Xp antivirus 2012

[magenta]

Aiuto! Non riesco a fare più nulla dal pc portatile perché si aprono sempre finestre di avviso di virus. So che ho contratto un Rouge o come si voglia chiamare e non so che fare. Non sono un esperta, nn ho possibilità di connettermi al mio pc e neppure di lanciare programmi. Ho possibilità di altro computer "sano". Mi date una mano?

[bik]

http://www.laguidainformatica.it/2011/0 ... irus-2012/

[magenta]

Grazie bik ma l'articolo lo avevo letto ma mi sembrava troppo complicati, comunque ci ho provato. Sono entrata nel bios (f2) ma nn ci ho capito nulla ed ho desistito . Nessuno che mi guidi passo passo?

[bik]

Non devi entrare nel BIOS!

Immediatamente al termine del caricamento del BIOS, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Se si comincia a premere il tasto F8 troppo presto, su alcuni computer viene visualizzato il messaggio di errore “errore di tastiera”. Per risolverlo, riavviare il computer e provare di nuovo.

Dopo che ha superato la schermata del BIOS devi tenere premuto F8.

Usando i tasti freccia di direzione sulla tastiera, scorrere le opzioni e selezionare il menu Modalità provvisoria, quindi premere Invio (Enter).

Nelle opzioni che ti compaiono scegli "avvia windows in modalità provvisoria"

Prima di queste operazioni scaricati ATF cleaner e Malwarebytes anti malware.
Rinomina l'eseguibile di Malwarebytes in "pippo.exe"
Dopo l'avvio in modalità provvisoria esegui ATF cleaner selezionando "select all" e premi "empty selected".
Sucessivamente esegui una scansione approfondita con malwarebytes (Perform full scan).
Dopo dovresti riavviare windows normalmente e il problema dovrebbe essere risolto.
In caso di problemi ci risentiamo.

[magenta]

Sono in modalità provvisoria ma ora mi servono i due programmi che mi hai elencato provo a scaricarli da altro pc, questo e' un portatile che viaggia in wifi (se mi spiego male scusami ma sono una frana)

[magenta]

Ho scaricato i prog ma non mi permette di installarli nemmeno in modalitA provvisoria...che faccio?

[bik]

Sei loggata come amministratore?
Se no loggati come ammministratore.
Altrimenti dovresti dirmi se li tuo portatile ha la possibilità di avvio da CD o da USB.

[magenta]

Mi pare di essere entrata come amministratore ma ora nn saprei che fare per vederlo i prog li messi su USB e portati sul desktop. C'e ovviamente la porta per il cd ma nn la sto usando

[bik]

Cosa intendi per la porta del CD?
Ha il CD rom il tuo portatile?
Se si, dal BIOS dovresti impostare, nella sequenza di avvio, il CD prima del disco di sistema (HDD).
Poi ti scarichi Avira rescue disk da http://www.avira.com/it/support-download-avira-antivir-rescue-system il file ISO, lo masterizzi su in CD, avvii il Pc con questo disco inserito e segui le istruzioni.

[magenta]

Grazie per ora ! Provo a masterizzare il prog che mi hai detto e probo a seguire le tue istruzioni , sempre che riesca a settare l'avvio da cd, e poi ti aggiorno. Sei un mito!!!

[magenta]

Ti aggiorno: mentre ero in chiusura ho visto che nom ero entrata come amministratore, così una volta fatto questo ho potuto installare i prog che mi hai detto edho potuto effettuare pulizia e scansione. Trovati 5 problemi ed eliminati, ero troppo contenta! Riconnessa normalmente il virus o quel diavolo che e' , e ' ricomparso e di nuovo mi impedisce di interagire con internet e con i prog. Procedo a nuova scansione come da tue istruzioni . Poi...il nulla.....;-(

[bik]

Se non funziona prova a seguire questa guida :
http://www.hwupgrade.it/forum/showthread.php?t=1789446

Nel caso non funzioni Malwarebytes occorre usare Combofix, chiedo di spostare il topic in una sezione dove troverai più assistenza

[magenta]

Grazie davvero ,....

[magenta]

Bik vedo che nn sono stata spostata, mi scuso per la sezione sbagliata del post e poi volevo dirti che dopo aver scaricato tutti i prog della guida da te segnalata ed aver effettuato circa 5 scansioni con malwarebyte, la bestia sembra sconfitta! Ho notato per ora una cosa (sono al primo avvio), si e' aperta una finestra che mi chiede "apri con...". Rispetto al danno che avevo prima e' poca cosa , ma vorrei risolvere anche questo. Per ora ti dico: GRAZIE Di CUORE! Mi hai dato una mano grande! Al prossimo. Post di aiuto e...buon anno a te e pc facile!

[magenta]

Scusami bik, sono di nuovo nei pasticci, ho scritto tutto ok prima, ma così non è....il virus è debellato ma ora non posso piu' aprire nessuna cartella, non trova piu' nulla, internet è attivo, ma se tento di apire un programma si apre una finestra che dice "scegli il programma da utilizzare per aprire il file", in piu' non trova l'applicazione SYSTEM32/rundll32.exe mentre la vedo nellacartella di windows. Cosa è successo? La pulizia con malwarebytes ha pulito troppo? Non posso neppure installare programmi di ripristino, a meno che non lo faccia come prima,in modalità provvisoria.
Non ho dischi di ripristino e non posso tornare ad un punto di ripristino antecedente, perchè ho disattivato la voce come letto nella guida ed ora sono bloccata......Sono davvero una frana, ero così contenta...Chi puo', quando puo', mi aiuterebbe? ho fatto troppi danni fin'ora....Grazie davvero.....intanto giro nel forum in cerca di un'illuminazione......

