Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Log Combo e mbr

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Log Combo e mbr

Messaggioda Sabbb » dom lug 10, 2011 10:15 am

Computer della mia nuova-bella-strepitosa ragazza [std]
OS Seven Starter (netbook)
PS.Sono partito con Combofix perché non psartiva altro

ComboFix 11-07-08.03 - nat 09.07.2011 21:07:17.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.39.1040.18.1015.432 [GMT 2:00]
Eseguito da: c:\users\nat\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\HP\HPBTWD.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-06-09 al 2011-07-09 )))))))))))))))))))))))))))))))))))
.
.
2011-07-09 19:31 . 2011-07-09 19:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-09 18:52 . 2011-07-09 18:52 -------- d-----w- c:\users\nat\AppData\Roaming\Malwarebytes
2011-07-09 18:52 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-09 18:52 . 2011-07-09 18:52 -------- d-----w- c:\programdata\Malwarebytes
2011-07-09 18:52 . 2011-07-09 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-09 18:52 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-09 18:46 . 2011-07-09 18:46 -------- d-----w- c:\program files\CCleaner
2011-07-09 18:40 . 2011-07-09 18:40 -------- d-----w- c:\program files\VS Revo Group
2011-07-08 18:32 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B475007-D22F-4EA4-A48D-F63A7AFF5F84}\mpengine.dll
2011-07-05 19:58 . 2011-07-09 18:37 -------- d-----w- c:\users\nat\AppData\Roaming\go
2011-07-05 19:58 . 2011-07-09 18:47 -------- d-----w- c:\programdata\Easybits GO
2011-06-29 19:28 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 19:18 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 19:18 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 19:18 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 19:18 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 19:18 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 19:18 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 19:18 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 19:18 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 19:18 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-15 21:35 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 21:35 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 21:35 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 21:35 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 21:35 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 21:22 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-15 21:22 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 21:16 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 21:16 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 21:16 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2010-11-18 17:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-22 19:36 . 2011-05-25 17:42 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-12 1533224]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\nat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Serviciul Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 136176]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 136176]
R3 onda_mt825up_cpo;ONDA Mass Storage Device;c:\windows\system32\DRIVERS\onda_mt825up_cpo.sys [2009-11-05 9856]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S1 aswSP;aswSP; [x]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-07-27 16984]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-08 323584]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-04-28 50688]
S3 onda_mt825up_cdc_acm;ONDA CDC-ACM driver;c:\windows\system32\DRIVERS\onda_mt825up_cdc_acm.sys [2009-11-05 85248]
S3 onda_mt825up_cdc_ecm;onda_mt825up_cdc_ecm;c:\windows\system32\DRIVERS\onda_mt825up_cdc_ecm.sys [2009-11-05 49920]
S3 onda_mt825up_dc_enum;ONDA DC Enumerator;c:\windows\system32\DRIVERS\onda_mt825up_dc_enum.sys [2009-11-05 80128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 15:50]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 15:50]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE: &AOL Toolbar Cerca - c:\programdata\AOL\ieToolbar\resources\it-IT\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-07-09 21:39:11
ComboFix-quarantined-files.txt 2011-07-09 19:39
.
Pre-Run: 207.945.080.832 byte disponibili
Post-Run: 208.026.173.440 byte disponibili
.
- - End Of File - - F2117693C5B82A80F4F5A9DB485602D4


