Pagina 4 di 5 primaprima ... 2 3 4 5 ultimoultimo
Visualizzazione dei risultati da 31 a 40 su 49

Discussione: Firewall disattivato

  1. #31
    Ho eseguito le scansioni con Gmer e Combofix come da te suggerito.
    Ecco i risultati:

    Gmer (eseguito in mod provv.)
    GMER 1.0.13.12551 - http://www.gmer.net
    Rootkit scan 2010-05-05 22:16:55
    Windows 5.1.2600 Service Pack 3


    ---- User IAT/EAT - GMER 1.0.13 ----

    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[856] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll

    ---- Registry - GMER 1.0.13 ----

    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af164764 4e76e06692b 0xC8 0x28 0x51 0xAF ...
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2e cedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023 a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be0 6337561aa48 0x86 0x8C 0x21 0x01 ...
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d96 86d4b818472 0xF5 0x1D 0x4D 0x73 ...
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b7 4b2b4522f5d 0xDF 0x20 0x58 0x62 ...
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e 232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb 204b76f993d 0x01 0x3A 0x48 0xFC ...
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a 51804d844a3 0xF6 0x0F 0x4E 0x58 ...
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe 080bb27835b 0x37 0xA4 0xAA 0xC3 ...
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a 6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616 fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

    ---- Files - GMER 1.0.13 ----

    ADS C:\Documents and Settings\User\Preferiti\multa\ricorso giudice pace\Contravvenzioni. Vademecum dell:favicon
    ADS C:\Documents and Settings\User\Preferiti\Università\Appunti gratis :favicon
    ADS C:\Documents and Settings\User\Preferiti\Università\Appunti gratis :favicon
    ADS C:\Documents and Settings\User\Preferiti\Università\tesi\FATTE\Tesi di Laurea - Profili di Diritto Costituzionale nell:favicon
    ADS C:\Documents and Settings\User\Preferiti\Università\tesi\pec\PEC - Posta elettronica certificata :favicon

    ---- EOF - GMER 1.0.13 ----

    .. io non ci capisco nulla... dimmi tu!

    Poi combofix: qui ho avuto qualche difficoltà: l'ho eseguito dalla modalità normale, non sono riuscito a disattivare il "windows security essentials" , in compenso mi ha fatto installare la consolle di ripristino...
    Poi all'inizio del prompt dos ha scritto che il percorso specificato non era valido ... cmq ha continuato a lavorare e ha dato questo log (che per otivi di eccessivalunghezza del post, invio nel prox msg):
    A@P

  2. #32

    log di combofix

    ComboFix 10-05-05.02 - User 05/05/2010 22.35.46.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2754 [GMT 2:00]
    Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .

    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .

    c:\programmi\WindowsUpdate
    c:\windows\jestertb.dll

    .
    ((((((((((((((((((((((((( Files Creati Da 2010-04-05 al 2010-05-05 )))))))))))))))))))))))))))))))))))
    .

    2010-05-05 19:50 . 2007-06-29 07:38 581632 ----a-w- C:\gmer.exe
    2010-05-05 19:46 . 2010-05-05 19:46 398336 ----a-w- c:\windows\system32\CF30553.exe
    2010-05-03 07:58 . 2010-05-03 07:58 6153352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-27 22:32 . 2010-04-27 22:32 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware \SDDLLS\SD10005.dll
    2010-04-27 22:32 . 2010-04-27 22:32 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware \SDDLLS\UIREPAIR.DLL
    2010-04-27 22:32 . 2010-04-27 22:32 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
    2010-04-27 18:57 . 2010-05-04 05:54 -------- d-----w- c:\programmi\a-squared Free
    2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
    2010-04-23 19:24 . 2010-04-23 19:24 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Malwarebytes
    2010-04-23 19:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-23 19:24 . 2010-05-03 20:43 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
    2010-04-23 19:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-23 19:24 . 2010-04-23 19:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
    2010-04-22 11:45 . 2010-04-22 11:45 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-19 19:57 . 2010-05-03 20:45 117760 ----a-w- c:\documents and settings\User\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware \SDDLLS\UIREPAIR.DLL
    2010-04-19 19:57 . 2010-04-19 19:57 52224 ----a-w- c:\documents and settings\User\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware \SDDLLS\SD10005.dll
    2010-04-19 19:56 . 2010-04-19 19:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
    2010-04-19 19:56 . 2010-04-30 12:19 -------- d-----w- c:\programmi\SUPERAntiSpyware
    2010-04-19 19:56 . 2010-04-19 19:56 -------- d-----w- c:\documents and settings\User\Dati applicazioni\SUPERAntiSpyware.com
    2010-04-19 19:56 . 2010-04-19 19:56 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
    2010-04-19 18:53 . 2010-04-19 18:55 -------- d-----w- c:\documents and settings\User\Dati applicazioni\QuickScan
    2010-04-19 18:53 . 2010-04-13 13:58 670696 ----a-w- c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\kwku4o6k.def ault\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    2010-04-19 18:53 . 2010-04-13 13:58 833960 ----a-w- c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\kwku4o6k.def ault\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    2010-05-05 20:27 . 2008-04-14 12:00 75186 ----a-w- c:\windows\system32\perfc010.dat
    2010-05-05 20:27 . 2008-04-14 12:00 450358 ----a-w- c:\windows\system32\perfh010.dat
    2010-04-26 16:39 . 2010-03-02 21:52 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Winamp
    2010-04-19 21:13 . 2008-11-03 18:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
    2010-04-19 19:54 . 2008-10-23 16:07 -------- d-----w- c:\programmi\Servizi in linea
    2010-04-19 19:52 . 2008-10-23 16:57 -------- d-----w- c:\programmi\DIFX
    2010-04-19 19:50 . 2010-04-04 22:44 -------- d-----w- c:\programmi\VideoLAN
    2010-04-19 19:50 . 2008-10-23 16:09 -------- d-----w- c:\programmi\microsoft frontpage
    2010-04-19 19:03 . 2009-09-19 11:11 -------- d-----w- c:\programmi\eMule AdunanzA
    2010-04-14 16:47 . 2010-02-16 21:49 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-04-14 16:47 . 2010-02-16 21:49 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-04-14 16:35 . 2010-02-16 21:49 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-04-14 16:35 . 2010-02-16 21:49 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-04-14 16:31 . 2010-02-16 21:49 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-04-14 16:31 . 2010-02-16 21:49 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-04-14 16:31 . 2010-02-16 21:49 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-04-14 16:31 . 2010-02-16 21:49 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-04-14 16:30 . 2010-02-16 21:49 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-04-13 12:11 . 2010-04-04 22:51 -------- d-----w- c:\documents and settings\User\Dati applicazioni\vlc
    2010-04-04 22:20 . 2009-08-09 09:44 -------- d-----w- c:\programmi\Apple Software Update
    2010-04-04 22:20 . 2010-02-28 22:54 -------- d-----w- c:\programmi\AVS4YOU
    2010-04-04 22:19 . 2010-01-10 21:33 -------- d-----w- c:\programmi\PC Connectivity Solution
    2010-04-04 22:19 . 2010-02-28 22:31 -------- d-----w- c:\programmi\Trend Micro
    2010-04-04 22:19 . 2010-02-28 22:56 -------- d-----w- c:\programmi\TrendMicro
    2010-04-04 22:19 . 2009-01-15 19:06 -------- d-----w- c:\programmi\TomTom DesktopSuite
    2010-04-04 17:43 . 2009-12-17 12:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
    2010-03-25 22:03 . 2008-10-23 17:01 -------- d-----w- c:\programmi\File comuni\Adobe
    2010-03-15 21:15 . 2010-03-15 21:15 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\McAfee
    2010-03-15 09:10 . 2010-03-15 09:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
    2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-02 21:00 . 2010-03-02 21:00 503808 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\5 4\1a209876-327f46db-n\msvcp71.dll
    2010-03-02 21:00 . 2010-03-02 21:00 499712 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\5 4\1a209876-327f46db-n\jmc.dll
    2010-03-02 21:00 . 2010-03-02 21:00 348160 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\5 4\1a209876-327f46db-n\msvcr71.dll
    2010-03-02 21:00 . 2010-03-02 21:00 61440 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\1 7\6d0ad391-717ec210-n\decora-sse.dll
    2010-03-02 21:00 . 2010-03-02 21:00 12800 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\1 7\6d0ad391-717ec210-n\decora-d3d.dll
    2010-03-02 20:59 . 2010-03-02 20:59 79488 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_18\gtapi.dll
    2010-03-02 20:59 . 2010-03-02 20:59 152576 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_18\lzma.dll
    2010-03-01 19:03 . 2008-11-02 10:29 37288 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
    2010-02-28 23:13 . 2010-02-28 17:30 450358 ----a-w- c:\windows\system32\prfh0410.dat
    2010-02-28 23:13 . 2010-02-28 17:30 75186 ----a-w- c:\windows\system32\prfc0410.dat
    2010-02-28 19:30 . 2010-02-28 19:30 37288 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
    2010-02-25 06:16 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-22 17:29 . 2010-02-22 17:29 0 ----a-w- c:\windows\nsreg.dat
    2010-02-19 00:09 . 2010-02-19 00:09 241664 ----a-w- c:\documents and settings\NetworkService\NTUSER.DAT.tmp
    2010-02-18 23:51 . 2010-02-18 23:51 23 --sha-w- c:\windows\system32\edacded0.dat
    2010-02-16 19:05 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:05 . 2008-04-13 18:55 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-06 21:56 . 2010-02-06 21:56 8854 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{D283897D-A26B-489F-9163-0AB0778823AB}\NewShortcut3_43405B1A6E07446F91523AC 32617A818.exe
    2010-02-06 21:56 . 2010-02-06 21:56 61440 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{D283897D-A26B-489F-9163-0AB0778823AB}\NewShortcut2_D283897DA26B489F91630AB 0778823AB.exe
    2010-02-06 21:56 . 2010-02-06 21:56 61440 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{D283897D-A26B-489F-9163-0AB0778823AB}\NewShortcut1_D283897DA26B489F91630AB 0778823AB.exe
    2010-02-06 21:56 . 2010-02-06 21:56 21630 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{D283897D-A26B-489F-9163-0AB0778823AB}\ARPPRODUCTICON.exe
    .

