Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Bootkit? Help

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Bootkit? Help

Messaggioda [S] » mar apr 19, 2011 11:58 pm

Salve a tutti, da giorni ho problemi con il mio pc, Windows XP SP3 - 32Bit, ho fatto delle scansioni con vari tool che ho letto qui su MegaLab. Ogni volta che faccio una scansione con combofix, mi rileva un bootkit (che dovrebbe generarsi ad ogni riavvio, credo), questa è l'errore che compare sempre:

\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

Questa è il log di Combofix:

ComboFix 11-04-19.01 - Administrator 19.04.2011 23:29:56.10.2 - x86
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmi\Downloaded Installers
c:\programmi\Downloaded Installers\{4613F39B-AE3E-42D8-840E-190945136EA6}\setup.msi
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Creati Da 2011-03-19 al 2011-04-19 )))))))))))))))))))))))))))))))))))
.
.
2011-04-19 12:47 . 2011-04-19 12:47 53248 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-19 12:46 . 2011-04-19 12:46 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Logishrd
2011-04-19 12:43 . 2011-04-19 12:45 -------- d-----w- c:\programmi\Logitech
2011-04-19 12:39 . 2011-04-19 12:46 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Logitech
2011-04-19 12:36 . 2006-02-06 13:54 24064 ----a-r- c:\windows\system32\PostProc.dll
2011-04-19 12:36 . 2001-09-19 11:47 765952 ----a-r- c:\windows\system\crlds3d.dll
2011-04-19 12:36 . 2006-04-27 04:42 93824 ----a-r- c:\windows\system32\drivers\aeaudio.sys
2011-04-19 12:36 . 2006-03-17 16:18 392960 ----a-r- c:\windows\system32\drivers\senfilt.sys
2011-04-19 12:36 . 2006-06-27 11:43 245760 ----a-r- c:\windows\system32\drivers\ADIHdAud.sys
2011-04-18 18:33 . 2011-04-18 18:33 -------- d-----w- c:\documents and settings\UpdatusUser
2011-04-18 18:33 . 2011-04-18 18:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA
2011-04-18 18:14 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-18 18:14 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-18 18:14 . 2011-04-08 05:14 4111232 ----a-w- c:\windows\system32\SET327.tmp
2011-04-18 18:14 . 2011-04-08 05:14 2027008 ----a-w- c:\windows\system32\SET32B.tmp
2011-04-18 11:35 . 2011-04-18 11:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\NVIDIA
2011-04-18 11:28 . 2011-04-18 11:28 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ArcSoft
2011-04-18 11:28 . 2011-04-18 11:37 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\ArcSoft
2011-04-18 11:24 . 2011-04-18 13:53 -------- d-----w- c:\programmi\ArcSoft
2011-04-18 11:24 . 2011-04-18 13:50 -------- d-----w- c:\programmi\File comuni\ArcSoft
2011-04-18 11:23 . 2011-04-18 11:47 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ArcSoft
2011-04-16 17:35 . 2011-04-16 17:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Elephant Games
2011-04-16 17:35 . 2011-04-16 17:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Elephant Games
2011-04-14 23:21 . 2011-04-14 23:21 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SunRay Games
2011-04-13 20:42 . 2011-04-13 20:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2011-04-13 20:41 . 2011-04-13 20:41 -------- d-----w- c:\programmi\Yuna Software
2011-04-13 20:34 . 2011-04-13 20:34 -------- d-----w- c:\programmi\Secway
2011-04-13 20:24 . 2011-04-13 20:24 -------- d-----w- c:\programmi\Microsoft
2011-04-13 20:24 . 2011-04-13 20:24 -------- d-----w- c:\programmi\Windows Live
2011-04-13 16:52 . 2011-04-19 15:00 -------- d-----w- c:\documents and settings\Administrator\Tracing
2011-04-12 23:24 . 2011-04-12 23:24 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Axialis
2011-04-12 23:24 . 2011-04-13 00:02 -------- d-----w- c:\programmi\Axialis
2011-04-12 23:24 . 2011-04-13 00:02 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Axialis
2011-04-12 16:52 . 2011-04-12 16:52 -------- d-----w- c:\programmi\File comuni\Spigot
2011-04-11 18:10 . 2011-04-11 18:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AltrixSoft
2011-04-11 18:10 . 2011-04-11 18:12 -------- d-----w- c:\programmi\File comuni\AltrixSoft
2011-04-11 17:08 . 2011-04-11 17:10 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\RaimaRadioPro
2011-04-11 17:08 . 2011-04-11 17:09 -------- d-----w- c:\programmi\RarmaRadio
2011-04-10 02:59 . 2011-04-10 02:59 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\SlimWare Utilities Inc
2011-04-10 02:55 . 2011-04-10 02:58 -------- d-----w- c:\programmi\DriverUpdate
2011-04-09 22:54 . 2011-04-10 00:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skunk Studios
2011-04-09 20:54 . 2011-04-09 20:55 -------- d-----w- c:\programmi\MultiExtractor
2011-04-09 20:54 . 2011-04-09 20:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\MultiExtractor
2011-04-08 14:10 . 2011-04-08 14:14 -------- d-----w- c:\programmi\Chainz Galaxy
2011-04-07 09:40 . 2011-04-07 09:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Yahoo!
2011-04-06 19:33 . 2011-04-06 19:33 -------- d-----w- c:\windows\Sun
2011-04-06 15:04 . 2011-04-06 21:39 -------- d-----w- C:\Zylom Games
2011-04-06 14:10 . 2011-04-06 14:10 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\unlimited illegal v1.4 16 05476 200938-499-41
2011-04-06 13:47 . 2011-04-06 13:47 -------- d-----w- c:\programmi\File comuni\Java
2011-04-06 13:46 . 2011-04-06 13:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-03 04:26 . 2011-04-03 04:26 -------- d-----w- c:\documents and settings\Administrator\Saved Games
2011-04-03 01:28 . 2011-04-03 01:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EA Core
2011-04-03 00:58 . 2011-04-03 00:58 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Temp
2011-04-03 00:23 . 2011-04-03 00:23 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Remove_Empty_Directories
2011-04-03 00:22 . 2011-04-03 00:22 -------- d-----w- c:\windows\system32\wbem\mof
2011-04-02 23:39 . 2011-04-02 23:39 -------- d-----w- c:\programmi\Remove Empty Directories
2011-03-31 00:38 . 2011-03-31 00:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2011-03-29 15:23 . 2011-03-29 15:23 -------- d-----w- c:\programmi\Auslogics
2011-03-29 11:57 . 2011-03-29 11:57 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Megamedia
2011-03-29 11:57 . 2011-03-29 11:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Megamedia
2011-03-29 11:57 . 2011-03-29 11:57 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia
2011-03-25 18:37 . 2011-03-25 19:13 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\PC Tools Performance Toolkit
2011-03-23 21:33 . 2011-03-23 21:33 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ShinyTales
2011-03-23 21:22 . 2011-03-23 21:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MythPeople
2011-03-23 19:52 . 2011-03-23 19:52 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Anthropics
2011-03-23 19:18 . 2011-03-23 19:19 -------- d-----w- c:\programmi\Portrait Professional Studio 9
2011-03-22 21:54 . 2011-03-22 21:54 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml15E2.tmp
2011-03-22 21:54 . 2011-03-22 21:54 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml15DF.tmp
2011-03-22 21:54 . 2011-03-22 21:54 14177 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml15DD.tmp
2011-03-22 21:54 . 2011-03-22 21:54 8114 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml15DB.tmp
2011-03-22 21:41 . 2011-03-22 21:41 -------- d-----w- c:\programmi\SiSoftware
2011-03-21 14:38 . 2011-03-21 14:38 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-03-21 14:30 . 2011-03-21 14:30 -------- d-----w- c:\windows\system32\xlive
2011-03-21 14:30 . 2011-03-21 14:32 -------- d-----w- c:\programmi\Microsoft Games for Windows - LIVE
2011-03-21 00:19 . 2011-03-21 00:20 -------- d-----w- c:\programmi\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 13:46 . 2010-05-11 14:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-06 13:13 . 2011-02-11 19:03 557328 ----a-w- c:\windows\system32\DAO360.DLL
2011-04-02 14:01 . 2009-12-09 06:24 5302 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-24 21:24 . 2009-04-23 20:08 29480 ------w- c:\windows\system32\msxml3a.dll
2011-03-24 21:24 . 2003-02-21 03:42 353576 ------w- c:\windows\system32\msvcr71.dll
2011-03-24 21:24 . 2003-03-18 19:14 505128 ------w- c:\windows\system32\msvcp71.dll
2011-03-15 10:08 . 2011-03-15 10:08 0 ------w- c:\windows\system32\REN4D92.tmp
2011-03-10 19:00 . 2011-03-11 04:08 835480 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-03-10 19:00 . 2011-03-11 04:08 938904 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-03-10 19:00 . 2010-04-04 14:19 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-10 19:00 . 2010-04-04 14:19 2252904 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-03-10 19:00 . 2009-03-27 08:03 4984832 ----a-w- c:\windows\system32\nvcuda.dll
2011-03-10 19:00 . 2009-03-27 08:03 2918504 ----a-w- c:\windows\system32\nvcuvid.dll
2011-03-10 19:00 . 2009-03-27 08:03 14675968 ----a-w- c:\windows\system32\nvoglnt.dll
2011-03-10 19:00 . 2010-04-04 14:19 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-03-10 19:00 . 2009-03-27 08:03 9925408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-03-10 19:00 . 2009-03-27 08:03 6407808 ----a-w- c:\windows\system32\nv4_disp.dll
2011-03-10 19:00 . 2009-03-27 08:03 1974272 ----a-w- c:\windows\system32\nvapi.dll
2011-03-08 11:26 . 2011-03-08 11:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-03-08 11:26 . 2011-03-08 11:26 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-03-08 11:26 . 2011-03-08 11:26 13881448 ----a-w- c:\windows\system32\nvcpl.dll
2011-03-08 11:26 . 2011-03-08 11:26 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-03-08 11:26 . 2011-03-08 11:26 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-03-08 11:26 . 2011-03-08 11:26 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-03-08 11:26 . 2011-03-08 11:26 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-03-08 11:26 . 2011-03-08 11:26 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-03-08 11:26 . 2011-03-08 11:26 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-03-08 11:26 . 2011-03-08 11:26 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-03-08 11:26 . 2011-03-08 11:26 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-03-08 11:26 . 2011-03-08 11:26 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-03-08 11:26 . 2011-03-08 11:26 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-03-08 11:26 . 2011-03-08 11:26 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-03-08 11:26 . 2011-03-08 11:26 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-03-08 11:26 . 2011-03-08 11:26 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-03-08 11:26 . 2011-03-08 11:26 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-03-08 11:26 . 2011-03-08 11:26 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-03-08 11:26 . 2011-03-08 11:26 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-03-08 11:26 . 2011-03-08 11:26 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-03-08 11:26 . 2011-03-08 11:26 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-03-08 11:26 . 2011-03-08 11:26 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-03-08 11:26 . 2011-03-08 11:26 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-03-08 11:26 . 2011-03-08 11:26 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-03-08 11:26 . 2011-03-08 11:26 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-03-08 11:26 . 2011-03-08 11:26 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-03-08 11:26 . 2011-03-08 11:26 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-02-22 06:38 . 2011-02-22 06:38 86016 ------w- c:\windows\system32\frapsvid.dll
2011-02-06 10:40 . 2011-02-06 10:40 93696 ------w- c:\windows\system32\EP1KSSP.DLL
2011-02-06 10:40 . 2011-02-06 10:40 178176 ------w- c:\windows\system32\ep1k_certd.exe
2011-02-06 10:40 . 2011-02-06 10:40 12288 ------w- c:\windows\system32\ep1ksrv.exe
2011-02-06 10:40 . 2011-02-06 10:40 446464 ------w- c:\windows\system32\EP1CSP32.DAT
2011-02-06 10:40 . 2011-02-06 10:40 24064 ------w- c:\windows\system32\JEPSAI20.DLL
2011-02-06 10:40 . 2011-02-06 10:40 180224 ------w- c:\windows\system32\EP1CSP32.DLL
2011-02-06 10:40 . 2011-02-06 10:40 165888 ------w- c:\windows\system32\EP1PK111.DLL
2011-02-06 10:40 . 2011-02-06 10:40 95232 ------w- c:\windows\system32\EP1KDL20.DLL
2011-02-06 10:40 . 2011-02-06 10:40 81920 ------w- c:\windows\system32\EPSMODU.DLL
2011-02-06 10:40 . 2011-02-06 10:40 81920 ------w- c:\windows\system32\EPASMOD.DLL
2011-02-06 10:40 . 2011-02-06 10:40 69632 ------w- c:\windows\system32\EPSMODUE.DLL
2011-02-06 10:40 . 2011-02-06 10:40 53248 ------w- c:\windows\system32\EPASSMDFULL.DLL
2011-02-06 10:40 . 2011-02-06 10:40 45056 ------w- c:\windows\system32\EPASSMD.DLL
2011-02-06 10:40 . 2011-02-06 10:40 4608 ------w- c:\windows\system32\ft1kco.dll
2011-02-06 10:40 . 2011-02-06 10:40 22272 ------w- c:\windows\system32\drivers\eps1k.sys
2011-02-06 10:40 . 2011-02-06 10:40 9856 ------w- c:\windows\system32\drivers\usbic1k.SYS
2011-02-06 10:40 . 2011-02-06 10:40 8832 ------w- c:\windows\system32\drivers\IC1KENUM.SYS
2010-02-18 23:28 . 2010-02-18 23:28 774144 ----a-w- c:\programmi\RngInterstitial.dll
.
.
------- Sigcheck -------
.
[7] 2008-04-14 12:00 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\SevenMizer\old\comres.dll
[-] 2008-04-14 12:00 . 0FF0C3264283FDEDDAA6A9DE51341A3D . 1444352 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\SevenMizer\old\comctl32.dll
[-] 2008-04-14 . 899C00F3EE822D7871F5948A1E088DC2 . 770560 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[7] 2010-05-04 . 77968988F8D07572499D9181B47E2B12 . 3603456 . . [7.00.6000.21264] . . c:\windows\SevenMizer\old\mshtml.dll
[-] 2010-05-04 . E8783F7945F7CEC61F23FEA9524AB77C . 3828224 . . [7.00.6000.21264] . . c:\windows\system32\mshtml.dll
[-] 2010-05-04 . E8783F7945F7CEC61F23FEA9524AB77C . 3828224 . . [7.00.6000.21264] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-03-11 . 42CCADED3A3430D0A96C3C2077DA79B4 . 3602944 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
[7] 2010-01-05 . 8B2AB0803BBCBA6B14B78A6208E30C56 . 3602944 . . [7.00.6000.21183] . . c:\windows\ERDNT\cache\mshtml.dll
[7] 2010-01-05 . 8B2AB0803BBCBA6B14B78A6208E30C56 . 3602944 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
[7] 2009-10-29 . 6A23746C85468A631B25050C59C2CA14 . 3602432 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[7] 2009-10-21 . B8D6A50D6306F869C771B77FBC793FAD . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[7] 2009-10-21 . B8D6A50D6306F869C771B77FBC793FAD . 3602432 . . [7.00.6000.21142] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[7] 2009-08-29 . 68B859DDC8FF192D9FFC02229B6BE355 . 3600384 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[7] 2009-07-19 . 5E84885C93642BB82E88CD1CBC345FAF . 3600384 . . [7.00.6000.21089] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[7] 2009-04-29 . 2ECF7C62E692BBE1D7F9A72B42AECAA9 . 3598336 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[7] 2009-02-21 . 2358FF7E9C728932FC3C075935978086 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-02-21 . 2358FF7E9C728932FC3C075935978086 . 3596800 . . [7.00.6000.21015] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[7] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[7] 2008-12-13 . C352D6D2EFC11942BA84B996BAFFB182 . 3594752 . . [7.00.6000.20973] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-10-16 . 6EA04EE075C69345AB9B90C7A8740A04 . 3595264 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-06-23 . 8E52FEC7D214C3B62871F8637F204114 . 3594240 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-01-16 . 872E162F24BD5AF017D6F0BE1AC417EB . 3593728 . . [7.00.6000.20753] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
.
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\user32.dll
[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[7] 2010-05-04 . 4CD4DB297B3D6D83F04BE7912B946428 . 841216 . . [7.00.6000.21256] . . c:\windows\SevenMizer\old\wininet.dll
[-] 2010-05-04 . 7B6EAAB6EF34CA886737AC2D1EC21CBD . 942592 . . [7.00.6000.21256] . . c:\windows\system32\wininet.dll
[-] 2010-05-04 . 7B6EAAB6EF34CA886737AC2D1EC21CBD . 942592 . . [7.00.6000.21256] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-03-11 . 776681CB75D9DE5EF363FFDEA8D7DA97 . 841216 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
[7] 2010-01-05 . 4AA9CE48449B816084226EDAE4E309A0 . 841216 . . [7.00.6000.21183] . . c:\windows\ERDNT\cache\wininet.dll
[7] 2010-01-05 . 4AA9CE48449B816084226EDAE4E309A0 . 841216 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
[7] 2009-10-29 . 24A9BC124187E37A2BE67DFE5BB1A681 . 841216 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[7] 2009-08-29 . EFC043E6C9D34BA3B22CE51347F08D32 . 840704 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[7] 2009-06-29 . 9BA2E22993954B2C433FDC229801EEFE . 828928 . . [7.00.6000.21073] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[7] 2009-04-29 . D327397F4448DCB912E9FE78C9A94C88 . 828928 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[7] 2009-03-03 . C04C42D707CDB4129B86C4E96FA5C24B . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-03-03 . C04C42D707CDB4129B86C4E96FA5C24B . 828416 . . [7.00.6000.21020] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2008-10-16 . F303CFED3D8B8348A54F7A53DDC7CCA0 . 827904 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-06-23 . BF9D17259082632F03F3FF5759C6AE32 . 827904 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2007-12-07 . 39CCDA0E9B778792B06C1B9D794A9776 . 825344 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
.
[-] 2008-04-14 . F2F479CD6EB8DC808B5DAF2C9F3A3C8D . 1561600 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\SevenMizer\old\explorer.exe
.
[7] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\ole32.dll
[-] 2008-04-14 . 9C53CD8539F65CB380347F6689C8F188 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
.
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\ctfmon.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[7] 2008-04-14 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\hnetcfg.dll
[-] 2008-04-14 . 43A8C03A8CF9DB90958238AB694BF79D . 371200 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[7] 2010-02-16 . 32ACD29EE9D2C09BD471CDC23C31ED49 . 2070528 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-02-16 . CC0BD6DF954A759B0C36116AB34F1C85 . 2028032 . . [5.1.2600.5938] . . c:\windows\SevenMizer\old\ntkrnlpa.exe
[-] 2010-02-16 . 4004BC6E3D2EDC907563CF5A12D88C58 . 2206208 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . 4004BC6E3D2EDC907563CF5A12D88C58 . 2206208 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . EAFDE69BE3EDF234CD222712F45A00B6 . 2070656 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 7CBE0358DBB005ED0ACC76E039621B5D . 2069888 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 4DC824C3F81A65DAAD9B22D99CF2A031 . 2027520 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[7] 2009-02-09 . 844C5BC1F022E7790BA6DD2610823BE6 . 2027520 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . BC8D2FF46D42B76655F443EF1386930F . 2027520 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 . FE93732DE7D6EA191E2FF816341D6FFF . 2027520 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
.
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\SevenMizer\old\iexplore.exe
[-] 2010-04-16 . 163987977BFA1784DF8D662048FF8970 . 724248 . . [7.00.6000.21256] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\iexplore.exe
[7] 2009-12-18 . D19E56D5930C37CF211867DF450C372A . 634632 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\iexplore.exe
[7] 2009-10-28 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\iexplore.exe
[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976325-IE7\iexplore.exe
[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
.
[7] 2010-02-17 . CE3BE4BB511B6E0F81D5479F31922574 . 2193664 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-02-16 . 2A3C8C51E0D91616415720C48A3E5A66 . 2149888 . . [5.1.2600.5938] . . c:\windows\SevenMizer\old\ntoskrnl.exe
[-] 2010-02-16 . FFB8496C3A7BD92A2D5FCFC83FFB5AD9 . 2328064 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . FFB8496C3A7BD92A2D5FCFC83FFB5AD9 . 2328064 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-02-16 . 01CBC934223F6754C3CA87927D409E9E . 2193792 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 30A2AA7A19F9416EABF7D5F81616BD4D . 2193024 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . AD4454ABC73B4B1EB92E627681E17496 . 2148864 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[7] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[7] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . 592F44BB500F995BEAD0EB8BA06BC104 . 2148864 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . 15315CDC4A67DCBBAE59967F08129499 . 2148864 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 . 85B6D05F83DFBAFEF5F58836CE39586C . 2148864 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:16 64000 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb02.exe" [2001-04-17 192512]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-01 2054360]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-09-07 1976920]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"CanonSolutionMenuEx"="c:\programmi\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-08 13881448]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-06-23 847872]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - c:\programmi\FreePOPs\freepopsd.exe [2008-12-27 49152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\programmi\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^is-6O6IH.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
2011-03-19 23:17 4743240 ----a-w- c:\program files\360Amigo\360Amigo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-10-13 10:16 165144 ----a-w- c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-03-26 22:39 323392 ----a-w- c:\programmi\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
2009-04-14 10:52 86016 ----a-w- c:\programmi\ClamWin\bin\ClamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverChecker.exe]
2009-12-31 15:36 13561856 ----a-w- c:\programmi\Driver Checker\DriverChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-10-28 23:32 1352272 ----a-w- c:\programmi\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-09 17:23 133104 ----atw- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InnoSetupRegFile.0000000001]
2009-09-02 04:30 687104 ----a-w- c:\windows\is-QOJPR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 16:08 963976 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 16:08 443728 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MegakeyUpdater]
2011-01-13 05:38 64000 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegakeyUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-26 22:42 2937528 ----a-w- c:\programmi\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 10:51 25088 ------r- c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-12-10 12:28 247144 ----a-w- c:\documents and settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-06-06 13:03 222504 ----a-w- c:\programmi\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2007-12-20 15:05 77824 ------w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"UxTuneUp"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"ServiceLayer"=3 (0x3)
"gusvc"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DriverUpdate"="c:\programmi\DriverUpdate\DriverUpdate.exe" -boot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\filehippo.com\\UpdateChecker.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\Programmi\\FirefoxPortable\\App\\Firefox\\firefox.exe"=
"c:\\Programmi\\FreePOPs\\freepopsd.exe"=
"c:\\Programmi\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Programmi\\Steam\\Steam.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\RpcAgentSrv.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26731:TCP"= 26731:TCP:*:Disabled:SolidNetworkManager
"26731:UDP"= 26731:UDP:*:Disabled:SolidNetworkManager
"5009:TCP"= 5009:TCP:SolidNetworkManager
"5009:UDP"= 5009:UDP:SolidNetworkManager
"56827:TCP"= 56827:TCP:Pando Media Booster
"56827:UDP"= 56827:UDP:Pando Media Booster
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 as6eio;as6eio;c:\windows\System32\drivers\as6eio.sys [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-11-30 1483072]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\File comuni\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gwiopm;gwiopm;c:\programmi\My Drivers\gwiopm.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-05-03 3604720]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Professional Home 2011.SP1a\RpcAgentSrv.exe [2009-08-09 93848]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
R3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-01-06 22024]
S0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [2010-01-06 27656]
S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2009-06-12 971232]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-04-03 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-04-03 53248]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-10-01 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-10-01 96408]
S1 is-6O6IHdrv;is-6O6IHdrv;c:\windows\system32\DRIVERS\05165413.sys [2008-07-08 148496]
S1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
S1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2009-09-02 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-01 735960]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\programmi\File comuni\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-06-11 65856]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2005-07-15 45696]
S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\DRIVERS\thdudf.sys [2006-11-11 66944]
S2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S3 ft1kEnum;usb Card Device 1000;c:\windows\system32\DRIVERS\ic1kenum.sys [2011-02-06 8832]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2005-07-15 56960]
S3 Reader_1000;USB SmartCard Reader Device 1000 ;c:\windows\system32\DRIVERS\usbic1k.sys [2011-02-06 9856]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-COMPUTER-A04070-Administrator.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 14:04]
.
2011-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2009-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-842925246-1177238915-500.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-09 17:23]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://mystart.incredimail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Capture Web Page - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\CaptureWebPage.htm
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fetch to Megaupload - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaUpload.htm
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
LSP: c:\documents and settings\All Users\Dati applicazioni\Megamedia\Megakey\msadm.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\ln9e66g5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Cerca
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_ ... ST&search=
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\programmi\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\programmi\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: MegaKey: {1D3DB383-DB45-45b2-9F46-91218CA2CBCB} - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-Simp - (no file)
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-842925246-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-583907252-842925246-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87118821-B996-BE12-BBCA-B6BDF39E5A17}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abpnmffeooajilkcafhegojfckkhekkbkg"=hex:6a,61,6d,6d,6c,66,70,62,6c,70,69,68,
6f,64,6e,6b,66,62,64,67,00,00
"pafncffijobobldilcdhknhghadjfdoo"=hex:6a,61,6d,6d,6c,66,70,62,6c,70,69,68,6f,
64,6e,6b,66,62,64,67,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07A774A0-6047-11D1-BA20-006097D2898E}]
@DACL=(02 0000)
@="Logagent Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AEE3E4A8-EF01-4024-A0F1-809D9B096E14}]
@DACL=(02 0000)
@="Windows Media Player Encoder Helper Class"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dati applicazioni\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Programmi\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000410
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{AC0A97B5-991D-4761-B4E9-B6F9811B6A38}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.468.1"
"UniqueId"="0003DDCE4B12D900"
"ScannerBuild"=dword:0000167c
"ScannerVersionId"=dword:0000117a
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
"ei2"=hex(b):90,5e,74,b8,3a,7a,6a,b0
"ei1"=hex(b):00,1a,92,bb,92,be,00,00
"ei3"=hex(b):fb,8c,7c,4d,00,00,00,00
"ei4"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="4FB598A81C297AD6EE0812567CA44E64AC17A8865E4A138F4F09603F6B6CFA61DF5E03CDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555BA7FD869164D6794533C1902A7B859338BB89CC266D665783264BF73002CFC4F0A9A6B5141C99AD61EFA18840C0C1B89425006EB64724B2CADCC87BE95C3711F211F5B02DB7D75F01CC31542A02291C9A0B71D295044162310F6B75AB0EC37D08C421DA5D757F6D67340AA88A16A11965E6B95FCC416024540473C9AEF73162F05F7FA86753B8EDA4F131A360E86D2E83855C97B2469B1CCAB19286AB353B7DD48A6DC84B6C20FA3DDCE47BFA94D7109EDD7354E117129CCC2B92F48A03BAB4F182AD294623BB02A527CB9AEF9C7ED95C148FA33F41453A57A6A2EC59F1163CD3A510FBA01A70FBCE3179C1D4CB72D04FB6EDC7BF96EFC11CAE2228A5F6D35F478DE6915613C287B4B0F41BDAE8C78186988C50C92CFD71A314B2C4FD01D5C35208ADC5295E260DEC8C79A53F36E7A6F5747C2DCF0BBF721ADC29363A79FF555827D07B3F4397FAE1E1B403633B645769C4F837D8E6958D8C55C40A85E2A85EBF658AB131890B0091353EE5348F44BF00EBADD8D26C355CA029CC095B1A4F068D42F325ADD6E825FF0B1872A52EB66F40815CAC3B96BB0D0ED7DC7B3A2AC8288FB062589E78D697987688B50B31152EEEA6067E80DB3101C9BECAB23F69169E24B5A32321D593B6E28A1A36C948F301C1A9172D827247CAE1E4E64143759B6DEAB1B2EFD277435ADAA789DBBDEC4048FFC91D386557764E28F76124EAFBAE2BB84290FA7743576F86A7C678E43C536307FBC1376269E97628BAF742B73A44687C3DDEF7DB7A302E5C332944833D613B911655DC2EF3C4DADB338F298D6B421A8DB030E6265FDBEDD9B925E6367F34BB825CF8218C8271C19AC42979A72C113D7C2D84F4FB835789ED687A069DACA7292B4B4F8B78EEC844C9DF28EC524D1A521F011B84E31EFDEB961F2D9FBCBBD027CB9415876E04BE5C234E4AB458D25C06664D2F6808D070516A9A7AFCFBD635501B317DEBEA33607CA22A6E35792A835DA20B95696D78863ECA1EEE8ACF787AD00A74BEB8CFDD5908B993951CC5C83B308A6D4CA59D7B453CBBF83F1EE85A6302B9D668572DE8510795614B18E598D534B05A66BA29B02951400165A85B574E28A1FE45594F2D37561922067153A518C55C6267364F51B4EFB60C956F69BD734F7BDB8A5ADB18598640F3BF7EEF212C02AFEBF421FFDDA820F63B8BD5A0EEA74228B4769095190327512370DBE3EC231A2C1D0D86B0CD4202710EC0D5CA97C568C22E7B5894DA2DE5B63DBF5BA980D056B29ACDFF4BF4E74F970E6E2BC4B8D748C1CE8C124"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1916)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
Ora fine scansione: 2011-04-20 00:03:57
ComboFix-quarantined-files.txt 2011-04-19 22:03
.
Pre-Run: 59'216'257'024 byte disponibili
Post-Run: 59'188'068'352 byte disponibili
.
- - End Of File - - 6DB88C39ECD50DBFA8743EF01D03E40D


Ho anche usato l'MBR per vedere se era tutto ok, ecco qui il risultato:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: tor_6V160E0__________________________ rev.11900 -> Harddisk0\DR0 -> \Device\00000083

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Spero davvero in un vostro aiuto perché oramai non so più che fare.
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 12:00 am

Per sicurezza ho fatto anche la scansione HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:58:49, on 20.04.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21256)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\File comuni\MAGIX Services\Database\bin\FABS.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\system32\NLSSRV32.EXE
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Logitech\SetPointP\SetPoint.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: MegaIeHelperBHO - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaIeHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Programmi\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKUS\S-1-5-21-583907252-842925246-1177238915-1014\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-583907252-842925246-1177238915-500 Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe (User '?')
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://C:\Programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Capture Web Page - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\CaptureWebPage.htm
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Create PDF file - res://C:\Programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fetch to Megaupload - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaUpload.htm
O8 - Extra context menu item: Scarica con Mipony - file://C:\Programmi\MiPony\Browser\IEContext.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\dati applicazioni\megamedia\megakey\msadm.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\dati applicazioni\megamedia\megakey\msadm.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\dati applicazioni\megamedia\megakey\msadm.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\dati applicazioni\megamedia\megakey\msadm.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\dati applicazioni\megamedia\megakey\msadm.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\dati applicazioni\megamedia\megakey\msadm.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\dati applicazioni\megamedia\megakey\msadm.dll
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Programmi\Stardock\ObjectDockPlus2\ODMenu.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Programmi\File comuni\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\File comuni\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Professional Home 2011.SP1a\RpcAgentSrv.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Documents and Settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 14665 bytes
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)

Re: Bootkit? Help

Messaggioda Uomo_Senza_Sonno » mer apr 20, 2011 12:19 am

Guarda se risolvi con quest'articolo
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it


Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 12:31 am

Ecco cosa mi esce quando avvio bootkit remover

Immagine
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)

Re: Bootkit? Help

Messaggioda Uomo_Senza_Sonno » mer apr 20, 2011 12:42 am

Fai questo tentativo: esegui dalla consolle di ripristino i comandi fixboot e fixmbr, poi leggi quest'altro articolo perché nel caso dobbiamo capire dove si è insediato.
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 2:42 am

Ciao, facendo fixmbr e fixboot, purtroppo con bootkit remover esce sempre lo stesso errore. Per quanto riguarda HxD ecco qui il settore 0:

Immagine
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)

Re: Bootkit? Help

Messaggioda crazy.cat » mer apr 20, 2011 5:13 am

Strano però questo "disk not found C:\" la scansione la lanci come amministratore?
[S] ha scritto:**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:


Oppure hai installato dei dischi fissi in raid e magari per quello combofix non riesce a leggerli correttamente?
[S] ha scritto:O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Bootkit? Help

Messaggioda Uomo_Senza_Sonno » mer apr 20, 2011 9:33 am

Prova a ripetere la scansione con combofix come amministratore come suggerisce crazy.cat, se nuovamente non si ottiene risultato, posta nuovamente il settore 0 facendo vedere però tutta la finestra del programma, ed insieme al nuovo screenshot aggiungi anche i settori 62, 63, 312560639 e 312560640.
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 11:30 am

Salve il sistema è già avviato di default, come administrator e non ci sono altri utenti nel sistema. TRa l'altro ogni volta che riavvio combofix mi trova sempre questo bootkit. Comunque questi sono gli screen:

Immagine

Immagine

Immagine

Immagine

Immagine


Grazie.
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 12:23 pm

Prova a fare una scansione completa con Hitman pro, se rileva minacce attiva la licenza di prova e rimuovile (potrebbe essere necessario riavviare il computer).

Al termine salva il log e postalo qui:

Immagine

Poi scarica TDSSKiller (rinominato), esegui una scansione, in caso di rilevamenti seleziona l'opzione "Cure" per le infezioni rilevate come "malicous" e seleziona l'opzione skip per quelle sospette "suspicious".

Salva comunque il report generato da questo prodotto e postalo qui.

Poi scarica NoVirusThanks Anti-Rootkit Free, avvialo, riavvia il computer, riapri il programma e salava il log completo di tutte le sezioni, postalo qui.

N.B.: Per la scansione con Hitman Pro è richiesta una connessione internet costante durante l'intera durata della scansione.
----------------------------------------------------------------------------------------------------------------------------------------------------------
Se i report dei vari programmi superassero il limite dei caratteri del messaggio o non fosse possibile inserirli nel messaggio sul forum bisogna salvarli su paste2.org ed inserire il relativo indirizzo.
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 1:05 pm

Ciao. intanto ti ringrazio per l'aiuto, questa è la scansione di Hitman Pro, ha eliminato un bel po' di files.

http://paste2.org/p/1373767

Questo è il report di TDSSKILLER

2011/04/20 14:06:16.0187 2376 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/20 14:06:17.0031 2376 ================================================================================
2011/04/20 14:06:17.0031 2376 SystemInfo:
2011/04/20 14:06:17.0031 2376
2011/04/20 14:06:17.0031 2376 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/20 14:06:17.0031 2376 Product type: Workstation
2011/04/20 14:06:17.0031 2376 ComputerName: COMPUTER-A04070
2011/04/20 14:06:17.0031 2376 UserName: Administrator
2011/04/20 14:06:17.0031 2376 Windows directory: C:\WINDOWS
2011/04/20 14:06:17.0031 2376 System windows directory: C:\WINDOWS
2011/04/20 14:06:17.0031 2376 Processor architecture: Intel x86
2011/04/20 14:06:17.0031 2376 Number of processors: 2
2011/04/20 14:06:17.0031 2376 Page size: 0x1000
2011/04/20 14:06:17.0031 2376 Boot type: Normal boot
2011/04/20 14:06:17.0031 2376 ================================================================================
2011/04/20 14:06:17.0265 2376 !crdlk
2011/04/20 14:06:17.0359 2376 Initialize success
2011/04/20 14:06:20.0531 2440 ================================================================================
2011/04/20 14:06:20.0531 2440 Scan started
2011/04/20 14:06:20.0531 2440 Mode: Manual;
2011/04/20 14:06:20.0531 2440 ================================================================================
2011/04/20 14:06:32.0500 2440 ================================================================================
2011/04/20 14:06:32.0500 2440 Scan finished
2011/04/20 14:06:32.0500 2440 ================================================================================


Adesso faccio NoVirusThanks.
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 1:13 pm

Tdsskiller ha trovato qualcosa?
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 1:23 pm

hashcat ha scritto:Tdsskiller ha trovato qualcosa?



No, ti ho messo lo scan sopra.

Questo invece è il log di NoVirusThanks

http://paste2.org/p/1373790
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 1:30 pm

Ok, mentre leggo un po' tutti i report con attenzione potresti fare una scansione completa con Malwarebytes (ricordati prima di aggiornare le definizioni del programma). Se vengono rilevate minacce metti tutto in quarantena.
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 1:34 pm

Si l'avevo già fatta ieri ecco qui il log, l'ho salvato apposta

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Versione database: 6399

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

19.04.2011 21:55:10
mbam-log-2011-04-19 (21-55-10).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 319838
Tempo trascorso: 2 ore, 27 minuti, 47 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 25

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\documents and settings\administrator\Desktop\Fabio\driverupdate.v2.2.4118.505.winall.incl.patcher-ypogeios\ypogeios\ygs-patch.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\Desktop\file penna blu\ultraiso.pe.v9.3.6.2750\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\Desktop\programmi\box, mara-fix v1.3\Eset fix.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\winrar.v3.93.keyfile.maker.only-fff\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\incredimail\Data\Licenses\licmngr_del.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programmi\Adobe\acrobat 10.0\Acrobat\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP14\A0003767.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP14\A0003795.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP14\A0003797.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP14\A0003812.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP14\A0003814.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP14\A0004344.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP21\A0005529.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP24\A0006148.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP24\A0006155.exe (TheftMarker.Crude) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP24\A0006953.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP30\A0011466.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP30\A0011468.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP5\A0002281.exe (Trojan.Bumat) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP5\A0002284.exe (Trojan.Bumat) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP5\A0002288.EXE (Trojan.Bumat) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP8\A0003079.EXE (Trojan.Bumat) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP8\A0003085.exe (Trojan.Bumat) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP8\A0003089.exe (Trojan.Bumat) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP8\A0003095.exe (Trojan.Bumat)
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 1:41 pm

[S] ha scritto:Ciao. intanto ti ringrazio per l'aiuto, questa è la scansione di Hitman Pro, ha eliminato un bel po' di files.

Hitman pro ha chiesto di riavviare il computer?

Se possiedi Prevx sul computer ora ti spiego cosa fare.
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 1:43 pm

No non ha chiesto di riavviare. Prevx non lo tengo, se mi spieghi come fare ci provo si.
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 1:46 pm

Ora te lo spiego, un attimo che sto creando un minivideo (è più facile da capire)
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: Bootkit? Help

Messaggioda [S] » mer apr 20, 2011 1:50 pm

Perfetto, grazie.
Avatar utente
[S]
Senior Member
Senior Member
 
Messaggi: 165
Iscritto il: gio apr 12, 2007 7:07 pm
Località: Maglie (LE)

Re: Bootkit? Help

Messaggioda hashcat » mer apr 20, 2011 2:06 pm

Prevx lo puoi scaricare gratuitamente da qui, segui il video:

Immagine

Per quanto riguarda il log, solitamente è lunghetto, quindi caricalo su paste2.org
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 13 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising