Condividi:        

aiuto: finestre strane

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: aiuto: finestre strane

Postdi fofo69 » 04/08/10 12:01

Luke57 ha scritto:Adesso trascina il file CFScript.txt su ComboFix.exe
Il programma eseguirà una nuova scansione,al termine riavvia il pc se ti viene richiesto dal programma.
Posta il nuovo report, poi Scarica questo tool e copialo in C:\,
http://www2.gmer.net/mbr/mbr.exe

Da Start>Esegui
copia e incolla
C:\mbr.exe -f
dai l'OK

riavvia il pc

Da Start>Esegui
copia e incolla
C:\mbr.exe
dai l'OK

portati in C:\ copia / incolla il file di testo con all'interno i valori del MBR.


Ciao Luke57
ho fatto il primo passaggio con combofix e questo il report:
Codice: Seleziona tutto
ComboFix 10-08-02.03 - fofo 04/08/2010  10.00.13.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.2046.1543 [GMT 2:00]
Eseguito da: c:\documents and settings\fofo\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\fofo\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

FILE ::
"C:\SZKGFS.dat"
"c:\windows\system32\drivers\kgpcpy.cfg"
"c:\windows\system32\drivers\vnrbvdq.sys"
"c:\windows\system32\winzvprt5.sys"
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\fofo\Impostazioni locali\Dati applicazioni\vrmwooadc
C:\SZKGFS.dat
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\system32\drivers\vnrbvdq.sys
c:\windows\system32\winzvprt5.sys

.
MBR is infected with the Whistler Bootkit !!

(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VNRBVDQ
-------\Service_vnrbvdq


(((((((((((((((((((((((((   Files Creati Da 2010-07-04 al 2010-08-04  )))))))))))))))))))))))))))))))))))
.

2010-07-30 08:23 . 2010-07-30 08:23   --------   d-----w-   c:\documents and settings\fofo\Dati applicazioni\Pixel Studio Pro
2010-07-27 12:17 . 2010-07-27 12:17   --------   d-----r-   c:\documents and settings\LocalService\Documenti
2010-07-26 12:33 . 2010-07-26 12:33   --------   d-----w-   c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-07-26 10:43 . 2008-04-13 16:39   142592   -c--a-w-   c:\windows\system32\dllcache\aec.sys
2010-07-26 10:43 . 2008-04-13 16:39   142592   ----a-w-   c:\windows\system32\drivers\aec.sys
2010-07-26 10:31 . 2008-09-26 23:37   188416   ----a-r-   c:\windows\system32\hppafx11.dll
2010-07-26 10:31 . 2007-07-16 21:29   59928   ----a-r-   c:\windows\system32\fxfaxchannel.dll
2010-07-26 10:31 . 2007-07-16 21:29   20504   ----a-r-   c:\windows\system32\drivers\hpfxfax.sys
2010-07-26 10:31 . 2008-09-26 23:37   188416   ----a-r-   c:\windows\system32\hppcew11.dll
2010-07-26 10:31 . 2007-07-16 21:29   26136   ----a-r-   c:\windows\system32\drivers\hpfxgen.sys
2010-07-26 10:31 . 2007-07-16 21:29   17432   ----a-r-   c:\windows\system32\drivers\hpfxbulk.sys
2010-07-23 09:05 . 2006-06-19 11:01   69632   ----a-w-   c:\windows\system32\ztvcabinet.dll
2010-07-23 09:05 . 2006-05-25 13:52   162304   ----a-w-   c:\windows\system32\ztvunrar36.dll
2010-07-23 09:05 . 2003-02-02 18:06   153088   ----a-w-   c:\windows\system32\UNRAR3.dll
2010-07-23 09:05 . 2002-03-05 23:00   75264   ----a-w-   c:\windows\system32\unacev2.dll
2010-07-22 10:39 . 2010-07-22 10:39   --------   d-----w-   c:\windows\UltraDefrag
2010-07-22 10:10 . 2010-07-22 10:10   --------   d-----w-   c:\documents and settings\fofo\Dati applicazioni\SUPERAntiSpyware.com
2010-07-22 10:10 . 2010-07-22 10:10   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-07-22 10:10 . 2010-07-22 10:10   --------   d-----w-   c:\programmi\SUPERAntiSpyware
2010-07-22 07:21 . 2010-07-22 07:21   --------   d-----w-   c:\documents and settings\fofo\Dati applicazioni\Malwarebytes
2010-07-22 07:21 . 2010-04-29 13:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 07:21 . 2010-07-22 07:21   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-22 07:21 . 2010-04-29 13:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-07-22 07:21 . 2010-07-22 07:21   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2010-07-21 16:05 . 2010-07-21 16:05   --------   d-----w-   c:\programmi\Enigma Software Group
2010-07-21 16:04 . 2010-07-22 07:36   --------   d-----w-   c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-07-21 15:22 . 2005-08-25 23:50   77312   ----a-w-   c:\windows\system32\ztvunace26.dll
2010-07-21 14:03 . 2010-07-21 14:03   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\SITEguard
2010-07-21 14:02 . 2010-07-21 14:44   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\STOPzilla!
2010-07-21 14:02 . 2010-07-21 14:02   --------   d-----w-   c:\programmi\File comuni\iS3
2010-07-21 13:12 . 2010-07-21 13:12   --------   d-----w-   c:\documents and settings\fofo\Dati applicazioni\Tific
2010-07-21 13:12 . 2010-07-21 13:12   --------   d-----w-   c:\documents and settings\fofo\Impostazioni locali\Dati applicazioni\Symantec
2010-07-21 10:47 . 2010-07-21 10:47   --------   d-----w-   c:\programmi\Windows Sidebar
2010-07-21 10:47 . 2010-07-21 13:03   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Norton
2010-07-21 10:47 . 2010-07-21 10:48   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2010-07-21 09:12 . 2010-07-21 09:12   --------   d-----w-   c:\programmi\CCleaner
2010-07-21 07:10 . 2010-07-21 07:10   --------   d-----w-   c:\documents and settings\fofo\Dati applicazioni\Uniblue
2010-07-20 12:45 . 2010-07-20 13:37   --------   d-----w-   c:\documents and settings\fofo\Impostazioni locali\Dati applicazioni\hwdqnbqgo
2010-07-20 12:45 . 2010-07-20 12:46   --------   d-----w-   c:\documents and settings\fofo\Dati applicazioni\8207F320B0AA24EF78D7F205BFCFE590
2010-07-14 10:20 . 2010-06-14 14:31   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 08:53 . 2008-11-07 16:55   16928   ------w-   c:\windows\system32\spmsgXP_2k3.dll
2010-07-07 13:51 . 2010-07-07 13:51   --------   d-----w-   c:\documents and settings\fofo\Dati applicazioni\ImTOO
2010-07-07 13:50 . 2010-07-07 13:50   --------   d-----w-   c:\programmi\ImTOO
2010-07-07 13:48 . 2010-07-07 13:48   --------   d-----w-   c:\documents and settings\fofo\Impostazioni locali\Dati applicazioni\Macroplant,_LLC

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 10:45 . 2008-09-19 09:39   --------   d-----w-   c:\programmi\DNA
2010-08-04 10:45 . 2008-09-19 09:39   --------   d-----w-   c:\documents and settings\fofo\Dati applicazioni\DNA
2010-08-04 07:12 . 2009-09-15 14:13   --------   d-----w-   c:\programmi\Mozilla Thunderbird
2010-08-03 09:17 . 2010-08-03 10:52   2838   ----a-w-   c:\programmi\rotation.rot
2010-08-02 09:57 . 2007-02-28 08:58   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-07-29 12:39 . 2010-07-29 12:39   503808   ----a-w-   c:\documents and settings\fofo\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-57aa8ff4-n\msvcp71.dll
2010-07-29 12:39 . 2010-07-29 12:39   499712   ----a-w-   c:\documents and settings\fofo\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-57aa8ff4-n\jmc.dll
2010-07-29 12:39 . 2010-07-29 12:39   348160   ----a-w-   c:\documents and settings\fofo\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-57aa8ff4-n\msvcr71.dll
2010-07-26 13:43 . 2007-02-26 11:59   --------   d---a-w-   c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-07-26 12:30 . 2007-05-07 10:23   --------   d-----w-   c:\documents and settings\fofo\Dati applicazioni\Skype
2010-07-26 12:17 . 2009-01-26 09:11   --------   d-----w-   c:\documents and settings\fofo\Dati applicazioni\skypePM
2010-07-26 10:33 . 2010-06-17 08:26   182681   ----a-w-   c:\windows\hppins11.dat
2010-07-23 09:26 . 2010-07-23 09:26   388096   ----a-r-   c:\documents and settings\fofo\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-23 09:26 . 2007-02-28 14:49   --------   d-----w-   c:\programmi\Trend Micro
2010-07-22 10:33 . 2008-03-06 10:55   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-07-22 10:11 . 2010-07-22 10:11   63488   ----a-w-   c:\documents and settings\fofo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-22 10:11 . 2010-07-22 10:11   52224   ----a-w-   c:\documents and settings\fofo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-22 10:11 . 2010-07-22 10:11   117760   ----a-w-   c:\documents and settings\fofo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-21 16:04 . 2009-03-02 15:26   --------   d-----w-   c:\programmi\File comuni\Wise Installation Wizard
2010-07-21 13:24 . 2008-11-12 16:05   --------   d-----w-   c:\programmi\File comuni\Symantec Shared
2010-07-21 13:23 . 2008-11-12 16:05   --------   d-----w-   c:\programmi\Symantec
2010-07-15 14:44 . 2008-09-19 09:39   --------   d-----w-   c:\documents and settings\fofo\Dati applicazioni\BitTorrent
2010-07-12 08:53 . 2010-07-12 08:53   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
2010-07-12 08:53 . 2010-07-12 08:53   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-02 08:45 . 2008-09-22 07:38   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-06-28 08:59 . 2010-06-28 08:59   --------   d-----w-   c:\programmi\Xvid
2010-06-24 07:49 . 2006-03-02 12:00   541470   ----a-w-   c:\windows\system32\perfh010.dat
2010-06-24 07:49 . 2006-03-02 12:00   101278   ----a-w-   c:\windows\system32\perfc010.dat
2010-06-22 15:54 . 2007-02-28 15:38   --------   d-----w-   c:\documents and settings\fofo\Dati applicazioni\Apple Computer
2010-06-22 15:47 . 2010-06-22 15:46   --------   d-----w-   c:\programmi\iTunes
2010-06-22 15:47 . 2010-06-22 15:46   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-22 15:46 . 2010-06-22 15:46   --------   d-----w-   c:\programmi\iPod
2010-06-22 15:46 . 2008-10-20 07:31   --------   d-----w-   c:\programmi\File comuni\Apple
2010-06-22 15:43 . 2007-02-28 15:34   --------   d-----w-   c:\programmi\QuickTime
2010-06-22 15:38 . 2008-09-22 07:14   --------   d-----w-   c:\programmi\Bonjour
