Postdi Petomane » 02/04/10 13:27

Ciao a tutti!
Da qualche giorno mi capita che il mio pc cominci ad andare in 'affanno' (rumoreggiando come per operazioni dispendiose), rallenti, fino poi a bloccarsi.Penso inizi dalla connessione in internet, comunque poi perdura anche una volta scollegato.
Non mi risultano virus, ho Avira antivir, ho effettuato lo scandisk e kla deframmentazione oltre alla pulizia del disco. Ho uno spazio disponibile di 108 GB su 149.
Dopo le operazioni suddette le cose sembravano andare meglio, ma appunto, dopo una nuova connessione ad internet ho risentito l' affanno che dicevo.
Mio fratello ha una casella di posta con molti messaggi e l' ho invitato ad alleggerirla, ma non credo dipenda da questo, in fondo non è la prima volta che si ritrova con la posta colma o quasi...

Saluti e grazie.
Postdi gahan » 02/04/10 16:33

scarica ed installa HijackThis

- apri il software
- accetta i termini di licenza
- clicca su do a system scan and save a logfile
- posta qui sul forum il log risultante
NB - usa il tag [CODE] per postare il log
Postdi Petomane » 03/04/10 13:34

Grazie molto, ecco qua...

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.32.28, on 03/04/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Nero\Nero 7\InCD\NBHGui.exe
C:\Programmi\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Software Informer\softinfo.exe
C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Programmi\Free Download Manager\fdm.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Avira\AntiVir Desktop\avscan.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [LGODDFU] C:\Programmi\lg_fwupdate\fwupdate.exe blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Programmi\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Software Informer] "C:\Programmi\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Programmi\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AED41C6-7D6E-4A37-8313-11D5F33CB02F}: NameServer =
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe

End of file - 10792 bytes
Postdi gahan » 06/04/10 08:31


- chiudi tutte le applicazioni
- apri Hijackthis
- clicca su Do a system scan only
- spunta le seguenti voci e clicca su Fix checked

Codice: Seleziona tutto
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

- in seguito, scarica malwarebytes dal link sottostante: ... l-10804572
- disconnettiti da internet
- disattiva il tuo antivirus
- fai una scansione completa
- rimuovi eventuali minacce rilevate cliccando sul pulsante "rimuovi elementi selezionati"
- posta il log risultante dalla scansione
Postdi Petomane » 06/04/10 21:19

Grazie...ecco qua:

Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.45

Versione database: 3961

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

06/04/2010 22.12.07
mbam-log-2010-04-06 (22-12-07).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 173222
Tempo trascorso: 37 minuti, 55 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 6
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 7
File infetti: 7

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorNE (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.

File infetti:
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Francesco\Dati applicazioni\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

Ho risolto?
Postdi gahan » 07/04/10 08:41


scarica CCleaner da questo link:
installa il software spuntando la casella della "yahoo toolbar" verso fine installazione
avvialo --> vai in opzioni sulla sinistra --> avanzate --> togli la spunta da "cancella file in windows temp se più vecchi di 24 ore".
Ritorna in "pulizia" e clicca su "avvia pulizia".

Noti miglioramenti?
Postdi Petomane » 07/04/10 11:33

Niente, continua a presentarsi il problema...riguarderà l' hardware a questo punto?
Comunque tra le problematiche che avevo ultimamente ci sono quella del momento in cui vado a connettermi ad internet con la comparsa dell' 'Errore 734.......', quella dei programmi che sembrano incepparsi e al momento in cui li vado a chiudere ritardano e si fa viva la finestra con il pulsante 'Termina adesso' o 'Invia segnalazione errori'.
Non sò inoltre se può dipendere dal modem D-Link DSL-200 che ho letto da qualche parte essere pessimo o quasi.

Comunque in attesa di altri suggerimenti, intanto, grazie!
Postdi gahan » 07/04/10 11:51

Esegui uno scandisk come prima cosa, in questo modo:

start --> esegui --> digita

chkdsk /r

Nb - nota lo spazio dopo "chkdsk"

Nella schermata successiva alla domanda "vuoi effettuare un controllo del disco al prossimo avvio del sistema", digita s confermando con INVIO, quindi riavvia il PC.
Postdi Petomane » 07/04/10 17:37

Niente, continua...
sembra non fare più quel rumore affannoso ma si interrompe comunque ad un certo punto...
Postdi Petomane » 07/04/10 22:06

Ciao, tutto pari a prima...
Stavo pensando però, dato che il mio windows xp è una copia, può magari essere stato un aggiornamento scaricato per sbaglio a causare sto casino?
Postdi gahan » 08/04/10 08:10

Petomane ha scritto:Ciao, tutto pari a prima...
Stavo pensando però, dato che il mio windows xp è una copia, può magari essere stato un aggiornamento scaricato per sbaglio a causare sto casino?

Ti chiedo cortesemente di (ri)leggere attentamente il nostro regolamento:
Postdi Petomane » 08/04/10 12:25

Ok, come non detto...
Postdi Petomane » 08/04/10 13:15

Chiedo scusa, è che sto computer m' ha rotto, solo il pensiero di dover riportare il pc a riparare per l' ennesima volta...comunque grazie per la puntuale disponobilità...
Postdi gahan » 08/04/10 16:48

Petomane ha scritto:Chiedo scusa, è che sto computer m' ha rotto, solo il pensiero di dover riportare il pc a riparare per l' ennesima volta...comunque grazie per la puntuale disponobilità...


- inserisci il CD di Windows XP nel lettore CD/DVD
- start --> esegui --> nel box bianco digita

sfc /scannow

NB - nota lo spazio dopo "sfc"

Attendi la fine del processo, quindi riavvia il sistema.
Tienimi aggiornato :)
Postdi Petomane » 08/04/10 22:02

Non ho più il cd da molto, l' avevo in prestito, ora non riesco nemmeno ad aprire la pagina internet, ci sono riuscito tramite la cartella di avira, per caso...
Utente Senior
Post: 107
Iscritto il: 23/03/10 00:54

Re: Affanno PC

Postdi Petomane » 08/04/10 23:00

Forse ho risolto, ho cancellato la cartella Conduit che conteneva due files Alert0.dll e Alert.dll, sembra siano come mai Avira non ne ha riscontrato la pericolosità?
Li conoscevi? Non ho capito bene di cosa si tratta...
Mi consigli un altro antivirus?

Postdi gahan » 09/04/10 09:01


direi che Avira come antivirus FREE va più che bene, a mio avviso il migliore tra quelli gratuiti.
Procedi in questo modo per effettuare un controllo completo:
Scarica Combofix direttamente sul desktop dal link seguente:

- esegui ComboFix.exe
- NON installare la RECOVERY CONSOLE
- NON interferire con la scansione del programma
- a scansione ultimata vai in C:\ e copia/incolla, nella tua prossima risposta, il log contentuto nel file
Postdi Petomane » 09/04/10 13:20

Codice: Seleziona tutto
ComboFix 10-04-08.02 - Francesco 09/04/2010 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.39.1040.18.1022.493 [GMT 2:00]
Eseguito da: c:\documents and settings\Francesco\Documenti\ComFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}


(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))


original MBR restored successfully !
(((((((((((((((((((((((((   Files Creati Da 2010-03-09 al 2010-04-09  )))))))))))))))))))))))))))))))))))

2010-04-09 01:40 . 2009-03-30 07:33   96104   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-04-09 01:40 . 2009-02-13 09:29   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2010-04-09 01:40 . 2009-02-13 09:17   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2010-04-09 01:40 . 2010-04-09 01:40   --------   d-----w-   c:\programmi\Avira
2010-04-09 01:40 . 2010-04-09 01:40   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Avira
2010-04-09 00:35 . 2010-04-09 00:35   --------   d-----w-   c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\Symantec
2010-04-07 21:12 . 2009-10-06 16:32   327168   ----a-w-   c:\windows\system32\cutil32.dll
2010-04-07 21:12 . 2009-08-03 18:25   285696   ----a-w-   c:\windows\system32\cudart.dll
2010-04-07 09:44 . 2010-04-07 09:44   --------   d-----w-   c:\programmi\CCleaner
2010-04-06 18:45 . 2010-04-06 18:45   --------   d-----w-   c:\documents and settings\Francesco\Dati applicazioni\Malwarebytes
2010-04-06 18:45 . 2010-03-29 13:24   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 18:45 . 2010-04-06 18:45   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-06 18:45 . 2010-03-29 13:24   20824   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-04-06 18:44 . 2010-04-06 18:45   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2010-04-03 12:31 . 2010-04-03 12:31   --------   d-----w-   c:\programmi\Trend Micro
2010-03-18 09:32 . 2010-04-01 11:07   --------   d-----w-   c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\Temp
2010-03-13 15:02 . 2010-04-08 23:08   --------   d-----w-   c:\documents and settings\Francesco\Dati applicazioni\vlc
2010-03-12 15:33 . 2010-03-12 15:36   52224   ----a-w-   c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2010-03-12 15:33 . 2010-03-12 15:36   101376   ----a-w-   c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
2010-03-12 15:33 . 2010-03-12 15:36   --------   d-----w-   c:\programmi\File comuni\DVDVideoSoft
2010-03-12 15:21 . 2010-02-09 16:26   52224   ----a-w-   c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
2010-03-12 15:21 . 2010-02-09 16:26   101376   ----a-w-   c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
2010-03-12 13:44 . 2010-03-12 13:44   --------   d-----w-   c:\documents and settings\Francesco\Dati applicazioni\Apowersoft
2010-03-10 13:00 . 2010-02-12 10:03   293376   ------w-   c:\windows\system32\browserchoice.exe

((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
2010-04-09 11:54 . 2010-02-10 15:21   --------   d-----w-   c:\documents and settings\Francesco\Dati applicazioni\Skype
2010-04-09 09:59 . 2010-01-12 20:27   --------   d-----w-   c:\documents and settings\Francesco\Dati applicazioni\Software Informer
2010-04-09 09:55 . 2010-01-22 17:09   --------   d-----w-   c:\documents and settings\Francesco\Dati applicazioni\skypePM
2010-04-09 09:54 . 2010-01-13 20:23   --------   d-----w-   c:\programmi\lg_fwupdate
2010-04-09 00:40 . 2006-03-02 12:00   84910   ----a-w-   c:\windows\system32\perfc010.dat
2010-04-09 00:40 . 2006-03-02 12:00   491894   ----a-w-   c:\windows\system32\perfh010.dat
2010-04-01 08:59 . 2007-10-15 17:49   --------   d-----w-   c:\programmi\Google
2010-03-31 19:06 . 2010-01-13 16:46   --------   d-----w-   c:\documents and settings\Francesco\Dati applicazioni\Image Zone Express
2010-03-24 16:14 . 2010-01-12 22:55   --------   d-----w-   c:\documents and settings\Francesco\Dati applicazioni\dvdcss
2010-03-24 09:25 . 2007-09-29 07:49   --------   d-----w-   c:\programmi\DivX
2010-03-18 00:01 . 2010-03-18 00:01   12   ----a-w-   c:\windows\system32\config\systemprofile\Dati applicazioni\zxcdyt.dat
2010-03-17 19:05 . 2010-03-17 19:05   12   ----a-w-   c:\documents and settings\Francesco\Dati applicazioni\zxcdyt.dat
2010-03-11 12:30 . 2006-03-02 12:00   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-03-11 12:30 . 2010-01-11 08:40   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:30 . 2006-03-02 12:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-03-07 20:38 . 2010-03-07 20:38   --------   d-----w-   c:\documents and settings\Francesco\Dati applicazioni\DivX
2010-03-05 18:24 . 2007-09-05 06:19   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-02-26 14:40 . 2010-01-11 08:24   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-18 13:06 . 2007-11-24 16:23   --------   d-----w-   c:\programmi\Windows Live
2010-02-10 15:21 . 2010-02-10 15:21   --------   d-----r-   c:\programmi\Skype
2010-02-10 15:21 . 2010-02-10 15:21   --------   d-----w-   c:\programmi\File comuni\Skype
2010-02-10 15:21 . 2010-01-22 17:02   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Skype
2010-01-28 21:12 . 2010-01-28 21:12   737280   ----a-w-   c:\windows\iun6002.exe
2010-01-27 16:18 . 2010-01-15 21:54   79488   ----a-w-   c:\documents and settings\Francesco\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-22 17:09 . 2010-01-22 17:09   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2010-01-21 16:13 . 2010-02-12 14:35   52224   ----a-w-   c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\extensions\{edca0f41-f79d-4126-a176-a1b258e033f8}\components\FFExternalAlert.dll
2010-01-21 16:13 . 2010-02-12 14:35   101376   ----a-w-   c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\extensions\{edca0f41-f79d-4126-a176-a1b258e033f8}\components\RadioWMPCore.dll
2010-01-15 22:02 . 2010-01-15 21:56   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-01-15 22:01 . 2010-01-15 21:55   152576   ----a-w-   c:\documents and settings\Francesco\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-12 20:40 . 2010-01-12 20:33   113128   ----a-w-   c:\windows\hpoins07.dat
2010-01-12 20:24 . 2010-01-12 20:24   0   -c--a-w-   c:\windows\nsreg.dat

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408]
"Software Informer"="c:\programmi\Software Informer\softinfo.exe" [2009-11-25 2011205]
"LightScribe Control Panel"="c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
"PMCS"="c:\programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-03-30 65536]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-04-16 282624]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\programmi\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="c:\programmi\lg_fwupdate\fwupdate.exe" [2007-02-26 249856]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\programmi\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\programmi\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-01-15 149280]
"DSLSTATEXE"="c:\program files\D-Link\DSL-200\dslstat.exe" [2005-12-12 344064]
"DSLAGENTEXE"="c:\program files\D-Link\DSL-200\dslagent.exe" [2005-08-25 65536]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"4861:TCP"= 4861:TCP:Services
"8222:TCP"= 8222:TCP:Services
"3463:TCP"= 3463:TCP:Services
"5426:TCP"= 5426:TCP:Services
"6100:TCP"= 6100:TCP:Services
"6101:TCP"= 6101:TCP:Services
"6883:TCP"= 6883:TCP:Services
"6884:TCP"= 6884:TCP:Services
"2227:TCP"= 2227:TCP:Services
"2954:TCP"= 2954:TCP:Services
"3338:TCP"= 3338:TCP:Services
"5176:TCP"= 5176:TCP:Services
"8397:TCP"= 8397:TCP:Services
"8398:TCP"= 8398:TCP:Services
"4738:TCP"= 4738:TCP:Services
"3119:TCP"= 3119:TCP:Services

R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [18/12/2006 17.53.02 827008]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [01/04/2010 10.59.04 135664]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 11:27   451872   ----a-w-   c:\programmi\File comuni\LightScribe\LSRunOnce.exe
Contenuto della cartella 'Scheduled Tasks'

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-01 08:59]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-01 08:59]
------- Scansione supplementare -------
uStart Page = hxxp://
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/
FF - ProfilePath - c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\
FF - prefs.js: - hxxp://{searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://
FF - component: c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\extensions\{edca0f41-f79d-4126-a176-a1b258e033f8}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\jc8ytcp9.default\extensions\{edca0f41-f79d-4126-a176-a1b258e033f8}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll

FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

HKCU-Run-fsm - (no file)
Notify-NavLogon - (no file)
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\programmi\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2010-04-09 14:11
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8632E0A8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7674fc3
\Driver\ACPI -> 0x8632e0a8
\Driver\atapi -> atapi.sys @ 0xf749f7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
 ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
 ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: Scheda Fast Ethernet VIA compatibile -> SendCompleteHandler -> 0x85d40330
 PacketIndicateHandler -> NDIS.sys @ 0xf739aa0b
 SendHandler -> NDIS.sys @ 0xf73aeb31
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A14C00
malicious code @ sector 0x012A14C03 !
PE file found in sector at 0x012A14C19 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.


"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

Ora fine scansione: 2010-04-09  14:13:32
ComboFix-quarantined-files.txt  2010-04-09 12:13

Pre-Run: 138.999.468.032 byte disponibili
Post-Run: 139.006.869.504 byte disponibili

- - End Of File - - 34CCDE34983CD25B6B306FBA5FD7CEA4
Postdi gahan » 09/04/10 16:48

Allora...esegui questa procedura:

- scarica mbr.exe e salvalo direttamente nella directory C:\

- riavvia il PC in modalità provvisoria premendo F5 continuamente durante l'accensione
- una volta entrato in suddetta modalità da start -> esegui -> nel box bianco digita

C:\mbr.exe -f

e clicca su OK

NB - Nota lo spazio vuoto tra "mbr.exe" e "-f"
Salva il log prodotto come mbr ed allegalo per il controllo
Postdi Petomane » 09/04/10 19:29

Codice: Seleziona tutto
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x863be258
NDIS: Scheda Fast Ethernet VIA compatibile -> SendCompleteHandler -> 0x85de0330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A14C00
malicious code @ sector 0x012A14C03 !
PE file found in sector at 0x012A14C19 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
