Sempre da remoto sto sistemando il PC di una amica.
Aprendo Gmer vedo la dicitura >>>>
La seconda mi preoccupa.
Info lettura Gmer
Regole del forum
-
magopenguin
- Livello: Disco fisso (9/15)
- Messaggi: 690
- Iscritto il: dom ott 27, 2013 2:57 pm
Info lettura Gmer
Sempre da remoto sto sistemando il PC di una amica.
Aprendo Gmer vedo la dicitura >>>>
La seconda mi preoccupa.
Re: Info lettura Gmer
-
magopenguin
- Livello: Disco fisso (9/15)
- Messaggi: 690
- Iscritto il: dom ott 27, 2013 2:57 pm
-
Uomo Senza Sonno
- Livello: Workstation (10/15)
- Messaggi: 1458
- Iscritto il: mer mag 01, 2013 4:05 pm
- Località: Sorgono (NU) - Alghero (SS)
Re: Info lettura Gmer
Nota a margine, se vedi che il sistama non si avvia correttamente dopo l'utilizzo di TDSSKiller, effettua un fixboot e fixmbr dalla console di ripristino di windows xp.
Se poi ci sono rimasugli, andremo a toglierli bene con una procedura mirata.
-
magopenguin
- Livello: Disco fisso (9/15)
- Messaggi: 690
- Iscritto il: dom ott 27, 2013 2:57 pm
Re: Info lettura Gmer
Come avevo già indicato ,ha trovato e rimosso SinowalUomo Senza Sonno ha scritto:Prova ad utilizzare TDSSKiller
Sono con da remoto..un po complicato. Comunque dice che è normale,che è a posto.e dopo fai fare una scansione con lo Stealth Rootkit Detector semplicemente con un doppio click sull'eseguibile. Apparirà un log nella cartella dove è presente l'eseguibile (se il file è in C:\, il log sarà lì, se il file è nel desktop apparirà nel desktop e via dicendo), postalo.
Non posso. Sempre per il motivo di cui sopra.Nota a margine, se vedi che il sistama non si avvia correttamente dopo l'utilizzo di TDSSKiller, effettua un fixboot e fixmbr dalla console di ripristino di windows xp.
Se poi ci sono rimasugli, andremo a toglierli bene con una procedura mirata.
Sei gentilissimo. Lei adesso deve andare,ma voglio farti una domanda.
Visto che tra qualche giorno vado da lei: il Format C implica che mi rimangono i bacarozzi (quei,bacarozzi) a bordo,o una volta formattato siamo a posto?
Vado.. Domani ci si sente
-
Uomo Senza Sonno
- Livello: Workstation (10/15)
- Messaggi: 1458
- Iscritto il: mer mag 01, 2013 4:05 pm
- Località: Sorgono (NU) - Alghero (SS)
Re: Info lettura Gmer
E visto che avrai la possibilità di controllarlo di persona, tieni ben presente che anche formattando non risolvi il problema, eventuale codice rootkit rimarrà annidato all'esterno della partizione pronto ad infettare nuovamente.
-
magopenguin
- Livello: Disco fisso (9/15)
- Messaggi: 690
- Iscritto il: dom ott 27, 2013 2:57 pm
Re: Info lettura Gmer
Il risultato dovrebbe essere: vado li con due dischi - XP,di cui possiedo una licenza che non uso (quindi posso utilizzarla per la mia amica)
Un disco di Seven (di cui ho sempre una licenza,che mi è stata regalata quando faccio le mie piccole assistenze)
..e ho visto che ha anche la partizione EISA (Recovery)
Insomma,vorrei che dopo la reinstallazione fosse tutto pulito e a posto.
Grazie ;
-
magopenguin
- Livello: Disco fisso (9/15)
- Messaggi: 690
- Iscritto il: dom ott 27, 2013 2:57 pm
Re: Info lettura Gmer
...poi al riavvio (proposto dal programma) mi e' comparso di nuovo TDSSKILLER da solo (probabilmente per una nuova verifica) ed il risultato e' che non ha trovato poi nulla.
Intanto allego il risultato di MBR.exe e lo screen di MBRCheck.
