dopo aver collegato un hard disk esterno al mio asus s101 ho riscontrato un po di problemi:

-non riusciva a riavviarsi
-lentezza
-aprivo le cartelle, in anteprima, e vedevo solo il contorno nero, interno bianco e titolo sotto

questo ovviamente non lo fa sempre.

mbam http://wikisend.com/download/524120/mbam-log-2010-12-10%20(04-01-55).txt

a2scan http://wikisend.com/download/551806/a2scan_101210-131708.txt

hijack http://wikisend.com/download/870980/hijackthis.log

gmerGMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-10 19:40:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ASUS-JM_S41_SSD rev.02.10102
Running: gmer.exe; Driver: C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\kxtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAllocateVirtualMemory [0xA9E6EF60]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xA9E6EAF0]
SSDT F7BC4446 ZwCreateKey
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xA9E6EB40]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDebugActiveProcess [0xA9E6EF10]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xA9E6E810]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xA9E6E8D0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDuplicateObject [0xA9E6F180]
SSDT sptd.sys ZwEnumerateKey [0xF73B9C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF73B9F9A]
SSDT F7BC445A ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xF73B998E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xA9E6F490]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenSection [0xA9E6ECD0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xA9E6F320]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xA9E6EBE0]
SSDT sptd.sys ZwQueryKey [0xF73BA064]
SSDT sptd.sys ZwQueryValueKey [0xF73B9EFC]
SSDT F7BC4464 ZwReplaceKey
SSDT F7BC445F ZwRestoreKey
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xA9E6EAA0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xA9E6E9B0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSystemDebugControl [0xA9E6EE80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xA9E6F630]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xA9E6EC80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xA9E6F000]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C30 805044CC 4 Bytes JMP 189CA9E6
.text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 8050457C 4 Bytes CALL C9A4EF67
.text ntkrnlpa.exe!ZwCallbackReturn + 2CE8 80504584 4 Bytes CALL 129AEF6F
.text ntkrnlpa.exe!ZwCallbackReturn + 2F38 805047D4 4 Bytes JMP 5F96A9E6
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC0 8050485C 4 Bytes JMP 4144F247
? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
? C:\WINDOWS\System32\Drivers\SPTD7101.SYS Impossibile accedere al file. Il file è utilizzato da un altro processo.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73B5AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73B5C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73B5B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73B676C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73B6642] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73D8056] sptd.sys

---- Devices - GMER 1.0.15 ----

Device 865C70E8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 8629D620
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{AD1C735E-138F-47BC-A77D-151E9879176F} 863726C0

AttachedDevice \Driver\Tcpip \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)

Device \Driver\Ftdisk \Device\HarddiskVolume1 865C8940
Device \Driver\Ftdisk \Device\HarddiskVolume2 865C8940
Device \FileSystem\Rdbss \Device\FsWrap 8630E630
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F732FB40] atapi.sys[unknown section] {MOV EAX, 0x865c85a8; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73c9e12; RET }
Device \Driver\atapi \Device\Ide\IdePort0 [F732FB40] atapi.sys[unknown section] {MOV EAX, 0x865c85a8; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73c9e12; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [F732FB40] atapi.sys[unknown section] {MOV EAX, 0x865c85a8; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73c9e12; RET }
Device \Driver\USBSTOR \Device\00000074 86493518
Device \Driver\USBSTOR \Device\00000076 86493518
Device \Driver\NetBT \Device\NetBt_Wins_Export 863726C0
Device \Driver\NetBT \Device\NetbiosSmb 863726C0
Device \Driver\Disk \Device\Harddisk0\DR0 865C83D0
Device \Driver\Disk \Device\Harddisk1\DR3 865C83D0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 865C83D0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 862ECC38
Device \FileSystem\Npfs \Device\NamedPipe 863BF8B0
Device \Driver\Ftdisk \Device\FtControl 865C8940
Device \FileSystem\Msfs \Device\Mailslot 862AF5A0

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -1712133270
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1508707979
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1354767248
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDE 0x33 0x4F 0xFC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDE 0x33 0x4F 0xFC ...

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-10 19:40:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ASUS-JM_S41_SSD rev.02.10102
Running: gmer.exe; Driver: C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\kxtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAllocateVirtualMemory [0xA9E6EF60]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xA9E6EAF0]
SSDT F7BC4446 ZwCreateKey
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xA9E6EB40]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDebugActiveProcess [0xA9E6EF10]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xA9E6E810]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xA9E6E8D0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDuplicateObject [0xA9E6F180]
SSDT sptd.sys ZwEnumerateKey [0xF73B9C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF73B9F9A]
SSDT F7BC445A ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xF73B998E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xA9E6F490]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenSection [0xA9E6ECD0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xA9E6F320]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xA9E6EBE0]
SSDT sptd.sys ZwQueryKey [0xF73BA064]
SSDT sptd.sys ZwQueryValueKey [0xF73B9EFC]
SSDT F7BC4464 ZwReplaceKey
SSDT F7BC445F ZwRestoreKey
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xA9E6EAA0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xA9E6E9B0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSystemDebugControl [0xA9E6EE80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xA9E6F630]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xA9E6EC80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xA9E6F000]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C30 805044CC 4 Bytes JMP 189CA9E6
.text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 8050457C 4 Bytes CALL C9A4EF67
.text ntkrnlpa.exe!ZwCallbackReturn + 2CE8 80504584 4 Bytes CALL 129AEF6F
.text ntkrnlpa.exe!ZwCallbackReturn + 2F38 805047D4 4 Bytes JMP 5F96A9E6
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC0 8050485C 4 Bytes JMP 4144F247
? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
? C:\WINDOWS\System32\Drivers\SPTD7101.SYS Impossibile accedere al file. Il file è utilizzato da un altro processo.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73B5AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73B5C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73B5B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73B676C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73B6642] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73D8056] sptd.sys

---- Devices - GMER 1.0.15 ----

Device 865C70E8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 8629D620
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{AD1C735E-138F-47BC-A77D-151E9879176F} 863726C0

AttachedDevice \Driver\Tcpip \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)

Device \Driver\Ftdisk \Device\HarddiskVolume1 865C8940
Device \Driver\Ftdisk \Device\HarddiskVolume2 865C8940
Device \FileSystem\Rdbss \Device\FsWrap 8630E630
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F732FB40] atapi.sys[unknown section] {MOV EAX, 0x865c85a8; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73c9e12; RET }
Device \Driver\atapi \Device\Ide\IdePort0 [F732FB40] atapi.sys[unknown section] {MOV EAX, 0x865c85a8; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73c9e12; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [F732FB40] atapi.sys[unknown section] {MOV EAX, 0x865c85a8; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73c9e12; RET }
Device \Driver\USBSTOR \Device\00000074 86493518
Device \Driver\USBSTOR \Device\00000076 86493518
Device \Driver\NetBT \Device\NetBt_Wins_Export 863726C0
Device \Driver\NetBT \Device\NetbiosSmb 863726C0
Device \Driver\Disk \Device\Harddisk0\DR0 865C83D0
Device \Driver\Disk \Device\Harddisk1\DR3 865C83D0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 865C83D0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 862ECC38
Device \FileSystem\Npfs \Device\NamedPipe 863BF8B0
Device \Driver\Ftdisk \Device\FtControl 865C8940
Device \FileSystem\Msfs \Device\Mailslot 862AF5A0

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -1712133270
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1508707979
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1354767248
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDE 0x33 0x4F 0xFC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDE 0x33 0x4F 0xFC ...

---- EOF - GMER 1.0.1

sysinspector http://wikisend.com/download/511392/SysInspector-EEEMELO-101211-1719.xml

il log di dr web cure it l' ho cancellato :muro:

grazie a chi proverà ad aiutarmi

Manca qualche log, comunque da quelli che hai pubblicato non emerge nulla, aggiorna IE alla versione 8 :)

ecco gli altri 2

doctor web http://wikisend.com/download/931564/CureIt.log

prevx http://wikisend.com/download/946398/prevx.log

si dovrei aggiornare IE.. grazie

ecco gli altri 2

doctor web http://wikisend.com/download/931564/CureIt.log

prevx http://wikisend.com/download/946398/prevx.log

si dovrei aggiornare IE.. grazie

Il log di CureIt è un geroglifico :)

Il log di CureIt è un geroglifico :)
hai ragione cavolo! :D
riproviamo con questo http://wikisend.com/download/415644/CureIt.log

intanto ti ringrazio per la disponibilità e poi ti volevo chiedere un altra cosa; ho il mio pc fisso che mi da qualche problemino, ha delle buone componenti, malgrado sia un po vecchiotto. in particolare si pianta se faccio girare gmer e quando faccio una scansione con hijackthis mentre la sta facendo mi compare una finestra con scritto:
for some reason your system denied write access to the Hosts file. If any hijacked domain are in this file, hijackthis may not be able to fix this. if that happens, you need to edit the files yourself. to do this click run and type:

notepad C:\WINDOWS\ system32\drivers\etc\hosts

and press enter. find the lines hijackthis report and delete them. save the files as "hosts" (with quotes) and reboot.

faccio OK e poi apre un' altra finestra:

Error details: an unexpected error has occurred at procedure: modMain_fixUNIXHostsfile() Error #75 parth/file access error

e mi chiede di sottoscrivere, gli dico di si e mi manda nella pagina web ""trend secure" nel frattempo finisce la scansione.

Mi piace smanettare col computer, però di fronte a problemi del genere rimango inerme e sconcertato.

hai ragione cavolo! :D
riproviamo con questo http://wikisend.com/download/415644/CureIt.log

A posto


intanto ti ringrazio per la disponibilità e poi ti volevo chiedere un altra cosa; ho il mio pc fisso che mi da qualche problemino, ha delle buone componenti, malgrado sia un po vecchiotto. in particolare si pianta se faccio girare gmer e quando faccio una scansione con hijackthis mentre la sta facendo mi compare una finestra con scritto:
for some reason your system denied write access to the Hosts file. If any hijacked domain are in this file, hijackthis may not be able to fix this. if that happens, you need to edit the files yourself. to do this click run and type:

notepad C:\WINDOWS\ system32\drivers\etc\hosts

and press enter. find the lines hijackthis report and delete them. save the files as "hosts" (with quotes) and reboot.

faccio OK e poi apre un' altra finestra:

Error details: an unexpected error has occurred at procedure: modMain_fixUNIXHostsfile() Error #75 parth/file access error

e mi chiede di sottoscrivere, gli dico di si e mi manda nella pagina web ""trend secure" nel frattempo finisce la scansione.

Mi piace smanettare col computer, però di fronte a problemi del genere rimango inerme e sconcertato.

Per il controllo del log di HJT esiste un 3D dedicato http://www.hwupgrade.it/forum/forumdisplay.php?f=125 premurati di indicare SO in uso.