LOg MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Starter Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Mini 110-1100
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 205):
0x81C04000 \SystemRoot\system32\ntkrnlpa.exe
0x82014000 \SystemRoot\system32\halmacpi.dll
0x819F7000 \SystemRoot\system32\kdcom.dll
0x82222000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8229A000 \SystemRoot\system32\PSHED.dll
0x822AB000 \SystemRoot\system32\BOOTVID.dll
0x822B3000 \SystemRoot\system32\CLFS.SYS
0x822F5000 \SystemRoot\system32\CI.dll
0x86430000 \SystemRoot\system32\drivers\Wdf01000.sys
0x864A1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x864AF000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x864F7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x86500000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x86508000 \SystemRoot\system32\DRIVERS\pci.sys
0x86532000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8653D000 \SystemRoot\System32\drivers\partmgr.sys
0x8654E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x86556000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x86561000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x86571000 \SystemRoot\System32\drivers\volmgrx.sys
0x865BC000 \SystemRoot\System32\drivers\mountmgr.sys
0x8663E000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x86718000 \SystemRoot\system32\DRIVERS\atapi.sys
0x86721000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x86744000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8674E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8675C000 \SystemRoot\system32\drivers\amdxata.sys
0x86765000 \SystemRoot\system32\drivers\fltmgr.sys
0x86799000 \SystemRoot\system32\drivers\fileinfo.sys
0x86830000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8695F000 \SystemRoot\System32\Drivers\msrpc.sys
0x8698A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8699D000 \SystemRoot\System32\Drivers\cng.sys
0x86800000 \SystemRoot\System32\drivers\pcw.sys
0x8680E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x86A3A000 \SystemRoot\system32\drivers\ndis.sys
0x86AF1000 \SystemRoot\system32\drivers\NETIO.SYS
0x86B2F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x86C25000 \SystemRoot\System32\drivers\tcpip.sys
0x86D6E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86D9F000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x86DDE000 \SystemRoot\System32\Drivers\spldr.sys
0x86B54000 \SystemRoot\System32\drivers\rdyboost.sys
0x86DE6000 \SystemRoot\System32\Drivers\mup.sys
0x86DF6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x86B81000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x86C00000 \SystemRoot\system32\DRIVERS\disk.sys
0x86BB3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8992F000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8999F000 \SystemRoot\System32\Drivers\Null.SYS
0x899A6000 \SystemRoot\System32\Drivers\Beep.SYS
0x899AD000 \SystemRoot\System32\drivers\vga.sys
0x899B9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x899DA000 \SystemRoot\System32\drivers\watchdog.sys
0x899E7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x899EF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x899F7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x89800000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8980B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89910000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89819000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x86BD8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x823A0000 \SystemRoot\system32\drivers\afd.sys
0x89927000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x86A00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x86C1E000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x867AA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x86BE2000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x86817000 \SystemRoot\system32\DRIVERS\netbios.sys
0x867C9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x867DC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8A20C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8A24D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8A257000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A261000 \??\C:\SPLASH.SYS\config\dvmio.sys
0x8A268000 \SystemRoot\System32\drivers\discache.sys
0x8A274000 \SystemRoot\System32\Drivers\dfsc.sys
0x8A28C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8A29A000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8A2E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A305000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8AC04000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8B10D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B1C4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8A317000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91E82000 \SystemRoot\system32\DRIVERS\L1C62x86.sys
0x91E92000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91E9D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91EE8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91EF7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91F0F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91F1C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x91F4F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91F51000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91F5E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91F62000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x91F6B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91F78000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91F8A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91FA2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91FAD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91FCF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91FE7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A336000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91FFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A34D000 \SystemRoot\system32\DRIVERS\ks.sys
0x91C00000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A381000 \SystemRoot\system32\DRIVERS\onda_mt825up_dc_enum.sys
0x8A395000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A3D9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x80E15000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x80E7C000 \SystemRoot\system32\DRIVERS\portcls.sys
0x80EAB000 \SystemRoot\system32\DRIVERS\drmk.sys
0x80EC4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x80ED1000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x80FAB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x81300000 \SystemRoot\System32\win32k.sys
0x80FBC000 \SystemRoot\System32\drivers\Dxapi.sys
0x80FC6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x80FDD000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x89824000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x80FF4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x80E00000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x89843000 \SystemRoot\System32\Drivers\bthport.sys
0x8A3EA000 \SystemRoot\system32\DRIVERS\onda_mt825up_cdc_acm.sys
0x898A7000 \SystemRoot\system32\drivers\modem.sys
0x898B4000 \SystemRoot\system32\DRIVERS\onda_mt825up_cdc_ecm.sys
0x898C1000 \SystemRoot\System32\Drivers\usbvideo.sys
0x81560000 \SystemRoot\System32\TSDDD.dll
0x898E5000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x86C11000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x86600000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x81590000 \SystemRoot\System32\cdd.dll
0x8D433000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x8D4A6000 \SystemRoot\system32\drivers\btwaudio.sys
0x8D527000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x8D532000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x8D535000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D548000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x815B0000 \SystemRoot\System32\ATMFD.DLL
0x8D54F000 \SystemRoot\system32\drivers\luafv.sys
0x8D56A000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8D5A2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8D5A5000 \SystemRoot\system32\drivers\WudfPf.sys
0x8D5BF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA3C23000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA3C69000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA3C79000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA3C8C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA3CA2000 \SystemRoot\system32\drivers\HTTP.sys
0xA3D27000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA3D40000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA3D52000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA3D75000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3DB0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA5E10000 \SystemRoot\system32\drivers\peauth.sys
0xA5EA7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA5EB1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA5ED2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA5EDF000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA5F2E000 \SystemRoot\System32\DRIVERS\srv.sys
0xA5F80000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x91C0E000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0xA5FA1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0xB2C0F000 \SystemRoot\system32\drivers\spsys.sys
0xB2C79000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77870000 \Windows\System32\ntdll.dll
0x48220000 \Windows\System32\smss.exe
0x77AB0000 \Windows\System32\apisetschema.dll
0x00840000 \Windows\System32\autochk.exe
0x77A40000 \Windows\System32\difxapi.dll
0x777D0000 \Windows\System32\advapi32.dll
0x779E0000 \Windows\System32\shlwapi.dll
0x77780000 \Windows\System32\gdi32.dll
0x779D0000 \Windows\System32\nsi.dll
0x77680000 \Windows\System32\wininet.dll
0x779C0000 \Windows\System32\psapi.dll
0x77520000 \Windows\System32\ole32.dll
0x77450000 \Windows\System32\user32.dll
0x77430000 \Windows\System32\imm32.dll
0x773E0000 \Windows\System32\Wldap32.dll
0x77330000 \Windows\System32\rpcrt4.dll
0x766E0000 \Windows\System32\shell32.dll
0x76650000 \Windows\System32\oleaut32.dll
0x779B0000 \Windows\System32\lpk.dll
0x765B0000 \Windows\System32\usp10.dll
0x764D0000 \Windows\System32\kernel32.dll
0x76490000 \Windows\System32\ws2_32.dll
0x763C0000 \Windows\System32\msctf.dll
0x76280000 \Windows\System32\urlmon.dll
0x76250000 \Windows\System32\imagehlp.dll
0x761D0000 \Windows\System32\comdlg32.dll
0x761C0000 \Windows\System32\normaliz.dll
0x76020000 \Windows\System32\setupapi.dll
0x75E20000 \Windows\System32\iertutil.dll
0x75D90000 \Windows\System32\clbcatq.dll
0x75CE0000 \Windows\System32\msvcrt.dll
0x75CC0000 \Windows\System32\sechost.dll
0x75CA0000 \Windows\System32\devobj.dll
0x75B80000 \Windows\System32\crypt32.dll
0x75B50000 \Windows\System32\wintrust.dll
0x75B20000 \Windows\System32\cfgmgr32.dll
0x75A90000 \Windows\System32\comctl32.dll
0x75A40000 \Windows\System32\KernelBase.dll
0x75A30000 \Windows\System32\msasn1.dll

Processes (total 65):
0 System Idle Process
4 System
324 C:\Windows\System32\smss.exe
424 csrss.exe
484 C:\Windows\System32\wininit.exe
496 csrss.exe
552 C:\Windows\System32\services.exe
576 C:\Windows\System32\winlogon.exe
604 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
808 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\stacsv.exe
1108 C:\Windows\System32\audiodg.exe
1196 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\svchost.exe
1456 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1844 C:\Windows\System32\dwm.exe
1924 C:\Windows\explorer.exe
1988 C:\Windows\System32\spoolsv.exe
2012 C:\Windows\System32\taskhost.exe
340 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\AEstSrv.exe
1312 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1324 C:\SPLASH.SYS\config\DVMExportService.exe
1812 C:\Windows\System32\svchost.exe
1376 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2060 C:\Program Files\IDT\WDM\sttray.exe
2148 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2168 C:\Windows\System32\igfxtray.exe
2176 C:\Windows\System32\hkcmd.exe
2188 C:\Windows\System32\igfxpers.exe
2216 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2256 C:\Program Files\AVAST Software\Avast\AvastUI.exe
2340 C:\Windows\System32\igfxsrvc.exe
2716 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2752 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2964 C:\Windows\System32\svchost.exe
3008 C:\Windows\System32\svchost.exe
3208 C:\Windows\System32\SearchIndexer.exe
3256 WUDFHost.exe
3348 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3404 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
3512 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3520 WmiPrvSE.exe
3632 C:\Windows\System32\taskeng.exe
4020 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3440 C:\Program Files\Onda Connection Manager\UIMain.exe
3100 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2740 C:\Windows\System32\wlanext.exe
2464 C:\Windows\System32\conhost.exe
3924 C:\Windows\System32\taskhost.exe
3024 C:\Windows\System32\sppsvc.exe
3876 C:\Windows\System32\wuauclt.exe
2920 C:\Program Files\Internet Explorer\iexplore.exe
3144 C:\Windows\servicing\TrustedInstaller.exe
3944 C:\Program Files\Internet Explorer\iexplore.exe
2328 avast.setup
224 C:\Windows\System32\Macromed\Flash\FlashUtil10u_ActiveX.exe
1820 C:\Program Files\Defraggler\Defraggler.exe
1964 C:\Users\nat\Desktop\MBRCheck.exe
3160 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`54400000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMJA2250BHG2, Rev: 8919