Codice: Seleziona tutto
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD16 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
-
magopenguin
- Livello: Disco fisso (9/15)
- Messaggi: 690
- Iscritto il: dom ott 27, 2013 2:57 pm
Re: Info lettura Gmer
Codice: Seleziona tutto
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 161):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xB9F05000 dmio.sys
0xBA328000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA670000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9E35000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E15000 fltMgr.sys
0xBA5AC000 DLACDBHM.SYS
0xB9DFE000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9DE7000 KSecDD.sys
0xB9D5A000 Ntfs.sys
0xB9D2D000 NDIS.sys
0xBA108000 PBADRV.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D13000 Mup.sys
0xB9CEA000 aswVmm.sys
0xBA138000 aswRvrt.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB7E1C000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB7E08000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA3C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB7DE4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7DBC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7A45000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xB7A16000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB7A02000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB8A18000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB79D5000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xB8A08000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB7943000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA458000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB7697000 \SystemRoot\system32\DRIVERS\serial.sys
0xB95C8000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8988000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8470000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8460000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7674000 \SystemRoot\system32\DRIVERS\ks.sys
0xB95C0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB95BC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB8450000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB7566000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xBA73B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA612000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA488000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8420000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA580000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6F73000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8410000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8400000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA490000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6F62000 \SystemRoot\system32\DRIVERS\psched.sys
0xB83F0000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB6F32000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB83E0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA614000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6EAC000 \SystemRoot\system32\DRIVERS\update.sys
0xBA598000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB6E98000 \SystemRoot\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
0xA2894000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA2814000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5CC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9E034000 \SystemRoot\system32\drivers\sthda.sys
0x9E010000 \SystemRoot\system32\drivers\portcls.sys
0xA2804000 \SystemRoot\system32\drivers\drmk.sys
0x9DFF5000 \SystemRoot\system32\drivers\AESTAud.sys
0x9DFC1000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0x9DED0000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0x9DE1D000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0x9DDFD000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x97974000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA10B5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x974D5000 \SystemRoot\System32\Drivers\Null.SYS
0x987CF000 \SystemRoot\System32\Drivers\Beep.SYS
0x97850000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x9735C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x97354000 \SystemRoot\System32\drivers\vga.sys
0x987CD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0x987BF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x97334000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9732C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9795C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x96F27000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x96ECE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9799A000 \??\C:\WINDOWS\system32\drivers\aswTdi.sys
0x96EA8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x96E80000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9798A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x98B67000 \??\C:\WINDOWS\system32\drivers\aswRdr.sys
0x96E5E000 \SystemRoot\System32\drivers\afd.sys
0x98B77000 \SystemRoot\system32\DRIVERS\arp1394.sys
0x98B47000 \SystemRoot\system32\DRIVERS\netbios.sys
0x96E33000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x96DC3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x98B57000 \SystemRoot\System32\Drivers\Fips.SYS
0x96D63000 \??\C:\WINDOWS\system32\drivers\aswSP.sys
0x96CA3000 \??\C:\WINDOWS\system32\drivers\aswSnx.sys
