 01:05 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-04-30 01:05 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-04-30 01:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-04-30 01:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-04-30 01:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-04-30 00:28 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-04-30 00:27 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-30 00:27 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-29 20:31 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\73996562.sys
2010-04-29 20:31 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\7399656.sys
2010-04-29 20:31 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\73996561.sys
2010-04-29 19:25 . 2010-04-29 19:27 -------- d-----w- c:\windows\system32\ca-ES
2010-04-29 19:25 . 2010-04-29 19:26 -------- d-----w- c:\windows\system32\eu-ES
2010-04-29 19:25 . 2010-04-29 19:26 -------- d-----w- c:\windows\system32\vi-VN
2010-04-29 19:15 . 2010-04-29 19:15 -------- d-----w- c:\windows\system32\SPReview
2010-04-29 18:35 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-04-29 18:34 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-04-29 18:01 . 2009-04-10 21:28 483328 ----a-w- c:\windows\system32\samsrv.dll
2010-04-29 17:59 . 2009-04-10 21:28 171008 ----a-w- c:\windows\system32\apphelp.dll
2010-04-29 17:58 . 2009-04-10 21:28 3174400 ----a-w- c:\windows\system32\netshell.dll
2010-04-29 17:57 . 2009-04-10 19:38 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2010-04-29 17:56 . 2009-04-10 21:28 117248 ----a-w- c:\windows\system32\wbem\WMIADAP.exe
2010-04-29 17:55 . 2009-04-10 21:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2010-04-29 17:55 . 2009-04-10 21:28 170496 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-04-29 17:55 . 2009-04-10 21:28 135168 ----a-w- c:\windows\system32\tcpmon.dll
2010-04-29 17:55 . 2009-04-10 21:28 242688 ----a-w- c:\windows\system32\tapisrv.dll
2010-04-29 17:55 . 2009-04-10 21:28 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-04-29 17:55 . 2009-04-10 21:28 169984 ----a-w- c:\windows\system32\taskeng.exe
2010-04-29 17:55 . 2009-04-10 21:28 449024 ----a-w- c:\windows\system32\termsrv.dll
2010-04-29 17:55 . 2009-04-10 21:28 313344 ----a-w- c:\windows\system32\thawbrkr.dll
2010-04-29 17:55 . 2009-04-10 21:28 615424 ----a-w- c:\windows\system32\themeui.dll
2010-04-29 17:55 . 2009-04-10 21:28 1152000 ----a-w- c:\windows\system32\themecpl.dll
2010-04-29 17:55 . 2009-04-10 19:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2010-04-29 17:55 . 2009-04-10 21:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-04-29 13:35 . 2010-05-14 15:04 57248 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-29 13:35 . 2010-05-14 15:04 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-29 13:35 . 2010-05-14 15:04 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-28 07:28 . 2010-05-04 17:28 -------- d-----w- c:\users\Klod\DoctorWeb
2010-04-27 14:42 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\14653202.sys
2010-04-27 14:42 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\1465320.sys
2010-04-27 14:42 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\14653201.sys
2010-04-27 07:40 . 2010-05-15 13:57 -------- d-----w- c:\programdata\Kaspersky Lab
2010-04-23 13:32 . 2010-04-23 13:32 -------- d-----w- c:\users\Klod\AppData\Roaming\Malwarebytes
2010-04-23 13:32 . 2010-04-23 13:32 -------- d-----w- c:\programdata\Malwarebytes
2010-04-22 18:07 . 2010-04-22 18:07 -------- d-----w- c:\program files\Trend Micro
2010-04-22 15:49 . 2010-04-22 15:49 -------- d-----w- c:\users\Klod\AppData\Local\PackageAware
2010-04-22 13:05 . 2010-04-22 13:05 -------- d-----w- c:\windows\CheckSur

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 12:20 . 2007-09-11 14:23 12978 ----a-w- c:\users\Klod\AppData\Roaming\nvModes.dat
2010-05-21 08:37 . 2010-04-22 16:15 -------- d-----w- c:\programdata\SecTaskMan
2010-05-20 16:50 . 2010-05-20 16:50 906352 ----a-w- c:\windows\WINDOWSUPDATE.LOG.TMP
2010-05-20 16:50 . 2010-05-20 16:50 32524 ----a-w- c:\windows\Tasks\SCHEDLGU.TXT.TMP.TMP
2010-05-20 16:50 . 2010-04-25 07:36 32524 ----a-w- c:\windows\Tasks\SCHEDLGU.TXT.TMP
2010-05-20 16:50 . 2010-04-25 07:36 3168 ----a-w- c:\windows\system32\7B296FB0-376B-497E-B012-9C450E1B7327-2P-1.C7483456-A289-439D-8115-601632D005A0.TMP
2010-05-20 16:50 . 2010-04-25 07:36 3168 ----a-w- c:\windows\system32\7B296FB0-376B-497E-B012-9C450E1B7327-2P-0.C7483456-A289-439D-8115-601632D005A0.TMP
2010-05-20 09:23 . 2008-01-27 21:58 13072 ----a-w- c:\users\Ospiti\AppData\Roaming\nvModes.dat
2010-05-17 12:32 . 2007-09-11 15:46 -------- d-----w- c:\users\Klod\AppData\Roaming\vlc
2010-05-13 14:36 . 2010-04-08 12:43 -------- d-----w- c:\program files\F-Secure
2010-05-13 14:35 . 2010-04-08 12:44 -------- d-----w- c:\programdata\F-Secure
2010-05-12 14:28 . 2007-03-12 16:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-12 14:27 . 2008-12-26 10:33 -------- d-----w- c:\program files\QuickTime
2010-05-12 14:25 . 2009-09-29 13:20 -------- d-----w- c:\program files\Common Files\Nero
2010-05-12 14:24 . 2009-09-29 13:20 -------- d-----w- c:\programdata\Nero
2010-05-12 14:11 . 2007-03-12 16:30 -------- d-----w- c:\program files\HDReg
2010-05-12 12:33 . 2007-03-12 16:31 -------- d-----w- c:\program files\Google
2010-05-12 12:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2009-10-03 13:03 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 09:08 . 2007-12-15 15:13 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-11 09:05 . 2009-04-18 10:03 -------- d-----w- c:\program files\Startup Inspector for Windows
2010-05-11 09:04 . 2007-03-12 16:30 -------- d-----w- c:\program files\Packard Bell
2010-05-11 08:20 . 2007-03-13 01:04 669974 ----a-w- c:\windows\system32\perfh010.dat
2010-05-11 08:20 . 2007-03-13 01:04 123570 ----a-w- c:\windows\system32\perfc010.dat
2010-05-04 18:30 . 2008-01-24 13:52 79008 ----a-w- c:\users\Ospiti\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-30 01:29 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-30 01:29 . 2010-04-30 01:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-04-30 01:28 . 2010-04-30 01:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-04-29 19:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-29 19:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-29 19:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-29 19:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-29 19:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-29 19:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-22 15:19 . 2007-09-11 12:57 79008 ----a-w- c:\users\Klod\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-21 14:32 . 2008-01-04 16:21 -------- d-----w- c:\program files\IncrediMail
2010-04-19 10:16 . 2010-04-19 10:16 12 ----a-w- c:\users\Klod\AppData\Roaming\kcmdte.dat
2010-04-13 08:55 . 2010-04-13 08:55 -------- d-----w- c:\users\Klod\AppData\Roaming\HPAppData
2010-04-08 20:46 . 2010-04-08 12:47 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-04-08 12:44 . 2010-04-08 12:44 -------- d-----w- c:\programdata\fssg
2010-04-08 12:39 . 2007-11-06 18:22 -------- d-----w- c:\programdata\Lavasoft
2010-04-08 12:38 . 2009-04-06 13:35 -------- d-----w- c:\program files\Lavasoft
2010-04-08 11:15 . 2010-04-08 11:15 -------- d-----w- c:\users\Ospiti\AppData\Roaming\HPAppData
2010-03-24 13:35 . 2009-05-28 13:51 2485883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-03-23 09:48 . 2010-03-23 09:45 23163 ----a-w- c:\windows\hpqins15.dat
2010-03-23 09:41 . 2009-01-11 08:59 -------- d-----w- c:\programdata\HP
2010-03-05 14:01 . 2010-04-14 10:28 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 14:26 . 2009-10-28 18:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-01 14:12 . 2009-10-01 12:35 801 ----a-w- c:\users\Klod\AppData\Roaming\Mp3 Editor for Free\mef.dll
2010-03-01 13:36 . 2010-03-01 13:37 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbCD45.tmp.exe
2010-02-23 11:10 . 2010-04-14 10:28 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 10:28 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 10:28 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-31 12:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 12:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 12:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 12:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-12 09:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-12 09:16 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-12 09:16 411648 ----a-w- c:\windows\system32\drivers\http.sys
2007-03-13 01:07 . 2007-03-13 01:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-19 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-19 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-19 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):28,bc,db,d6,d3,e7,ca,01