2010-06-22 12:09 . 2010-06-22 12:09   --------   d-----w-   c:\programmi\File comuni\Skype
2010-06-22 12:09 . 2007-05-07 10:22   --------   d-----r-   c:\programmi\Skype
2010-06-22 12:09 . 2007-05-07 10:23   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Skype
2010-06-18 10:39 . 2010-06-18 10:17   --------   d-----w-   c:\programmi\FreeOCR
2010-06-18 10:17 . 2010-06-18 10:17   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Tarma Installer
2010-06-17 08:36 . 2010-06-17 08:30   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\HP
2010-06-17 08:36 . 2010-06-16 10:35   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard
2010-06-17 08:31 . 2010-06-16 10:31   --------   d-----w-   c:\programmi\HP
2010-06-17 08:30 . 2010-06-17 08:30   --------   d-----w-   c:\programmi\File comuni\HP
2010-06-17 08:30 . 2010-06-17 08:30   --------   d-----w-   c:\programmi\Hewlett-Packard
2010-06-16 14:58 . 2009-11-10 10:08   --------   d-----w-   c:\programmi\MSECache
2010-06-16 13:34 . 2009-03-26 16:46   --------   d-----w-   c:\programmi\Okidata
2010-06-16 12:45 . 2007-02-26 16:06   139432   ----a-w-   c:\documents and settings\fofo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-06-16 12:39 . 2010-06-16 12:39   --------   d-----w-   c:\programmi\File comuni\Hewlett-Packard
2010-06-16 12:14 . 2010-06-16 12:14   --------   d-----w-   c:\programmi\File comuni\SWF Studio
2010-06-15 18:01 . 2010-06-15 18:01   72504   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:31 . 2007-02-16 13:07   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:47 . 2010-06-11 13:51   --------   d-----w-   c:\programmi\DScaler
2010-06-09 00:40 . 2008-11-10 16:09   --------   d-----w-   c:\programmi\Microsoft Silverlight
2010-05-29 19:05 . 2010-05-29 19:05   8704   ----a-w-   c:\windows\system32\bootexctrl.exe
2010-05-29 19:05 . 2010-05-29 19:05   11776   ----a-w-   c:\windows\system32\wgx.dll
2010-05-29 19:05 . 2010-05-29 19:05   24576   ----a-w-   c:\windows\system32\udefrag.exe
2010-05-29 19:05 . 2010-05-29 19:05   14848   ----a-w-   c:\windows\system32\lua5.1a_gui.exe
2010-05-29 19:04 . 2010-05-29 19:04   92160   ----a-w-   c:\windows\system32\lua5.1a.dll
2010-05-29 19:04 . 2010-05-29 19:04   10752   ----a-w-   c:\windows\system32\lua5.1a.exe
2010-05-29 19:04 . 2010-05-29 19:04   6144   ----a-w-   c:\windows\system32\hibernate4win.exe
2010-05-29 19:04 . 2010-05-29 19:04   8192   ----a-w-   c:\windows\system32\udefrag.dll
2010-05-29 19:04 . 2010-05-29 19:04   45056   ----a-w-   c:\windows\system32\udefrag-kernel.dll
2010-05-29 19:04 . 2010-05-29 19:04   26624   ----a-w-   c:\windows\system32\zenwinx.dll
2010-05-29 19:04 . 2010-05-29 19:04   73216   ----a-w-   c:\windows\system32\defrag_native.exe
2010-05-21 12:14 . 2009-10-05 07:19   221568   ------w-   c:\windows\system32\MpSigStub.exe
2010-05-18 14:35 . 2010-05-18 14:35   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2006-05-03 09:06 . 2008-05-13 09:10   163328   --sh--r-   c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-05-13 09:10   31232   --sh--r-   c:\windows\system32\msfDX.dll
2007-12-17 12:43 . 2008-05-13 09:10   27648   --sh--w-   c:\windows\system32\Smab0.dll
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlay1EXL600]
@="{BF9B13E4-FE9B-4121-853F-866F4E9E2830}"
[HKEY_CLASSES_ROOT\CLSID\{BF9B13E4-FE9B-4121-853F-866F4E9E2830}]
2008-04-16 13:55   599552   ----a-w-   c:\windows\system32\FPAP-EXL600\FileptcIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-11-13 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPUsageTracking"="c:\programmi\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"MbWzdFPAP-EXL600"="c:\windows\system32\FPAP-EXL600\PdtGuide.exe" [2008-04-16 1030656]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

c:\documents and settings\fofo\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 10:10   18744   ----a-w-   c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check(3).lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check(3).lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46   1135912   ----a-w-   c:\programmi\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-10 13:46   29744   ----a-w-   c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20   866584   ----a-w-   c:\programmi\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OKI OPHI DCS Loader"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\FTP Explorer\\ftpx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\LeechFTP\\Leechftp.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Documents and Settings\\fofo\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:emule_tcp
"4672:UDP"= 4672:UDP:emule_tcp

R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20.25.48 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20.41.30 67656]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [18/09/2007 0.35.41 223232]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [10/03/2008 15.46.22 29744]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [26/07/2010 12.31.47 20504]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [22/06/2010 17.38.41 18432]
S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\SR9USB.sys [01/07/2009 13.42.54 14592]
S4 OKI OPHI DCS Loader;OKI OPHI DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHILDCS.EXE [26/03/2009 18.46.18 24576]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/05/2007 9.55.12 639224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53   451872   ----a-w-   c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-08-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uDefault_Search_URL =
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} - hxxp://visualizzamms.net.vodafone.it/mms/EmblazePCPlayerActiveXs.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\fofo\Dati applicazioni\Mozilla\Firefox\Profiles\lpje8hwh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\fofo\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\fofo\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 12:47
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AA3FB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9e4f852
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d2fbb0
 PacketIndicateHandler -> NDIS.sys @ 0xb9d1ea0d
 SendHandler -> NDIS.sys @ 0xb9d32b40
user & kernel MBR OK

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\WININET.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\PCANotify.dll

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3368)
c:\windows\system32\WININET.dll
c:\windows\system32\FPAP-EXL600\FileptcIconOverlay.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\ftpxext.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\UTSCSI.EXE
c:\programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-04  12:53:02 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-08-04 10:52
ComboFix2.txt  2010-08-03 14:20

Pre-Run: 146.654.257.152 byte disponibili
Post-Run: 146.637.660.160 byte disponibili

Current=3 Default=3 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - B877D3F14BD95A7B575FF53DD4969973


Ho scaricato MBR e appena ho 1 attimo (dopo le 2) lo lancio.
questo è l'unico passaggio che mi è 1 po' difficile da capire. (scusa l'ignoranza):
portati in C:\ copia / incolla il file di testo con all'interno i valori del MBR
grazie ancora
fofo69
Utente Junior
 
Post: 26
Iscritto il: 23/07/10 10:57

Sponsor
 

Re: aiuto: finestre strane

Postdi fofo69 » 04/08/10 13:29

questi i valori all'interno del file di testo:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
fofo69
Utente Junior
 
Post: 26
Iscritto il: 23/07/10 10:57

Re: aiuto: finestre strane

Postdi Luke57 » 04/08/10 14:30

Ciao, pare Ok, adesso dai una passata con CCleaner e una con malwarebytes dopo averli aggiornati.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto: finestre strane

Postdi fofo69 » 04/08/10 14:47

grazie di cuore Luke, riverside e macgee.
Siete dei grandi.
Stefano.
fofo69
Utente Junior
 
Post: 26
Iscritto il: 23/07/10 10:57

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "aiuto: finestre strane":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 37 ospiti