0x973EA000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x96BD3000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9CBE000 \SystemRoot\System32\drivers\Dxapi.sys
0xA048B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA797000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF280000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x96B6A000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0x96B43000 \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
0xA5868000 \??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
0x9743A000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA7AF000 \SystemRoot\System32\Drivers\DLADResM.SYS
0x96B2A000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xA5860000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0x9F467000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0xA5858000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xA5850000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0x96B14000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0x96AFD000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0xB9C7D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9C71000 \SystemRoot\system32\DRIVERS\s24trans.sys
0x969F8000 \SystemRoot\system32\drivers\wdmaud.sys
0x979BA000 \SystemRoot\system32\drivers\sysaudio.sys
0x968DD000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA62C000 \??\C:\Programmi\Broadcom\MgmtAgent\BASFND.sys
0x96509000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x96356000 \SystemRoot\system32\DRIVERS\srv.sys
0x952E9000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA3F0000 \SystemRoot\System32\Drivers\TDTCP.SYS
0x952C6000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x9708B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95169000 \SystemRoot\system32\DRIVERS\qcusbser.sys
0x9734C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x96A95000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x94D30000 \SystemRoot\system32\drivers\kmixer.sys
0xBA350000 \??\C:\DOCUME~1\angfio\IMPOST~1\Temp\mbr.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 53):
0 System Idle Process
4 System
876 C:\WINDOWS\system32\smss.exe
948 C:\WINDOWS\system32\csrss.exe
976 C:\WINDOWS\system32\winlogon.exe
1020 C:\WINDOWS\system32\services.exe
1032 C:\WINDOWS\system32\lsass.exe
1240 C:\Programmi\Fingerprint Sensor\AtService.exe
1260 C:\WINDOWS\system32\svchost.exe
1328 C:\WINDOWS\system32\svchost.exe
1368 C:\WINDOWS\system32\svchost.exe
1420 C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
1536 C:\WINDOWS\system32\svchost.exe
1580 C:\WINDOWS\system32\svchost.exe
1812 C:\Programmi\AVAST Software\Avast\AvastSvc.exe
1968 C:\WINDOWS\system32\spoolsv.exe
2004 C:\drivers\audio\R190031\stacsv.exe
496 C:\WINDOWS\explorer.exe
696 C:\WINDOWS\system32\svchost.exe
148 C:\Programmi\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
1520 C:\WINDOWS\system32\wbem\wmiprvse.exe
2176 C:\Programmi\Altiris\AClient\ACLIENT.EXE
2196 C:\Programmi\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
2220 C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2232 C:\Programmi\Dell\Dell ControlPoint\DCPButtonSvc.exe
2328 C:\Programmi\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
2412 C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
2444 C:\Programmi\Intel\WiFi\bin\EvtEng.exe
2576 C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2608 C:\Programmi\Java\jre6\bin\jqs.exe
2748 C:\Programmi\lotus\notes\ntmulti.exe
2808 C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
3264 C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
3316 C:\WINDOWS\system32\svchost.exe
3344 C:\Programmi\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
3588 C:\Programmi\TeamViewer\Version8\TeamViewer_Service.exe
3644 C:\Programmi\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
3676 C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
3688 C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
3776 C:\Programmi\File comuni\Java\Java Update\jusched.exe
3808 C:\Programmi\AVAST Software\Avast\AvastUI.exe
3864 C:\Programmi\Intel\WiFi\bin\WLKEEPER.exe
3916 C:\WINDOWS\system32\ctfmon.exe
2504 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2684 C:\WINDOWS\system32\alg.exe
620 C:\Programmi\HSPA USB MODEM\HSPA USB MODEM.exe
3208 C:\WINDOWS\system32\wuauclt.exe
920 C:\Programmi\TeamViewer\Version8\TeamViewer.exe
2552 C:\Programmi\TeamViewer\Version8\tv_w32.exe
2208 C:\Programmi\TeamViewer\Version8\TeamViewer_Desktop.exe
4580 C:\Programmi\Mozilla Firefox\firefox.exe
5804 C:\Documents and Settings\angfio\Impostazioni locali\Dati applicazioni\Learnpulse\Screenpresso\Screenpresso.exe
3196 C:\Documents and Settings\angfio\Documenti\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`075a9e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`9605d000 (NTFS)
PhysicalDrive0 Model Number: WDCWD1600BJKT-75F4T0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 83E058FFA5EA65E1EA7466377B7F51B9D31D9379
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: -
magopenguin
- Livello: Disco fisso (9/15)
- Messaggi: 690
- Iscritto il: dom ott 27, 2013 2:57 pm
Re: Info lettura Gmer
ComboFix 13-11-23.02 - angfio 26/11/2013 16.01.58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2003.1310 [GMT 1:00]
Eseguito da: c:\documents and settings\angfio\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Creati Da 2013-10-26 al 2013-11-26 )))))))))))))))))))))))))))))))))))
.
.
2013-11-26 14:38 . 2013-11-26 15:01 -------- d-----w- c:\windows\system32\CatRoot2
2013-11-26 13:46 . 2013-11-26 13:46 -------- d-----w- c:\documents and settings\angfio\Impostazioni locali\Dati applicazioni\Learnpulse
2013-11-26 13:46 . 2013-11-26 13:46 -------- d-----w- c:\documents and settings\angfio\Dati applicazioni\Learnpulse
2013-11-26 00:22 . 2012-06-02 14:19 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-11-26 00:19 . 2013-11-26 00:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Auslogics
2013-11-26 00:19 . 2013-11-26 00:19 -------- d-----w- c:\programmi\Auslogics
2013-11-25 23:41 . 2013-11-25 23:41 -------- d-----w- C:\TDSSKiller_Quarantine
2013-11-25 23:21 . 2013-11-25 23:22 -------- d-----w- C:\AdwCleaner
2013-11-25 22:59 . 2013-11-25 22:59 -------- d-----w- c:\programmi\CCleaner
2013-11-25 21:20 . 2013-11-25 21:20 -------- d-----w- c:\documents and settings\angfio\Dati applicazioni\Malwarebytes
2013-11-25 21:19 . 2013-11-25 21:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2013-11-25 21:19 . 2013-11-25 21:20 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2013-11-25 21:19 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-25 21:08 . 2013-11-25 21:08 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-11-25 21:00 . 2013-11-25 21:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitmanPro
2013-11-21 14:37 . 2013-11-21 14:37 -------- d-----w- c:\programmi\TeamViewer
2013-11-17 12:37 . 2013-11-17 12:37 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-11-05 03:41 . 2013-11-05 03:41 -------- d-----w- c:\documents and settings\angfio\Dati applicazioni\AVAST Software
2013-11-05 03:40 . 2013-11-26 00:01 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-05 03:40 . 2013-11-05 03:40 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-05 03:40 . 2013-11-26 00:01 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-05 03:40 . 2013-11-26 00:01 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-05 03:40 . 2013-11-11 15:03 403440 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-11-05 03:40 . 2013-11-05 03:40 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-05 03:40 . 2013-11-26 00:01 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-11-05 03:40 . 2013-11-26 00:01 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-05 03:40 . 2013-11-26 00:01 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-05 03:40 . 2013-11-26 00:01 43152 ----a-w- c:\windows\avastSS.scr
2013-11-05 03:40 . 2013-11-05 03:40 -------- d-----w- c:\programmi\AVAST Software
2013-11-05 03:39 . 2013-11-05 03:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVAST Software
2013-10-30 15:34 . 2013-10-30 15:34 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\McAfee
2013-10-30 15:16 . 2013-10-30 15:16 -------- d-----w- c:\programmi\Amazon
2013-10-29 05:35 . 2013-10-29 05:35 -------- d-----w- c:\windows\Sun
2013-10-28 15:26 . 2013-10-28 15:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2013-10-28 15:01 . 2013-11-26 14:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-28 15:01 . 2013-11-26 14:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-25 21:09 . 2010-09-13 10:05 0 ----a-w- c:\documents and settings\angfio\Impostazioni locali\Dati applicazioni\WavXMapDrive.bat
2013-09-12 14:29 . 2013-09-12 14:29 82432 ----a-w- c:\documents and settings\angfio\Dati applicazioni\Microsoft\MSXML2\msxml4r.dll
2013-09-12 14:29 . 2013-09-12 14:29 44544 ----a-w- c:\documents and settings\angfio\Dati applicazioni\Microsoft\MSXML2\msxml4a.dll
2013-09-12 14:29 . 2013-09-12 14:29 1275392 ----a-w- c:\documents and settings\angfio\Dati applicazioni\Microsoft\MSXML2\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-26 00:01 321752 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{022F2F51-CDDA-4873-8A29-72C66C808A3F}"
[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]
2009-11-06 23:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{661963C1-99A1-44e7-A671-1CF3768AE9D4}"
[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]
2009-11-06 23:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellConnectionManager"="c:\programmi\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-09-09 1486848]
"MobileBroadband"="c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AvastUI.exe"="c:\programmi\AVAST Software\Avast\AvastUI.exe" [2013-11-26 3568312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121]
2013-11-23 17:26 180184 ----a-w- c:\programmi\AVAST Software\Avast\setup\emupdate\6b81384a-a89d-47ac-93f1-84aedc2ec81a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]
2010-06-15 10:20 184320 ----a-w- c:\programmi\Altiris\AClient\AClntUsr.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2008-06-30 21:18 466944 ----a-w- c:\windows\system32\AESTFltr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-06-30 21:59 196608 ----a-w- c:\programmi\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2013-11-26 00:01 3568312 ----a-w- c:\programmi\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2008-11-04 11:09 615696 ----a-w- c:\programmi\File comuni\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
2008-05-30 09:37 180224 ----a-w- c:\programmi\Wave Systems Corp\Common\ChangeTPMAuth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DCPstrApp]
2008-08-04 17:21 6656 ----a-w- c:\programmi\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]
2008-05-30 03:29 593920 ----a-w- c:\programmi\Dell\Dell ControlPoint\Dell.ControlPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2008-06-24 07:16 79160 ----a-w- c:\programmi\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-09-17 04:02 178712 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-06-15 06:12 178712 ----a-w- c:\programmi\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-09-17 04:02 150040 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2008-07-10 20:13 1191936 ----a-w- c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2008-07-10 20:30 1351680 ----a-w- c:\programmi\Intel\WiFi\bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 09:50 205480 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 14:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-09-17 04:02 150040 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-09-19 09:37 236016 ----a-w- c:\programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2008-06-24 07:16 243000 ----a-w- c:\programmi\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2013-10-28 15:02 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-06-30 21:18 442467 ----a-w- c:\programmi\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2008-05-14 17:42 105472 ----a-w- c:\programmi\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Altiris\\AClient\\AClntUsr.EXE"=
"c:\\Programmi\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [05/11/2013 4.40.33 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [05/11/2013 4.40.34 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/11/2013 4.40.33 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [05/11/2013 4.40.33 403440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/11/2013 4.40.32 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [05/11/2013 4.40.33 70384]
R2 ATService;AuthenTec Fingerprint Service;c:\programmi\Fingerprint Sensor\AtService.exe [11/06/2008 12.39.22 1664248]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\programmi\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -service --> c:\programmi\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -service [?]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\programmi\Dell\Dell ControlPoint\DCPButtonSvc.exe [03/06/2008 16.28.50 386328]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\programmi\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [18/08/2008 11.39.28 455960]
R2 SMManager;Smith Micro Connection Manager Service;c:\programmi\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [09/09/2008 15.21.16 69632]
R2 TeamViewer8;TeamViewer 8;c:\programmi\TeamViewer\Version8\TeamViewer_Service.exe [21/11/2013 15.37.26 5087584]
R2 VmbService;Servizio Vodafone Mobile Broadband;c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [08/09/2010 16.44.16 8704]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [27/11/2008 19.47.20 108160]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [27/11/2008 19.48.10 110080]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [24/10/2013 16.38.16 103552]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01/09/2010 14.33.12 80000]
S2 DeviceManager;DeviceManager;c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start --> c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start [?]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [25/11/2013 22.08.31 30976]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [01/09/2010 14.33.10 85888]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [01/09/2010 14.33.12 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [01/09/2010 14.33.12 9728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-16 23:14 1210320 ----a-w- c:\programmi\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-28 14:35]
.
2013-11-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-05 00:01]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2013-10-28 15:01]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2013-10-28 15:01]
.
2013-11-26 c:\windows\Tasks\User_Feed_Synchronization-{05BF09C1-E511-4E95-BE37-823557EFF661}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.it/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\angfio\Dati applicazioni\Mozilla\Firefox\Profiles\6l2efg8a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
SafeBoot-67901904.sys
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-Bubble Dock - c:\documents and settings\angfio\Dati applicazioni\Nosibay\Bubble Dock\LBubble Dock.exe
MSConfigStartUp-fst_it_6 - c:\programmi\fst_it_6\fst_it_6.exe
MSConfigStartUp-fst_it_9 - c:\programmi\fst_it_9\fst_it_9.exe
MSConfigStartUp-upfst_it_6 - c:\documents and settings\angfio\Impostazioni locali\Dati applicazioni\fst_it_6\upfst_it_6.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-26 16:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Ora fine scansione: 2013-11-26 16:08:19
ComboFix-quarantined-files.txt 2013-11-26 15:08
.
Pre-Run: 64.721.330.176 byte disponibili
Post-Run: 64.868.560.896 byte disponibili
.
- - End Of File - - 4EB4549933A7BFA5292B41680EBC7053
C9BF916068238D16F510107A5AD6B482
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2003.1310 [GMT 1:00]
Eseguito da: c:\documents and settings\angfio\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Creati Da 2013-10-26 al 2013-11-26 )))))))))))))))))))))))))))))))))))
.
.
2013-11-26 14:38 . 2013-11-26 15:01 -------- d-----w- c:\windows\system32\CatRoot2
2013-11-26 13:46 . 2013-11-26 13:46 -------- d-----w- c:\documents and settings\angfio\Impostazioni locali\Dati applicazioni\Learnpulse
2013-11-26 13:46 . 2013-11-26 13:46 -------- d-----w- c:\documents and settings\angfio\Dati applicazioni\Learnpulse
2013-11-26 00:22 . 2012-06-02 14:19 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-11-26 00:19 . 2013-11-26 00:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Auslogics
2013-11-26 00:19 . 2013-11-26 00:19 -------- d-----w- c:\programmi\Auslogics
2013-11-25 23:41 . 2013-11-25 23:41 -------- d-----w- C:\TDSSKiller_Quarantine
2013-11-25 23:21 . 2013-11-25 23:22 -------- d-----w- C:\AdwCleaner
2013-11-25 22:59 . 2013-11-25 22:59 -------- d-----w- c:\programmi\CCleaner
2013-11-25 21:20 . 2013-11-25 21:20 -------- d-----w- c:\documents and settings\angfio\Dati applicazioni\Malwarebytes
2013-11-25 21:19 . 2013-11-25 21:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2013-11-25 21:19 . 2013-11-25 21:20 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2013-11-25 21:19 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-25 21:08 . 2013-11-25 21:08 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-11-25 21:00 . 2013-11-25 21:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitmanPro
2013-11-21 14:37 . 2013-11-21 14:37 -------- d-----w- c:\programmi\TeamViewer
2013-11-17 12:37 . 2013-11-17 12:37 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-11-05 03:41 . 2013-11-05 03:41 -------- d-----w- c:\documents and settings\angfio\Dati applicazioni\AVAST Software
2013-11-05 03:40 . 2013-11-26 00:01 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-05 03:40 . 2013-11-05 03:40 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-05 03:40 . 2013-11-26 00:01 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-05 03:40 . 2013-11-26 00:01 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-05 03:40 . 2013-11-11 15:03 403440 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-11-05 03:40 . 2013-11-05 03:40 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-05 03:40 . 2013-11-26 00:01 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-11-05 03:40 . 2013-11-26 00:01 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-05 03:40 . 2013-11-26 00:01 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-05 03:40 . 2013-11-26 00:01 43152 ----a-w- c:\windows\avastSS.scr
2013-11-05 03:40 . 2013-11-05 03:40 -------- d-----w- c:\programmi\AVAST Software
2013-11-05 03:39 . 2013-11-05 03:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVAST Software
2013-10-30 15:34 . 2013-10-30 15:34 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\McAfee
2013-10-30 15:16 . 2013-10-30 15:16 -------- d-----w- c:\programmi\Amazon
2013-10-29 05:35 . 2013-10-29 05:35 -------- d-----w- c:\windows\Sun
2013-10-28 15:26 . 2013-10-28 15:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2013-10-28 15:01 . 2013-11-26 14:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-28 15:01 . 2013-11-26 14:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-25 21:09 . 2010-09-13 10:05 0 ----a-w- c:\documents and settings\angfio\Impostazioni locali\Dati applicazioni\WavXMapDrive.bat
2013-09-12 14:29 . 2013-09-12 14:29 82432 ----a-w- c:\documents and settings\angfio\Dati applicazioni\Microsoft\MSXML2\msxml4r.dll
2013-09-12 14:29 . 2013-09-12 14:29 44544 ----a-w- c:\documents and settings\angfio\Dati applicazioni\Microsoft\MSXML2\msxml4a.dll
2013-09-12 14:29 . 2013-09-12 14:29 1275392 ----a-w- c:\documents and settings\angfio\Dati applicazioni\Microsoft\MSXML2\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-26 00:01 321752 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{022F2F51-CDDA-4873-8A29-72C66C808A3F}"
[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]
2009-11-06 23:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{661963C1-99A1-44e7-A671-1CF3768AE9D4}"
[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]
2009-11-06 23:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellConnectionManager"="c:\programmi\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-09-09 1486848]
"MobileBroadband"="c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AvastUI.exe"="c:\programmi\AVAST Software\Avast\AvastUI.exe" [2013-11-26 3568312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121]
2013-11-23 17:26 180184 ----a-w- c:\programmi\AVAST Software\Avast\setup\emupdate\6b81384a-a89d-47ac-93f1-84aedc2ec81a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]
2010-06-15 10:20 184320 ----a-w- c:\programmi\Altiris\AClient\AClntUsr.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2008-06-30 21:18 466944 ----a-w- c:\windows\system32\AESTFltr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-06-30 21:59 196608 ----a-w- c:\programmi\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2013-11-26 00:01 3568312 ----a-w- c:\programmi\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2008-11-04 11:09 615696 ----a-w- c:\programmi\File comuni\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
2008-05-30 09:37 180224 ----a-w- c:\programmi\Wave Systems Corp\Common\ChangeTPMAuth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DCPstrApp]
2008-08-04 17:21 6656 ----a-w- c:\programmi\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]
2008-05-30 03:29 593920 ----a-w- c:\programmi\Dell\Dell ControlPoint\Dell.ControlPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2008-06-24 07:16 79160 ----a-w- c:\programmi\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-09-17 04:02 178712 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-06-15 06:12 178712 ----a-w- c:\programmi\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-09-17 04:02 150040 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2008-07-10 20:13 1191936 ----a-w- c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2008-07-10 20:30 1351680 ----a-w- c:\programmi\Intel\WiFi\bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 09:50 205480 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 14:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-09-17 04:02 150040 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-09-19 09:37 236016 ----a-w- c:\programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2008-06-24 07:16 243000 ----a-w- c:\programmi\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2013-10-28 15:02 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-06-30 21:18 442467 ----a-w- c:\programmi\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2008-05-14 17:42 105472 ----a-w- c:\programmi\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Altiris\\AClient\\AClntUsr.EXE"=
"c:\\Programmi\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [05/11/2013 4.40.33 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [05/11/2013 4.40.34 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/11/2013 4.40.33 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [05/11/2013 4.40.33 403440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/11/2013 4.40.32 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [05/11/2013 4.40.33 70384]
R2 ATService;AuthenTec Fingerprint Service;c:\programmi\Fingerprint Sensor\AtService.exe [11/06/2008 12.39.22 1664248]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\programmi\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -service --> c:\programmi\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -service [?]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\programmi\Dell\Dell ControlPoint\DCPButtonSvc.exe [03/06/2008 16.28.50 386328]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\programmi\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [18/08/2008 11.39.28 455960]
R2 SMManager;Smith Micro Connection Manager Service;c:\programmi\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [09/09/2008 15.21.16 69632]
R2 TeamViewer8;TeamViewer 8;c:\programmi\TeamViewer\Version8\TeamViewer_Service.exe [21/11/2013 15.37.26 5087584]
R2 VmbService;Servizio Vodafone Mobile Broadband;c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [08/09/2010 16.44.16 8704]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [27/11/2008 19.47.20 108160]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [27/11/2008 19.48.10 110080]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [24/10/2013 16.38.16 103552]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01/09/2010 14.33.12 80000]
S2 DeviceManager;DeviceManager;c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start --> c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start [?]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [25/11/2013 22.08.31 30976]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [01/09/2010 14.33.10 85888]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [01/09/2010 14.33.12 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [01/09/2010 14.33.12 9728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-16 23:14 1210320 ----a-w- c:\programmi\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-28 14:35]
.
2013-11-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-05 00:01]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2013-10-28 15:01]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2013-10-28 15:01]
.
2013-11-26 c:\windows\Tasks\User_Feed_Synchronization-{05BF09C1-E511-4E95-BE37-823557EFF661}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.it/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\angfio\Dati applicazioni\Mozilla\Firefox\Profiles\6l2efg8a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
SafeBoot-67901904.sys
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-Bubble Dock - c:\documents and settings\angfio\Dati applicazioni\Nosibay\Bubble Dock\LBubble Dock.exe
MSConfigStartUp-fst_it_6 - c:\programmi\fst_it_6\fst_it_6.exe
MSConfigStartUp-fst_it_9 - c:\programmi\fst_it_9\fst_it_9.exe
MSConfigStartUp-upfst_it_6 - c:\documents and settings\angfio\Impostazioni locali\Dati applicazioni\fst_it_6\upfst_it_6.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-26 16:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Ora fine scansione: 2013-11-26 16:08:19
ComboFix-quarantined-files.txt 2013-11-26 15:08
.
Pre-Run: 64.721.330.176 byte disponibili
Post-Run: 64.868.560.896 byte disponibili
.
- - End Of File - - 4EB4549933A7BFA5292B41680EBC7053
C9BF916068238D16F510107A5AD6B482
-
Uomo Senza Sonno
- Livello: Workstation (10/15)
- Messaggi: 1458
- Iscritto il: mer mag 01, 2013 4:05 pm
- Località: Sorgono (NU) - Alghero (SS)
Re: Info lettura Gmer
-
magopenguin
- Livello: Disco fisso (9/15)
- Messaggi: 690
- Iscritto il: dom ott 27, 2013 2:57 pm
Re: Info lettura Gmer
Io sono da una parte,e il PC ('padroncina' compresa :-> ) da un altra..
Lo farò ..poi...... e successivamente installerò da capo il Sistema .
Grazie..
-
Uomo Senza Sonno
- Livello: Workstation (10/15)
- Messaggi: 1458
- Iscritto il: mer mag 01, 2013 4:05 pm
- Località: Sorgono (NU) - Alghero (SS)
Re: Info lettura Gmer
Poichè sei da remoto, prova ad utilizzare lo strumento e la guida presente in questo link, dovrebbe andare senza problemi.magopenguin ha scritto:..e come faccio?
-
magopenguin
- Livello: Disco fisso (9/15)
- Messaggi: 690
- Iscritto il: dom ott 27, 2013 2:57 pm
Re: Info lettura Gmer
PS. Io credo che è tutto pulito adesso.
In ogni caso,e appena (dico appena) dopo il format,mi assicurerò che l'mbr è pulito e ve ne è uno solo (intendo,nessuna copia da nessun altra parte)
...e altrimenti, a Natale ci sentiremo di nuovo su questo stesso 3D
(Io spero invece di sentirci solo per darci gli auguri :-> )
Re: R: Info lettura Gmer
-
magopenguin
- Livello: Disco fisso (9/15)
- Messaggi: 690
- Iscritto il: dom ott 27, 2013 2:57 pm
Re: R: Info lettura Gmer
-
magopenguin
- Livello: Disco fisso (9/15)
- Messaggi: 690
- Iscritto il: dom ott 27, 2013 2:57 pm
Re: Info lettura Gmer
[mica le ferie natalizie le voglio passare su quel PC
] -
Uomo Senza Sonno
- Livello: Workstation (10/15)
- Messaggi: 1458
- Iscritto il: mer mag 01, 2013 4:05 pm
- Località: Sorgono (NU) - Alghero (SS)
Re: Info lettura Gmer
Ti posso dire con certezza se conviene o meno farlo, ma dovrei controllare sia il settore 0, che gli estremi di partizione con HxD. Se lo installi nel pc che controlli da remoto e mi posti le immagini dei settori posso fare un'analisi accurata e dirti nel caso cosa fare.magopenguin ha scritto: Dici che vale la pena eseguire tutto questo ambaradan?
Re: Info lettura Gmer
Non posso che quotare.Uomo Senza Sonno ha scritto:Ti posso dire con certezza se conviene o meno farlo, ma dovrei controllare sia il settore 0, che gli estremi di partizione con HxD. Se lo installi nel pc che controlli da remoto e mi posti le immagini dei settori posso fare un'analisi accurata e dirti nel caso cosa fare.
-
- Argomenti simili
- Risposte
- Visite
- Ultimo messaggio
-
- 0 Risposte
- 577 Visite
-
Ultimo messaggio da crazy.cat
-
- 8 Risposte
- 1272 Visite
-
Ultimo messaggio da Matilda12
-
- 4 Risposte
- 2177 Visite
-
Ultimo messaggio da sondlive07
-
- 12 Risposte
- 3440 Visite
-
Ultimo messaggio da cippico
-
- 2 Risposte
- 827 Visite
-
Ultimo messaggio da sexirutto