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [x]
R3 esihdrv;esihdrv;c:\users\Klod\AppData\Local\Temp\esihdrv.sys [x]
R3 NDISKIO;NDISKIO;c:\users\Klod\AppData\Local\Temp\00001681.nmc\nse\bin\ndiskio.sys [x]
S0 10526002;10526002 Boot Guard Driver;c:\windows\system32\DRIVERS\10526002.sys [2009-10-22 37392]
S0 14653202;14653202 Boot Guard Driver;c:\windows\system32\DRIVERS\14653202.sys [2009-10-22 37392]
S0 73996562;73996562 Boot Guard Driver;c:\windows\system32\DRIVERS\73996562.sys [2009-10-22 37392]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-05-14 30320]
S1 10526001;10526001;c:\windows\system32\DRIVERS\10526001.sys [2009-09-25 128016]
S1 14653201;14653201;c:\windows\system32\DRIVERS\14653201.sys [2009-09-25 128016]
S1 73996561;73996561;c:\windows\system32\DRIVERS\73996561.sys [2009-09-25 128016]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-05-13 97608]
S1 setup_9.0.0.722_27.04.2010_17-19drv;setup_9.0.0.722_27.04.2010_17-19drv;c:\windows\system32\DRIVERS\1465320.sys [2009-10-09 311312]
S1 setup_9.0.0.722_29.04.2010_23-20drv;setup_9.0.0.722_29.04.2010_23-20drv;c:\windows\system32\DRIVERS\7399656.sys [2009-10-09 311312]
S2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-05-13 388865]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-05-13 194817]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-05-13 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-05-13 434945]
S2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-05-14 57248]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkSrv.exe [2006-09-07 24576]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-05-13 69632]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-05-14 24400]
S3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\DRIVERS\StkCMini.sys [2006-11-10 669568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-21 c:\windows\Tasks\User_Feed_Synchronization-{AD3A756D-CAE6-441A-9B5A-77925B071565}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {3985110E-F263-40FD-820F-B86CB0E23E8E} = 208.67.222.222,208.67.220.220
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-{0F5BC8D3-3741-4542-AF00-51202A9FD357} - c:\users\Klod\AppData\Local\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}\vnlt6639.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-21 15:29
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

[0] 0x00000005

scansione entrate autostart nascoste ...

Scansione files nascosti ...

c:\windows\TEMP\TMP0000007407E9FB7723392FF7 524288 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-05-21 15:38:07
ComboFix-quarantined-files.txt 2010-05-21 13:38

Pre-Run: 41.369.305.088 byte disponibili
Post-Run: 41.373.200.384 byte disponibili

- - End Of File - - 1ACCF38247A5857C8A1390E81C7554D0

da **Klod** » ven mag 21, 2010 3:03 pm

ecco quelli di gmer che volevo mettere prima ma non ci riuscivo.. mea culpa!! [acc2]

GMER 1.0.15.15281 - http://www.gmer.net
Autostart scan 2010-05-21 11:51:31
Windows 6.0.6002 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ACDaemon@ = C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
AntiVirFirewallService@ = "C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe"
AntiVirMailService@ = "C:\Program Files\Avira\AntiVir Desktop\avmailc.exe"
AntiVirSchedulerService@ = "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
AntiVirService@ = "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
AntiVirWebService@ = "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE"
ASLDRService@ = C:\Program Files\ATK Hotkey\ASLDRSrv.exe
CSIScanner@ = "C:\Program Files\Prevx\prevx.exe" /service /*file not found*/
slsvc@ = %SystemRoot%\system32\SLsvc.exe
StkSSrv@ = %SystemRoot%\System32\StkSrv.exe
viritsvclite@ = C:\VEXPLite\viritsvc.exe
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Windows Defender%ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/ = %ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/
@SynTPEnhC:\Program Files\Synaptics\SynTP\SynTPEnh.exe = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@NvSvcRUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart = RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
@NvCplDaemonRUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
@HP Software UpdateC:\Program Files\HP\HP Software Update\HPWuSchd2.exe = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
@hpqSRMonC:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe = C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
@SunJavaUpdateSched"C:\Program Files\Common Files\Java\Java Update\jusched.exe" = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
@VIRIT LITE MONITORC:\VEXPLite\MONLITE.EXE = C:\VEXPLite\MONLITE.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} =

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Program Files\Synaptics\SynTP\SynTPCpl.dll = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\Windows\system32\nvcpl.dll = C:\Windows\system32\nvcpl.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Program Files\Avira\AntiVir Desktop\shlext.dll = C:\Program Files\Avira\AntiVir Desktop\shlext.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\Windows\system32\nvcpl.dll = C:\Windows\system32\nvcpl.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\Windows\System32\ieframe.dll = C:\Windows\System32\ieframe.dll
@{28803F59-3A75-4058-995F-4EE5503B023C} /*Wireless Devices*/%systemroot%\system32\FunctionDiscoveryFolder.dll = %systemroot%\system32\FunctionDiscoveryFolder.dll
@{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7} /*Enhanced Storage Data Source*/%SystemRoot%\system32\EhStorShell.dll = %SystemRoot%\system32\EhStorShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir Desktop\shlext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{23814B80-52A2-11d0-BC1A-004095606CB9} = C:\Program Files\F-Secure\Common\fpshx.dll /*file not found*/

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll /*file not found*/
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir Desktop\shlext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{23814B80-52A2-11d0-BC1A-004095606CB9} = C:\Program Files\F-Secure\Common\fpshx.dll /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{0347C33E-8762-4905-BF09-768834316C61}C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll = C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{69D72956-317C-44bd-B369-8E44D4EF9801}C:\Windows\system32\PxSecure.dll = C:\Windows\system32\PxSecure.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll = C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\Windows\System32\MAGENT~1.SCR /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
its@CLSID = %SystemRoot%\System32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\Windows\System32\msvidctl.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3985110E-F263-40FD-820F-B86CB0E23E8E} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress =
@NameServer208.67.222.222,208.67.220.220 = 208.67.222.222,208.67.220.220
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\Program Files\Avira\AntiVir Desktop\avsda.dll
000000000002@PackedCatalogItem = C:\Program Files\Avira\AntiVir Desktop\avsda.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013@PackedCatalogItem = C:\Program Files\Avira\AntiVir Desktop\avsda.dll

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup = HP Digital Imaging Monitor.lnk

