www.MegaLab.it

da **CRYPAX** » gio ago 26, 2010 7:08 pm

SALVE A TT
RISCONTRAVO QLC RALLENTAMENTO AL PC, COSI' HO FATTO UNA SCANSIONE con AVIRA >risultato pulito
PER SICUREZZA NE FACCIO UNA CON CONBOFIX, RISULTATO [acc2]

ComboFix 10-08-25.01 - user 26/08/2010 19:40:00.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3067.2394 [GMT 2:00]
Eseguito da: c:\users\user\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sqlite3.dll
c:\windows\system32\vbzlib1.dll

c:\windows\system32\wininit.exe . . . è infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2010-07-26 al 2010-08-26 )))))))))))))))))))))))))))))))))))
.

2010-08-26 17:46 . 2010-08-26 17:46 -------- d-----w- c:\users\user\AppData\Local\temp
2010-08-26 17:46 . 2010-08-26 17:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-26 17:46 . 2010-08-26 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-26 17:35 . 2010-08-26 17:36 -------- d-----w- C:\32788R22FWJFW
2010-08-25 23:18 . 2010-08-26 10:48 -------- d-----w- c:\users\user\AppData\Local\MotionDSP
2010-08-25 23:18 . 2010-08-26 10:48 -------- d-----w- c:\users\user\AppData\Roaming\MotionDSP
2010-08-25 06:52 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 09:09 . 2010-08-24 09:21 -------- d-----w- c:\users\user\AppData\Roaming\mIRC
2010-08-23 16:23 . 2010-08-23 16:35 -------- d-----w- c:\programdata\Fighters
2010-08-23 16:21 . 2010-08-23 16:23 -------- d-----w- c:\users\user\AppData\Roaming\Fighters
2010-08-23 16:21 . 2010-08-23 16:21 -------- d-----w- c:\users\user\AppData\Local\PackageAware
2010-08-23 16:12 . 2010-08-23 16:12 -------- d-----w- c:\program files\rpatib
2010-08-23 16:12 . 2007-05-21 12:19 37888 ----a-w- c:\windows\system32\quizman.dll
2010-08-23 16:12 . 2007-05-21 12:19 19968 ----a-w- c:\windows\system32\myapi.dll
2010-08-23 16:12 . 2007-05-21 12:19 10752 ----a-w- c:\windows\system32\quizman2.dll
2010-08-23 16:12 . 2007-05-21 12:19 6144 ----a-w- c:\windows\system32\conv.dll
2010-08-23 16:12 . 2007-05-21 12:18 7680 ----a-w- c:\windows\system32\utfdecode.dll
2010-08-23 16:12 . 2007-05-21 12:16 32768 ----a-w- c:\windows\system32\pbsqlite3.dll
2010-08-23 10:21 . 2010-08-24 15:50 63488 ----a-w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-23 10:21 . 2010-08-23 10:21 52224 ----a-w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-23 10:21 . 2010-08-24 15:50 117760 ----a-w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-23 10:19 . 2010-08-23 10:19 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2010-08-23 10:19 . 2010-08-23 10:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-23 10:19 . 2010-08-23 10:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-20 09:55 . 2010-08-20 09:55 -------- d-----w- c:\program files\Rockstar Games
2010-08-20 09:55 . 2003-05-23 11:28 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-08-12 07:39 . 2010-08-12 07:39 77312 ----a-w- C:\mbr.exe
2010-08-09 18:18 . 2010-08-09 18:18 -------- d-----w- c:\users\user\AppData\Roaming\Avira
2010-08-09 18:10 . 2010-03-01 08:04 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-09 18:10 . 2010-02-18 08:51 102856 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-08-09 18:10 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-09 18:10 . 2010-02-15 13:23 79432 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-08-09 18:10 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-09 18:10 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-09 18:10 . 2010-08-09 18:10 -------- d-----w- c:\programdata\Avira
2010-08-09 18:01 . 2010-08-09 18:01 -------- d-----w- c:\program files\Avira
2010-08-08 16:46 . 2010-08-08 16:46 -------- d-----w- c:\programdata\Alwil Software
2010-08-08 16:46 . 2010-08-08 16:46 -------- d-----w- c:\program files\Alwil Software
2010-08-08 15:48 . 2010-08-08 16:31 -------- d-----w- c:\programdata\G DATA
2010-08-08 15:48 . 2010-08-08 16:30 -------- d-----w- c:\program files\G Data
2010-08-08 15:17 . 2010-08-08 15:17 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-08-06 14:02 . 2010-08-06 14:02 -------- d-----w- C:\BraCa Soft
2010-07-31 10:44 . 2010-07-31 10:44 133440 ----a-w- c:\windows\system32\LnkProtect.dll
2010-07-28 10:22 . 2010-08-26 10:47 -------- d-----w- c:\program files\Minilyrics
2010-07-28 09:21 . 2010-07-28 09:21 -------- d-----w- c:\users\user\AppData\Local\Safe mirror
