Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Can you help me? Virus...

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Can you help me? Virus...

Messaggioda Trinità » dom apr 11, 2010 8:51 pm

Ho un Pc Dove MSE ha trovato PEV.exe, lo ha eliminato più di una volta, ora sembra scomparso. Non contento ho usato Combofix, ecco 2 log fatti ad un po' di tempo l'uno dall'altro:

ComboFix 10-04-03.02 - Gaetano 05/04/2010 0.02.40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.245 [GMT 2:00]
Eseguito da: c:\documents and settings\Gaetano\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\AcAdProc.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\msssc.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-03-04 al 2010-04-04 )))))))))))))))))))))))))))))))))))
.

2010-04-03 19:57 . 2010-04-03 19:57 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-03 19:38 . 2010-04-03 19:38 -------- d-----w- c:\programmi\Sierra
2010-04-03 13:48 . 2010-04-03 13:48 -------- d-----r- C:\Sandbox
2010-04-03 13:44 . 2010-04-03 13:44 -------- d-----w- c:\programmi\Sandboxie
2010-04-03 10:58 . 2010-04-03 10:58 13688 ----a-w- c:\documents and settings\Gaetano 2\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-03 10:43 . 2010-04-03 10:43 -------- d-----w- C:\91b513fe23694857eadc
2010-04-03 10:42 . 2010-04-03 10:56 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-03 10:34 . 2010-04-03 10:34 -------- d-----w- c:\programmi\winMd5Sum
2010-04-03 09:46 . 2010-04-03 09:46 -------- d-----w- c:\programmi\MSBuild
2010-04-03 09:46 . 2010-04-03 10:44 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-03 09:46 . 2010-04-03 09:46 -------- d-----w- c:\programmi\Reference Assemblies
2010-04-03 09:46 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-03 09:45 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-02 11:35 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-01 18:13 . 2010-04-04 14:00 -------- d-----w- c:\documents and settings\Giusi e Marla\Tracing
2010-04-01 16:13 . 2010-03-06 09:28 1030144 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.2.9.exe
2010-04-01 16:13 . 2010-02-17 08:48 432640 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.2.9.scr
2010-04-01 16:13 . 2010-04-01 16:13 -------- d-----w- c:\programmi\MyDefrag v4.2.9
2010-04-01 16:06 . 2010-04-01 16:07 -------- d-----r- c:\documents and settings\Giusi e Marla\Preferiti
2010-04-01 16:06 . 2010-04-01 15:42 -------- d-----w- c:\documents and settings\Giusi e Marla\Impostazioni locali\Dati applicazioni\Adobe
2010-04-01 16:06 . 2010-04-01 12:14 -------- d--h--w- c:\documents and settings\Giusi e Marla\Risorse di stampa
2010-04-01 16:06 . 2010-04-01 12:14 -------- d--h--w- c:\documents and settings\Giusi e Marla\Risorse di rete
2010-04-01 16:06 . 2010-04-01 12:14 -------- d-----r- c:\documents and settings\Giusi e Marla\Menu Avvio
2010-04-01 16:06 . 2010-04-01 11:23 -------- d--h--w- c:\documents and settings\Giusi e Marla\Modelli
2010-04-01 16:06 . 2010-04-03 19:57 -------- d-----w- c:\documents and settings\Giusi e Marla
2010-04-01 15:50 . 2010-04-01 15:50 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\Malwarebytes
2010-04-01 15:47 . 2010-04-01 15:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo Downloader
2010-04-01 15:46 . 2010-04-01 15:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\COMODO
2010-04-01 15:45 . 2010-04-01 15:45 -------- d-----w- c:\programmi\COMODO
2010-04-01 15:42 . 2010-04-01 15:42 -------- d-----w- c:\documents and settings\Default User\Impostazioni locali\Dati applicazioni\Adobe
2010-04-01 15:40 . 2010-04-01 15:41 -------- d-----w- c:\programmi\File comuni\Adobe
2010-04-01 15:38 . 2010-04-02 20:07 -------- d-----w- c:\documents and settings\Gaetano\Impostazioni locali\Dati applicazioni\Adobe
2010-04-01 15:38 . 2010-04-01 15:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-04-01 15:37 . 2010-04-01 15:37 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-01 15:37 . 2010-04-01 15:37 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\skypePM
2010-04-01 15:36 . 2010-04-01 15:37 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\Skype
2010-04-01 15:36 . 2010-04-01 15:36 -------- d-----w- c:\programmi\File comuni\Skype
2010-04-01 15:35 . 2010-04-03 19:57 -------- d-----r- c:\programmi\Skype
2010-04-01 15:35 . 2010-04-01 15:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-04-01 15:33 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 15:33 . 2010-04-01 15:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-01 15:33 . 2010-04-01 15:33 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-01 15:33 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 15:32 . 2010-04-04 20:49 -------- d-----w- c:\documents and settings\Gaetano\Tracing
2010-04-01 15:31 . 2010-04-01 15:31 -------- d-----w- c:\programmi\Microsoft
2010-04-01 15:31 . 2010-04-01 15:31 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-04-01 15:30 . 2010-04-01 15:31 -------- d-----w- c:\programmi\Windows Live
2010-04-01 15:30 . 2010-04-01 15:30 5918720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\LocalCopy\{2E5E5D15-B046-3DC4-F28E-4D78BFD70AE4}-mbam-setup.exe
2010-04-01 15:28 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-01 15:23 . 2010-04-01 15:23 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-04-01 15:22 . 2010-04-01 15:22 -------- d-----w- c:\windows\system32\Adobe
2010-04-01 15:22 . 2010-04-01 15:22 -------- d-----w- c:\programmi\VS Revo Group
2010-04-01 15:20 . 2010-04-01 15:20 -------- d-----w- c:\programmi\Trend Micro
2010-04-01 15:18 . 2010-04-01 15:19 -------- d-----w- c:\programmi\Microsoft Security Essentials
2010-04-01 15:12 . 2010-04-01 15:12 -------- d-sh--w- c:\documents and settings\Gaetano\IECompatCache
2010-04-01 15:12 . 2010-04-01 15:12 -------- d-sh--w- c:\documents and settings\Gaetano\PrivacIE
2010-04-01 15:11 . 2010-04-01 15:11 -------- d-sh--w- c:\documents and settings\Gaetano\IETldCache
2010-04-01 14:56 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-01 14:55 . 2010-04-01 14:56 -------- dc-h--w- c:\windows\ie8
2010-04-01 14:46 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-01 13:46 . 2010-04-03 09:48 -------- d-----w- c:\windows\system32\it-it
2010-04-01 13:46 . 2010-04-01 13:46 -------- d-----w- c:\windows\l2schemas