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 581AD661BB853994E993E80FAB2CD0B3BC0B72E4


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:



PS.
Computer HP:spero che Combo non ci ha cancellato qualcosa di importante.
Strano anche il log di mbr Checker.
Avatar utente
Sabbb
Utente inattivo
 
Messaggi: 4483
Iscritto il: sab set 04, 2010 11:19 am

Re: Log Combo e mbr

Messaggioda eugenio19911 » dom lug 10, 2011 11:36 am

dato che non me ne intendo di combofix visto che sei in attesa prova a far scansionare con tdsskiller rinominandolo in svchost.exe:
http://support.kaspersky.com/downloads/ ... killer.zip
se avast dopo combofix è attivo fagli fare la scansione antirootkit (scansione all'avvio)
poi infine una passato con hitman pro per vedere residui
Appunto Personale: Se ti venisse voglia di installare il pinguino o windows 8 fattela passare
Avatar utente
eugenio19911
Redattore
Redattore
 
Messaggi: 2158
Iscritto il: sab set 04, 2010 10:02 pm

Re: Log Combo e mbr

Messaggioda crazy.cat » dom lug 10, 2011 12:40 pm

Prova a usare questo mrb.exe post563540.html#p563540

Ma i problemi del pc quali sono?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Re: Log Combo e mbr

Messaggioda Sabbb » dom lug 10, 2011 1:29 pm

crazy.cat ha scritto:Prova a usare questo mrb.exe post563540.html#p563540

Ma i problemi del pc quali sono?

Lentezza generale (e poi ho proprio l'abitudine di fare controlli-a prescindere [std] )
Inoltre quello dell'mbr è abbastanza strano (l'avviso) visto che non c'è dual boot [uhm]
Intanto scarico il tool.
Hitman= pulito
Malwarebytes pulito
Avast= fatto il foglio di via,e ora sto scanzionando con Avira,che al momento mi da 90 oggetti nascosti [sbav]
Avatar utente
Sabbb
Utente inattivo
 
Messaggi: 4483
Iscritto il: sab set 04, 2010 11:19 am

Re: Log Combo e mbr

Messaggioda LacieRikiki » dom lug 10, 2011 1:58 pm

Ciao sabbb, dal log di ComboFix non si riscontrano problemi.
Prova ad eseguire questa scansione (Eugenio ti ha linkato il sito, meglio scaricare l'exe più aggiornato e seguire queste istruzioni), e allega il Report. Ciao! ;)

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● doppio click su TDSSKiller.exe per avviare l'applicazione e successivamente sul pulsante Start Scan

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure, clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip, clicca quindi su Continua

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: clicca su Report e salva il contenuto in un file di testo
● è necessario riavviare il sistema: clicca su Riavvia ora
● una volta riavviato il sistema, il report del programma da allegare si trova in C:\ in questa forma:
TDSSKiller.[Version]_[Date]_[Time]_log.txt
Avatar utente
LacieRikiki
Utente bannato!
 
Messaggi: 3
Iscritto il: dom lug 10, 2011 1:56 pm

Re: Log Combo e mbr

Messaggioda Nichi » dom lug 10, 2011 3:56 pm

Sabbb ha scritto:...Avast= fatto il foglio di via,e ora sto scanzionando con Avira,che al momento mi da 90 oggetti nascosti [sbav]


Poerello avast!! [V]
Attenzione che se avira ti cancella o rinomina qualche file di sistema sei fritto [sh]
Siamo solo pedine... [B)]
Avatar utente
Nichi
Senior Member
Senior Member
 
Messaggi: 388
Iscritto il: ven feb 26, 2010 3:16 pm

Re: Log Combo e mbr

Messaggioda ninjabionico » dom lug 10, 2011 5:34 pm

Sabbb ha scritto:Computer della mia nuova-bella-strepitosa ragazza [std]
OS Seven Starter (netbook)
...


Ma la starter non ha diverse limitazioni? [uhm] (massimo 1 GB di memoria, no supporto multiprocessore, no grafica con effetti 3D, ecc...)

Sabbb ha scritto:
crazy.cat ha scritto:... Ma i problemi del pc quali sono?

Lentezza generale (e poi ho proprio l'abitudine di fare controlli-a prescindere [std] )
...


Compragli una pennetta da 8 GB (meglio di una buona marca e non troppo veloce, ho notato che quelle veloci hanno una vita molto ridotta) e fagli un'installazione di una bella distro GNU/Linux...

(durante l'installazione installa GRUB2 dell'MBR della pennetta e non nel disco fisso, inoltre modifica la sequenza di boot del netbook dando priorità alla pennetta Usb, se non sarà connessa si avvierà normalmente 7)

... Ubuntu (Xubuntu, Lubuntu), Mint Debian, Debian, Kanotix, Simply Mepis, Mandriva, Fedora, OpenGeu... hai solo l'imbarazzo della scelta della distro e dell'ambiente grafico (Gnome 2 o 3, KDE 3 o 4, XFCE4, LXDE, Enlightement, ecc...), risolverai i problemi di velocità del sistema se ottimizzerai un po' la distro per l'uso da pennetta (es.: riducendo al minimo le scritture sul supporto montando le directory dei file temporanei come Ramdisk, disabilitando la scrittura della data e ora dell'ultimo accesso al file system, ecc...).

Falla abituare un po' al nuovo sistema e il gioco è fatto! [8D] Se ce la fai puoi passare a un dual boot, che è più veloce della pennetta. [;)]

Molti problemi in meno con virus e malware vario, ma questo dovresti già saperlo... [fischio]

P.s.: Inoltre potresti installare un antivirus sulla distro e fare in tutta tranquillità una scansione delle partizioni Windows.
Io dico le cose così come stanno! Questo è il mio credo ninja - by Naruto Uzumaki
Expert-Advanced User Powered by Gnu/Linux
Avatar utente
ninjabionico
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5207
Iscritto il: lun mar 20, 2006 10:51 pm
Località: Prov. Pd

Re: Log Combo e mbr

Messaggioda Sabbb » lun lug 11, 2011 12:46 pm

ninjabionico ha scritto:

Ma la starter non ha diverse limitazioni? [uhm] (massimo 1 GB di memoria, no supporto multiprocessore, no grafica con effetti 3D, ecc...)
La lista delle limitazioni sulle versioni Starter non la conosco,e non so se tutte le versioni di Starter hanno il limite di 1GB di RAM.In ogni caso si,questo ha 1 GB di memoria RAM .

commenta ninja

Compragli una pennetta da 8 GB (meglio di una buona marca e non troppo veloce, ho notato che quelle veloci hanno una vita molto ridotta) e fagli un'installazione di una bella distro GNU/Linux...


grazie ninja [;)] del consiglio..

Grazie anche a tutti gli altri [MLI]
Avatar utente
Sabbb
Utente inattivo
 
Messaggi: 4483
Iscritto il: sab set 04, 2010 11:19 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising