Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Log Combofix da controllare

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Log Combofix da controllare

Messaggioda cristian75 » mar giu 28, 2011 10:21 am

Salve a tutti avrei bisogno di postare alcuni log da fare controllare.

PC1

ComboFix 11-06-27.03 - TerminatoR 28/06/2011 10:31:37.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.12286.9854 [GMT 2:00]
Eseguito da: d:\download\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2011-05-28 al 2011-06-28 )))))))))))))))))))))))))))))))))))
.
.
2011-06-28 08:41 . 2011-06-28 08:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-28 08:17 . 2011-06-28 08:17 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-06-28 07:13 . 2011-06-20 06:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A0DFAE4-104F-4027-9FD1-95CF7B9E37D3}\mpengine.dll
2011-06-27 15:37 . 2011-06-27 15:37 -------- d-sh--w- c:\programdata\DSS
2011-06-27 15:29 . 2011-06-27 15:31 -------- d-----w- c:\programdata\Origin
2011-06-27 15:29 . 2011-06-27 15:29 -------- d-----w- c:\program files (x86)\Origin Games
2011-06-27 15:28 . 2011-06-27 15:29 -------- d-----w- c:\program files (x86)\Origin
2011-06-27 15:24 . 2010-09-16 19:03 2601752 ----a-w- c:\windows\SysWow64\pbsvc_moh.exe
2011-06-27 15:24 . 2011-06-27 15:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-06-27 15:23 . 2011-06-27 15:28 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-06-27 14:18 . 2011-06-27 14:22 -------- d-----w- c:\programdata\Solidshield
2011-06-27 14:04 . 2011-06-27 14:04 -------- d-----w- c:\programdata\Electronic Arts
2011-06-27 14:04 . 2011-06-27 14:04 -------- d-----w- c:\programdata\EA Core
2011-06-26 20:55 . 2011-06-27 17:11 270856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-06-26 20:52 . 2011-06-28 08:17 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-06-26 20:52 . 2011-06-27 15:24 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-06-26 20:52 . 2011-06-28 08:17 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-06-26 20:52 . 2011-06-26 20:52 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-06-24 15:51 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2011-06-24 15:51 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2011-06-24 15:51 . 2010-06-02 02:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2011-06-24 15:51 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2011-06-24 15:51 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2011-06-24 15:51 . 2010-05-26 09:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2011-06-24 15:51 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2011-06-24 15:51 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2011-06-23 17:02 . 2009-09-04 15:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-06-23 17:02 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-06-23 17:02 . 2009-09-04 15:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2011-06-23 17:02 . 2009-09-04 15:44 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-06-23 17:02 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-06-23 17:02 . 2009-09-04 15:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-06-23 16:36 . 2011-06-23 16:36 -------- d-----w- c:\windows\system32\SPReview
2011-06-23 16:36 . 2011-06-23 16:36 -------- d-----w- c:\windows\system32\EventProviders
2011-06-23 16:28 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-23 16:27 . 2010-11-20 13:27 37376 ----a-w- c:\windows\system32\wups2.dll
2011-06-23 15:30 . 2011-06-23 15:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-23 15:30 . 2011-06-23 15:30 -------- d-----w- c:\windows\SysWow64\Macromed
2011-06-23 15:02 . 2011-06-10 14:32 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-06-23 15:02 . 2011-06-10 14:19 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-06-23 15:02 . 2011-06-10 14:19 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-06-23 15:02 . 2011-06-10 14:18 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-06-23 15:02 . 2011-06-10 14:18 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-06-23 15:02 . 2011-06-23 15:04 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-06-23 15:01 . 2011-06-23 15:02 -------- d-----w- c:\programdata\TuneUp Software
2011-06-23 15:01 . 2011-06-23 15:01 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-06-23 14:58 . 2011-06-23 14:58 -------- d-----w- c:\program files (x86)\Disktrix
2011-06-23 14:26 . 2011-06-28 07:09 -------- d-----w- c:\program files (x86)\EVGA Precision
2011-06-23 14:25 . 2011-06-23 14:25 -------- d-----w- c:\program files (x86)\EMET
2011-06-23 14:16 . 2011-06-23 14:19 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-06-23 13:48 . 2011-06-23 13:48 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-06-23 13:48 . 2011-06-23 13:48 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-06-23 13:48 . 2011-06-23 13:48 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-06-23 13:48 . 2011-06-23 13:48 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-06-23 13:47 . 2011-06-23 13:47 -------- d-----w- c:\program files (x86)\Acronis
2011-06-23 13:47 . 2011-06-23 13:48 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2011-06-23 13:39 . 2011-06-23 13:39 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-06-23 13:31 . 2011-06-23 13:31 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2011-06-23 13:31 . 2011-06-23 13:31 -------- d-----w- c:\windows\system32\wbem\en-US
2011-06-23 13:20 . 2011-06-23 13:20 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-23 13:19 . 2011-06-23 13:19 -------- d-----w- C:\NVIDIA
2011-06-23 13:17 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-06-23 13:17 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-06-23 13:17 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-06-23 13:17 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-06-23 13:17 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-06-23 12:51 . 2011-06-23 12:51 319488 ----a-w- c:\windows\HideWin.exe
2011-06-23 12:51 . 2008-07-15 05:58 524288 ------r- c:\windows\RtlExUpd.dll
2011-06-23 12:49 . 2011-06-23 12:54 -------- d-----w- c:\program files (x86)\Intel
2011-06-23 12:49 . 2008-08-19 02:56 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2011-06-23 12:49 . 2011-06-23 12:49 -------- d-----w- c:\program files (x86)\Browser Configuration Utility
2011-06-23 12:49 . 2008-05-02 13:08 146528 ----a-w- c:\windows\SysWow64\dvmurl.dll
2011-06-23 12:48 . 2011-06-23 12:48 -------- d-----w- c:\program files (x86)\GIGABYTE
2011-06-23 12:48 . 2011-06-23 13:27 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-06-23 12:48 . 2011-06-23 12:48 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-06-23 12:48 . 2011-06-28 08:42 24072 ----a-w- c:\windows\gdrv.sys
2011-06-23 12:45 . 2011-06-27 07:20 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-23 12:45 . 2011-06-23 12:45 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-23 12:45 . 2011-06-23 14:40 -------- d-----w- c:\programdata\Hitman Pro
2011-06-23 12:41 . 2011-06-28 08:42 -------- d-----w- c:\programdata\NVIDIA
2011-06-23 12:38 . 2011-06-23 12:38 -------- d-----w- c:\windows\SysWow64\Wat
2011-06-23 12:38 . 2011-06-23 12:38 -------- d-----w- c:\windows\system32\Wat
2011-06-23 12:14 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-06-23 12:11 . 2011-06-23 12:11 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-06-23 12:11 . 2011-06-23 13:27 -------- d-----w- c:\program files\NVIDIA Corporation
2011-06-23 10:37 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-23 10:36 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-06-23 10:34 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-06-23 10:29 . 2011-06-23 09:49 -------- d-----w- c:\windows\Panther
2011-06-23 10:21 . 2011-06-23 10:21 -------- d-----w- C:\Windows.old
2011-06-23 10:06 . 2011-06-28 08:42 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-23 10:06 . 2011-06-23 10:06 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2011-06-23 10:04 . 2011-06-28 08:12 -------- d-sh--w- c:\windows\Installer
2011-06-23 10:03 . 2011-06-23 10:03 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-06-23 06:31 . 2011-06-23 07:52 -------- d-----w- C:\RaidTool
2011-06-23 06:29 . 2011-06-23 06:29 -------- d-----w- C:\Intel
2011-06-23 00:35 . 2011-06-23 09:49 -------- d-----w- C:\Recovery
2011-06-23 00:35 . 2011-06-23 00:35 -------- d-sh--we C:\Programmi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-23 16:39 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-23 16:39 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-25 07:25 . 2011-02-22 23:38 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 07:25 . 2011-02-22 23:39 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-25 07:25 . 2011-02-22 23:38 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 07:25 . 2011-02-22 23:38 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:25 . 2011-02-22 23:39 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:25 . 2011-02-22 23:39 739432 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-05-25 07:25 . 2011-02-23 00:58 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-25 07:25 . 2011-02-23 00:58 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-05-18 07:50 . 2011-05-18 07:50 49488 ----a-w- c:\windows\apppatch\AppPatch64\EMET64.dll
2011-05-18 07:49 . 2011-05-18 07:49 44368 ----a-w- c:\windows\apppatch\EMET.dll
2011-05-10 22:12 . 2011-05-10 22:12 105800 ----a-w- c:\windows\system32\UDBDef.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2011-06-23 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2564096]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-16 5571008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-12-08 68136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 afcdpsrv;Servizio Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-06-23 3246040]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-06-10 2026304]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2011-01-17 14440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-06-24 c:\windows\Tasks\Defrag Job 00.job
- c:\program files (x86)\Disktrix\UltimateDefrag\Udefrag.exe [2011-05-10 22:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-24 6452256]
"Skytel"="Skytel.exe" [2008-07-24 1833504]
"Servizio Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-16 391008]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\TerminatoR\AppData\Roaming\Mozilla\Firefox\Profiles\nub3o554.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2183938321-3593089046-1023333521-1000\Software\SecuROM\License information*]
"datasecu"=hex:a9,68,da,00,1a,9b,10,07,a4,8d,04,7e,b7,1b,a9,57,d2,77,a4,1b,52,
87,47,c4,4e,d9,2b,55,f5,02,0a,35,ad,13,15,42,fd,c0,77,2e,ba,41,b6,e2,c0,bb,\
"rkeysecu"=hex:07,ed,d9,eb,25,58,8a,42,24,8b,9c,4a,93,ef,a7,cc
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\EVGA Precision\EVGAPrecision.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
.
**************************************************************************
.
Ora fine scansione: 2011-06-28 10:46:09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-06-28 08:46
.
Pre-Run: 91.396.427.776 byte disponibili
Post-Run: 91.626.676.224 byte disponibili
.
- - End Of File - - FAB5ECCC196CF9104C4E04B4E3747128
http://www.gliscaricatori.it/forum
Avatar utente
cristian75
Aficionado
Aficionado
 
Messaggi: 34
Iscritto il: sab mag 23, 2009 6:09 pm

Re: Log Combofix da controllare

Messaggioda cristian75 » mar giu 28, 2011 10:35 am

Allego il log di un secondo pc

ComboFix 11-06-27.03 - Giolly 28/06/2011 10:55:36.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.2046.1120 [GMT 2:00]
Eseguito da: c:\users\Giolly\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\musica\Tiesto\Tiesto_Kaleidoscope_CD_2009__UNEXPECTED\firstnumberone\Desktop_.ini
c:\musica\Tiesto\Tiesto_Kaleidoscope_CD_2009__UNEXPECTED\paylasboard\Desktop_.ini
c:\program files\OfferBox
c:\programdata\Microsoft\Windows\Start Menu\Programs\OfferBox Browser.lnk
c:\users\Giolly\AppData\Roaming\OfferBox
c:\users\Giolly\AppData\Roaming\OfferBox\config.xml
.
.
((((((((((((((((((((((((( Files Creati Da 2011-05-28 al 2011-06-28 )))))))))))))))))))))))))))))))))))
.
.
2011-06-28 09:13 . 2011-06-28 09:14 -------- d-----w- c:\users\Giolly\AppData\Local\temp
2011-06-28 09:13 . 2011-06-28 09:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-26 21:38 . 2011-06-26 21:38 -------- d-----w- c:\users\Giolly\AppData\Local\{45DA1B8E-5143-41A7-95A1-CCB4C594E34C}
2011-06-26 10:50 . 2011-06-26 10:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 08:19 . 2011-06-26 08:20 -------- d-----w- c:\users\Giolly\AppData\Local\{DF8AC6A0-94C9-47CE-B9CA-036FD73EEBC8}
2011-06-25 14:00 . 2011-06-25 14:00 -------- d-----w- c:\users\Giolly\AppData\Local\{673FA75A-D162-4095-AD59-40C25FA1C670}
2011-06-24 07:45 . 2011-06-24 07:45 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 07:45 . 2011-06-24 07:45 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-23 22:38 . 2011-06-25 02:00 -------- d-----w- c:\users\Giolly\AppData\Local\{073DCA2C-E807-481C-A7D7-7C64A46BFF04}
2011-06-21 12:09 . 2011-06-21 12:10 -------- d-----w- c:\users\Giolly\AppData\Local\{C5D338B0-15D2-424A-ABCF-C19DC2B2FF48}
2011-06-21 10:09 . 2011-06-21 10:09 -------- d-----w- c:\program files\Disktrix
2011-06-21 10:07 . 2011-06-21 10:07 -------- d-----w- c:\program files\COMODO
2011-06-21 10:07 . 2011-06-21 10:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-21 10:07 . 2011-06-21 10:07 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-06-21 10:07 . 2011-06-21 10:07 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-06-20 10:23 . 2011-06-21 00:09 -------- d-----w- c:\users\Giolly\AppData\Local\{51C8BB84-D554-4403-982D-4DA2DBE426A2}
2011-06-18 08:24 . 2011-06-19 22:15 -------- d-----w- c:\users\Giolly\AppData\Local\{33E14447-4B5B-40DF-B461-254A06130D0A}
2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-04 15:54 . 2011-06-06 22:51 -------- d-----w- c:\users\Giolly\AppData\Local\{744FDE34-1AA8-41B7-86A0-6DBF8616F998}
2011-06-04 02:02 . 2011-06-04 02:02 -------- d-----w- c:\users\Giolly\AppData\Local\{CBB7266E-4803-425C-91ED-8AF899FE531A}
2011-06-02 23:06 . 2011-06-02 23:06 -------- d-----w- c:\users\Giolly\AppData\Local\{39C4CCD5-5597-4696-80E4-1D0DBDE048D5}
2011-06-02 07:31 . 2011-06-02 07:31 -------- d-----w- c:\users\Giolly\AppData\Local\{F9A7CB48-2652-47B4-A441-33165900614B}
2011-06-01 19:30 . 2011-06-01 19:31 -------- d-----w- c:\users\Giolly\AppData\Local\{90EE9587-F746-4BF7-B46A-BBE4DFEFF529}
2011-06-01 07:30 . 2011-06-01 07:30 -------- d-----w- c:\users\Giolly\AppData\Local\{B29A1F07-AC9B-4CE9-A9C8-69D7E4B4D124}
2011-05-30 23:04 . 2011-05-30 23:04 -------- d-----w- c:\users\Giolly\AppData\Local\{2770819D-37FB-4394-86CB-29F0163318FD}
2011-05-29 12:22 . 2011-05-29 12:23 -------- d-----w- c:\users\Giolly\AppData\Local\{30D08145-4A40-483B-AA56-7E3CD235D573}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-26 08:19 . 2010-12-17 11:48 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-10 22:12 . 2011-05-10 22:12 94536 ----a-w- c:\windows\system32\UDBDef.exe
2011-04-09 06:13 . 2011-05-10 23:21 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-10 23:21 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-10 23:21 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-01 07:01 . 2010-11-05 20:16 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-24 07:45 . 2011-04-15 11:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\program files\Softonic-IT\tbSoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}]
2010-08-19 12:24 135840 ----a-w- c:\program files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\Softonic-IT\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\program files\Softonic-IT\tbSoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E3393495-8103-46A0-8181-270273EDDD60}"= "c:\program files\Softonic-IT\tbSoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-12-31 378128]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\users\Giolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2010-11-7 65536]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-05 1343400]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2011-02-05 32008]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-12-31 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-12-31 69392]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2010-12-09 64608]
S1 CFRPD;CFRPD;c:\windows\system32\DRIVERS\CFRPD.sys [2010-12-09 33744]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-22 218688]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-02-05 76696]
S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 305600]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-02-05 6416120]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
S3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-02-05 26096]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-12-31 33552]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-06-27 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.ask.com?o=15383&l=dis
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Giolly\AppData\Roaming\Mozilla\Firefox\Profiles\zwh81bt2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://filmpertutti.com/|http://www.fac ... 1&cinema=3
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-513749389-226029097-2895470229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-513749389-226029097-2895470229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(564)
c:\program files\ThreatFire\TFWAH.dll
.
Ora fine scansione: 2011-06-28 11:20:11
ComboFix-quarantined-files.txt 2011-06-28 09:20
.
Pre-Run: 50.420.051.968 byte disponibili
Post-Run: 50.707.492.864 byte disponibili
.
- - End Of File - - FCDFDD0849F461AE8E88D9F25423E5C5
http://www.gliscaricatori.it/forum
Avatar utente
cristian75
Aficionado
Aficionado
 
Messaggi: 34
Iscritto il: sab mag 23, 2009 6:09 pm

Re: Log Combofix da controllare

Messaggioda cristian75 » mar giu 28, 2011 10:40 am

Allego log del terzo pc da controllare.

ComboFix 11-06-27.03 - Cristian 28/06/2011 10:38:29.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3959.2213 [GMT 2:00]
Eseguito da: c:\users\Cristian\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cristian\AppData\Roaming\inst.exe
c:\windows\s.bat
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\w32apiw.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Creati Da 2011-05-28 al 2011-06-28 )))))))))))))))))))))))))))))))))))
.
.
2011-06-28 09:12 . 2011-06-28 09:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-06-28 09:12 . 2011-06-28 09:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-28 07:26 . 2011-06-28 07:27 -------- d-----w- c:\users\Cristian\AppData\Local\{E698E51A-53FC-4E03-9BAB-02C9E1DEFE9C}
2011-06-27 07:25 . 2011-06-27 19:26 -------- d-----w- c:\users\Cristian\AppData\Local\{2FBF0B29-8853-47C6-A638-9E9B9F5DCDE2}
2011-06-25 07:22 . 2011-06-26 19:24 -------- d-----w- c:\users\Cristian\AppData\Local\{ADE9DB64-4328-4DE5-A519-FD0012521FDA}
2011-06-25 00:58 . 2011-06-25 01:16 -------- d-----w- c:\program files (x86)\Wise Disk Cleaner
2011-06-25 00:52 . 2011-06-25 00:55 -------- d-----w- c:\program files (x86)\Wise Registry Cleaner
2011-06-25 00:41 . 2011-06-25 00:41 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 00:41 . 2011-06-25 00:41 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-22 17:47 . 2011-06-22 17:47 -------- d-----w- c:\users\Cristian\AppData\Roaming\nCleaner
2011-06-22 17:47 . 2011-06-22 17:47 -------- d-----w- c:\program files (x86)\NKProds
2011-06-22 17:39 . 2011-06-22 17:39 -------- d-----w- c:\users\Cristian\AppData\Roaming\FTWeak
2011-06-22 17:39 . 2011-06-22 17:43 -------- d-----w- c:\program files (x86)\FCleaner
2011-06-22 17:39 . 2011-06-22 17:39 -------- d-----w- c:\programdata\FTWeak
2011-06-22 17:37 . 2011-06-22 17:37 -------- d-----w- c:\users\Cristian\AppData\Roaming\BleachBit
2011-06-22 17:37 . 2011-06-22 17:37 -------- d-----w- c:\program files (x86)\BleachBit
2011-06-22 17:14 . 2011-06-22 17:14 -------- d-----w- c:\program files\CCleaner
2011-06-21 00:32 . 2011-06-21 00:32 -------- d-----w- c:\program files\COMODO
2011-06-21 00:32 . 2011-06-21 00:32 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-06-17 08:23 . 2011-06-18 11:34 -------- d-----w- c:\program files (x86)\Disktrix
2011-06-16 22:59 . 2011-06-17 04:37 -------- d-----w- c:\windows\Acronis
2011-06-16 19:44 . 2011-06-16 19:44 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-06-16 19:44 . 2011-06-16 19:44 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-06-16 19:44 . 2011-06-16 19:44 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-06-16 19:44 . 2011-06-16 20:25 272480 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-06-16 19:43 . 2011-06-16 20:25 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2011-06-16 19:43 . 2011-06-16 20:25 -------- d-----w- c:\program files (x86)\Acronis
2011-06-11 23:37 . 2011-06-11 23:37 -------- d-----w- c:\program files\iPod
2011-06-11 23:37 . 2011-06-11 23:37 -------- d-----w- c:\program files\iTunes
2011-06-11 23:37 . 2011-06-11 23:37 -------- d-----w- c:\program files (x86)\iTunes
2011-06-09 16:55 . 2011-06-27 13:08 -------- d-----w- c:\users\Cristian\AppData\Roaming\TS3Client
2011-06-09 16:54 . 2011-06-09 16:54 -------- d-----w- c:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-27 07:31 . 2010-12-17 07:19 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-22 19:50 . 2011-05-20 22:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-10 14:32 . 2010-12-04 11:18 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-06-10 14:19 . 2010-12-04 11:18 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-06-10 14:19 . 2010-12-04 11:18 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-06-10 14:18 . 2010-12-04 11:18 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-06-10 14:18 . 2010-12-04 11:18 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-05-29 07:11 . 2011-05-02 23:16 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-11-05 19:56 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 22:12 . 2011-05-10 22:12 105800 ----a-w- c:\windows\system32\UDBDef.exe
2011-05-10 06:06 . 2011-05-10 06:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 06:06 . 2011-05-10 06:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-04 02:52 . 2010-10-30 00:50 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-22 22:25 . 2011-04-22 22:25 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-22 22:25 . 2011-04-22 22:25 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-22 22:25 . 2011-04-22 22:25 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-22 22:25 . 2011-04-22 22:25 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-22 22:25 . 2011-04-22 22:25 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-22 22:25 . 2011-04-22 22:25 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-22 22:25 . 2011-04-22 22:25 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-22 22:25 . 2011-04-22 22:25 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-22 22:25 . 2011-04-22 22:25 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-22 22:25 . 2011-04-22 22:25 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-22 22:25 . 2011-04-22 22:25 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-22 22:25 . 2011-04-22 22:25 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-22 22:25 . 2011-04-22 22:25 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-22 22:25 . 2011-04-22 22:25 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-22 22:25 . 2011-04-22 22:25 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-22 22:25 . 2011-04-22 22:25 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-22 22:25 . 2011-04-22 22:25 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-22 22:25 . 2011-04-22 22:25 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-22 22:25 . 2011-04-22 22:25 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-22 22:25 . 2011-04-22 22:25 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-22 22:25 . 2011-04-22 22:25 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-22 22:25 . 2011-04-22 22:25 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-22 22:25 . 2011-04-22 22:25 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-22 22:25 . 2011-04-22 22:25 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-22 22:25 . 2011-04-22 22:25 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-22 22:25 . 2011-04-22 22:25 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-22 22:25 . 2011-04-22 22:25 448512 ----a-w- c:\windows\system32\html.iec
2011-04-22 22:25 . 2011-04-22 22:25 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 22:25 . 2011-04-22 22:25 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-22 22:25 . 2011-04-22 22:25 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-22 22:25 . 2011-04-22 22:25 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-22 22:25 . 2011-04-22 22:25 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-22 22:25 . 2011-04-22 22:25 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-22 22:25 . 2011-04-22 22:25 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 22:25 . 2011-04-22 22:25 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-22 22:25 . 2011-04-22 22:25 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-22 22:25 . 2011-04-22 22:25 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-22 22:25 . 2011-04-22 22:25 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-22 22:15 . 2011-05-25 05:35 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-21 10:28 . 2011-04-21 19:30 56944 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-04-21 10:28 . 2011-04-21 10:28 176560 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-04-21 10:28 . 2011-04-21 10:28 156912 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-04-21 10:28 . 2011-04-21 19:30 231600 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-04-21 10:28 . 2011-04-21 10:28 320816 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-04-20 13:01 . 2011-04-20 12:53 415408 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2011-04-15 14:00 . 2010-06-29 04:26 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2011-04-09 07:02 . 2011-05-11 19:36 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-14 09:13 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 19:36 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 19:36 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-14 09:13 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-04-08 05:14 . 2011-04-25 15:56 8411752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-04-08 05:14 . 2011-04-25 15:56 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2011-04-25 15:56 6299752 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2011-04-25 15:56 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-08 05:14 . 2011-04-25 15:56 6974056 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2011-04-25 15:56 5183080 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-04-08 05:14 . 2011-04-25 15:56 2893416 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2011-04-25 15:56 2765928 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-04-08 05:14 . 2011-04-25 15:56 2273896 ----a-w- c:\windows\system32\nvapi64.dll
2011-04-08 05:14 . 2011-04-25 15:56 2204264 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-25 15:56 2074216 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-25 15:56 20700264 ----a-w- c:\windows\system32\nvoglv64.dll
2011-04-08 05:14 . 2011-04-25 15:56 2034280 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2011-04-25 15:56 18578536 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2011-04-25 15:56 1619048 ----a-w- c:\windows\system32\nvdispco6420140.dll
2011-04-08 05:14 . 2011-04-25 15:56 15227496 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-04-08 05:14 . 2011-04-25 15:56 1404008 ----a-w- c:\windows\system32\nvgenco642060.dll
2011-04-08 05:14 . 2011-04-25 15:56 13262184 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-04-08 05:14 . 2011-04-25 15:56 13007464 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-04-08 05:14 . 2011-04-25 15:56 12934248 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2011-04-25 15:56 10071656 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-04-07 21:19 . 2011-04-07 21:19 61032 ----a-w- c:\windows\system32\nvshext.dll
2011-04-07 21:19 . 2011-04-07 21:19 311912 ----a-w- c:\windows\SysWow64\oemdspif.dll
2011-04-07 21:19 . 2011-04-07 21:19 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 21:19 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:19 . 2011-04-07 21:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 21:19 . 2011-04-07 21:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 21:19 . 2011-04-07 21:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:18 . 2011-04-07 21:18 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-17 1242448]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"FTweakFCleaner"="c:\program files (x86)\FCleaner\FCleaner.exe" [2010-06-21 1763840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2564096]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-16 5571008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autoc
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
"VeriFaceManager"=c:\program files (x86)\Lenovo\VeriFace\PManage.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-03-20 85800]
R3 ALSysIO;ALSysIO;c:\users\Cristian\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
S1 CFRPD;CFRPD;c:\windows\system32\DRIVERS\CFRPD.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-06-18 2978720]
S2 afcdpsrv;Servizio Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-06-16 3246040]
S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 371648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 OS Selector;Acronis OS Selector Activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-10-25 2163456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-06-10 2026304]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-06-28 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]
.
2011-06-22 c:\windows\Tasks\Defrag Job 00.job
- c:\program files (x86)\Disktrix\UltimateDefrag\Udefrag.exe [2011-05-10 22:12]
.
2011-06-18 c:\windows\Tasks\DefragExpress.job
- c:\program files (x86)\Disktrix\DefragExpress\DefragExpress.exe [2010-11-14 06:09]
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3833051581-735725558-1306031059-1001Core.job
- c:\users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 12:07]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3833051581-735725558-1306031059-1001UA.job
- c:\users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 12:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-06-29 05:01 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF22803.cfxxe" [X]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"Servizio Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-16 391008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Scansione supplementare -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\2ar02mvc.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-Megakey - c:\users\Cristian\AppData\Local\Megamedia\Megakey\Uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3833051581-735725558-1306031059-1001_Classes\Wow6432Node\CLSID\{1a5850ed-de85-4052-bf5c-f25d5c157202}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000153
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,50,fd,3a,d6,8a,8a,f8,13,66,70,28,af,ec,de,\
.
[HKEY_USERS\S-1-5-21-3833051581-735725558-1306031059-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):46,58,43,ee,ec,76,09,e1,cd,6c,20,25,58,f6,90,91,5f,67,f7,ad,4a,
92,3f,1e,b4,d9,cf,2b,be,1d,9b,44,a2,4f,25,06,af,1f,eb,cb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Ora fine scansione: 2011-06-28 11:31:21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-06-28 09:31
.
Pre-Run: 367.405.023.232 byte disponibili
Post-Run: 367.062.544.384 byte disponibili
.
- - End Of File - - 3DCC1C5DAAEB878327895F5EC9A99CDC
http://www.gliscaricatori.it/forum
Avatar utente
cristian75
Aficionado
Aficionado
 
Messaggi: 34
Iscritto il: sab mag 23, 2009 6:09 pm


Re: Log Combofix da controllare

Messaggioda crazy.cat » mar giu 28, 2011 10:49 am

Se magari ci dici che problemi hanno i pc potrebbe dare una grande mano a cercare nel log e trovare qualche soluzione.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Log Combofix da controllare

Messaggioda cristian75 » mar giu 28, 2011 10:58 am

mah guarda apparte a qualche schermata blu, in cui non ti so isolare il caso direi che non si nota altro nei pc di anomalo.
eventualmente ci si puo concentrare su gli ultimi 2 pc che molto probabilmente nascondono qualcosa, il primo pc penso che sia pulito.

Se vuoi vedere delle scansioni fatte con altri software chiedi pure che le faccio e ti posto il tutto.
grazie mille per il momento.
http://www.gliscaricatori.it/forum
Avatar utente
cristian75
Aficionado
Aficionado
 
Messaggi: 34
Iscritto il: sab mag 23, 2009 6:09 pm

Re: Log Combofix da controllare

Messaggioda cristian75 » mar giu 28, 2011 11:17 am

Salve nel frattempo sto facendo delle scansioni con Mbam che poi posterò.
http://www.gliscaricatori.it/forum
Avatar utente
cristian75
Aficionado
Aficionado
 
Messaggi: 34
Iscritto il: sab mag 23, 2009 6:09 pm

Re: Log Combofix da controllare

Messaggioda cristian75 » mar giu 28, 2011 1:12 pm

Posto altri log del primo pc
mbam log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 6966

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

28/06/2011 13:27:56
mbam-log-2011-06-28 (13-27-50).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
Elementi esaminati: 608913
Tempo trascorso: 1 ore, 13 minuti, 52 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:13:03, on 28/06/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\Steam.exe" -silent
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: Servizio Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Servizio Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7168 bytes
http://www.gliscaricatori.it/forum
Avatar utente
cristian75
Aficionado
Aficionado
 
Messaggi: 34
Iscritto il: sab mag 23, 2009 6:09 pm

Re: Log Combofix da controllare

Messaggioda cristian75 » mar giu 28, 2011 1:19 pm

Hijackthis log del secondo pc

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:21:01, on 28/06/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [FTweakFCleaner] C:\Program Files (x86)\FCleaner\FCleaner.exe -a
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Servizio Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Servizio Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Acronis OS Selector Activator (OS Selector) - Unknown owner - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12311 bytes
http://www.gliscaricatori.it/forum
Avatar utente
cristian75
Aficionado
Aficionado
 
Messaggi: 34
Iscritto il: sab mag 23, 2009 6:09 pm

Re: Log Combofix da controllare

Messaggioda CRYPAX » mar giu 28, 2011 2:44 pm

Fai una scansione con Malwarebytes nel secondo PC
il primo log è pulito

nel secondo controlla questi file su VirusTotal
Codice: Seleziona tutto
C:\windows\system32\locator.exe
C:\windows\system32\lsass.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\vssvc.exe
Ogni uomo vive governato dalle proprie opinioni cui dà il nome fallace di realtà.
Avatar utente
CRYPAX
Bronze Member
Bronze Member
 
Messaggi: 994
Iscritto il: sab lug 24, 2010 5:01 pm
Località: K-PAX

Re: Log Combofix da controllare

Messaggioda cristian75 » mar giu 28, 2011 3:14 pm

ok eseguo quelle scansioni e poi vi informo.
http://www.gliscaricatori.it/forum
Avatar utente
cristian75
Aficionado
Aficionado
 
Messaggi: 34
Iscritto il: sab mag 23, 2009 6:09 pm

Re: Log Combofix da controllare

Messaggioda cristian75 » mar giu 28, 2011 3:35 pm

Allora con Virustotal mi dice che i file sono puliti.

mbam a trovato due file che penso si riferiscano ad un attivatore di windows 7, roba da matti sto lavorando su un pc con licenza windows vista originale
con su installato win7 craccato O_o

mbam-log-2011-06-28 (16-22-38).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 280061
Tempo impiegato: 49 minuti, 33 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 2

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\Users\Giolly\Desktop\win.7.activator.new\win.7.activator.new\7loader release 5.exe (Trojan.Agent) -> No action taken.
c:\Users\Giolly\Desktop\win.7.activator.new\win.7.activator.new\removewat.exe (HackTool.Wpakill) -> No action taken.
http://www.gliscaricatori.it/forum
Avatar utente
cristian75
Aficionado
Aficionado
 
Messaggi: 34
Iscritto il: sab mag 23, 2009 6:09 pm

Re: Log Combofix da controllare

Messaggioda ilmito » mar giu 28, 2011 5:49 pm

cristian75 ha scritto:mah guarda apparte a qualche schermata blu, in cui non ti so isolare il caso direi che non si nota altro nei pc di anomalo.
eventualmente ci si puo concentrare su gli ultimi 2 pc che molto probabilmente nascondono qualcosa, il primo pc penso che sia pulito.

Se vuoi vedere delle scansioni fatte con altri software chiedi pure che le faccio e ti posto il tutto.
grazie mille per il momento.


Ciao Cristian ... allora il 2 e 3 log di Combofix riportano una serie d'infezioni che sono state eliminate dal programma dopo il riavvio dei due pc.
In particolare notiamo subito le seguenti voci :

Pc 2 :
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\musica\Tiesto\Tiesto_Kaleidoscope_CD_2009__UNEXPECTED\firstnumberone\Desktop_.ini
c:\musica\Tiesto\Tiesto_Kaleidoscope_CD_2009__UNEXPECTED\paylasboard\Desktop_.ini
c:\program files\OfferBox
c:\programdata\Microsoft\Windows\Start Menu\Programs\OfferBox Browser.lnk
c:\users\Giolly\AppData\Roaming\OfferBox
c:\users\Giolly\AppData\Roaming\OfferBox\config.xml

Pc 3 :
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cristian\AppData\Roaming\inst.exe
c:\windows\s.bat
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\w32apiw.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf

Nel terzo pc c'erano anche dei driver che sono stati rimossi.

Per i log di Hijackthis ti posto questo utilissimo link per controllare se è tutto a posto come sembra essere :
http://www.hijackthis.de/it .

1)Per il primo Pc 1 non ci sono problemi
2)Per il secondo Pc 2 ci sono 8 problemi (croci rosse) legati a file che risultano mancanti secondo il log.
3)Per il terzo Pc 3 ? Manca il log di Hijackthis. Puoi postarlo oppure copiarlo ed incollarlo nel link che ti ho
suggerito vedi tu.
Avatar utente
ilmito
Senior Member
Senior Member
 
Messaggi: 348
Iscritto il: mer mar 18, 2009 6:49 pm

Re: Log Combofix da controllare

Messaggioda crazy.cat » mar giu 28, 2011 6:09 pm

cristian75 ha scritto:mbam a trovato due file che penso si riferiscano ad un attivatore di windows 7, roba da matti sto lavorando su un pc con licenza windows vista originale con su installato win7 craccato O_o

Hai sbagliato ad aprire la discussione mettendo tre pc in una sola, e avrei anche potuto lasciar perdere, se poi ci dici che usi windows illegale vai a violare per la seconda volta il regolamento del forum che ci impedisce di fornire aiuto a software illegali.
Mi costringi a chiudere la discussione.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Majestic-12 [Bot] e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising