Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log

controllo log Opzioni
Topic Precedente · Topic Sucessivo
sinlayla
Inviato: Sunday, May 29, 2011 10:06:02 AM
Rank: Member

Iscritto dal : 3/13/2011
Posts: 18
Ciao a tutti non è che potreste dare un'occhiata a questo log??

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.02.54, on 29/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\HijackThis\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.ask.com?o=101702&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1908101458-1887450043-1455191902-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 6078 bytes


E nel caso in cui avessi un keylogger, qual'è la miglior soluzione per eliminarlo??
Grazie in anticipo.
Torna in alto
 
Sponsor
Inviato: Sunday, May 29, 2011 10:06:02 AM

 
Torna in alto
 
r16
Inviato: Sunday, May 29, 2011 11:25:46 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutamici.com/software?ID=11175

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":

R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Elimina gli eventuali file infetti trovati.
Posta il log.

Dovresti aggiornare il browser.(IE7 è obsoleto, e pieno di bug)

Commenta:
E nel caso in cui avessi un keylogger, qual'è la miglior soluzione per eliminarlo??

Perchè sospetti la presenza di un Keylogger?
Torna in alto
 
sinlayla
Inviato: Tuesday, May 31, 2011 3:36:23 PM
Rank: Member

Iscritto dal : 3/13/2011
Posts: 18
Grazie r16 :D
Ho fatto tutto, la scansione di malware bytes non ha rilevato nessun file infetto. Ecco il nuovo log:

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.37.41, on 31/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Shiella Cudia\Downloads\JDownloader_PortableApps-0.9421\CommonFiles\Java\bin\javaw.exe
C:\HijackThis\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.ask.com?o=101702&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1908101458-1887450043-1455191902-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5440 bytes


IE7 è internet explorer giusto? Allora io non l'ho mai aggiornato perchè non lo uso. Io attualmente uso firefox. E' meglio aggiornarlo anche se non viene utilizzato?

Per quanto riguarda il keylogger mi è venuta paura perchè ho avuto dei problemi con la password di msn hotmail, perchè praticamente mi veniva detto che la mia email forse era stata utilizzata per spammare e quindi ho dovuto dare il mio numero di telefono per sistemare il tutto. E poi sempre con la password per infostrada, sono sicurissima che la password fosse quella che avevo messo (l'avevo anche scritta), però mi diceva che era sbagliata ed ho dovuto rispondere alla domanda segreta ed ho cambiato pass. Adesso uso il tastierino su schermo per le pass ç_ç.
Torna in alto
 
r16
Inviato: Tuesday, May 31, 2011 6:38:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
sinlayla
Inviato: Tuesday, May 31, 2011 7:28:04 PM
Rank: Member

Iscritto dal : 3/13/2011
Posts: 18
fatto, grazie di nuovo:

Code:
ComboFix 11-05-31.01 - Shiella Cudia 31/05/2011  19.16.59.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.39.1040.18.3066.2049 [GMT 2:00]
Eseguito da: c:\users\Shiella Cudia\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\resycled
.
.
(((((((((((((((((((((((((   Files Creati Da 2011-04-28 al 2011-05-31  )))))))))))))))))))))))))))))))))))
.
.
2011-05-31 17:25 . 2011-05-31 17:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-05-31 17:12 . 2011-05-31 17:15    --------    d-----w-    C:\32788R22FWJFW
2011-05-31 15:09 . 2011-05-31 15:09    --------    d-sh--w-    c:\programdata\DSS
2011-05-31 15:04 . 2011-05-31 15:04    --------    d-----w-    c:\users\Shiella Cudia\AppData\Roaming\Lionhead Studios
2011-05-31 14:55 . 2011-05-31 14:55    --------    d-----w-    c:\windows\system32\xlive
2011-05-31 14:55 . 2011-05-31 14:56    --------    d-----w-    c:\program files\Microsoft Games for Windows - LIVE
2011-05-31 06:00 . 2011-05-31 06:00    28752    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA017E1A-C2BC-435A-8464-9EFDFF6F315B}\MpKsld660ba52.sys
2011-05-30 12:58 . 2011-05-30 12:58    --------    d-----w-    c:\windows\Sun
2011-05-30 11:35 . 2011-05-09 20:46    6962000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA017E1A-C2BC-435A-8464-9EFDFF6F315B}\mpengine.dll
2011-05-30 11:35 . 1998-07-17 11:36    140800    ----a-w-    c:\windows\system32\tm20dec.ax
2011-05-30 11:34 . 1997-12-17 16:33    304128    ----a-w-    c:\windows\IsUninst.exe
2011-05-30 11:30 . 2011-05-30 11:55    --------    d-----w-    c:\program files\Final Fantasy VII
2011-05-22 01:37 . 2011-03-13 18:37    439632    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B82A6D67-E457-44D6-842F-124A35479724}\gapaengine.dll
2011-05-22 01:24 . 2011-05-22 01:24    --------    d-----w-    c:\programdata\Electronic Arts
2011-05-22 01:24 . 2011-05-22 01:24    --------    d-----w-    c:\programdata\EA Core
2011-05-22 00:59 . 2011-05-22 00:59    --------    d-----w-    c:\program files\7-Zip
2011-05-19 06:25 . 2011-05-19 06:25    234800    ----a-w-    c:\windows\system32\drivers\SynTP.sys
2011-05-19 06:25 . 2011-05-19 06:25    210216    ----a-w-    c:\windows\system32\SynCtrl.dll
2011-05-19 06:25 . 2011-05-19 06:25    161064    ----a-w-    c:\windows\system32\SynTPAPI.dll
2011-05-19 06:25 . 2011-05-19 06:25    120104    ----a-w-    c:\windows\system32\SynTPCo4.dll
2011-05-19 06:25 . 2011-05-19 06:25    173352    ----a-w-    c:\windows\system32\SynCOM.dll
2011-05-18 07:45 . 2011-04-24 21:08    4303928    ----a-w-    c:\windows\system32\GameMon.des
2011-05-18 07:44 . 2005-01-04 00:43    4682    ----a-w-    c:\windows\system32\npptNT2.sys
2011-05-18 07:44 . 2003-07-20 09:17    5174    ----a-w-    c:\windows\system32\nppt9x.vxd
2011-05-18 07:44 . 2011-05-18 07:44    --------    d-----w-    c:\program files\Common Files\INCA Shared
2011-05-17 14:40 . 2011-05-17 14:40    --------    d-----w-    c:\program files\Gameforge4D
2011-05-17 14:25 . 2011-05-17 14:25    --------    d-----w-    c:\programdata\WindowsSearch
2011-05-14 09:13 . 2011-05-14 09:13    --------    d-----w-    c:\users\Shiella Cudia\AppData\Roaming\Foxit Software
2011-05-14 07:38 . 2011-05-14 07:38    --------    d-----r-    c:\program files\Skype
2011-05-14 07:36 . 2011-05-15 07:55    404640    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 07:29 . 2011-05-14 07:29    84008    ----a-w-    c:\windows\system32\drivers\btwaudio.sys
2011-05-14 07:29 . 2011-05-14 07:29    109608    ----a-w-    c:\windows\system32\drivers\btwavdt.sys
2011-05-14 07:29 . 2011-05-14 07:29    18472    ----a-w-    c:\windows\system32\drivers\btwrchid.sys
2011-05-14 07:28 . 2011-05-14 07:28    369952    ----a-w-    c:\windows\system32\yk60x86.dll
2011-05-14 07:28 . 2011-05-14 07:28    320288    ----a-w-    c:\windows\system32\drivers\yk60x86.sys
2011-05-13 22:22 . 2009-07-14 17:45    445008    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2011-05-13 22:22 . 2009-07-14 17:45    38480    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2011-05-13 22:18 . 2011-05-13 22:18    8704    ----a-w-    c:\windows\system32\drivers\Amfilter.sys
2011-05-13 22:18 . 2011-05-13 22:18    14336    ----a-w-    c:\windows\system32\drivers\Amusbprt.sys
2011-05-13 22:05 . 2011-05-13 22:05    --------    d-----w-    c:\program files\Apoint2K
2011-05-13 22:04 . 2011-05-13 22:04    217136    ----a-w-    c:\windows\system32\drivers\Apfiltr.sys
2011-05-13 22:04 . 2011-05-13 22:04    1419232    ----a-w-    c:\windows\system32\WdfCoInstaller01005.dll
2011-05-13 21:35 . 2011-05-13 21:35    --------    d-----w-    c:\program files\Microsoft IntelliPoint
2011-05-13 21:20 . 2011-05-13 21:20    --------    d-----w-    c:\users\UpdatusUser
2011-05-13 21:18 . 2011-05-13 21:20    --------    d-----w-    c:\programdata\NVIDIA
2011-05-13 21:18 . 2011-05-13 21:18    --------    d-----w-    c:\programdata\NVIDIA Corporation
2011-05-13 19:48 . 2011-05-13 19:48    944232    ----a-w-    c:\windows\system32\nvdispco3220140.dll
2011-05-13 19:48 . 2011-05-13 19:48    855656    ----a-w-    c:\windows\system32\nvgenco322060.dll
2011-05-13 19:19 . 2011-05-13 19:19    14352    ----a-w-    c:\windows\system32\drivers\AtiPcie.sys
2011-05-13 19:13 . 2011-05-13 19:13    21072    ----a-w-    c:\windows\system32\drivers\DKbFltr.sys
2011-05-13 19:03 . 2011-05-13 19:03    --------    d-----w-    c:\users\Shiella Cudia\AppData\Roaming\Uniblue
2011-05-13 19:03 . 2011-05-13 19:03    --------    d-----w-    c:\program files\Uniblue
2011-05-12 16:11 . 2011-05-12 16:11    258352    ----a-w-    c:\windows\system32\unicows.dll
2011-05-12 13:53 . 2011-05-12 16:11    --------    d-----w-    c:\users\Shiella Cudia\AppData\Roaming\GetRightToGo
2011-05-11 10:22 . 2011-05-11 10:22    89048    ----a-w-    c:\program files\Mozilla Firefox\libEGL.dll
2011-05-11 10:22 . 2011-05-11 10:22    781272    ----a-w-    c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-11 10:22 . 2011-05-11 10:22    465880    ----a-w-    c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-11 10:22 . 2011-05-11 10:22    1874904    ----a-w-    c:\program files\Mozilla Firefox\mozjs.dll
2011-05-11 10:22 . 2011-05-11 10:22    15832    ----a-w-    c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-11 10:22 . 2011-05-11 10:22    1892184    ----a-w-    c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-11 10:22 . 2011-05-11 10:22    1974616    ----a-w-    c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-11 10:22 . 2011-05-11 10:22    142296    ----a-w-    c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-11 00:18 . 2011-05-11 00:18    --------    d-----w-    c:\programdata\Uniblue
2011-05-10 09:54 . 2011-05-10 09:54    107888    ----a-w-    c:\windows\system32\CmdLineExt.dll
2011-05-10 08:31 . 2011-05-10 08:31    --------    d--h--r-    c:\users\Shiella Cudia\AppData\Roaming\SecuROM
2011-05-10 08:22 . 2011-05-10 08:22    --------    d-----w-    c:\users\Shiella Cudia\AppData\Roaming\gnupg
2011-05-05 20:38 . 2011-05-05 20:38    --------    d-----w-    c:\program files\alaplaya
2011-05-05 19:29 . 2011-05-05 19:29    --------    d-----w-    c:\programdata\Easy Driver Pro
2011-05-04 14:48 . 2011-05-22 15:13    --------    d-----w-    c:\users\Shiella Cudia\AppData\Roaming\Hamachi
2011-05-04 14:48 . 2011-05-04 14:48    25280    ----a-w-    c:\windows\system32\drivers\hamachi.sys
2011-05-04 14:48 . 2011-05-04 14:48    --------    d-----w-    c:\program files\Hamachi
2011-05-04 13:24 . 2011-05-17 14:21    --------    d-----w-    c:\program files\Steam
2011-05-02 10:22 . 2011-05-02 10:22    --------    d-----w-    c:\users\Shiella Cudia\AppData\Local\Ubisoft Game Launcher
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 20:46 . 2011-03-13 18:38    6962000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-08 05:14 . 2011-05-13 21:16    10920    ----a-w-    c:\windows\system32\drivers\nvBridge.kmd
2011-04-07 20:43 . 2011-04-07 20:43    580200    ----a-w-    c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:43 . 2011-04-07 20:43    66664    ----a-w-    c:\windows\system32\nvshext.dll
2011-04-07 20:43 . 2011-04-07 20:43    612456    ----a-w-    c:\windows\system32\nvvsvc.exe
2011-04-07 20:43 . 2011-04-07 20:43    2582120    ----a-w-    c:\windows\system32\nvsvcr.dll
2011-04-07 20:43 . 2011-04-07 20:43    111208    ----a-w-    c:\windows\system32\nvmctray.dll
2011-04-07 20:43 . 2011-04-07 20:43    3701352    ----a-w-    c:\windows\system32\nvcpl.dll
2011-04-07 20:43 . 2011-04-07 20:43    2565224    ----a-w-    c:\windows\system32\nvsvc.dll
2011-04-06 14:07 . 2011-04-06 14:07    189248    ----a-w-    c:\windows\system32\PnkBstrB.exe
2011-04-06 14:07 . 2011-04-06 14:07    75136    ----a-w-    c:\windows\system32\PnkBstrA.exe
2011-03-13 18:37 . 2011-03-25 10:35    439632    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-13 14:16 . 2011-03-13 14:16    98392    ----a-w-    c:\windows\system32\drivers\SBREDrv.sys
2011-03-12 21:55 . 2011-04-27 07:49    876032    ----a-w-    c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 07:05    1162240    ----a-w-    c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 07:05    1136640    ----a-w-    c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 07:05    739328    ----a-w-    c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 07:49    28672    ----a-w-    c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-27 07:49    173056    ----a-w-    c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 07:49    458752    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 07:49    542720    ----a-w-    c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 07:49    2159616    ----a-w-    c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-27 07:49    4240384    ----a-w-    c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-15 07:05    2041856    ----a-w-    c:\windows\system32\win32k.sys
2011-01-19 21:18 . 2011-01-19 21:18    3000320    ----a-w-    c:\program files\openofficeorg33.msi
2011-05-11 10:22 . 2011-05-11 10:22    142296    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-04-07 338296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-05-19 1680680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Shiella Cudia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Shiella Cudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20    1305408    ----a-w-    c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2011-04-07 09:22    338296    ----a-w-    c:\program files\Uniblue\DriverScanner\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeApp]
2011-02-22 15:03    814496    ----a-w-    c:\program files\FreeApps\FreeApps.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 17:08    963976    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-18 15:30    17095048    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-05-04 13:25    1242448    ----a-w-    c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01    2634048    ----a-w-    c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23    1008184    ----a-w-    c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl031ba583;MpKsl031ba583;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D250692-58C7-4680-9069-2F9BE01D6DD6}\MpKsl031ba583.sys [x]
R1 MpKsl6a922136;MpKsl6a922136;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CE281D3-1FBA-4E88-B4BB-A740440B015E}\MpKsl6a922136.sys [x]
R1 MpKsl99fa181d;MpKsl99fa181d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{228BB489-E12D-4DB5-A8DB-7DCBE6524785}\MpKsl99fa181d.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-25 3662848]
R3 NETwNv32;___ Driver scheda Intel(R) Wireless WiFi Link 5000 Series per Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwNv32.sys [2010-07-14 6680064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-04-24 4303928]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva365;XDva365;c:\windows\system32\XDva365.sys [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-24 218688]
S1 MpKsld660ba52;MpKsld660ba52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA017E1A-C2BC-435A-8464-9EFDFF6F315B}\MpKsld660ba52.sys [2011-05-31 28752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-03-03 139368]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MPKSLD660BA52
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
Akamai    REG_MULTI_SZ       Akamai
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-05-31 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-05-13 09:22]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.ask.com?o=101702&l=dis
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Shiella Cudia\AppData\Roaming\Mozilla\Firefox\Profiles\u6p1recr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101699&locale=it_IT&apn_uid=DF44208E-9840-4F51-9751-7442E932E26C&apn_ptnrs=F4&apn_sauid=EEC0F899-ABB7-4884-BAA0-867EE69B1A8B&apn_dtid=YYYYYYYYIT&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-NotebookHardwareControl - c:\program files\Notebook Hardware Control\nhc.exe
MSConfigStartUp-SmartRAM - c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
AddRemove-Final Fantasy VII - c:\program files\Final Fantasy VII\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-31 19:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1908101458-1887450043-1455191902-1003\Software\SecuROM\License information*]
"datasecu"=hex:91,e5,f8,7a,6b,b1,a1,77,af,ed,ce,09,1e,f7,69,ba,9a,1e,f5,28,8b,
   7f,a6,56,84,56,cd,34,76,04,37,44,b7,1a,bf,73,54,61,9b,b2,82,88,c6,40,7e,f7,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Ora fine scansione: 2011-05-31  19:27:54
ComboFix-quarantined-files.txt  2011-05-31 17:27
.
Pre-Run: 47.229.431.808 byte disponibili
Post-Run: 47.166.324.736 byte disponibili
.
- - End Of File - - DF256B7567C7FA90D4A7FAEFBCDD114D
Torna in alto
 
r16
Inviato: Tuesday, May 31, 2011 7:47:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ci sono alcuni driver sospetti.
Ma con la montagna di giochi che hai installato non vorrei che appartenessero a qualche gioco.
Che faccio?Think
Torna in alto
 
sinlayla
Inviato: Wednesday, June 01, 2011 9:18:08 AM
Rank: Member

Iscritto dal : 3/13/2011
Posts: 18
Mmmh potresti dirmi lo stesso la procedura per eliminare questi driver sospetti per favore... Alla fin fine i giochi non sono importanti...

Edit: io recentemente ho preso driver scanner, perchè avevo un problema con il mouse ed ho aggiornato tutti i driver (che erano vecchissimi i miei tipo oltre 5-6 anni) cmq io ho scaricato anche i driver che non avevamo firma digitale, perchè appunto erano quelli che riguardavano il mouse, anche se driver scanner mi aveva avvisato. Però alla fine ho risolto il problema del mouse, quei driver possono essere tra i sospetti?
Torna in alto
 
r16
Inviato: Wednesday, June 01, 2011 8:01:21 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


Code:
KillAll::

Driver::
XDva365
XDva380
XDva383
XDva385
Lavasoft Kernexplorer

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
sinlayla
Inviato: Thursday, June 02, 2011 10:04:34 AM
Rank: Member

Iscritto dal : 3/13/2011
Posts: 18
grazie di nuovo :D
Ecco il nouvo log:

Code:
ComboFix 11-06-01.07 - Shiella Cudia 02/06/2011   9.41.07.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.39.1040.18.3066.2059 [GMT 2:00]
Eseguito da: c:\users\Shiella Cudia\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Shiella Cudia\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Legacy_XDVA365
-------\Legacy_XDVA380
-------\Legacy_XDVA383
-------\Legacy_XDVA385
-------\Service_Lavasoft Kernexplorer
-------\Service_XDva365
-------\Service_XDva380
-------\Service_XDva383
-------\Service_XDva385
.
.
(((((((((((((((((((((((((   Files Creati Da 2011-05-02 al 2011-06-02  )))))))))))))))))))))))))))))))))))
.
.
2011-06-02 07:51 . 2011-06-02 07:51    28752    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EE051CF-6658-465F-A495-79D1F91A13AE}\MpKsl65e55c5b.sys
2011-06-02 07:49 . 2011-06-02 07:51    --------    d-----w-    c:\users\Shiella Cudia\AppData\Local\temp
2011-06-02 07:49 . 2011-06-02 07:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-06-02 07:34 . 2011-06-02 07:34    28752    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EE051CF-6658-465F-A495-79D1F91A13AE}\MpKsl92e600ff.sys
2011-06-02 07:34 . 2011-05-09 20:46    6962000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EE051CF-6658-465F-A495-79D1F91A13AE}\mpengine.dll
2011-05-31 17:12 . 2011-06-02 07:39    --------    d-----w-    C:\32788R22FWJFW
2011-05-31 15:09 . 2011-05-31 15:09    --------    d-sh--w-    c:\programdata\DSS
2011-05-31 15:04 . 2011-05-31 15:04    --------    d-----w-    c:\users\Shiella Cudia\AppData\Roaming\Lionhead Studios
2011-05-31 14:55 . 2011-05-31 14:55    --------    d-----w-    c:\windows\system32\xlive
2011-05-31 14:55 . 2011-05-31 14:56    --------    d-----w-    c:\program files\Microsoft Games for Windows - LIVE
2011-05-30 12:58 . 2011-05-30 12:58    --------    d-----w-    c:\windows\Sun
2011-05-30 11:35 . 1998-07-17 11:36    140800    ----a-w-    c:\windows\system32\tm20dec.ax
2011-05-30 11:34 . 1997-12-17 16:33    304128    ----a-w-    c:\windows\IsUninst.exe
2011-05-30 11:30 . 2011-05-30 11:55    --------    d-----w-    c:\program files\Final Fantasy VII
2011-05-22 01:37 . 2011-03-13 18:37    439632    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B82A6D67-E457-44D6-842F-124A35479724}\gapaengine.dll
2011-05-22 01:24 . 2011-05-22 01:24    --------    d-----w-    c:\programdata\Electronic Arts
2011-05-22 01:24 . 2011-05-22 01:24    --------    d-----w-    c:\programdata\EA Core
2011-05-22 00:59 . 2011-05-22 00:59    --------    d-----w-    c:\program files\7-Zip
2011-05-19 06:25 . 2011-05-19 06:25    234800    ----a-w-    c:\windows\system32\drivers\SynTP.sys
2011-05-19 06:25 . 2011-05-19 06:25    210216    ----a-w-    c:\windows\system32\SynCtrl.dll
2011-05-19 06:25 . 2011-05-19 06:25    161064    ----a-w-    c:\windows\system32\SynTPAPI.dll
2011-05-19 06:25 . 2011-05-19 06:25    120104    ----a-w-    c:\windows\system32\SynTPCo4.dll
2011-05-19 06:25 . 2011-05-19 06:25    173352    ----a-w-    c:\windows\system32\SynCOM.dll
2011-05-18 07:45 . 2011-04-24 21:08    4303928    ----a-w-    c:\windows\system32\GameMon.des
2011-05-18 07:44 . 2005-01-04 00:43    4682    ----a-w-    c:\windows\system32\npptNT2.sys
2011-05-18 07:44 . 2003-07-20 09:17    5174    ----a-w-    c:\windows\system32\nppt9x.vxd
2011-05-18 07:44 . 2011-05-18 07:44    --------    d-----w-    c:\program files\Common Files\INCA Shared
2011-05-17 14:40 . 2011-05-17 14:40    --------    d-----w-    c:\program files\Gameforge4D
2011-05-17 14:25 . 2011-05-17 14:25    --------    d-----w-    c:\programdata\WindowsSearch
2011-05-14 09:13 . 2011-05-14 09:13    --------    d-----w-    c:\users\Shiella Cudia\AppData\Roaming\Foxit Software
2011-05-14 07:38 . 2011-05-14 07:38    --------    d-----r-    c:\program files\Skype
2011-05-14 07:36 . 2011-05-15 07:55    404640    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 07:29 . 2011-05-14 07:29    84008    ----a-w-    c:\windows\system32\drivers\btwaudio.sys
2011-05-14 07:29 . 2011-05-14 07:29    109608    ----a-w-    c:\windows\system32\drivers\btwavdt.sys
2011-05-14 07:29 . 2011-05-14 07:29    18472    ----a-w-    c:\windows\system32\drivers\btwrchid.sys
2011-05-14 07:28 . 2011-05-14 07:28    369952    ----a-w-    c:\windows\system32\yk60x86.dll
2011-05-14 07:28 . 2011-05-14 07:28    320288    ----a-w-    c:\windows\system32\drivers\yk60x86.sys
2011-05-13 22:22 . 2009-07-14 17:45    445008    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2011-05-13 22:22 . 2009-07-14 17:45    38480    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2011-05-13 22:18 . 2011-05-13 22:18    8704    ----a-w-    c:\windows\system32\drivers\Amfilter.sys
2011-05-13 22:18 . 2011-05-13 22:18    14336    ----a-w-    c:\windows\system32\drivers\Amusbprt.sys
2011-05-13 22:05 . 2011-05-13 22:05    --------    d-----w-    c:\program files\Apoint2K
2011-05-13 22:04 . 2011-05-13 22:04    217136    ----a-w-    c:\windows\system32\drivers\Apfiltr.sys
2011-05-13 22:04 . 2011-05-13 22:04    1419232    ----a-w-    c:\windows\system32\WdfCoInstaller01005.dll
2011-05-13 21:35 . 2011-05-13 21:35    --------    d-----w-    c:\program files\Microsoft IntelliPoint
2011-05-13 21:20 . 2011-05-13 21:20    --------    d-----w-    c:\users\UpdatusUser
2011-05-13 21:18 . 2011-05-13 21:20    --------    d-----w-    c:\programdata\NVIDIA
2011-05-13 21:18 . 2011-05-13 21:18    --------    d-----w-    c:\programdata\NVIDIA Corporation
2011-05-13 19:48 . 2011-05-13 19:48    944232    ----a-w-    c:\windows\system32\nvdispco3220140.dll
2011-05-13 19:48 . 2011-05-13 19:48    855656    ----a-w-    c:\windows\system32\nvgenco322060.dll
2011-05-13 19:19 . 2011-05-13 19:19    14352    ----a-w-    c:\windows\system32\drivers\AtiPcie.sys
2011-05-13 19:13 . 2011-05-13 19:13    21072    ----a-w-    c:\windows\system32\drivers\DKbFltr.sys
2011-05-13 19:03 . 2011-05-13 19:03    --------    d-----w-    c:\users\Shiella Cudia\AppData\Roaming\Uniblue
2011-05-13 19:03 . 2011-05-13 19:03    --------    d-----w-    c:\program files\Uniblue
2011-05-12 16:11 . 2011-05-12 16:11    258352    ----a-w-    c:\windows\system32\unicows.dll
2011-05-12 13:53 . 2011-05-12 16:11    --------    d-----w-    c:\users\Shiella Cudia\AppData\Roaming\GetRightToGo
2011-05-11 10:22 . 2011-05-11 10:22    89048    ----a-w-    c:\program files\Mozilla Firefox\libEGL.dll
2011-05-11 10:22 . 2011-05-11 10:22    781272    ----a-w-    c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-11 10:22 . 2011-05-11 10:22    465880    ----a-w-    c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-11 10:22 . 2011-05-11 10:22    1874904    ----a-w-    c:\program files\Mozilla Firefox\mozjs.dll
2011-05-11 10:22 . 2011-05-11 10:22    15832    ----a-w-    c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-11 10:22 . 2011-05-11 10:22    1892184    ----a-w-    c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-11 10:22 . 2011-05-11 10:22    1974616    ----a-w-    c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-11 10:22 . 2011-05-11 10:22    142296    ----a-w-    c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-11 00:18 . 2011-05-11 00:18    --------    d-----w-    c:\programdata\Uniblue
2011-05-10 09:54 . 2011-05-10 09:54    107888    ----a-w-    c:\windows\system32\CmdLineExt.dll
2011-05-10 08:31 . 2011-05-10 08:31    --------    d--h--r-    c:\users\Shiella Cudia\AppData\Roaming\SecuROM
2011-05-10 08:22 . 2011-05-10 08:22    --------    d-----w-    c:\users\Shiella Cudia\AppData\Roaming\gnupg
2011-05-05 20:38 . 2011-05-05 20:38    --------    d-----w-    c:\program files\alaplaya
2011-05-05 19:29 . 2011-05-05 19:29    --------    d-----w-    c:\programdata\Easy Driver Pro
2011-05-04 14:48 . 2011-05-22 15:13    --------    d-----w-    c:\users\Shiella Cudia\AppData\Roaming\Hamachi
2011-05-04 14:48 . 2011-05-04 14:48    25280    ----a-w-    c:\windows\system32\drivers\hamachi.sys
2011-05-04 14:48 . 2011-05-04 14:48    --------    d-----w-    c:\program files\Hamachi
2011-05-04 13:24 . 2011-05-17 14:21    --------    d-----w-    c:\program files\Steam
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 20:46 . 2011-03-13 18:38    6962000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-08 05:14 . 2011-05-13 21:16    10920    ----a-w-    c:\windows\system32\drivers\nvBridge.kmd
2011-04-07 20:43 . 2011-04-07 20:43    580200    ----a-w-    c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:43 . 2011-04-07 20:43    66664    ----a-w-    c:\windows\system32\nvshext.dll
2011-04-07 20:43 . 2011-04-07 20:43    612456    ----a-w-    c:\windows\system32\nvvsvc.exe
2011-04-07 20:43 . 2011-04-07 20:43    2582120    ----a-w-    c:\windows\system32\nvsvcr.dll
2011-04-07 20:43 . 2011-04-07 20:43    111208    ----a-w-    c:\windows\system32\nvmctray.dll
2011-04-07 20:43 . 2011-04-07 20:43    3701352    ----a-w-    c:\windows\system32\nvcpl.dll
2011-04-07 20:43 . 2011-04-07 20:43    2565224    ----a-w-    c:\windows\system32\nvsvc.dll
2011-04-06 14:07 . 2011-04-06 14:07    189248    ----a-w-    c:\windows\system32\PnkBstrB.exe
2011-04-06 14:07 . 2011-04-06 14:07    75136    ----a-w-    c:\windows\system32\PnkBstrA.exe
2011-03-13 18:37 . 2011-03-25 10:35    439632    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-13 14:16 . 2011-03-13 14:16    98392    ----a-w-    c:\windows\system32\drivers\SBREDrv.sys
2011-03-12 21:55 . 2011-04-27 07:49    876032    ----a-w-    c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 07:05    1162240    ----a-w-    c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 07:05    1136640    ----a-w-    c:\windows\system32\mfc42.dll
2011-01-19 21:18 . 2011-01-19 21:18    3000320    ----a-w-    c:\program files\openofficeorg33.msi
2011-05-11 10:22 . 2011-05-11 10:22    142296    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-04-07 338296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-05-19 1680680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Shiella Cudia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Shiella Cudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20    1305408    ----a-w-    c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2011-04-07 09:22    338296    ----a-w-    c:\program files\Uniblue\DriverScanner\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeApp]
2011-02-22 15:03    814496    ----a-w-    c:\program files\FreeApps\FreeApps.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 17:08    963976    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-18 15:30    17095048    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-05-04 13:25    1242448    ----a-w-    c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01    2634048    ----a-w-    c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23    1008184    ----a-w-    c:\program files\Windows Defender\MSASCui.exe
.
R1 MpKsl031ba583;MpKsl031ba583;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D250692-58C7-4680-9069-2F9BE01D6DD6}\MpKsl031ba583.sys [x]
R1 MpKsl6a922136;MpKsl6a922136;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CE281D3-1FBA-4E88-B4BB-A740440B015E}\MpKsl6a922136.sys [x]
R1 MpKsl7ee581e7;MpKsl7ee581e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EE051CF-6658-465F-A495-79D1F91A13AE}\MpKsl7ee581e7.sys [x]
R1 MpKsl99fa181d;MpKsl99fa181d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{228BB489-E12D-4DB5-A8DB-7DCBE6524785}\MpKsl99fa181d.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-25 3662848]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-04-24 4303928]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-24 218688]
S1 MpKsl65e55c5b;MpKsl65e55c5b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EE051CF-6658-465F-A495-79D1F91A13AE}\MpKsl65e55c5b.sys [2011-06-02 28752]
S1 MpKsl92e600ff;MpKsl92e600ff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EE051CF-6658-465F-A495-79D1F91A13AE}\MpKsl92e600ff.sys [2011-06-02 28752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S3 NETwNv32;___ Driver scheda Intel(R) Wireless WiFi Link 5000 Series per Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwNv32.sys [2010-07-14 6680064]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-03-03 139368]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MPKSL65E55C5B
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
Akamai    REG_MULTI_SZ       Akamai
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-06-02 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-05-13 09:22]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.ask.com?o=101702&l=dis
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Shiella Cudia\AppData\Roaming\Mozilla\Firefox\Profiles\u6p1recr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101699&locale=it_IT&apn_uid=DF44208E-9840-4F51-9751-7442E932E26C&apn_ptnrs=F4&apn_sauid=EEC0F899-ABB7-4884-BAA0-867EE69B1A8B&apn_dtid=YYYYYYYYIT&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1908101458-1887450043-1455191902-1003\Software\SecuROM\License information*]
"datasecu"=hex:91,e5,f8,7a,6b,b1,a1,77,af,ed,ce,09,1e,f7,69,ba,9a,1e,f5,28,8b,
   7f,a6,56,84,56,cd,34,76,04,37,44,b7,1a,bf,73,54,61,9b,b2,82,88,c6,40,7e,f7,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(3084)
c:\windows\system32\btncopy.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\program files\Samsung\EBM\EasyBatteryMgr3.exe
c:\windows\system32\conime.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\RtHDVCpl.exe
c:\program files\Uniblue\DriverScanner\driverscanner.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Ora fine scansione: 2011-06-02  09:57:54 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2011-06-02 07:57
ComboFix2.txt  2011-05-31 17:27
.
Pre-Run: 44.465.283.072 byte disponibili
Post-Run: 43.325.865.984 byte disponibili
.
- - End Of File - - 281312BFF855541013C18A004EA96FF6
Torna in alto
 
r16
Inviato: Thursday, June 02, 2011 1:35:28 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Segui queste indicazioni:
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Per eliminare i vari Tooll scaricati:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223

Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO

Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:(esclusivamente, su partizioni in NTFS):
clicca sulla voce Open the misc tool section .
clicca su Open ads spy.
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected

Riavvia il pc.
Riattiva il ripristino configurazione di sistema.
Torna in alto
 
sinlayla
Inviato: Thursday, June 02, 2011 4:15:54 PM
Rank: Member

Iscritto dal : 3/13/2011
Posts: 18
oki fatto tutto, grazie.
La cartella Prefetch la devo tenere costantemente pulita??
Comunque ecco l'unica cosa forse strana, nella cartella Prefetch ho cancellato tutti i file che ho trovato all'interno, però non sono riuscita ad eliminare una cartella "Ready Boot", mi diceva che serviva l'autorizzazione per eliminarla.
Torna in alto
 
r16
Inviato: Thursday, June 02, 2011 5:27:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
però non sono riuscita ad eliminare una cartella "Ready Boot", mi diceva che serviva l'autorizzazione per eliminarla.

Non importa.
E' stato una disattenzione mia, mi sono scordato che avevi Vista.Brick wall
Funziona bene il pc?
Torna in alto
 
sinlayla
Inviato: Thursday, June 02, 2011 6:43:03 PM
Rank: Member

Iscritto dal : 3/13/2011
Posts: 18
sisi tutto a posto =), almeno fino ad adesso nessun tipo di problema... ho cambiato tutte le pass ora compresa quella del wi fi ... grazie mille :D
Torna in alto
 
r16
Inviato: Thursday, June 02, 2011 10:19:03 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
La cartella Prefetch la devo tenere costantemente pulita??

No.
Piuttosto apri CCleaner e seleziona la casellina "Vecchi dati Prefetch".
In questo modo, li eliminerà CCleaner ogni volta che pulirai il pc.
Se il pc funziona bene, abbiamo concluso.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.