    - segue nel prox post -
    A@P

  3. #33

    log di combofix - part II

    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\ SUPERAntiSpyware.exe" [2010-04-30 2020592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
    "Six Engine"="c:\programmi\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-02 5964800]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-17 13529088]
    "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-17 86016]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-04-14 2790472]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
    "lxdvmon.exe"="c:\programmi\Lexmark X5400 Series\lxdvmon.exe" [2007-11-02 455336]
    "lxdvamon"="c:\programmi\Lexmark X5400 Series\lxdvamon.exe" [2007-11-02 25256]
    "Lexmark X5400 Series Fax Server"="c:\programmi\Lexmark X5400 Series\fm3032.exe" [2007-11-02 307880]
    "WinampAgent"="c:\programmi\Winamp\winampa.exe " [2010-01-13 37888]
    "Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\lxdvcoms.exe"=
    "c:\\Programmi\\Lexmark X5400 Series\\lxdvmon.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \lxdvpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \lxdvtime.exe"=
    "c:\\Programmi\\Lexmark X5400 Series\\LXDVFax.exe"=
    "c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
    "c:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
    "c:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
    "c:\\Programmi\\Lexmark X5400 Series\\frun.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \lxdvjswx.exe"=
    "c:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
    "c:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "4672:UDP"= 4672:UDP:emule_udp
    "4949:TCP"= 4949:TCP:*isabled:vyifwh
    "3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009

    R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.s ys [24/06/2008 0.21.48 150568]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/02/2010 23.49.36 162768]
    R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sa sdifsv.sys [17/02/2010 11.25.50 12872]
    R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SA SKUTIL.SYS [17/02/2010 11.15.58 61440]
    R2 a2free;a-squared Free Service;c:\programmi\a-squared Free\a2service.exe [27/04/2010 20.57.08 1872320]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [16/02/2010 23.49.37 19024]
    R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvco ms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
    R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [23/10/2008 18.57.08 203264]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/01/2010 21.01.14 691696]
    S2 lxdvCATSCustConnectService;lxdvCATSCustConnectServ ice;c:\windows\system32\spool\drivers\w32x86\3\lxd vserv.exe [16/11/2008 16.56.39 98984]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\Sophos MEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
    S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASE NUM.SYS [17/02/2010 11.15.58 12872]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    pujvjqmhq
    .
    Contenuto della cartella 'Scheduled Tasks'

    2010-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    .
    ------- Scansione supplementare -------
    .
    uStart Page = hxxp://www.google.it/
    IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath -

    ---- FIREFOX POLICIES ----
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-05 22:37
    Windows 5.1.2600 Service Pack 3 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0


    ************************************************** ************************
    .
    --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

    [HKEY_USERS\S-1-5-21-220523388-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{CED4DE5E-72AB-6B30-3380-EA48806BF275}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "jaejgmdnefpnpfiglhbf"=hex:6b,61,69,6a,6a,62,6a,66 ,6d,67,61,6f,6f,6b,66,6b,66,
    66,61,64,6e,66,00,7e
    "iagimlobjgkmcpddlg"=hex:6b,61,69,6a,61,63,63,65,6 b,6a,67,67,63,70,61,61,66,6e,
    63,6a,66,63,00,01
    "haihglcpceacilfe"=hex:6a,61,6f,68,69,6b,6f,6a,6c, 67,70,62,6d,6a,67,69,66,68,
    61,6d,00,88
    "haihglcpjdjbkahi"=hex:62,62,63,6b,6f,61,67,6f,65, 69,6c,6c,6c,6a,70,66,65,6b,
    70,6d,61,64,67,70,61,6c,6f,6d,62,65,67,66,67,6b,69 ,6b,00,3d
    .
    --------------------- Dlls caricate dai processi in esecuzione ---------------------

    - - - - - - - > 'winlogon.exe'(576)
    c:\programmi\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    .
    Ora fine scansione: 2010-05-05 22:38:58
    ComboFix-quarantined-files.txt 2010-05-05 20:38

    Pre-Run: 59.738.984.448 byte disponibili
    Post-Run: 59.710.443.520 byte disponibili

    WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 557CF6E6B38213362EE61A2F4F1A1BC7

    Anche qui non capisco nulla...
    Per quanto riguarda findykill: temp oaddietro lo avevo usato ed ero risultato pulito, cmq riprovo e ti aggiorno. Nel frattempo se si ricava qualcosa dai due log che ho postato...
    A@P

  4. #34
    Utente di HTML.it
    Registrato dal
    May 2010
    Messaggi
    1,024
    Hai 2 antivirus:
    Disistallane 1.
    Due antivirus, creano problemi di conflitto.
    Poi:
    Apri un file di testo con il Block Note, sul Desktop .
    Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome
    CFScript.txt

    codice:
    KillAll::
    NetSvcs::
    pujvjqmhq
    Driver::
    MEMSWEEP2
    pujvjqmhq
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4949:TCP"=-
    RegNull::
    [HKEY_USERS\S-1-5-21-220523388-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CED4DE5E-72AB-6B30-3380-EA48806BF275}*]
    e trascinalo sull'icona di ComboFix.
    Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
    Posta il log aggiornato di combofix

  5. #35
    Ecco il log di Findykill:


    ############################## | FindyKill V5.041 |

    # User : User (Administrators) # USER-292945C618
    # Update on 29/04/2010 by El Desaparecido
    # Start at: 23.09.02 | 05/05/2010
    # Website : http://pagesperso-orange.fr/NosTools/index.html
    # Contact : FindyKill.Contact@gmail.com

    # Processore Intel Pentium III Xeon
    # Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Enabled
    # AV : avast! Antivirus 5.0.83886587 [ Enabled | Updated ]
    # AV : Microsoft Security Essentials 2.0.6212.0 [ Enabled | Updated ]

    # C:\ # Disco rigido locale # 931,5 Go (55,63 Go free) # NTFS
    # D:\ # Disco CD-ROM
    # E:\ # Disco rigido locale # 279,47 Go (65,71 Go free) [Dati] # NTFS
    # F:\ # Disco rigido locale # 279,47 Go (4,13 Go free) # NTFS
    # G:\ # Disco rigido locale # 152,66 Go (25,09 Go free) [EIDE] # NTFS
    # H:\ # Disco rimovibile
    # I:\ # Disco rimovibile
    # J:\ # Disco rimovibile
    # K:\ # Disco rimovibile

    ################## | Eléments infectieux |


    ################## | MD5 ... |


    ################## | CRC32 ... |


    Tutto a posto, vero?
    Per quanto riguarda i 2 antivirus ... uno è Avast .. e l'altro non so .. forse quello di Windows? (il già citato "windows security essentials") .
    Come faccio a disattivarlo? Ho cercato anche con la guida in linea di winxp ma nulla...
    A@P

  6. #36
    Utente di HTML.it
    Registrato dal
    May 2010
    Messaggi
    1,024
    Questo è il secondo antivirus che segnala Combofix:
    Microsoft Security Essentials
    Prova a disistallarlo così:
    fai clic sul pulsante Start\ Esegui, digita appwiz.cpl quindi premi INVIO.
    Poi vai in Installazione Applicazioni e lo rimuovi.
    Vorrei vedere il log di Combofix, dopo le indicazioni che ti ho dato, e se il problema è risolto.

  7. #37
    Allora... non sono riuscito a disinstallare Microsoft Security Essentials perchè non c'è nell'elenco delle applicazioni installate...
    Ho fatto cmq girare combofix con il file di testo e questo è il log...

    ComboFix 10-05-05.0D - User 06/05/2010 21.30.39.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2768 [GMT 2:00]
    Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
    Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .

    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MEMSWEEP2
    -------\Legacy_PUJVJQMHQ
    -------\Service_MEMSWEEP2


    ((((((((((((((((((((((((( Files Creati Da 2010-04-06 al 2010-05-06 )))))))))))))))))))))))))))))))))))
    .

    2010-05-05 22:11 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-05-05 21:06 . 2010-05-05 21:46 -------- d-----w- C:\FyK
    2010-05-05 19:46 . 2010-05-05 19:46 398336 ----a-w- c:\windows\system32\CF30553.exe
    2010-05-03 07:58 . 2010-05-03 07:58 6153352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-27 22:32 . 2010-04-27 22:32 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware \SDDLLS\SD10005.dll
    2010-04-27 22:32 . 2010-04-27 22:32 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware \SDDLLS\UIREPAIR.DLL
    2010-04-27 22:32 . 2010-04-27 22:32 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
    2010-04-27 18:57 . 2010-05-04 05:54 -------- d-----w- c:\programmi\a-squared Free
    2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
    2010-04-23 19:24 . 2010-04-23 19:24 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Malwarebytes
    2010-04-23 19:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-23 19:24 . 2010-05-03 20:43 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
    2010-04-23 19:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-23 19:24 . 2010-04-23 19:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
    2010-04-22 11:45 . 2010-04-22 11:45 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-19 19:57 . 2010-05-03 20:45 117760 ----a-w- c:\documents and settings\User\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware \SDDLLS\UIREPAIR.DLL
    2010-04-19 19:57 . 2010-04-19 19:57 52224 ----a-w- c:\documents and settings\User\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware \SDDLLS\SD10005.dll
    2010-04-19 19:56 . 2010-04-19 19:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
    2010-04-19 19:56 . 2010-04-30 12:19 -------- d-----w- c:\programmi\SUPERAntiSpyware
    2010-04-19 19:56 . 2010-04-19 19:56 -------- d-----w- c:\documents and settings\User\Dati applicazioni\SUPERAntiSpyware.com
    2010-04-19 19:56 . 2010-04-19 19:56 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
    2010-04-19 18:53 . 2010-04-19 18:55 -------- d-----w- c:\documents and settings\User\Dati applicazioni\QuickScan
    2010-04-19 18:53 . 2010-04-13 13:58 670696 ----a-w- c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\kwku4o6k.def ault\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    2010-04-19 18:53 . 2010-04-13 13:58 833960 ----a-w- c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\kwku4o6k.def ault\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    2010-05-06 19:19 . 2008-04-14 12:00 75186 ----a-w- c:\windows\system32\perfc010.dat
    2010-05-06 19:19 . 2008-04-14 12:00 450358 ----a-w- c:\windows\system32\perfh010.dat
    2010-04-26 16:39 . 2010-03-02 21:52 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Winamp
    2010-04-19 21:13 . 2008-11-03 18:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
    2010-04-19 19:54 . 2008-10-23 16:07 -------- d-----w- c:\programmi\Servizi in linea
    2010-04-19 19:52 . 2008-10-23 16:57 -------- d-----w- c:\programmi\DIFX
    2010-04-19 19:50 . 2010-04-04 22:44 -------- d-----w- c:\programmi\VideoLAN
    2010-04-19 19:50 . 2008-10-23 16:09 -------- d-----w- c:\programmi\microsoft frontpage
    2010-04-19 19:03 . 2009-09-19 11:11 -------- d-----w- c:\programmi\eMule AdunanzA
    2010-04-14 16:47 . 2010-02-16 21:49 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-04-14 16:47 . 2010-02-16 21:49 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-04-14 16:35 . 2010-02-16 21:49 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-04-14 16:35 . 2010-02-16 21:49 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-04-14 16:31 . 2010-02-16 21:49 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-04-14 16:31 . 2010-02-16 21:49 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-04-14 16:31 . 2010-02-16 21:49 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-04-14 16:31 . 2010-02-16 21:49 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-04-14 16:30 . 2010-02-16 21:49 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-04-13 12:11 . 2010-04-04 22:51 -------- d-----w- c:\documents and settings\User\Dati applicazioni\vlc
    2010-04-04 22:20 . 2009-08-09 09:44 -------- d-----w- c:\programmi\Apple Software Update
    2010-04-04 22:20 . 2010-02-28 22:54 -------- d-----w- c:\programmi\AVS4YOU
    2010-04-04 22:19 . 2010-01-10 21:33 -------- d-----w- c:\programmi\PC Connectivity Solution
    2010-04-04 22:19 . 2010-02-28 22:31 -------- d-----w- c:\programmi\Trend Micro
    2010-04-04 22:19 . 2010-02-28 22:56 -------- d-----w- c:\programmi\TrendMicro
    2010-04-04 22:19 . 2009-01-15 19:06 -------- d-----w- c:\programmi\TomTom DesktopSuite
    2010-04-04 17:43 . 2009-12-17 12:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
    2010-03-25 22:03 . 2008-10-23 17:01 -------- d-----w- c:\programmi\File comuni\Adobe
    2010-03-15 21:15 . 2010-03-15 21:15 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\McAfee
    2010-03-15 09:10 . 2010-03-15 09:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
    2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-02 21:00 . 2010-03-02 21:00 503808 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\5 4\1a209876-327f46db-n\msvcp71.dll
    2010-03-02 21:00 . 2010-03-02 21:00 499712 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\5 4\1a209876-327f46db-n\jmc.dll
    2010-03-02 21:00 . 2010-03-02 21:00 348160 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\5 4\1a209876-327f46db-n\msvcr71.dll
    2010-03-02 21:00 . 2010-03-02 21:00 61440 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\1 7\6d0ad391-717ec210-n\decora-sse.dll
    2010-03-02 21:00 . 2010-03-02 21:00 12800 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\1 7\6d0ad391-717ec210-n\decora-d3d.dll
    2010-03-02 20:59 . 2010-03-02 20:59 79488 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_18\gtapi.dll
    2010-03-02 20:59 . 2010-03-02 20:59 152576 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_18\lzma.dll
    2010-03-01 19:03 . 2008-11-02 10:29 37288 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
    2010-02-28 23:13 . 2010-02-28 17:30 450358 ----a-w- c:\windows\system32\prfh0410.dat
    2010-02-28 23:13 . 2010-02-28 17:30 75186 ----a-w- c:\windows\system32\prfc0410.dat
    2010-02-28 19:30 . 2010-02-28 19:30 37288 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
    2010-02-25 06:16 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-22 17:29 . 2010-02-22 17:29 0 ----a-w- c:\windows\nsreg.dat
    2010-02-19 00:09 . 2010-02-19 00:09 241664 ----a-w- c:\documents and settings\NetworkService\NTUSER.DAT.tmp
    2010-02-18 23:51 . 2010-02-18 23:51 23 --sha-w- c:\windows\system32\edacded0.dat
    2010-02-16 19:05 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:05 . 2008-04-13 18:55 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-06 21:56 . 2010-02-06 21:56 8854 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{D283897D-A26B-489F-9163-0AB0778823AB}\NewShortcut3_43405B1A6E07446F91523AC 32617A818.exe
    2010-02-06 21:56 . 2010-02-06 21:56 61440 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{D283897D-A26B-489F-9163-0AB0778823AB}\NewShortcut2_D283897DA26B489F91630AB 0778823AB.exe
    2010-02-06 21:56 . 2010-02-06 21:56 61440 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{D283897D-A26B-489F-9163-0AB0778823AB}\NewShortcut1_D283897DA26B489F91630AB 0778823AB.exe
    2010-02-06 21:56 . 2010-02-06 21:56 21630 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{D283897D-A26B-489F-9163-0AB0778823AB}\ARPPRODUCTICON.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-05-05_20.38.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-05-06 19:36 . 2010-05-06 19:36 16384 c:\windows\temp\Perflib_Perfdata_848.dat
    + 2010-03-02 21:38 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
    + 2008-04-14 12:00 . 2010-05-06 19:19 63188 c:\windows\system32\perfc009.dat
    - 2008-04-14 12:00 . 2010-05-05 20:27 63188 c:\windows\system32\perfc009.dat
    + 2008-04-14 12:00 . 2010-05-06 19:19 403968 c:\windows\system32\perfh009.dat
    - 2008-04-14 12:00 . 2010-05-05 20:27 403968 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\ SUPERAntiSpyware.exe" [2010-04-30 2020592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
    "Six Engine"="c:\programmi\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-02 5964800]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-17 13529088]
    "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-17 86016]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-04-14 2790472]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
    "lxdvmon.exe"="c:\programmi\Lexmark X5400 Series\lxdvmon.exe" [2007-11-02 455336]
    "lxdvamon"="c:\programmi\Lexmark X5400 Series\lxdvamon.exe" [2007-11-02 25256]
    "Lexmark X5400 Series Fax Server"="c:\programmi\Lexmark X5400 Series\fm3032.exe" [2007-11-02 307880]
    "WinampAgent"="c:\programmi\Winamp\winampa.exe " [2010-01-13 37888]
    "Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]





    ... continua ...
    A@P

  8. #38
    seconda parte...

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\lxdvcoms.exe"=
    "c:\\Programmi\\Lexmark X5400 Series\\lxdvmon.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \lxdvpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \lxdvtime.exe"=
    "c:\\Programmi\\Lexmark X5400 Series\\LXDVFax.exe"=
    "c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
    "c:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
    "c:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
    "c:\\Programmi\\Lexmark X5400 Series\\frun.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \lxdvjswx.exe"=
    "c:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
    "c:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "4672:UDP"= 4672:UDP:emule_udp
    "3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009

    R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.s ys [24/06/2008 0.21.48 150568]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/01/2010 21.01.14 691696]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/02/2010 23.49.36 162768]
    R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sa sdifsv.sys [17/02/2010 11.25.50 12872]
    R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SA SKUTIL.SYS [17/02/2010 11.15.58 61440]
    R2 a2free;a-squared Free Service;c:\programmi\a-squared Free\a2service.exe [27/04/2010 20.57.08 1872320]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [16/02/2010 23.49.37 19024]
    R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvco ms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
    R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [23/10/2008 18.57.08 203264]
    S2 lxdvCATSCustConnectService;lxdvCATSCustConnectServ ice;c:\windows\system32\spool\drivers\w32x86\3\lxd vserv.exe [16/11/2008 16.56.39 98984]
    S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASE NUM.SYS [17/02/2010 11.15.58 12872]
    .
    Contenuto della cartella 'Scheduled Tasks'

    2010-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    .
    ------- Scansione supplementare -------
    .
    uStart Page = hxxp://www.google.it/
    IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\kwku4o6k.def ault\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
    FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\kwku4o6k.def ault\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    FF - plugin: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\kwku4o6k.def ault\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava 1.dll

    ---- FIREFOX POLICIES ----
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-06 21:36
    Windows 5.1.2600 Service Pack 3 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    ************************************************** ************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spfb.sys >>UNKNOWN [0x8A6B9938]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
    \Driver\ACPI -> ACPI.sys @ 0xba674cb8
    \Driver\atapi -> atapi.sys @ 0xba609b40
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
    ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
    ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xba4bfbb0
    PacketIndicateHandler -> NDIS.sys @ 0xba4cca21
    SendHandler -> NDIS.sys @ 0xba4aa87b
    user & kernel MBR OK

    ************************************************** ************************
    .
    --------------------- Dlls caricate dai processi in esecuzione ---------------------

    - - - - - - - > 'winlogon.exe'(816)
    c:\programmi\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(3284)
    c:\windows\system32\WININET.dll
    c:\programmi\Windows Media Player\wmpband.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
    c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Altri processi in esecuzione ------------------------
    .
    c:\programmi\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\programmi\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxdvcoms.exe
    c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\system32\nvsvc32.exe
    .
    ************************************************** ************************
    .
    Ora fine scansione: 2010-05-06 21:39:21 - Il pc è stato riavviato
    ComboFix-quarantined-files.txt 2010-05-06 19:39
    ComboFix2.txt 2010-05-05 20:38

    Pre-Run: 59.684.151.296 byte disponibili
    Post-Run: 59.554.062.336 byte disponibili

    - - End Of File - - 2076FE96CEE7F63437A5CF242FAAF4F0


    Ma la vera buona notizia è che il problema è scomparso! ... prima ancora di fare quest'operazione!
    Dopo aver usato Findykill avevo spento il PC senza riavviarlo .. quindi non me ne ero accorto ... oggi accendo e ... sorpresa! .. anzi: supersorpresa! [cit]

    Vorrei tanto ringraziare tutti quelli che si sono appassionati al mio problema, anche se hanno solo letto senza aver proposto soluzioni.
    Grazie poi a Conetti, che per primo ha cercato di darmi una mano, a ilpisano e naturalmente a R16 ... e poi vorrei ringraziare Dio, i miei genitori per aver sempre creduto in me, la mia casa discografica e tutti quelli che mi hanno votato ... )

    R16, mi confermi che dall'ultimo log è tutto a posto? Così faccio un bel punto di ripristino .. e viaaaa!
    A@P

  9. #39
    Utente di HTML.it L'avatar di Conetti
    Registrato dal
    Feb 2009
    Messaggi
    2,323
    Prego
    Grazie a R16 in particolare
    Se hai problemi, non esitare a contattarci

  10. #40
    Utente di HTML.it
    Registrato dal
    May 2010
    Messaggi
    1,024
    Le eliminazioni sono state eseguite con successo.
    Ultima verifica:
    Scarica MBR.EXE direttamente nella Directory C:\ (è importante che venga scaricato in C:\ )
    http://www2.gmer.net/mbr/mbr.exe
    Avvia il Pc in modalità provvisoria

    Fai: Start - Esegui - copia-incolla questo comando: C:\mbr.exe -f e clicca su OK
    Non digitare quel comando; FAI il copia-incolla.(si deve rispettare uno spazio che c'è dopo exe )
    Posta il log, che troverai, dove hai scaricato il Tool, ovvero in C:\

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  
Powered by vBulletin® Version 4.2.1
Copyright © 2020 vBulletin Solutions, Inc. All rights reserved.