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-21 11:47:33
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Klod\AppData\Local\Temp\pxddapoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0x8D9F259A]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0x8D9F25DE]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0x8D9F295C]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0x8D9F280A]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0x8D9F267C]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0x8D9F2550]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0x8D9F2AEE]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0x8D9F2712]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0x8D9F2754]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 191 81EB28F4 4 Bytes [9A, 25, 9F, 8D]
.text ntkrnlpa.exe!KeSetEvent + 221 81EB2984 4 Bytes [DE, 25, 9F, 8D]
.text ntkrnlpa.exe!KeSetEvent + 3F1 81EB2B54 4 Bytes [5C, 29, 9F, 8D]
.text ntkrnlpa.exe!KeSetEvent + 40D 81EB2B70 4 Bytes [0A, 28, 9F, 8D]
.text ntkrnlpa.exe!KeSetEvent + 431 81EB2B94 4 Bytes [7C, 26, 9F, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B409340, 0x293157, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2752] ntdll.dll!NtCreateFile 779843D4 5 Bytes JMP 6CD864A1 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] ntdll.dll!NtCreateSection 779844C4 5 Bytes JMP 6CD86596 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] ntdll.dll!NtOpenFile 77984BB4 5 Bytes JMP 6CD8643D C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] ntdll.dll!NtOpenSection 77984C64 5 Bytes JMP 6CD8660C C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] ntdll.dll!NtWriteFile 77985644 5 Bytes JMP 6CD86641 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] kernel32.dll!OutputDebugStringA 76010264 5 Bytes JMP 6CD86835 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] kernel32.dll!CreateThread 7601C90E 5 Bytes JMP 6CD85C60 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] ADVAPI32.dll!CredEnumerateW 7708A229 7 Bytes JMP 6CD85B99 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!CreateDialogParamW 772B72A2 5 Bytes JMP 6DFADE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!GetAsyncKeyState 772B863C 5 Bytes JMP 6DEC8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 6DFA9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!CallNextHookEx 772B8E3B 5 Bytes JMP 6DF9D101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SendNotifyMessageW 772B93D6 5 Bytes JMP 6CD85A1C C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 6DF1466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!PostThreadMessageA 772BBD34 5 Bytes JMP 6CD822F5 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!EnableWindow 772BCD8B 5 Bytes JMP 6DFADCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!PostMessageA 772BF8F8 5 Bytes JMP 6CD85AD0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SendMessageA 772BF956 5 Bytes JMP 6CD857D9 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!CreateWindowExW 772C1305 5 Bytes JMP 6DFADAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SendMessageTimeoutW 772C352D 5 Bytes JMP 6CD85A64 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SendMessageCallbackW 772C4570 5 Bytes JMP 6CD85AAC C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!PostThreadMessageW 772C7C8E 5 Bytes JMP 6CD82550 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!GetKeyState 772C8CB1 5 Bytes JMP 6DFAD28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SetWindowTextW 772C9815 5 Bytes JMP 6CD8633A C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!PostMessageW 772CA175 5 Bytes JMP 6CD85AF4 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!IsDialogMessageW 772D0745 5 Bytes JMP 6DED5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SendMessageW 772D0AED 5 Bytes JMP 6CD857FD C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!CreateDialogParamA 772D17AA 5 Bytes JMP 6E0A53AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!IsDialogMessage 772D1847 5 Bytes JMP 6E0A4C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!CreateDialogIndirectParamA 772D26F1 5 Bytes JMP 6E0A53E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!CreateDialogIndirectParamW 772D9A62 5 Bytes JMP 6E0A5419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SendNotifyMessageA 772DDFCF 5 Bytes JMP 6CD859F8 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SendMessageTimeoutA 772E0006 5 Bytes JMP 6CD85A40 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SetKeyboardState 772E0987 5 Bytes JMP 6E0A4FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!DialogBoxParamW 772E10B0 5 Bytes JMP 6DED5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!DialogBoxIndirectParamW 772E2EF5 5 Bytes JMP 6E0A473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SendInput 772E2F75 5 Bytes JMP 6E0A5B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!EndDialog 772E326E 5 Bytes JMP 6DED7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SetCursorPos 772F6FB2 5 Bytes JMP 6E0A5BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!DialogBoxParamA 772F8152 5 Bytes JMP 6E0A46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!DialogBoxIndirectParamA 772F847D 5 Bytes JMP 6E0A47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!MessageBoxIndirectA 7730D4D9 5 Bytes JMP 6E0A4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!MessageBoxIndirectW 7730D5D3 5 Bytes JMP 6E0A4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!MessageBoxExA 7730D639 5 Bytes JMP 6E0A45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!MessageBoxExW 7730D65D 5 Bytes JMP 6E0A4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!keybd_event 7730D972 5 Bytes JMP 6E0A5EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!SendMessageCallbackA 77312CA7 5 Bytes JMP 6CD85A88 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] SHELL32.dll!SHRestricted + D95 76408988 4 Bytes [4D, 30, 3C, 6D]
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] SHELL32.dll!SHRestricted + D9D 76408990 8 Bytes [57, 2F, 3C, 6D, 9C, 5B, 3B, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] ole32.dll!OleLoadFromStream 760D1E12 5 Bytes JMP 6E0A4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] ole32.dll!CoCreateInstance 76109EA6 5 Bytes JMP 6DFADB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] WS2_32.dll!WSASocketW 77AA34EB 7 Bytes JMP 6CD826E9 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] WS2_32.dll!connect 77AA40D9 5 Bytes JMP 6CD8267F C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] WS2_32.dll!WSASend 77AA4496 5 Bytes JMP 6CD826B4 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] WS2_32.dll!sendto 77AA67C5 5 Bytes JMP 6CD8264A C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] WS2_32.dll!WSAConnect 77AAD7B0 5 Bytes JMP 6CD82615 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] WININET.dll!HttpSendRequestW 762AFABE 5 Bytes JMP 6CD825A9 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] WININET.dll!HttpSendRequestA 762BEE89 5 Bytes JMP 6CD82561 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] WININET.dll!InternetWriteFile 763060F6 5 Bytes JMP 6CD82585 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] WININET.dll!HttpSendRequestExA 7631A70A 5 Bytes JMP 6CD825F1 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] WININET.dll!HttpSendRequestExW 7631A763 5 Bytes JMP 6CD825CD C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] CRYPT32.dll!CryptUnprotectData 7594501A 7 Bytes JMP 6CD85B2D C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!CreateWindowExW 772C1305 5 Bytes JMP 6DFADAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxParamW 772E10B0 5 Bytes JMP 6DED5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxIndirectParamW 772E2EF5 5 Bytes JMP 6E0A473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxParamA 772F8152 5 Bytes JMP 6E0A46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxIndirectParamA 772F847D 5 Bytes JMP 6E0A47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxIndirectA 7730D4D9 5 Bytes JMP 6E0A4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxIndirectW 7730D5D3 5 Bytes JMP 6E0A4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxExA 7730D639 5 Bytes JMP 6E0A45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxExW 7730D65D 5 Bytes JMP 6E0A4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7483A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74818395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7486CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7480C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3228] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dinamico/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dinamico/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\tdx \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\tdx \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)

---- EOF - GMER 1.0.15 ----

da **stevens** » ven mag 21, 2010 3:30 pm

hai notato delle voci in rosso o dei riavvii mentre gmer scansionava?

mentre controllo combofix fai un controllo con questo programma

scompattalo

clicca su ''start scan''

quando finisce vai in basso su ''view report'' e copia il rapporto che rilascia

da **Klod** » ven mag 21, 2010 4:08 pm

no non c'erano voci in rosso.. ecco il log di avira

Avira AntiRootkit Tool (1.1.0.1)

========================================================================================================
- Scan started venerdì 21 maggio 2010 - 16.41.30
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 103.78 GB
- Working disk free size : 38.60 GB (37 %)
--------------------------------------------------------------------------------------------------------

Results:
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing\eventthrottlelastreported
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing\eventthrottlestate
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing -> eventthrottleflushperiodms
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing -> eventthrottlemaxevents
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing -> eventthrottleblockperiodms
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing -> eventthrottlemaxcontrolperiodms
Hidden key : HKEY_LOCAL_MACHINE\System\ControlSet001\Control\WMI\Autologger\SQMLogger\{2ff3e6b7-cb90-4700-9621-443f389734ed}
Hidden key : HKEY_LOCAL_MACHINE\System\ControlSet002\Control\WMI\Autologger\SQMLogger\{2ff3e6b7-cb90-4700-9621-443f389734ed}

--------------------------------------------------------------------------------------------------------
Files: 0/146311
Registry items: 8/377215
Processes: 0/62
Scan time: 00:13:40
--------------------------------------------------------------------------------------------------------
Active processes:
- System (PID 4)
- svchost.exe (PID 1132)
- svchost.exe (PID 1312)
- svchost.exe (PID 952)
- ACService.exe (PID 304)
- svchost.exe (PID 1112)
- svchost.exe (PID 1532)
- svchost.exe (PID 1856)
- avfwsvc.exe (PID 436)
- smss.exe (PID 448)
- avguard.exe (PID 468)
- svchost.exe (PID 1912)
- svchost.exe (PID 12)
- csrss.exe (PID 516)
- wininit.exe (PID 568)
- services.exe (PID 612)
- SearchIndexer.exe (PID 2452)
- lsm.exe (PID 640)
- lsass.exe (PID 628)
- svchost.exe (PID 1432)
- sogeszgv.exe (PID 3156) (Avira AntiRootkit Tool)
- csrss.exe (PID 580)
- winlogon.exe (PID 740)
- svchost.exe (PID 916)
- svchost.exe (PID 816)
- hpqste08.exe (PID 4052)
- iexplore.exe (PID 3516)
- svchost.exe (PID 900)
- iexplore.exe (PID 3256)
- svchost.exe (PID 1056)
- MONLITE.EXE (PID 2864)
- hpqtra08.exe (PID 2904)
- audiodg.exe (PID 1236)
- hpqbam08.exe (PID 2948)
- svchost.exe (PID 1260)
- SLsvc.exe (PID 1280)
- explorer.exe (PID 1256)
- hpqgpc01.exe (PID 844)
- wmpnetwk.exe (PID 2068)
- RtHDVCpl.exe (PID 2748)
- MSASCui.exe (PID 2712)
- ASLDRSrv.exe (PID 1692)
- HControl.exe (PID 1716)
- spoolsv.exe (PID 1800)
- sched.exe (PID 1840)
- taskeng.exe (PID 2624)
- ATKOSD.exe (PID 1976)
- svchost.exe (PID 2060)
- StkSrv.exe (PID 2076)
- SynTPEnh.exe (PID 2732)
- dwm.exe (PID 2308)
- svchost.exe (PID 2408)
- taskeng.exe (PID 2416)
- FlashUtil10e.exe (PID 2352)
- avirarkd.exe (PID 2468)
- hpwuSchd2.exe (PID 2788)
- jusched.exe (PID 2840)
- wmpnscfg.exe (PID 2892)
- conime.exe (PID 3196)
- avmailc.exe (PID 3800)
- rundll32.exe (PID 3808)
- avwebgrd.exe (PID 3820)
========================================================================================================
- Scan finished venerdì 21 maggio 2010 - 16.55.10
========================================================================================================

