www.MegaLab.it

[CRYPAX]

mi appare all'avvio del pc e mentre salvavo un log di hijackthis
ma cosa significa ??
per le risposte

[crazy.cat]

Che potresti avere dei problemi...
Autorun.inf in radice di un disco è sintomo di guai.
Fai la scansione con combofix e posta il log.

[CRYPAX]

Ecco qui

ComboFix 10-11-20.03 - user 20/11/2010 20:35:36.9.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3067.2513 [GMT 1:00]
Eseguito da: c:\users\user\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2010-10-20 al 2010-11-20 )))))))))))))))))))))))))))))))))))
.

2010-11-20 19:40 . 2010-11-20 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-20 14:32 . 2010-11-20 14:32 -------- d-----w- c:\program files\Electronic Arts
2010-11-20 14:26 . 2010-11-20 14:26 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-11-20 14:25 . 2010-11-20 14:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-20 14:24 . 2010-11-20 14:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-11-19 15:25 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2AED735-5562-4DD1-A117-A92801D04F61}\mpengine.dll
2010-11-13 07:53 . 2010-11-13 07:53 -------- d-----w- c:\users\user\AppData\Roaming\Avira
2010-11-13 07:48 . 2010-09-01 13:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 07:48 . 2010-09-01 13:30 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-13 07:48 . 2010-11-13 07:48 -------- d-----w- c:\program files\Avira
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-12 16:53 . 2010-11-12 16:55 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-11-12 16:51 . 2010-11-12 16:53 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-11-01 10:23 . 2010-11-01 10:23 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-30 18:30 . 2010-11-20 19:40 -------- d-----w- c:\users\user\AppData\Local\temp
2010-10-30 11:53 . 2010-10-30 11:53 -------- d-----w- c:\users\user\AppData\Local\COMODO
2010-10-29 12:29 . 2010-11-10 15:14 -------- d-----w- C:\VritualRoot
2010-10-29 12:28 . 2010-10-31 10:20 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-10-29 12:27 . 2010-10-29 12:27 -------- d-----w- c:\program files\COMODO
2010-10-29 12:26 . 2010-10-29 12:29 -------- d-----w- c:\programdata\Comodo
2010-10-27 18:20 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 18:20 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 18:20 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 18:20 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 18:19 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 17:04 . 2010-07-26 15:26 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-11 11:20 . 2010-09-24 11:33 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-10-19 09:41 . 2010-04-02 08:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-24 15:58 . 2010-09-24 11:33 88 --sh--r- c:\programdata\649ADD1AA6.sys
2010-09-10 21:41 . 2010-09-10 21:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 21:40 . 2010-09-10 21:40 78504 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 21:40 . 2010-09-10 21:40 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 21:40 . 2010-09-10 21:40 236088 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 21:40 . 2010-09-10 21:40 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-08 04:30 . 2010-10-13 08:28 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 08:28 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 08:28 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 08:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-13 08:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 08:19 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-13 08:29 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-13 08:29 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-29 12:26 . 2010-04-18 07:38 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-27 05:46 . 2010-10-13 08:19 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-13 08:19 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-13 08:19 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-13 08:19 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-26 04:39 . 2010-10-13 08:28 109056 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-26 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-20 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-09-10 236088]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-09-01 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-09-01 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-09-01 403624]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-09-10 30112]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-04-25 95024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 k57nd60x;Gigabit Ethernet Broadcom NetXtreme - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Contenuto della cartella 'Scheduled Tasks'

2010-11-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-10-03 08:32]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {BD13099B-9730-4B39-B747-8726F1F187B3} = 8.8.8.8,8.8.4.4
TCP: 0716E646F627F6 = 8.8.8.8,4.4.4.4
TCP: 4505D2C494E4B4F5346464438303 = 8.8.8.8,4.4.4.4
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.co ... 1.71.0.cab
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\user\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2010-11-20 20:42:19
ComboFix-quarantined-files.txt 2010-11-20 19:42
ComboFix2.txt 2010-11-12 17:08
ComboFix3.txt 2010-10-30 18:30
ComboFix4.txt 2010-08-26 19:30
ComboFix5.txt 2010-11-20 19:29

Pre-Run: 154.172.223.488 byte disponibili
Post-Run: 153.859.903.488 byte disponibili

- - End Of File - - 454FC6CB708FB662023ED4C49583274B

[CRYPAX]

raga ho risolto
non era la prima volta che capitava
se non ricordo male avevo postato lo stesso problema

per informazione il problema era nella configurazione di avira

scusate ancora