[FrancescoFDAC]

Ciao, se riesci ad accedere alla modalità provvisoria, e non hai ancora eseguito ComboFix, ti consiglio di seguire questa procedura scrupolosamente:

Avvia il sistema in modalità provvisoria, cliccando sui seguenti link:
● modalità provvisoria in Windows XP: http://support.microsoft.com/kb/316434/it#3
● modalità provvisoria in Windows Vista e Seven: http://windowshelp.microsoft.com/Window ... 11040.mspx

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● in caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato da te dopo l'utilizzo del software stesso.
Lo stesso vale per me; questo tool non è un giocattolo e non è destinato all'utilizzo quotidiano. Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, sarai costretto ad avviarla dalle Risorse del computer. Una precauzione in più, una possibile minaccia in meno

[magenta]

Grazie dell'aiuto velocissimo, hoi eseguito le istruzioni, ho dovuto disinstallare il mio antivirus avira perchè non riuscivo a chiuderlo, ora sono senza antivirus, ma i problemi di apertura programmi rimangono, c'è sempre la finestra che mi dice "cerca un programma per aprire ...ecc" e non trova il system32 ecc ecc.... allego il report di combofix, ma non sapendo come fare per non renderlo visibile copio ed incollo, non ditemi che devo formattare.....sono davvero depressa......
Grazie di tutto


ComboFix 11-12-31.02 - Administrator 31/12/2011 13.59.17.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.957.649 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {0012F2B4-5CC9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Outdated* {0013F2B4-5C49-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {0013F2B4-5CE9-7C92-0300-000000000000}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Dati applicazioni\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\Bertolini\Dati applicazioni\Desktopicon
c:\documents and settings\Bertolini\Dati applicazioni\Desktopicon\config.ini
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\Bertolini\Dati applicazioni\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-28 al 2011-12-31 )))))))))))))))))))))))))))))))))))
.
.
2011-12-31 00:17 . 2008-04-14 02:14 33280 -c--a-w- c:\windows\system32\dllcache\rundll32.exe
2011-12-31 00:17 . 2008-04-14 02:14 33280 ----a-w- c:\windows\system32\rundll32.exe
2011-12-30 22:48 . 2011-12-30 22:48 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-30 22:48 . 2011-12-30 22:48 -------- d-----w- c:\programmi\Uniblue
2011-12-30 22:44 . 2011-12-30 22:44 -------- d-----w- c:\documents and settings\Bertolini\Impostazioni locali\Dati applicazioni\PackageAware
2011-12-30 21:14 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-12-30 19:39 . 2011-12-30 19:39 -------- d-----w- c:\programmi\Enigma Software Group
2011-12-30 14:30 . 2011-12-30 14:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-12-30 14:30 . 2011-12-30 19:21 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-12-30 14:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 14:29 . 2011-12-30 20:44 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2008-04-13 16:50 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2008-04-13 17:13 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-13 17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2008-04-13 17:13 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 11:24 . 2008-04-13 16:50 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-13 17:13 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-13 17:13 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2008-04-13 18:55 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:50 . 2008-04-13 16:55 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2008-04-13 17:13 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-12-29 12:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\programmi\Vuze_Remote\prxtbVuz2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programmi\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"ACU"="c:\programmi\Atheros\ACU.exe" [2005-01-31 253952]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RemoteControl10"="c:\programmi\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\programmi\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-11-29 421888]
"Nikon Message Center 2"="c:\programmi\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"Malwarebytes' Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"SpyHunter Security Suite"="c:\programmi\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-01-13 864256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-29 113664]
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2005-12-2 618557]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-6-10 525640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8.11.20 10496]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/29 17:59];c:\programmi\CyberLink\PowerDVD10\NavFilter\000.fcl [13/03/2010 12.58.52 87536]
S2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [24/11/2011 20.12.59 47616]
S3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [29/12/2010 13.46.58 200576]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8.11.22 12160]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8.11.20 12928]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-162531612-1177238915-1004Core.job
- c:\documents and settings\Bertolini\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-28 20:08]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-162531612-1177238915-1004UA.job
- c:\documents and settings\Bertolini\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-28 20:08]
.
2011-12-31 c:\windows\Tasks\User_Feed_Synchronization-{C2841E29-4EF6-4909-8A5B-6B2E60C5EE25}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = privato
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 14:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-162531612-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,f7,fa,7d,2a,33,60,4f,85,a3,49,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,f7,fa,7d,2a,33,60,4f,85,a3,49,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\06\03\01\0a$\1e?"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(484)
c:\windows\System32\BCMLogon.dll
.
Ora fine scansione: 2011-12-31 14:06:33
ComboFix-quarantined-files.txt 2011-12-31 13:06
.
Pre-Run: 14.857.805.824 byte disponibili
Post-Run: 19.518.033.920 byte disponibili
.
- - End Of File - - 0502C25716B5915BE69C1BB452E49E31