2010-07-27 20:51 . 2010-07-27 20:52 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-27 20:20 . 2010-07-27 20:30 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-07-27 18:38 . 2010-07-27 18:38 -------- d-----w- c:\users\user\AppData\Roaming\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 17:34 . 2010-04-02 20:24 -------- d-----w- c:\users\user\AppData\Roaming\BitTorrent
2010-08-26 16:52 . 2010-04-06 08:37 -------- d-----w- c:\users\user\AppData\Roaming\vlc
2010-08-24 09:22 . 2010-07-04 17:42 -------- d-----w- c:\program files\Google
2010-08-22 13:25 . 2010-02-17 19:48 701426 ----a-w- c:\windows\system32\perfh010.dat
2010-08-22 13:25 . 2010-02-17 19:48 128740 ----a-w- c:\windows\system32\perfc010.dat
2010-08-22 10:12 . 2010-04-02 20:14 -------- d-----w- c:\program files\Songr
2010-08-20 09:55 . 2010-04-02 15:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 09:55 . 2010-04-24 07:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-12 05:25 . 2010-04-02 08:33 -------- d-----w- c:\programdata\Microsoft Help
2010-08-08 16:30 . 2010-04-03 21:26 -------- d-----w- c:\program files\Common Files\G DATA
2010-08-08 15:53 . 2010-04-03 21:45 29992 ----a-w- c:\windows\system32\drivers\GRD.sys
2010-08-08 15:49 . 2010-04-03 21:27 40904 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2010-08-07 12:58 . 2010-07-26 15:26 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-31 10:50 . 2010-07-26 15:43 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-07-29 06:30 . 2010-08-12 04:37 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 04:37 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 09:56 . 2010-04-02 20:33 -------- d-----w- c:\users\user\AppData\Roaming\Winamp
2010-07-27 20:52 . 2010-04-24 07:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-27 20:30 . 2010-04-02 15:29 -------- d-----w- c:\program files\Acer
2010-07-25 17:17 . 2010-07-25 17:17 -------- d-----w- c:\program files\IObit
2010-07-23 10:38 . 2010-04-02 20:33 -------- d-----w- c:\program files\Winamp
2010-07-23 10:38 . 2010-07-23 10:38 -------- d-----w- c:\program files\Winamp Detect
2010-07-20 15:42 . 2010-07-20 15:42 68256 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\Italian\setup.exe
2010-07-19 07:31 . 2010-07-19 07:31 -------- d-----w- c:\program files\Conduit
2010-07-19 07:31 . 2010-04-02 20:03 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-13 16:23 . 2010-07-13 16:21 -------- d-----w- c:\users\user\AppData\Roaming\QuickScan
2010-07-10 17:22 . 2010-07-10 17:22 -------- d-----w- c:\program files\ESET
2010-07-10 11:49 . 2010-07-10 11:49 10134 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-07-10 11:49 . 2010-07-10 11:49 -------- d-----w- c:\program files\Microsoft WSE
2010-07-10 11:37 . 2010-07-10 11:37 -------- d-----w- c:\program files\Electronic Arts
2010-07-04 13:55 . 2010-07-04 13:55 -------- d-----w- c:\program files\VS Revo Group
2010-07-04 10:08 . 2010-04-03 21:28 61512 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2010-07-04 10:08 . 2010-04-03 21:28 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2010-06-30 06:25 . 2010-08-12 04:37 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-12 04:37 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 04:37 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 04:37 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-12 04:37 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 04:37 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 04:37 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 04:37 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-12 04:37 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-12 04:37 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-08 06:02 . 2010-08-12 04:37 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 136176]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-27 691696]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-02-18 102856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-04-25 95024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-04-01 536232]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-02-15 79432]
S3 k57nd60x;Gigabit Ethernet Broadcom NetXtreme - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Contenuto della cartella 'Scheduled Tasks'

2010-08-26 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-07-25 13:10]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: 0716E646F627F6 = 8.8.8.8,4.4.4.4
TCP: 4505D2C494E4B4F5346464438303 = 8.8.8.8,4.4.4.4
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.co ... 1.71.0.cab
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Messenger Plus Live Italy Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/firefox?client=fir ... t:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2567691&q=
FF - component: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\extensions\{08d495ab-a86c-47b0-82ef-da87bf92f730}\components\FFExternalAlert.dll
FF - component: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\extensions\{08d495ab-a86c-47b0-82ef-da87bf92f730}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\Java\jre6\bin\npjpi160_20.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\user\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(2376)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Ora fine scansione: 2010-08-26 19:53:00 - Il pc è stato riavviato

ORA MI POTRESTE SPIEGARE CHE TIPO DI FILE ERANO?
SONO ANDATO IN SYSTEM32 E WININIT E' ANCORA LA'
SOLAMENTE CHE L'HO ANALIZZATO CON VIRUS TOTAL ED E' TT OK

MI DATE UNA MANO
[grazie]

da **The Doctor** » gio ago 26, 2010 10:31 pm

Ciao CRY >< PAX. In attesa che qualcuno esperto in combofix ti dia una mano voglio darti un paio di suggerimenti per quanto riguarda la scrittura nei forum (non solo di questo). Come prima cosa scrivere in maiuscolo su internet equivale ad urlare, quindi bisogna fare attenzione a scrivere sempre in minuscolo. Poi, come da regolamento, evita di scrivere parole abbreviate in stile sms. La lettura del messaggio risulta più chiara e poi qui hai tutto lo spazio che ti serve [;)]

da **CRYPAX** » ven ago 27, 2010 8:46 am

ciao The doctor
non era mia intenzione creare "disordine" sul forum [:-H]

attendo vostre risposte [;)]

da **The Doctor** » ven ago 27, 2010 8:51 am

CRY >< PAX ha scritto:ciao The doctor
non era mia intenzione creare "disordine" sul forum

attendo vostre risposte

Nessun problema [^]

da **crazy.cat** » ven ago 27, 2010 9:46 am

Questa dovrebbe appartenere a Sql (quindi dovrebbe essere una falsa rilevazione)
c:\windows\system32\sqlite3.dll

Questa non è chiaro cosa sia, nessuno dice che è cattiva, ma nessuno spiega a cosa appartenga.
c:\windows\system32\vbzlib1.dll

Qui ha sbagliato di brutto, anche Pct nella discussione sotto la tua ha avuto la stessa rilevazione falsa.
c:\windows\system32\wininit.exe . . . è infetto!!

da **CRYPAX** » ven ago 27, 2010 10:06 am

Qui ha sbagliato di brutto, anche Pct nella discussione sotto la tua ha avuto la stessa rilevazione falsa.
c:\windows\system32\wininit.exe . . . è infetto!!

quindi cosa dovrei fare??
è un falso positivo
perché nel task manager cè wininit.exe [uhm]

da **crazy.cat** » ven ago 27, 2010 10:13 am

CRY >< PAX ha scritto:quindi cosa dovrei fare??

Niente.
Se virustotal ti ha detto che è ok, ha sbagliato combofix.

da **CRYPAX** » ven ago 27, 2010 10:18 am

crazy.cat ha scritto :
Niente.
Se virustotal ti ha detto che è ok, ha sbagliato combofix.

ok
non so proprio come ringraziarti [applauso+]

sei sempre molto utile e disponibile [;)]

da **satonet** » mar ago 31, 2010 7:31 am

Scusatemi ma vorrei una informazione oggi Avast all'avvio mi ha segnalato un virus sysrda32.exe poi lo ha
messo nel cestino dei virus.
Cosa pensate che sia?
Grazie
Sandro

da **Berga95** » ven set 03, 2010 3:35 pm

L'hai detto te: un virus [std]

Metti un log di HijackThis, mettendolo dentro il tag LOG [:)]

da **satonet** » sab set 04, 2010 11:02 am

Scusate ma mi sono espresso male Avast lo ha rilevato come " rootkit " e lo ha messo nel cestino dei virus.
Poi io ho fatto una scansione con un anti rootkit e non ho trovato nulla volevo sapere se lo conoscete o Avast lo ha eliminato
definitivamente.
Il computer non mi dà nessun tipo di problema con S.O w.7.
Grazie ancora.
Sandro

da **satonet** » sab set 04, 2010 11:10 am

Vi allego il file di HijackThis.
Ciao Sandro

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:36, on 04/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\AsScrPro.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\ASUS\LivCam\LivCam.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Auslogics\Aslogics BoostSpeed\BoostSpeed.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ArcIEVideoUp - {4E18E9A4-95B3-4F8B-AE3B-AB7478DE92EE} - C:\PROGRA~1\ArcSoft\TOTALM~1\codec\ArcIEVideoUp.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\windows\AsScrPro.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LivCam] "C:\Program Files\ASUS\LivCam\LivCam.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DTRun] C:\Program Files\ArcSoft\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed] C:\Program Files\Auslogics\Aslogics BoostSpeed\boostspeed.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Program Files\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB8F466-0859-4560-B33B-79A5E777ADFA}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7931 bytes

da **Berga95** » sab set 04, 2010 12:30 pm

Intanto fixa queste:

Codice: Seleziona tutto: R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

Poi dovresti cancellare C:\Program Files\Search Settings\ che, a quanto pare, sembra un malware... ne sai qualcosa?
[ciao]

da **satonet** » mar set 07, 2010 7:21 am

Grazie dei suggerimenti,ho levato questi programmi,tutto ok.
Ciao Sandro

www.MegaLab.it

VIRUS O NO ???

VIRUS O NO ???

Re: VIRUS O NO ???

Re: VIRUS O NO ???

Re: VIRUS O NO ???

Re: VIRUS O NO ???

Re: VIRUS O NO ???

Re: VIRUS O NO ???

Re: VIRUS O NO ???

Re: VIRUS O NO ???

Re: VIRUS O NO ???

Re: VIRUS O NO ???

Re: VIRUS O NO ???

Re: VIRUS O NO ???

Re: VIRUS O NO ???

Chi c’è in linea