da **stevens** » sab mag 22, 2010 9:53 am

sai dirmi ora quali sono i problemi che riscontri rispetto all'inizio della discussione?

Ora apri una pagina del blocco note e copia incolla quanto segue

RegNull::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ...

da **Klod** » sab mag 22, 2010 2:27 pm

i problemi sono uguali a prima, internet ogni tanto si blocca, impossibilità di digitare determinate parole, elibagla e il removal tool di gromozon non funzionano, vari messaggi di errore nel visualizzatore eventi dati da svchost.exe, explorer.exe ...
In più mentre combofix eseguiva il suo lavoro mi è apparsa una finestra di evento rete se volevo rifiutare un applicazione, che io poi ho rifiutato non sapendo cos'era , che si chiamava catchme.tmp. Questo è il log:

ComboFix 10-05-20.A1 - Klod 22/05/2010 14.52.00.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.1919.1244 [GMT 2:00]
Eseguito da: c:\users\Klod\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Klod\Desktop\CFScript.txt
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
* Resident AV is active

.

((((((((((((((((((((((((( Files Creati Da 2010-04-22 al 2010-05-22 )))))))))))))))))))))))))))))))))))
.

2010-05-22 13:05 . 2010-05-22 13:06 -------- d-----w- c:\users\Klod\AppData\Local\temp
2010-05-22 13:05 . 2010-05-22 13:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-22 13:05 . 2010-05-22 13:05 -------- d-----w- c:\users\Ospiti\AppData\Local\temp
2010-05-22 13:05 . 2010-05-22 13:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-22 13:05 . 2010-05-22 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-21 08:39 . 2010-05-21 08:40 284915 ----a-w- c:\users\Klod\gmer.zip
2010-05-21 08:36 . 2010-05-21 08:36 277 ----a-w- c:\programdata\SecTaskMan\icn_3D8CB5F014732454FA001502A2F93D75.dll
2010-05-20 13:55 . 2010-05-21 16:05 -------- d-----w- C:\VEXPLite
2010-05-17 12:23 . 2010-05-17 12:23 -------- d-----w- c:\users\Klod\AppData\Roaming\dvdcss
2010-05-15 17:05 . 2010-05-17 12:08 -------- d-----w- c:\programdata\PrevxCSI
2010-05-15 13:56 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\10526002.sys
2010-05-15 13:56 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\1052600.sys
2010-05-15 13:56 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\10526001.sys
2010-05-13 15:34 . 2010-05-13 15:34 -------- d-----w- c:\users\Klod\AppData\Roaming\Avira
2010-05-13 14:55 . 2010-05-13 14:53 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-13 14:55 . 2010-05-13 14:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-13 14:55 . 2010-05-13 14:53 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-05-13 14:55 . 2010-05-13 14:53 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-05-13 14:55 . 2010-05-13 14:55 -------- d-----w- c:\programdata\Avira
2010-05-13 14:55 . 2010-05-13 14:55 -------- d-----w- c:\program files\Avira
2010-05-12 14:52 . 2010-05-19 13:59 -------- d-----w- c:\program files\VS Revo Group
2010-05-12 14:33 . 2010-05-12 14:33 -------- d-----w- c:\users\Klod\AppData\Local\VS Revo Group
2010-05-12 11:16 . 2010-05-12 14:48 -------- d-----w- c:\program files\Yahoo!
2010-05-12 04:34 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 18:36 . 2010-05-11 18:36 -------- d-----w- c:\users\Ospiti\AppData\Local\Adobe
2010-05-11 15:42 . 2010-05-14 15:04 61440 ----a-w- c:\windows\system32\PxSecure.dll
2010-05-07 12:40 . 2010-05-07 12:40 -------- d-----w- c:\users\Klod\AppData\Local\JollyBear
2010-05-07 12:40 . 2010-05-07 12:40 -------- d-----w- c:\programdata\JollyBear
2010-05-07 12:39 . 2010-05-07 12:40 -------- d-----w- c:\users\Klod\AppData\Roaming\Zylom
2010-05-07 12:39 . 2009-10-26 13:45 102400 ----a-w- c:\users\Klod\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2010-05-07 12:39 . 2006-09-26 10:03 161976 ----a-w- c:\users\Klod\AppData\Roaming\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2010-05-07 12:39 . 2010-05-07 13:47 -------- d-----w- c:\users\Klod\AppData\Local\Zylom Games
2010-05-06 16:24 . 2010-05-06 16:24 -------- d-----w- c:\users\Klod\AppData\Local\Shareaza
2010-05-04 18:30 . 2010-05-04 18:30 -------- d-----w- c:\users\Ospiti\AppData\Local\ArcSoft
2010-04-30 01:30 . 2010-04-30 01:30 -------- d-----w- c:\program files\Windows Portable Devices
2010-04-30 01:10 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-04-30 01:10 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-04-30 01:09 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-04-30 01:08 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2010-04-30 01:08 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2010-04-30 01:08 . 2009-09-25 01:27 37888 ----a-w- c:\windows\system32\cdd.dll
2010-04-30 01:08 . 2009-09-25 01:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-04-30 01:06 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-04-30 01:06 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-04-30 01:06 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-04-30 01:06 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-04-30 01:05 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2010-04-30 01:05 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-04-30 01:05 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-04-30 01:05 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-04-30 01:05 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-04-30 01:05 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-04-30 01:05 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-04-30 01:05 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-04-30 01:05 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-04-30 01:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-04-30 01:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-04-30 01:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-04-30 00:28 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-04-30 00:27 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-30 00:27 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-29 20:31 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\73996562.sys
2010-04-29 20:31 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\7399656.sys
2010-04-29 20:31 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\73996561.sys
2010-04-29 19:25 . 2010-04-29 19:27 -------- d-----w- c:\windows\system32\ca-ES
2010-04-29 19:25 . 2010-04-29 19:26 -------- d-----w- c:\windows\system32\eu-ES
2010-04-29 19:25 . 2010-04-29 19:26 -------- d-----w- c:\windows\system32\vi-VN
2010-04-29 19:15 . 2010-04-29 19:15 -------- d-----w- c:\windows\system32\SPReview
2010-04-29 18:35 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-04-29 18:34 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-04-29 18:01 . 2009-04-10 21:28 483328 ----a-w- c:\windows\system32\samsrv.dll
2010-04-29 17:59 . 2009-04-10 21:28 171008 ----a-w- c:\windows\system32\apphelp.dll
2010-04-29 17:58 . 2009-04-10 21:28 3174400 ----a-w- c:\windows\system32\netshell.dll
2010-04-29 17:57 . 2009-04-10 19:38 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2010-04-29 17:56 . 2009-04-10 21:28 117248 ----a-w- c:\windows\system32\wbem\WMIADAP.exe
2010-04-29 17:55 . 2009-04-10 21:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2010-04-29 17:55 . 2009-04-10 21:28 170496 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-04-29 17:55 . 2009-04-10 21:28 135168 ----a-w- c:\windows\system32\tcpmon.dll
2010-04-29 17:55 . 2009-04-10 21:28 242688 ----a-w- c:\windows\system32\tapisrv.dll
2010-04-29 17:55 . 2009-04-10 21:28 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-04-29 17:55 . 2009-04-10 21:28 169984 ----a-w- c:\windows\system32\taskeng.exe
2010-04-29 17:55 . 2009-04-10 21:28 449024 ----a-w- c:\windows\system32\termsrv.dll
2010-04-29 17:55 . 2009-04-10 21:28 313344 ----a-w- c:\windows\system32\thawbrkr.dll
2010-04-29 17:55 . 2009-04-10 21:28 615424 ----a-w- c:\windows\system32\themeui.dll
2010-04-29 17:55 . 2009-04-10 21:28 1152000 ----a-w- c:\windows\system32\themecpl.dll
2010-04-29 17:55 . 2009-04-10 19:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2010-04-29 17:55 . 2009-04-10 21:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-04-29 13:35 . 2010-05-14 15:04 57248 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-29 13:35 . 2010-05-14 15:04 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-29 13:35 . 2010-05-14 15:04 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-28 07:28 . 2010-05-04 17:28 -------- d-----w- c:\users\Klod\DoctorWeb
2010-04-27 14:42 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\14653202.sys
2010-04-27 14:42 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\1465320.sys
2010-04-27 14:42 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\14653201.sys
2010-04-27 07:40 . 2010-05-15 13:57 -------- d-----w- c:\programdata\Kaspersky Lab
2010-04-23 13:32 . 2010-04-23 13:32 -------- d-----w- c:\users\Klod\AppData\Roaming\Malwarebytes
2010-04-23 13:32 . 2010-04-23 13:32 -------- d-----w- c:\programdata\Malwarebytes
2010-04-22 18:07 . 2010-04-22 18:07 -------- d-----w- c:\program files\Trend Micro
2010-04-22 15:49 . 2010-04-22 15:49 -------- d-----w- c:\users\Klod\AppData\Local\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 12:35 . 2007-09-11 14:23 12978 ----a-w- c:\users\Klod\AppData\Roaming\nvModes.dat
2010-05-21 08:37 . 2010-04-22 16:15 -------- d-----w- c:\programdata\SecTaskMan
2010-05-20 16:50 . 2010-05-20 16:50 906352 ----a-w- c:\windows\WINDOWSUPDATE.LOG.TMP
2010-05-20 16:50 . 2010-05-20 16:50 32524 ----a-w- c:\windows\Tasks\SCHEDLGU.TXT.TMP.TMP
2010-05-20 16:50 . 2010-04-25 07:36 32524 ----a-w- c:\windows\Tasks\SCHEDLGU.TXT.TMP
2010-05-20 16:50 . 2010-04-25 07:36 3168 ----a-w- c:\windows\system32\7B296FB0-376B-497E-B012-9C450E1B7327-2P-1.C7483456-A289-439D-8115-601632D005A0.TMP
2010-05-20 16:50 . 2010-04-25 07:36 3168 ----a-w- c:\windows\system32\7B296FB0-376B-497E-B012-9C450E1B7327-2P-0.C7483456-A289-439D-8115-601632D005A0.TMP
2010-05-20 09:23 . 2008-01-27 21:58 13072 ----a-w- c:\users\Ospiti\AppData\Roaming\nvModes.dat
2010-05-17 12:32 . 2007-09-11 15:46 -------- d-----w- c:\users\Klod\AppData\Roaming\vlc
2010-05-13 14:36 . 2010-04-08 12:43 -------- d-----w- c:\program files\F-Secure
2010-05-13 14:35 . 2010-04-08 12:44 -------- d-----w- c:\programdata\F-Secure
2010-05-12 14:28 . 2007-03-12 16:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-12 14:27 . 2008-12-26 10:33 -------- d-----w- c:\program files\QuickTime
2010-05-12 14:25 . 2009-09-29 13:20 -------- d-----w- c:\program files\Common Files\Nero
2010-05-12 14:24 . 2009-09-29 13:20 -------- d-----w- c:\programdata\Nero
2010-05-12 14:11 . 2007-03-12 16:30 -------- d-----w- c:\program files\HDReg
2010-05-12 12:33 . 2007-03-12 16:31 -------- d-----w- c:\program files\Google
2010-05-12 12:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2009-10-03 13:03 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 09:08 . 2007-12-15 15:13 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-11 09:05 . 2009-04-18 10:03 -------- d-----w- c:\program files\Startup Inspector for Windows
2010-05-11 09:04 . 2007-03-12 16:30 -------- d-----w- c:\program files\Packard Bell
2010-05-11 08:20 . 2007-03-13 01:04 669974 ----a-w- c:\windows\system32\perfh010.dat
2010-05-11 08:20 . 2007-03-13 01:04 123570 ----a-w- c:\windows\system32\perfc010.dat
2010-05-04 18:30 . 2008-01-24 13:52 79008 ----a-w- c:\users\Ospiti\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-30 01:29 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-30 01:29 . 2010-04-30 01:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-04-30 01:28 . 2010-04-30 01:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-04-29 19:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-29 19:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-29 19:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-29 19:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-29 19:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-29 19:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-22 15:19 . 2007-09-11 12:57 79008 ----a-w- c:\users\Klod\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-21 14:32 . 2008-01-04 16:21 -------- d-----w- c:\program files\IncrediMail
2010-04-19 10:16 . 2010-04-19 10:16 12 ----a-w- c:\users\Klod\AppData\Roaming\kcmdte.dat
2010-04-13 08:55 . 2010-04-13 08:55 -------- d-----w- c:\users\Klod\AppData\Roaming\HPAppData
2010-04-08 20:46 . 2010-04-08 12:47 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-04-08 12:44 . 2010-04-08 12:44 -------- d-----w- c:\programdata\fssg
2010-04-08 12:39 . 2007-11-06 18:22 -------- d-----w- c:\programdata\Lavasoft
2010-04-08 12:38 . 2009-04-06 13:35 -------- d-----w- c:\program files\Lavasoft
2010-04-08 11:15 . 2010-04-08 11:15 -------- d-----w- c:\users\Ospiti\AppData\Roaming\HPAppData
2010-03-24 13:35 . 2009-05-28 13:51 2485883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-03-23 09:48 . 2010-03-23 09:45 23163 ----a-w- c:\windows\hpqins15.dat
2010-03-05 14:01 . 2010-04-14 10:28 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 14:26 . 2009-10-28 18:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-01 14:12 . 2009-10-01 12:35 801 ----a-w- c:\users\Klod\AppData\Roaming\Mp3 Editor for Free\mef.dll
2010-03-01 13:36 . 2010-03-01 13:37 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbCD45.tmp.exe
2010-02-23 11:10 . 2010-04-14 10:28 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 10:28 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 10:28 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-31 12:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 12:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 12:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 12:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2007-03-13 01:07 . 2007-03-13 01:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-19 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-19 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-19 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):28,bc,db,d6,d3,e7,ca,01

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [x]
R3 esihdrv;esihdrv;c:\users\Klod\AppData\Local\Temp\esihdrv.sys [x]
R3 NDISKIO;NDISKIO;c:\users\Klod\AppData\Local\Temp\00001681.nmc\nse\bin\ndiskio.sys [x]
S0 10526002;10526002 Boot Guard Driver;c:\windows\system32\DRIVERS\10526002.sys [2009-10-22 37392]
S0 14653202;14653202 Boot Guard Driver;c:\windows\system32\DRIVERS\14653202.sys [2009-10-22 37392]
S0 73996562;73996562 Boot Guard Driver;c:\windows\system32\DRIVERS\73996562.sys [2009-10-22 37392]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-05-14 30320]
S1 10526001;10526001;c:\windows\system32\DRIVERS\10526001.sys [2009-09-25 128016]
S1 14653201;14653201;c:\windows\system32\DRIVERS\14653201.sys [2009-09-25 128016]
S1 73996561;73996561;c:\windows\system32\DRIVERS\73996561.sys [2009-09-25 128016]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-05-13 97608]
S1 setup_9.0.0.722_27.04.2010_17-19drv;setup_9.0.0.722_27.04.2010_17-19drv;c:\windows\system32\DRIVERS\1465320.sys [2009-10-09 311312]
S1 setup_9.0.0.722_29.04.2010_23-20drv;setup_9.0.0.722_29.04.2010_23-20drv;c:\windows\system32\DRIVERS\7399656.sys [2009-10-09 311312]
S2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-05-13 388865]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-05-13 194817]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-05-13 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-05-13 434945]
S2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-05-14 57248]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkSrv.exe [2006-09-07 24576]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-05-13 69632]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-05-14 24400]
S3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\DRIVERS\StkCMini.sys [2006-11-10 669568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-22 c:\windows\Tasks\User_Feed_Synchronization-{AD3A756D-CAE6-441A-9B5A-77925B071565}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {3985110E-F263-40FD-820F-B86CB0E23E8E} = 208.67.222.222,208.67.220.220
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-22 15:06
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-05-22 15:14:16
ComboFix-quarantined-files.txt 2010-05-22 13:14
ComboFix2.txt 2010-05-21 13:38

Pre-Run: 41.424.265.216 byte disponibili
Post-Run: 41.403.088.896 byte disponibili

- - End Of File - - E1BC4F693876A0286C2EBA3205378ADB

Grazie per la tua disponibilità

da **stevens** » sab mag 22, 2010 6:20 pm

segui queste indicazioni, vediamo di rimuovere quello che e' nel pc

scarica ccleaner

In fase d’installazione levare la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)

Correzione errori File di Registro
CCleaner
Cliccare i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati Pulsante in basso a Destra
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI

scarica ATF-Cleaner

Spunta la voce:
- Select all
Premi il tasto:
- Empty Select

fai una scansione del sistema con Gromozon Rootkit Removal Tool

rinominalo prima del download con un nome di fantasia ed esegui una scansione del sistema

da **Klod** » lun mag 24, 2010 11:46 am

Ho fatto tutto quello che mi hai detto ma il removal di gromozon non va.. smette di funzionare non appena lo avvio..
che faccio?
Grazie ancora

da **Klod** » mar mag 25, 2010 1:28 pm

nessuno mi sa dare una soluzione?

da **stevens** » mar mag 25, 2010 6:02 pm

sarica questo file zippato
estrai sul desktop dal file zip solo il file Hosts, selezionalo, tasto destro del mouse, copia, poi apri la cartella C:\Windows\System32\drivers\etc\ in un punto libero fai incolla, accetta la sostituzione del file hosts esistente, potrebbe darti errori non preoccuparti, riavvia il pc.

scarica malwarebytes

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .

da **Klod** » mer mag 26, 2010 3:48 pm

Ho fatto tutto quanto, ma malware bites non rileva virus... eppure i problemi continuano ad esserci... addirittura ho provato a scaricare firefox ma non me lo fa partire.. in più ogni volta che cerco di installare qualcosa sul io pc mi da "evento rete" che controlla ogni cosa che mi scarico.. sembra che qualsiasi antivirus sia inefficiente.. [boh]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4144

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

26/05/2010 16.45.13
mbam-log-2010-05-26 (16-45-13).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 279923
Tempo trascorso: 2 ore, 34 minuti, 36 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

Dunque adesso che faccio?

da **Klod** » mer mag 26, 2010 5:53 pm

Ho fatto una scansione con security task manager ed alcuni processi non riesco ad eliminarli.. è un comportamernto normale?
Ti posto il log:

Security Task Manager: Computer PC-KLOD, User Klod, 26/05/2010 18.52.12

Nome Pericolosità PID CPU Memoria Attività File Tipo Esecuzione Nome, Descrizione Produttore : Prodotto

Status 52% 3436 5,9 MB C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe Programma 14.07.43 HP CUE Alert Popup Window Objects - Alerts Timer Window Hewlett-Packard Co. : hp digital imaging - hp all-in-one series
Status 52% 3436 5,9 MB C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe Programma 14.07.43 HP CUE Alert Popup Window Objects Hewlett-Packard Co. : hp digital imaging - hp all-in-one series
Prevx Security Library 48% C:\Windows\system32\PxSecure.dll Internet all'avvio di Internet Explorer SafeOnline BHO (Estensione del browser) Prevx : Prevx 3.0
Java(TM) Platform SE binary 48% C:\Program Files\Java\jre6\bin\jp2ssv.dll Internet all'avvio di Internet Explorer Java(tm) Plug-In 2 SSV Helper (Estensione del browser) Sun Microsystems, Inc. : Java(TM) Platform SE 6 U18
Prevx Security Library 48% C:\Windows\system32\PxSecure.dll Internet all'avvio di Internet Explorer SafeOnline BHO (Estensione del browser) Prevx : Prevx 3.0
Java(TM) Platform SE binary 48% C:\Program Files\Java\jre6\bin\jp2ssv.dll Internet all'avvio di Internet Explorer Java(tm) Plug-In 2 SSV Helper (Estensione del browser) Sun Microsystems, Inc. : Java(TM) Platform SE 6 U18
ASLDR Service 47% 1656 C:\Program Files\ATK Hotkey\ASLDRSrv.exe Programma 14.05.04 : ADSMSrv
ASLDRSrv.exe 46% 1656 Servizio 14.05.04 durante la partenza del sistema : ADSMSrv
Assistente per l'accesso a Windows Live ID 46% C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll Internet all'avvio di Internet Explorer Microsoft® Windows Live ID Login Helper - Guida per l'accesso a Windows Live ID (Estensione del browser) Microsoft Corporation : Microsoft® Windows Live ID
Assistente per l'accesso a Windows Live ID 46% C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll Internet all'avvio di Internet Explorer Microsoft® Windows Live ID Login Helper - Guida per l'accesso a Windows Live ID (Estensione del browser) Microsoft Corporation : Microsoft® Windows Live ID
HPProductAssistant 44% 1372 5,0 MB C:\Program Files\HP\HP Software Update\hpwuSchd2.exe Programma 14.05.17 all'avvio di Windows, Registry: Machine\Run & Machine\Run hpwuSchd Application - HPWU Hewlett-Packard : hpwuSchd Application
< HControl.exe > 42% 1676 < HControl.exe - Accesso negato - Accesso negato > Programma 14.05.04 da ASLDR Service da ASLDR Service, ASLDR Service, ASLDR Service HControl -
< ATKOSD.exe > 42% 280 < ATKOSD.exe - Accesso negato - Accesso negato > Programma 14.05.09 da < HControl.exe > da < HControl.exe > ATKOSD -
< taskeng.exe > 42% 1440 < taskeng.exe - Services - Accesso negato > Programma 14.05.15 -
< WLIDSVCM.EXE > 42% 4056 < WLIDSVCM.EXE - Services - Accesso negato > Programma 14.34.50 da Windows Live ID Sign-in Assistant da Windows Live ID Sign-in Assistant, Windows Live ID Sign-in Assistant, Windows Live ID Sign-in Assistant -
< usrreq.exe > 42% 684 < usrreq.exe - Accesso negato - Parametro non corretto > Programma 18.45.42 da Avira Firewall da Avira Firewall, Avira Firewall, Avira Firewall -
< HControl.exe > 42% 1676 < HControl.exe - Accesso negato - Accesso negato > Programma 14.05.04 da ASLDR Service, ASLDR Service, ASLDR Service -
Antivirus Scheduler 42% 1772 C:\Program Files\Avira\AntiVir Desktop\sched.exe Programma 14.05.05 Avira GmbH : AntiVir Desktop
< ATKOSD.exe > 42% 280 < ATKOSD.exe - Accesso negato - Accesso negato > Programma 14.05.09 da < HControl.exe > -
< taskeng.exe > 42% 1440 < taskeng.exe - Services - Accesso negato > Programma 14.05.15 -
Firewall NT service process 42% 1932 C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe Programma 14.05.18 Avira GmbH : AntiVir Desktop
Antivirus On-Access Service 42% 2052 C:\Program Files\Avira\AntiVir Desktop\avguard.exe Programma 14.05.19 Avira GmbH : AntiVir Desktop
Antivirus MailScanner Service 42% 3512 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe Programma 14.05.50 Avira GmbH : AntiVir Desktop
AntiVir WebGuard Service 42% 3588 C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE Programma 14.05.51 AntiVir WebGuard Avira GmbH : AntiVir Desktop
< WLIDSVCM.EXE > 42% 4056 < WLIDSVCM.EXE - Services - Accesso negato > Programma 14.34.50 da Windows Live ID Sign-in Assistant, Windows Live ID Sign-in Assistant, Windows Live ID Sign-in Assistant -
< usrreq.exe > 42% 684 < usrreq.exe - Accesso negato - Parametro non corretto > Programma 18.45.42 da Avira Firewall, Avira Firewall, Avira Firewall -
sched.exe 42% 1772 Servizio 14.05.05 durante la partenza del sistema Avira GmbH : AntiVir Desktop
avfwsvc.exe 42% 1932 Servizio 14.05.18 durante la partenza del sistema dopo RPCSS dopo RPCSS Avira GmbH : AntiVir Desktop
avguard.exe 42% 2052 Servizio 14.05.19 durante la partenza del sistema Avira GmbH : AntiVir Desktop
avmailc.exe 42% 3512 Servizio 14.05.50 durante la partenza del sistema dopo AntiVirService dopo AntiVirService Avira GmbH : AntiVir Desktop
AVWEBGRD.EXE 42% 3588 Servizio 14.05.51 durante la partenza del sistema dopo AntiVirService dopo AntiVirService Avira GmbH : AntiVir Desktop
Adobe Reader 8.1.4 - Italiano 32% C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll Internet all'avvio di Internet Explorer Adobe PDF Helper for Internet Explorer - AcroIEHelper.AcroIEHlprObj.1 (Estensione del browser) Adobe Systems, Incorporated : AcroIEHelper Library
Adobe Reader 8.1.4 - Italiano 32% C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll Internet all'avvio di Internet Explorer Adobe PDF Helper for Internet Explorer - AcroIEHelper.AcroIEHlprObj.1 (Estensione del browser) Adobe Systems, Incorporated : AcroIEHelper Library
GPBaseService 32% 2484 6,1 MB C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe Programma 14.07.45 GPCore COM object Hewlett-Packard :
GPBaseService 32% 2484 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe Programma 14.07.45 GPCore COM object Hewlett-Packard :
< Registry Accesso negato, Persi diritti di amministratore > 29% Servizio durante la partenza del sistema da svchost.exe -
< Registry Accesso negato, Persi diritti di amministratore > 29% Servizio durante la partenza del sistema da svchost.exe -
< Registry Accesso negato, Persi diritti di amministratore > 29% Servizio durante la partenza del sistema da svchost.exe -
< Registry Accesso negato, Persi diritti di amministratore > 29% Servizio durante la partenza del sistema da svchost.exe -
Status 27% 2316 9,7 MB 0:04 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe Programma 14.07.40 HP CUE Status Root - DeviceIO Notificaton Window Hewlett-Packard Co. : hp digital imaging - hp all-in-one series
HPProductAssistant 27% 1372 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe Programma 14.05.17 da Esplora risorse hpwuSchd Application Hewlett-Packard : hpwuSchd Application
Status 27% 2316 0:04 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe Programma 14.07.40 HP CUE Status Root Hewlett-Packard Co. : hp digital imaging - hp all-in-one series
HPZipm12.dll 26% Servizio durante la partenza del sistema da svchost.exe Hewlett-Packard : Bidi User Mode
HPZinw12.dll 26% Servizio durante la partenza del sistema da svchost.exe Hewlett-Packard : Bidi User Mode
Java Auto Updater 25% 2092 3,1 MB C:\Program Files\Common Files\Java\Java Update\jusched.exe Programma 14.05.19 all'avvio di Windows, Registry: Machine\Run & Machine\Run Java(TM) Update Scheduler Sun Microsystems, Inc. : Java(TM) Platform SE Auto Updater 2 0
ArcSoft Connect Service 23% 440 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe Programma 14.05.18 ArcSoft, Inc. : ArcSoft Connect
ACService.exe 22% 440 Servizio 14.05.18 durante la partenza del sistema ArcSoft, Inc. : ArcSoft Connect
Assistente per l'accesso a Windows Live ID 21% 2824 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE Programma 14.34.33 Microsoft® Windows Live ID Service Microsoft Corporation : Microsoft® Windows Live ID
WLIDSVC.EXE 20% 2824 Servizio 14.34.33 durante la partenza del sistema Microsoft Corporation : Microsoft® Windows Live ID
SmartWebPrinting 20% C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll Internet all'avvio di Internet Explorer HP Smart Web Printing add-on for Internet Explorer - HP Print Enhancer · PrintEnhancerBHO.PrintEnhancer.1 (Estensione del browser) Hewlett-Packard Company : HP Smart Web Printing
SmartWebPrinting 20% C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll Internet all'avvio di Internet Explorer HP Smart Web Printing add-on for Internet Explorer - HP Smart BHO Class · HP Smart BHO Class (Estensione del browser) Hewlett-Packard Company : HP Smart Web Printing
SmartWebPrinting 20% C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll Internet all'avvio di Internet Explorer HP Smart Web Printing add-on for Internet Explorer - HP Print Enhancer · PrintEnhancerBHO.PrintEnhancer.1 (Estensione del browser) Hewlett-Packard Company : HP Smart Web Printing
SmartWebPrinting 20% C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll Internet all'avvio di Internet Explorer HP Smart Web Printing add-on for Internet Explorer - HP Smart BHO Class · HP Smart BHO Class (Estensione del browser) Hewlett-Packard Company : HP Smart Web Printing
Synaptics TouchPad Enhancements 17% 716 0:01 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Programma 14.05.14 da Esplora risorse Synaptics, Inc. : Synaptics Pointing Device Driver
HD Audio Control Panel 17% 1464 C:\Windows\RtHDVCpl.exe Programma 14.05.14 da Esplora risorse Realtek Semiconductor : HD Audio Control Panel
Syntek Hardware Snapshot Launch Application Services 17% 2516 C:\Windows\System32\StkSrv.exe Programma 14.05.25 Syntek America Inc. : Syntek Hardware Snapshot Launch Application Services
StkSrv.exe 16% 2516 Servizio 14.05.25 durante la partenza del sistema Syntek America Inc. : Syntek Hardware Snapshot Launch Application Services
HPPhotosmartEssential 16% C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe Programma all'avvio di Windows, Registry: Machine\Run & Machine\Run HpqSRmon - hpqSRMon (non attivo) Hewlett-Packard : HpqSRmon Application
hpqddsvc.dll 14% Servizio durante la partenza del sistema da svchost.exe Hewlett-Packard Co. : hp digital imaging - hp all-in-one series
Adobe Flash Player 10 ActiveX 13% 1236 5,2 MB 0:01 C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe Programma 18.44.58 Adobe Flash Player Helper 10.0 r45 Adobe Systems Incorporated : Flash Player Helper
Adobe Flash Player 10 ActiveX 13% 1236 0:01 C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe Programma 18.44.58 Adobe Flash Player Helper 10.0 r45 Adobe Systems Incorporated : Flash Player Helper
Windows Defender User Interface 9% 1324 8,1 MB 0:07 C:\Program Files\Windows Defender\MSASCui.exe Area di notifica 14.05.14 all'avvio di Windows, Registry: Machine\Run & Machine\Run Microsoft Windows : Windows Defender
Java Auto Updater 8% 2092 C:\Program Files\Common Files\Java\Java Update\jusched.exe Programma 14.05.19 da Esplora risorse Java(TM) Update Scheduler Sun Microsystems, Inc. : Java(TM) Platform SE Auto Updater 2 0
Security Task Manager 8% 1652 0:27 C:\Program Files\Security Task Manager\TaskMan.exe Programma 18.45.33 da Esplora risorse A. & M. Neuber Software : Security Task Manager
NVIDIA Driver Helper Service, Version 97.54 6% C:\Windows\system32\nvsvc.dll Programma all'avvio di Windows, Registry: Machine\Run & Machine\Run NvSvc (non attivo) NVIDIA Corporation : NVIDIA Driver Helper Service, Version 97.54
NVIDIA Display Properties Extension 6% C:\Windows\system32\NvCpl.dll Programma all'avvio di Windows, Registry: Machine\Run & Machine\Run NvCplDaemon (non attivo) NVIDIA Corporation : NVIDIA Compatible Windows 2000 Display driver, Version 97.54
NVIDIA Media Center Library 6% C:\Windows\system32\NvMcTray.dll Programma all'avvio di Windows, Registry: Machine\Run & Machine\Run NvMediaCenter (non attivo) NVIDIA Corporation : NVIDIA Media Center Library
Malwarebytes' Anti-Malware 2% C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe Programma all'avvio di Windows, Registry: Machine\RunOnce & Machine\RunOnce Malwarebytes' Anti-Malware (non attivo) Malwarebytes Corporation : Malwarebytes' Anti-Malware
Synaptics TouchPad Enhancements 1% 716 4,6 MB 0:01 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Area di notifica 14.05.14 all'avvio di Windows, Registry: Machine\Run & Machine\Run Touchpad driver helper window, Dispositivo di puntamento Synaptics Synaptics, Inc. : Synaptics Pointing Device Driver
HD Audio Control Panel 1% 1464 5,4 MB C:\Windows\RtHDVCpl.exe Area di notifica 14.05.14 all'avvio di Windows, Registry: Machine\Run & Machine\Run GDI+ Window, Gestione Audio Realtek HD Realtek Semiconductor : HD Audio Control Panel
10526001.sys 0% Driver durante l'avvio del sistema -
10526002.sys 0% Driver durante il boot -
14653201.sys 0% Driver durante l'avvio del sistema -
14653202.sys 0% Driver durante il boot -
73996561.sys 0% Driver durante l'avvio del sistema -
73996562.sys 0% Driver durante il boot -
avfwot.sys 0% Driver durante l'avvio del sistema dopo TCPIP dopo TCPIP -
avgio.sys 0% Driver durante l'avvio del sistema dopo FltMgr dopo FltMgr -
avgntflt.sys 0% Driver durante la partenza del sistema dopo FltMgr dopo FltMgr -
avipbb.sys 0% Driver durante l'avvio del sistema -
pxkbf.sys 0% Driver manuale -
pxrts.sys 0% Driver durante la partenza del sistema dopo FltMgr dopo FltMgr -
pxscan.sys 0% Driver durante il boot -
1465320.sys 0% Driver durante l'avvio del sistema dopo FltMgr dopo FltMgr -
7399656.sys 0% Driver durante l'avvio del sistema dopo FltMgr dopo FltMgr -
ssmdrv.sys 0% Driver durante l'avvio del sistema -
10526001.sys 0% Driver durante l'avvio del sistema -
10526002.sys 0% Driver durante il boot -
14653201.sys 0% Driver durante l'avvio del sistema -
14653202.sys 0% Driver durante il boot -
73996561.sys 0% Driver durante l'avvio del sistema -
73996562.sys 0% Driver durante il boot -
avfwot.sys 0% Driver durante l'avvio del sistema dopo TCPIP -
avgio.sys 0% Driver durante l'avvio del sistema dopo FltMgr -
avgntflt.sys 0% Driver durante la partenza del sistema dopo FltMgr -
avipbb.sys 0% Driver durante l'avvio del sistema -
pxkbf.sys 0% Driver manuale -
pxrts.sys 0% Driver durante la partenza del sistema dopo FltMgr -
pxscan.sys 0% Driver durante il boot -
1465320.sys 0% Driver durante l'avvio del sistema dopo FltMgr -
7399656.sys 0% Driver durante l'avvio del sistema dopo FltMgr -
ssmdrv.sys 0% Driver durante l'avvio del sistema -
hpqcxs08.dll 0% Servizio manuale da svchost.exe Hewlett-Packard Co. : HP Digital Imaging
TrayApp 0% C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Programma all'avvio di Windows, Registry: Machine\Common Startup & Machine\Common Startup HP Digital Imaging Monitor (non attivo) Hewlett Packard : hp digital imaging - hp all-in-one series
Security Task Manager 0% 1652 15,7 MB 0:27 C:\Program Files\Security Task Manager\TaskMan.exe Programma 18.45.33 da Esplora risorse da Esplora risorse Security Task Manager A. & M. Neuber Software : Security Task Manager
Esplora risorse 0% 452 53,6 MB 2:24 C:\Windows\explorer.exe Programma 14.05.09 Program Manager, Rimozione sicura dell'hardware Microsoft Corporation : Sistema operativo Microsoft® Windows®
Internet Explorer 0% 632 18,3 MB 0:04 C:\Program Files\Internet Explorer\iexplore.exe Programma 18.44.28 da Esplora risorse da Esplora risorse Google - Windows Internet Explorer Microsoft Corporation : Windows® Internet Explorer

Grazie

da **crazy.cat** » mer mag 26, 2010 7:14 pm

Cerca questo file usrreq.exe nel pc e fallo analizzare sul sito www.virustotal.com.

da **Klod** » gio mag 27, 2010 3:03 pm

Fatto ora?

da **Klod** » gio mag 27, 2010 3:25 pm

Sempre curiosando su internet ho letto che l'MBR rootkit si può annidare nella cartella drivers tramite il nome di atapi.sys e ACPI.sys che io ho entrambi... come si fa a toglierlo? Manualmente o attraverso qualche antivirus? Premetto che prevx, il quale dicano sia indicato in questi casi, l'avevo già scaricato a suo tempo e non aveva rilevato niente...
Aspetto il parere di voi esperti.. grazie ancora

da **Klod** » sab mag 29, 2010 10:42 am

Salve... dato che non ho avuto più risposte ho cercato un modo manuale di togliere il rootkit in vari siti, e ho letto questa guida:
http://www.viritpro.info/articoli/rootkit_d-e.htm
Dato che non è per vista volevo sapere se si può fare lo stesso procedimento anche con sistema operativo diverso e se si, come, dato che nella guida fa riferimento solo alla key 4 di windows me e alla key 17 di windows
Grazie mille

da **Pct** » sab mag 29, 2010 1:28 pm

Klod ha scritto:Salve... dato che non ho avuto più risposte ho cercato un modo manuale di togliere il rootkit in vari siti, e ho letto questa guida:
http://www.viritpro.info/articoli/rootkit_d-e.htm
Dato che non è per vista volevo sapere se si può fare lo stesso procedimento anche con sistema operativo diverso e se si, come, dato che nella guida fa riferimento solo alla key 4 di windows me e alla key 17 di windows
Grazie mille

Premettendo che non sono un espertone.. non saprei rispondere alla tua domanda; comunque non penso che quella procedura possa funzionare completamente, poichè, se si tratta di gromozon, si può supporre sia una nuova variante vista l'inefficacia di tutti i programmi che hai provato fino ad ora... e quella guida è riferita a quella vecchia.

A questo punto posso provare a suggerirti qualche altro programma, sperando che funzioni e che il virus te li lasci installare, e funzionare correttamente (il fatto che gli altri non abbiano rilevato niente mi fa pensare che il virus non li faccia lavorare correttamente)..comunque, prova con :

Hitman pro : http://files.surfright.nl/HitmanPro35.exe

Scaricalo, installalo, eseguilo e rimuovi tutto ciò che rileva attivando la versione di prova : ricordati che Devi scansionare con una connesione internet attiva

Kaspersky virus removal tool : http://devbuilds.kaspersky-labs.com/dev ... _15-30.exe

Scaricalo, installalo,eseguilo elimina tutto ciò che rileva.

Riguardo il file usrreq.exe ; scansionalo su virustotal ok, e posta il risultato qua sul forum [:)]

.

Invialo anche a Threatexpert qua : http://www.threatexpert.com/submit.aspx utilizzando il mio indirizzo e-mail (questo qua : gigieilly5@hotmail.it)

Se non funziona si prova con qualcos'altro. Intanto prova questi programmi, spero possano tornarti utili.

da **Klod** » sab mag 29, 2010 3:22 pm

Grazie mille per il tuo aiuto....quando qualcuno mi rispond enon mi pare vero... [std]

Farò quello che mi dici, intanto ti segnalo che virit e malware bites mi hanno trovato una variante da trojan win32 out name chiamata stk.ds nella cartella driverstore in cui ho provato a fare questa procedura:

Selezionare il file con il tasto destro e clickare su PROPRIETA', qui' selezionare su PROTEZIONE.
Adesso clickare su AVANZATE e dopo su PROPRIETARIO, quì selezionare account di ADMINISTRATORS
e fare OK (o applica) e dopo ancora OK fino ad uscire dalle PROPRIETA'.
Adesso rientrare su PROPRIETA', PROTEZIONE e dopo su AVANZATE, clickare su AGGIUNGI da AUTORIZZAZIONI
e aggiungere l'account di ADMINISTRATOR, dopo selezionare da CONSENTI "CONTROLLO COMPLETO"
e fare OK per uscire.
Adesso clickare su PROPRIETA' del file e togliere i flags di "SOLO LETTURA" e NASCOSTO.
Ora potete cancellare il file.

Solo che mi dice che il controllo completo è del System e non riesco a cambiarlo... comunque farò come mi dici...
[grazie]

www.MegaLab.it

aiuto log!

aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Re: aiuto log!

Chi c’è in linea