[FrancescoFDAC]

Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe (clicca semplicemente su SELEZIONA TUTTO):

Codice: Seleziona tutto

SecCenter::
{0012F2B4-5CC9-7C92-0300-000000000000}
{0013F2B4-5C49-7C92-0300-000000000000}
{0012F2B4-5CE9-7C92-0300-000000000000}
{0013F2B4-5CE9-7C92-0300-000000000000}

Folder::
c:\windows\Tasks
c:\windows\Temp
c:\programmi\Enigma Software Group
c:\programmi\Vuze_Remote
c:\programmi\Uniblue

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=-
"SpyHunter Security Suite"=-

● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

http://img155.imageshack.us/img155/4837/cfscriptop0.gif

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi

Infine:

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma

Una volta terminata la scansione, si presenterà una di queste due opzioni:
● non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')

[magenta]

Ho eseguito quanto mi hai scritto francesco, intanto ti ringrazio per la disponibilità e per le pronte risposte, non finirò mai di ringraziarti per l'attenzine che mi presti.
Dopo le operazioni che mi hai detto di fare e che devo eseguire in modalità provvisoria perchè senno' non mi lascia lavorare per mancanza di non so quanti componenti ho salvato i due log che ti allego, come al solito sul post, perchè non sono capace di mandarteli come allegati, aspetterò tue nuove istruzioni e nel frattempo ri auguro buon anno. Grazie!
report di combofix:

ComboFix 11-12-31.02 - Administrator 31/12/2011 18.01.06.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.957.658 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CfScript.txt
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmi\Enigma Software Group
c:\programmi\Enigma Software Group\SpyHunter\ActiveKill.dll
c:\programmi\Enigma Software Group\SpyHunter\ActiveXKill.dll
c:\programmi\Enigma Software Group\SpyHunter\AXList.txt
c:\programmi\Enigma Software Group\SpyHunter\br.exe
c:\programmi\Enigma Software Group\SpyHunter\Common.dll
c:\programmi\Enigma Software Group\SpyHunter\def.dat
c:\programmi\Enigma Software Group\SpyHunter\drived.exe
c:\programmi\Enigma Software Group\SpyHunter\drived.txt
c:\programmi\Enigma Software Group\SpyHunter\EnigmaUpdater.dll
c:\programmi\Enigma Software Group\SpyHunter\HelpDesk.dll
c:\programmi\Enigma Software Group\SpyHunter\HFMonitor.dll
c:\programmi\Enigma Software Group\SpyHunter\hosts.bak
c:\programmi\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\programmi\Enigma Software Group\SpyHunter\install.sss
c:\programmi\Enigma Software Group\SpyHunter\Language.dll
c:\programmi\Enigma Software Group\SpyHunter\NetworkSentry.dll
c:\programmi\Enigma Software Group\SpyHunter\Options.dll
c:\programmi\Enigma Software Group\SpyHunter\ProcessGuard.dll
c:\programmi\Enigma Software Group\SpyHunter\purl.dat
c:\programmi\Enigma Software Group\SpyHunter\RegistryGuard.dll
c:\programmi\Enigma Software Group\SpyHunter\scan.log
c:\programmi\Enigma Software Group\SpyHunter\Scanner.dll
c:\programmi\Enigma Software Group\SpyHunter\Scheduler.dll
c:\programmi\Enigma Software Group\SpyHunter\SHDS.mht
c:\programmi\Enigma Software Group\SpyHunter\spyhunter.log
c:\programmi\Enigma Software Group\SpyHunter\SpyHunter3.chm
c:\programmi\Enigma Software Group\SpyHunter\SpyHunter3.exe
c:\programmi\Enigma Software Group\SpyHunter\SpyHunter3.skn
c:\programmi\Enigma Software Group\SpyHunter\SpyHunterInstance.lock
c:\programmi\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
c:\programmi\Enigma Software Group\SpyHunter\support.log
c:\programmi\Enigma Software Group\SpyHunter\Uninstall.exe
c:\programmi\Enigma Software Group\SpyHunter\Updater.dll
c:\programmi\Enigma Software Group\SpyHunter\whitelist.dat
c:\programmi\Enigma Software Group\SpyHunter\WSAMonitor.dll
c:\programmi\Uniblue
c:\programmi\Uniblue\RegistryBooster\cwebpage.dll
c:\programmi\Uniblue\RegistryBooster\InstallerExtensions.dll
c:\programmi\Uniblue\RegistryBooster\intermediate_views.dat
c:\programmi\Uniblue\RegistryBooster\latest_scan_results.xsl
c:\programmi\Uniblue\RegistryBooster\Launcher.exe
c:\programmi\Uniblue\RegistryBooster\library.dat
c:\programmi\Uniblue\RegistryBooster\locale\br\br.dll
c:\programmi\Uniblue\RegistryBooster\locale\br\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\de\de.dll
c:\programmi\Uniblue\RegistryBooster\locale\de\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\dk\dk.dll
c:\programmi\Uniblue\RegistryBooster\locale\dk\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\en\en.dll
c:\programmi\Uniblue\RegistryBooster\locale\en\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\es\es.dll
c:\programmi\Uniblue\RegistryBooster\locale\es\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\fi\fi.dll
c:\programmi\Uniblue\RegistryBooster\locale\fi\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\fr\fr.dll
c:\programmi\Uniblue\RegistryBooster\locale\fr\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\gr\gr.dll
c:\programmi\Uniblue\RegistryBooster\locale\gr\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\it\it.dll
c:\programmi\Uniblue\RegistryBooster\locale\it\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\jp\jp.dll
c:\programmi\Uniblue\RegistryBooster\locale\jp\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\nl\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\nl\nl.dll
c:\programmi\Uniblue\RegistryBooster\locale\no\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\no\no.dll
c:\programmi\Uniblue\RegistryBooster\locale\pl\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\pl\pl.dll
c:\programmi\Uniblue\RegistryBooster\locale\pt\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\pt\pt.dll
c:\programmi\Uniblue\RegistryBooster\locale\ru\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\ru\ru.dll
c:\programmi\Uniblue\RegistryBooster\locale\se\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\se\se.dll
c:\programmi\Uniblue\RegistryBooster\locale\tr\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\tr\tr.dll
c:\programmi\Uniblue\RegistryBooster\locale\xs\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\xs\xs.dll
c:\programmi\Uniblue\RegistryBooster\locale\xt\LC_MESSAGES\messages.mo
c:\programmi\Uniblue\RegistryBooster\locale\xt\xt.dll
c:\programmi\Uniblue\RegistryBooster\Microsoft.VC90.CRT.manifest
c:\programmi\Uniblue\RegistryBooster\msvcp90.dll
c:\programmi\Uniblue\RegistryBooster\msvcr90.dll
c:\programmi\Uniblue\RegistryBooster\rb_move_serial.exe
c:\programmi\Uniblue\RegistryBooster\rb_ubm.exe
c:\programmi\Uniblue\RegistryBooster\rbmonitor.exe
c:\programmi\Uniblue\RegistryBooster\rbnotifier.exe
c:\programmi\Uniblue\RegistryBooster\registrybooster.exe
c:\programmi\Uniblue\RegistryBooster\repair_transform.xsl
c:\programmi\Uniblue\RegistryBooster\settings.ini
c:\programmi\Uniblue\RegistryBooster\Third Party Terms\comtypes.txt
c:\programmi\Uniblue\RegistryBooster\Third Party Terms\cwebpage.dll.html
c:\programmi\Uniblue\RegistryBooster\Third Party Terms\decorator.py.txt
c:\programmi\Uniblue\RegistryBooster\Third Party Terms\ordereddict.py.txt
c:\programmi\Uniblue\RegistryBooster\Third Party Terms\py2exe.txt
c:\programmi\Uniblue\RegistryBooster\Third Party Terms\python-changes.txt
c:\programmi\Uniblue\RegistryBooster\Third Party Terms\python.txt
c:\programmi\Uniblue\RegistryBooster\Third Party Terms\simplejson.txt
c:\programmi\Uniblue\RegistryBooster\Third Party Terms\wmi.txt
c:\programmi\Uniblue\RegistryBooster\views.dat
c:\programmi\Vuze_Remote
c:\programmi\Vuze_Remote\GottenAppsContextMenu.xml
c:\programmi\Vuze_Remote\ldrtbVuz0.dll
c:\programmi\Vuze_Remote\ldrtbVuz2.dll
c:\programmi\Vuze_Remote\OtherAppsContextMenu.xml
c:\programmi\Vuze_Remote\prxtbVuz0.dll
c:\programmi\Vuze_Remote\prxtbVuz2.dll
c:\programmi\Vuze_Remote\prxtbVuze.dll
c:\programmi\Vuze_Remote\SharedAppsContextMenu.xml
c:\programmi\Vuze_Remote\tbVuz0.dll
c:\programmi\Vuze_Remote\tbVuz2.dll
c:\programmi\Vuze_Remote\tbVuze.dll
c:\programmi\Vuze_Remote\toolbar.cfg
c:\programmi\Vuze_Remote\ToolbarContextMenu.xml
c:\programmi\Vuze_Remote\uninstall.exe
c:\programmi\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
c:\programmi\Vuze_Remote\Vuze_RemoteToolbarHelper1.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-28 al 2011-12-31 )))))))))))))))))))))))))))))))))))
.
.
2011-12-31 00:17 . 2008-04-14 02:14 33280 -c--a-w- c:\windows\system32\dllcache\rundll32.exe
2011-12-31 00:17 . 2008-04-14 02:14 33280 ----a-w- c:\windows\system32\rundll32.exe
2011-12-30 22:48 . 2011-12-30 22:48 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-30 22:44 . 2011-12-30 22:44 -------- d-----w- c:\documents and settings\Bertolini\Impostazioni locali\Dati applicazioni\PackageAware
2011-12-30 21:14 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-12-30 14:30 . 2011-12-30 14:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-12-30 14:30 . 2011-12-30 19:21 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-12-30 14:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 14:29 . 2011-12-30 20:44 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2008-04-13 16:50 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2008-04-13 17:13 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-13 17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2008-04-13 17:13 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 11:24 . 2008-04-13 16:50 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-13 17:13 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-13 17:13 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2008-04-13 18:55 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:50 . 2008-04-13 16:55 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2008-04-13 17:13 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-12-29 12:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"ACU"="c:\programmi\Atheros\ACU.exe" [2005-01-31 253952]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RemoteControl10"="c:\programmi\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\programmi\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-11-29 421888]
"Nikon Message Center 2"="c:\programmi\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"Malwarebytes' Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-29 113664]
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2005-12-2 618557]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-6-10 525640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8.11.20 10496]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/29 17:59];c:\programmi\CyberLink\PowerDVD10\NavFilter\000.fcl [13/03/2010 12.58.52 87536]
S2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [24/11/2011 20.12.59 47616]
S3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [29/12/2010 13.46.58 200576]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8.11.22 12160]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8.11.20 12928]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-162531612-1177238915-1004Core.job
- c:\documents and settings\Bertolini\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-28 20:08]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-162531612-1177238915-1004UA.job
- c:\documents and settings\Bertolini\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-28 20:08]
.
2011-12-31 c:\windows\Tasks\User_Feed_Synchronization-{C2841E29-4EF6-4909-8A5B-6B2E60C5EE25}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = privato
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Vuze_Remote Toolbar - c:\programmi\Vuze_Remote\uninstall.exe
AddRemove-{03CE1BCB-03F5-4C6A-B37E-69799AA3C544} - c:\programmi\Enigma Software Group\SpyHunter\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 18:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-162531612-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,f7,fa,7d,2a,33,60,4f,85,a3,49,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,f7,fa,7d,2a,33,60,4f,85,a3,49,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\06\03\01\0a$\1e?"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(196)
c:\windows\System32\BCMLogon.dll
.
Ora fine scansione: 2011-12-31 18:11:35
ComboFix-quarantined-files.txt 2011-12-31 17:11
ComboFix2.txt 2011-12-31 13:06
.
Pre-Run: 19.488.002.048 byte disponibili
Post-Run: 19.439.022.080 byte disponibili
.
- - End Of File - - 17AE46701E562E510E3ADE5E713A4DDB


report di TDDSKiller

18:45:07.0812 0612 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:45:07.0828 0612 ============================================================
18:45:07.0828 0612 Current date / time: 2011/12/31 18:45:07.0828
18:45:07.0828 0612 SystemInfo:
18:45:07.0828 0612
18:45:07.0828 0612 OS Version: 5.1.2600 ServicePack: 3.0
18:45:07.0828 0612 Product type: Workstation
18:45:07.0828 0612 ComputerName: BERTOLIN-27032E
18:45:07.0828 0612 UserName: Administrator
18:45:07.0828 0612 Windows directory: C:\WINDOWS
18:45:07.0828 0612 System windows directory: C:\WINDOWS
18:45:07.0828 0612 Processor architecture: Intel x86
18:45:07.0828 0612 Number of processors: 1
18:45:07.0828 0612 Page size: 0x1000
18:45:07.0828 0612 Boot type: Safe boot
18:45:07.0828 0612 ============================================================
18:45:10.0234 0612 Initialize success
18:45:25.0921 1920 ============================================================
18:45:25.0921 1920 Scan started
18:45:25.0921 1920 Mode: Manual;
18:45:25.0921 1920 ============================================================
18:45:33.0640 1920 Abiosdsk - ok
18:45:33.0890 1920 abp480n5 - ok
18:45:34.0171 1920 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:45:34.0171 1920 ACPI - ok
18:45:34.0437 1920 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:45:34.0437 1920 ACPIEC - ok
18:45:34.0671 1920 adpu160m - ok
18:45:35.0000 1920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:45:35.0000 1920 aec - ok
18:45:35.0250 1920 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:45:35.0250 1920 AegisP - ok
18:45:35.0562 1920 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:45:35.0562 1920 AFD - ok
18:45:35.0796 1920 Aha154x - ok
18:45:36.0046 1920 aic78u2 - ok
18:45:36.0265 1920 aic78xx - ok
18:45:37.0250 1920 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:45:37.0265 1920 ALCXWDM - ok
18:45:37.0609 1920 AliIde - ok
18:45:37.0875 1920 amsint - ok
18:45:38.0343 1920 AR5211 (67f7d2c3a9265ee0534e36fe952f2ac4) C:\WINDOWS\system32\DRIVERS\ar5211.sys
18:45:38.0343 1920 AR5211 - ok
18:45:38.0578 1920 asc - ok
18:45:38.0828 1920 asc3350p - ok
18:45:39.0031 1920 asc3550 - ok
18:45:39.0453 1920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:45:39.0453 1920 AsyncMac - ok
18:45:39.0750 1920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:45:39.0750 1920 atapi - ok
18:45:39.0984 1920 Atdisk - ok
18:45:40.0203 1920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:45:40.0203 1920 Atmarpc - ok
18:45:40.0484 1920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:45:40.0484 1920 audstub - ok
18:45:40.0781 1920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:45:40.0781 1920 Beep - ok
18:45:41.0250 1920 btaudio (0c7b763abda79b53e2016af1af8b9706) C:\WINDOWS\system32\drivers\btaudio.sys
18:45:41.0250 1920 btaudio - ok
18:45:41.0500 1920 BTDriver (1b24333d2bcb4dc1c5c3b15bedace5b4) C:\WINDOWS\system32\DRIVERS\btport.sys
18:45:41.0500 1920 BTDriver - ok
18:45:42.0078 1920 BTKRNL (54e368a1768c627f2adb8ab5624d0bc4) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
18:45:42.0093 1920 BTKRNL - ok
18:45:42.0343 1920 BTSERIAL (8aeca4330654da58423e7fe03a704513) C:\WINDOWS\system32\drivers\btserial.sys
18:45:42.0343 1920 BTSERIAL - ok
18:45:42.0718 1920 BTWDNDIS (bde1502aabe76f71d32178e5c6a58e89) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
18:45:42.0718 1920 BTWDNDIS - ok
18:45:42.0984 1920 catchme - ok
18:45:43.0296 1920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:45:43.0296 1920 cbidf2k - ok
18:45:43.0531 1920 cd20xrnt - ok
18:45:43.0843 1920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:45:43.0843 1920 Cdaudio - ok
18:45:44.0171 1920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:45:44.0171 1920 Cdfs - ok
18:45:44.0437 1920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:45:44.0437 1920 Cdrom - ok
18:45:44.0671 1920 Changer - ok
18:45:45.0062 1920 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:45:45.0062 1920 CmBatt - ok
18:45:45.0281 1920 CmdIde - ok
18:45:45.0515 1920 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:45:45.0515 1920 Compbatt - ok
18:45:45.0843 1920 Cpqarray - ok
18:45:46.0109 1920 dac2w2k - ok
18:45:46.0359 1920 dac960nt - ok
18:45:46.0718 1920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:45:46.0718 1920 Disk - ok
18:45:47.0265 1920 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
18:45:47.0281 1920 dmboot - ok
18:45:47.0578 1920 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
18:45:47.0578 1920 dmio - ok
18:45:47.0828 1920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:45:47.0828 1920 dmload - ok
18:45:48.0156 1920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:45:48.0156 1920 DMusic - ok
18:45:48.0468 1920 dpti2o - ok
18:45:48.0734 1920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:45:48.0734 1920 drmkaud - ok
18:45:49.0234 1920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:45:49.0234 1920 Fastfat - ok
18:45:49.0531 1920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:45:49.0531 1920 Fdc - ok
18:45:49.0796 1920 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
18:45:49.0796 1920 Fips - ok
18:45:50.0093 1920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:45:50.0093 1920 Flpydisk - ok
18:45:50.0375 1920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:45:50.0375 1920 FltMgr - ok
18:45:50.0812 1920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:45:50.0812 1920 Fs_Rec - ok
18:45:51.0140 1920 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:45:51.0140 1920 Ftdisk - ok
18:45:51.0406 1920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:45:51.0406 1920 Gpc - ok
18:45:51.0750 1920 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:45:51.0750 1920 hidusb - ok
18:45:52.0031 1920 hpn - ok
18:45:52.0328 1920 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:45:52.0328 1920 HPZid412 - ok
18:45:52.0578 1920 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:45:52.0578 1920 HPZipr12 - ok
18:45:52.0875 1920 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:45:52.0875 1920 HPZius12 - ok
18:45:53.0234 1920 HSFHWSIS (5d2cc68ab58ef663af5803d0faa42d28) C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys
18:45:53.0250 1920 HSFHWSIS - ok
18:45:53.0843 1920 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:45:53.0859 1920 HSF_DP - ok
18:45:54.0203 1920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:45:54.0218 1920 HTTP - ok
18:45:54.0484 1920 i2omgmt - ok
18:45:54.0687 1920 i2omp - ok
18:45:55.0031 1920 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:45:55.0031 1920 i8042prt - ok
18:45:55.0453 1920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:45:55.0453 1920 Imapi - ok
18:45:55.0796 1920 ini910u - ok
18:45:56.0093 1920 IntelIde - ok
18:45:56.0375 1920 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:45:56.0390 1920 intelppm - ok
18:45:56.0656 1920 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:45:56.0656 1920 Ip6Fw - ok
18:45:56.0921 1920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:45:56.0921 1920 IpFilterDriver - ok
18:45:57.0187 1920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:45:57.0187 1920 IpInIp - ok
18:45:57.0484 1920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:45:57.0484 1920 IpNat - ok
18:45:57.0781 1920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:45:57.0781 1920 IPSec - ok
18:45:58.0046 1920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:45:58.0046 1920 IRENUM - ok
18:45:58.0359 1920 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:45:58.0375 1920 isapnp - ok
18:45:58.0671 1920 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:45:58.0671 1920 Kbdclass - ok
18:45:58.0984 1920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:45:58.0984 1920 kmixer - ok
18:45:59.0281 1920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:45:59.0281 1920 KSecDD - ok
18:45:59.0609 1920 lbrtfdc - ok
18:45:59.0937 1920 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
18:45:59.0937 1920 LgBttPort - ok
18:46:00.0203 1920 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
18:46:00.0203 1920 lgbusenum - ok
18:46:00.0484 1920 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
18:46:00.0484 1920 LGVMODEM - ok
18:46:00.0859 1920 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:46:00.0859 1920 mdmxsdk - ok
18:46:01.0234 1920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:46:01.0234 1920 mnmdd - ok
18:46:01.0515 1920 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
18:46:01.0515 1920 Modem - ok
18:46:01.0765 1920 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:46:01.0765 1920 Mouclass - ok
18:46:02.0046 1920 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:46:02.0046 1920 mouhid - ok
18:46:02.0328 1920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:46:02.0328 1920 MountMgr - ok
18:46:02.0562 1920 mraid35x - ok
18:46:02.0875 1920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:46:02.0875 1920 MRxDAV - ok
18:46:03.0328 1920 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:46:03.0328 1920 MRxSmb - ok
18:46:03.0843 1920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:46:03.0843 1920 Msfs - ok
18:46:04.0218 1920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:46:04.0218 1920 MSKSSRV - ok
18:46:04.0562 1920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:46:04.0562 1920 MSPCLOCK - ok
18:46:04.0796 1920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:46:04.0796 1920 MSPQM - ok
18:46:05.0125 1920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:46:05.0125 1920 mssmbios - ok
18:46:05.0421 1920 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:46:05.0421 1920 Mup - ok
18:46:05.0828 1920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:46:05.0828 1920 NDIS - ok
18:46:06.0093 1920 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:46:06.0093 1920 NdisTapi - ok
18:46:06.0343 1920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:46:06.0343 1920 Ndisuio - ok
18:46:06.0640 1920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:46:06.0640 1920 NdisWan - ok
18:46:06.0921 1920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:46:06.0921 1920 NDProxy - ok
18:46:07.0265 1920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:46:07.0281 1920 NetBIOS - ok
18:46:07.0562 1920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:46:07.0562 1920 NetBT - ok
18:46:08.0093 1920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:46:08.0109 1920 Npfs - ok
18:46:08.0531 1920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:46:08.0531 1920 Ntfs - ok
18:46:08.0921 1920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:46:08.0921 1920 Null - ok
18:46:09.0203 1920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:46:09.0203 1920 NwlnkFlt - ok
18:46:09.0453 1920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:46:09.0453 1920 NwlnkFwd - ok
18:46:09.0875 1920 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
18:46:09.0875 1920 Parport - ok
18:46:10.0156 1920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:46:10.0156 1920 PartMgr - ok
18:46:10.0421 1920 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:46:10.0421 1920 ParVdm - ok
18:46:10.0703 1920 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
18:46:10.0703 1920 PCI - ok
18:46:10.0937 1920 PCIDump - ok
18:46:11.0171 1920 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:46:11.0171 1920 PCIIde - ok
18:46:11.0453 1920 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:46:11.0453 1920 Pcmcia - ok
18:46:11.0703 1920 PDCOMP - ok
18:46:11.0953 1920 PDFRAME - ok
18:46:12.0203 1920 PDRELI - ok
18:46:12.0406 1920 PDRFRAME - ok
18:46:12.0671 1920 perc2 - ok
18:46:12.0921 1920 perc2hib - ok
18:46:13.0500 1920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:46:13.0515 1920 PptpMiniport - ok
18:46:13.0812 1920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:46:13.0812 1920 PSched - ok
18:46:14.0078 1920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:46:14.0078 1920 Ptilink - ok
18:46:14.0375 1920 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:46:14.0375 1920 PxHelp20 - ok
18:46:14.0609 1920 ql1080 - ok
18:46:14.0812 1920 Ql10wnt - ok
18:46:15.0062 1920 ql12160 - ok
18:46:15.0328 1920 ql1240 - ok
18:46:15.0578 1920 ql1280 - ok
18:46:15.0859 1920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:46:15.0859 1920 RasAcd - ok
18:46:16.0187 1920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:46:16.0187 1920 Rasl2tp - ok
18:46:16.0484 1920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:46:16.0484 1920 RasPppoe - ok
18:46:16.0750 1920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:46:16.0750 1920 Raspti - ok
18:46:17.0015 1920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:46:17.0015 1920 Rdbss - ok
18:46:17.0312 1920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:46:17.0312 1920 RDPCDD - ok
18:46:17.0687 1920 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:46:17.0687 1920 RDPWD - ok
18:46:18.0031 1920 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:46:18.0031 1920 redbook - ok
18:46:18.0562 1920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:46:18.0562 1920 Secdrv - ok
18:46:18.0937 1920 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
18:46:18.0937 1920 Serial - ok
18:46:19.0453 1920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:46:19.0453 1920 Sfloppy - ok
18:46:19.0890 1920 Simbad - ok
18:46:20.0218 1920 SiS315 (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
18:46:20.0218 1920 SiS315 - ok
18:46:20.0468 1920 SiSkp (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
18:46:20.0468 1920 SiSkp - ok
18:46:20.0734 1920 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
18:46:20.0734 1920 SISNIC - ok
18:46:21.0015 1920 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
18:46:21.0015 1920 SISNICXP - ok
18:46:21.0296 1920 Sparrow - ok
18:46:21.0578 1920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:46:21.0578 1920 splitter - ok
18:46:21.0906 1920 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
18:46:21.0906 1920 sr - ok
18:46:22.0296 1920 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:46:22.0296 1920 Srv - ok
18:46:22.0671 1920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:46:22.0671 1920 swenum - ok
18:46:22.0953 1920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:46:22.0953 1920 swmidi - ok
18:46:23.0250 1920 symc810 - ok
18:46:23.0453 1920 symc8xx - ok
18:46:23.0703 1920 sym_hi - ok
18:46:23.0968 1920 sym_u3 - ok
18:46:24.0312 1920 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:46:24.0312 1920 SynTP - ok
18:46:24.0562 1920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:46:24.0562 1920 sysaudio - ok
18:46:24.0984 1920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:46:24.0984 1920 Tcpip - ok
18:46:25.0250 1920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:46:25.0250 1920 TDPIPE - ok
18:46:25.0500 1920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:46:25.0500 1920 TDTCP - ok
18:46:25.0781 1920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:46:25.0781 1920 TermDD - ok
18:46:26.0109 1920 TosIde - ok
18:46:26.0500 1920 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
18:46:26.0500 1920 uagp35 - ok
18:46:26.0828 1920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:46:26.0828 1920 Udfs - ok
18:46:27.0062 1920 ultra - ok
18:46:27.0453 1920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:46:27.0453 1920 Update - ok
18:46:27.0796 1920 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
18:46:27.0796 1920 usbbus - ok
18:46:28.0109 1920 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:46:28.0109 1920 usbccgp - ok
18:46:28.0359 1920 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
18:46:28.0359 1920 UsbDiag - ok
18:46:28.0625 1920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:46:28.0640 1920 usbehci - ok
18:46:28.0890 1920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:46:28.0890 1920 usbhub - ok
18:46:29.0171 1920 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
18:46:29.0171 1920 USBModem - ok
18:46:29.0468 1920 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:46:29.0468 1920 usbohci - ok
18:46:29.0781 1920 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:46:29.0781 1920 usbprint - ok
18:46:30.0015 1920 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:46:30.0015 1920 usbscan - ok
18:46:30.0312 1920 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:46:30.0312 1920 USBSTOR - ok
18:46:30.0562 1920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:46:30.0578 1920 VgaSave - ok
18:46:30.0796 1920 ViaIde - ok
18:46:31.0046 1920 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
18:46:31.0046 1920 VolSnap - ok
18:46:31.0437 1920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:46:31.0437 1920 Wanarp - ok
18:46:31.0703 1920 WDICA - ok
18:46:31.0953 1920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:46:31.0953 1920 wdmaud - ok
18:46:32.0421 1920 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:46:32.0421 1920 winachsf - ok
18:46:33.0281 1920 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:46:33.0281 1920 WudfPf - ok
18:46:33.0562 1920 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:46:33.0562 1920 WudfRd - ok
18:46:33.0921 1920 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Programmi\CyberLink\PowerDVD10\NavFilter\000.fcl
18:46:33.0921 1920 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
18:46:34.0125 1920 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
18:46:34.0468 1920 \Device\Harddisk0\DR0 - ok
18:46:34.0562 1920 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR5
18:46:34.0625 1920 \Device\Harddisk1\DR5 - ok
18:46:34.0718 1920 Boot (0x1200) (a7fb296c12c507df687bf9ed4ffb73be) \Device\Harddisk0\DR0\Partition0
18:46:34.0718 1920 \Device\Harddisk0\DR0\Partition0 - ok
18:46:34.0843 1920 Boot (0x1200) (7f867e8467a2712425da7ae47d27a877) \Device\Harddisk0\DR0\Partition1
18:46:34.0843 1920 \Device\Harddisk0\DR0\Partition1 - ok
18:46:34.0906 1920 Boot (0x1200) (1623e2db2b6fb45aa4a96293657d135d) \Device\Harddisk1\DR5\Partition0
18:46:34.0906 1920 \Device\Harddisk1\DR5\Partition0 - ok
18:46:34.0953 1920 ============================================================
18:46:34.0953 1920 Scan finished
18:46:34.0953 1920 ============================================================
18:46:35.0062 0244 Detected object count: 0
18:46:35.0062 0244 Actual detected object count: 0
18:50:37.0687 0544 Deinitialize success

[FrancescoFDAC]

Ripristina un file di sistema

Per ripristinare il file RUNDLL32.exe, segui questa procedura:

● inserisci il CD di Windows nell'unità Ottica CD/DVD
● clicca sul pulsante Start
● clicca su Esegui
● nello spazio bianco, copia ed incolla queste righe:
expand X:\i386\rundll32.ex_ c:\windows\system32\rundll32.exe
● riavvia il sistema

Nota - X è la lettera dell'unità Ottica CD/DVD

Questo se hai il CD. Altrimenti, fammi sapere.

Francesco

P.S. Esegui questa scansione:
Scarica ed installa Vir.IT eXplorer Lite: http://www.tgsoft.it/scripts/getfile.asp?lang=ITA
● aggiorna il programma, cliccando in alto su Tools e successivamente su Aggiornamenti OnLine: controlla che sia spuntata la voce Aggiorna con il modo servizio, e clicca su Aggiorna
● esegui una scansione completa, cliccando in alto su Scan e successivamente su Ricerca
● clicca su Scan e successivamente su Visualizza file Log: in questo modo potrai allegare il file di testo per un controllo