2010-04-01 13:46 . 2010-04-01 13:46 -------- d-----w- c:\windows\system32\it
2010-04-01 13:46 . 2010-04-01 13:46 -------- d-----w- c:\windows\system32\bits
2010-04-01 13:44 . 2010-04-01 13:44 -------- d-----w- c:\windows\ServicePackFiles
2010-04-01 13:35 . 2004-08-19 13:23 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
2010-04-01 13:25 . 2010-04-01 13:25 -------- d-sh--w- c:\documents and settings\Gaetano\UserData
2010-04-01 13:22 . 2010-04-01 13:22 -------- d-----w- c:\programmi\7-Zip
2010-04-01 13:21 . 2010-04-01 13:21 -------- d-----w- c:\programmi\CCleaner
2010-04-01 13:15 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-01 13:15 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-01 13:15 . 2009-10-15 16:29 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-01 13:15 . 2009-10-15 16:29 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-01 13:14 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-01 13:13 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-04-01 13:13 . 2008-05-01 14:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-04-01 13:12 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-01 13:12 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-01 13:12 . 2008-04-21 21:14 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-01 13:12 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-01 13:11 . 2009-12-09 10:07 2192896 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-01 13:11 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-04-01 13:11 . 2009-06-25 08:25 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-04-01 13:11 . 2009-03-06 14:19 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-04-01 13:11 . 2009-02-09 11:22 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-04-01 13:11 . 2009-02-09 10:51 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-04-01 13:11 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-04-01 13:11 . 2009-02-09 10:51 736256 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-04-01 13:11 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-04-01 13:11 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-04-01 13:11 . 2009-12-09 10:07 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-01 13:11 . 2009-12-09 10:07 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-01 13:10 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-01 13:10 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-01 13:10 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-01 13:10 . 2010-04-01 13:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\muvee Technologies
2010-04-01 13:05 . 2009-07-31 04:32 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-04-01 13:05 . 2010-04-01 13:07 -------- d-----w- c:\windows\nview
2010-04-01 13:05 . 2006-08-11 13:42 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-01 13:05 . 2006-08-11 17:58 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-01 13:04 . 2002-07-27 16:01 5306 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2010-04-01 13:04 . 2010-04-01 13:04 -------- d-----w- c:\programmi\Vtune
2010-04-01 13:02 . 2010-04-01 13:02 0 ----a-w- c:\windows\nsreg.dat
2010-04-01 13:02 . 2010-04-01 13:02 -------- d-----w- c:\documents and settings\Gaetano\Impostazioni locali\Dati applicazioni\Mozilla
2010-04-01 13:02 . 2009-01-07 16:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-01 13:02 . 2010-04-01 22:14 -------- d--h--w- c:\windows\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 14:00 . 2010-04-01 16:07 13688 ----a-w- c:\documents and settings\Giusi e Marla\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-03 19:38 . 2010-04-01 12:48 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-03 12:29 . 2004-08-19 12:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-04-03 12:29 . 2004-08-19 12:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-04-03 12:03 . 2010-04-01 12:35 13688 ----a-w- c:\documents and settings\Gaetano\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-01 13:48 . 2010-04-01 11:26 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-01 13:05 . 2010-04-01 12:46 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-04-01 12:55 . 2010-04-01 12:55 -------- d-----w- c:\programmi\Marvell
2010-04-01 12:50 . 2010-04-01 12:50 -------- d-----w- c:\programmi\Analog Devices
2010-04-01 12:48 . 2010-04-01 12:48 -------- d-----w- c:\programmi\VIA
2010-04-01 11:27 . 2010-04-01 11:27 -------- d-----w- c:\programmi\microsoft frontpage
2010-04-01 11:25 . 2010-04-01 11:25 -------- d-----w- c:\programmi\Servizi in linea
2010-04-01 11:23 . 2010-04-01 11:23 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-23 16:40 . 2010-03-23 16:40 224808 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-03-03 15:54 . 2010-03-03 15:54 276648 ----a-w- c:\windows\system32\guard32.dll
2010-03-03 15:54 . 2010-03-03 15:54 86720 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-03-03 15:54 . 2010-03-03 15:54 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-03-03 15:54 . 2010-03-03 15:54 15376 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-02-26 05:41 . 2010-02-26 05:41 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 06:16 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Gainward"="c:\programmi\Vtune\TBPanel.exe" [2006-09-13 2154496]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"MSSE"="c:\programmi\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2010-03-23 1994640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [01/04/2010 14.48.44 77312]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [23/03/2010 18.40.00 224808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [03/03/2010 17.54.14 25160]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
FF - ProfilePath - c:\documents and settings\Gaetano\Dati applicazioni\Mozilla\Firefox\Profiles\4ljt2ezn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-05 01:00
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3904)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\COMODO\COMODO Internet Security\cmdagent.exe
c:\programmi\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Sandboxie\SbieSvc.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Ora fine scansione: 2010-04-05 01:02:24 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-04 23:02

Pre-Run: 111.489.454.080 byte disponibili
Post-Run: 111.778.779.136 byte disponibili

- - End Of File - - EDBF97C575449220F647A5BEC8889EFF



ComboFix 10-04-10.02 - Gaetano 11/04/2010 21.28.59.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.246 [GMT 2:00]
Eseguito da: c:\documents and settings\Gaetano\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-03-11 al 2010-04-11 )))))))))))))))))))))))))))))))))))
.

2010-04-11 15:43 . 2010-04-11 15:43 3911676 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\LocalCopy\{82D91576-50F1-51C6-42BC-961853A5F050}-ComboFix(3).exe
2010-04-11 15:43 . 2010-04-11 15:43 3911676 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\LocalCopy\{226C026A-95F9-7C2E-2F7F-424D819BD53B}-ComboFix.exe
2010-04-11 15:08 . 2010-04-11 15:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-10 22:30 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2010-04-10 14:19 . 2010-04-10 14:19 -------- d--h--w- c:\windows\PIF
2010-04-07 18:25 . 2010-04-07 18:25 -------- d-----w- c:\documents and settings\Gaetano\Impostazioni locali\Dati applicazioni\Help
2010-04-07 18:20 . 2010-04-07 18:20 -------- d-----w- c:\programmi\PowerQuest
2010-04-06 19:50 . 2010-04-06 19:50 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\Canneverbe Limited
2010-04-06 19:50 . 2010-04-06 19:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2010-04-06 19:49 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-04-06 19:49 . 2010-04-06 19:49 -------- d-----w- c:\programmi\CDBurnerXP
2010-04-06 13:26 . 2008-04-14 02:13 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-04-06 13:26 . 2008-04-14 02:13 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-04-06 13:22 . 2010-04-06 13:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-06 13:04 . 2010-04-06 13:04 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\Cyberlink
2010-04-06 12:41 . 2010-04-06 12:56 -------- d-----w- c:\programmi\CyberLink DVD Solution
2010-04-06 11:25 . 2010-04-06 11:25 -------- d-----w- c:\documents and settings\Gaetano\Impostazioni locali\Dati applicazioni\Identities
2010-04-05 18:42 . 2010-04-05 18:42 -------- d-----w- C:\ef3331d909b7b3be1344878688356ee1
2010-04-05 09:48 . 2010-04-05 09:51 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\JackSMS Desktop
2010-04-05 09:48 . 2010-04-05 09:48 -------- d-----w- c:\programmi\JackSMS Desktop
2010-04-03 19:38 . 2010-04-03 19:38 -------- d-----w- c:\programmi\Sierra
2010-04-03 13:48 . 2010-04-03 13:48 -------- d-----r- C:\Sandbox
2010-04-03 13:44 . 2010-04-03 13:44 -------- d-----w- c:\programmi\Sandboxie
2010-04-03 10:58 . 2010-04-03 10:58 13688 ----a-w- c:\documents and settings\Gaetano 2\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-03 10:43 . 2010-04-03 10:43 -------- d-----w- C:\91b513fe23694857eadc
2010-04-03 10:42 . 2010-04-03 10:56 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-03 10:34 . 2010-04-03 10:34 -------- d-----w- c:\programmi\winMd5Sum
2010-04-03 09:46 . 2010-04-03 09:46 -------- d-----w- c:\programmi\MSBuild
2010-04-03 09:46 . 2010-04-03 10:44 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-03 09:46 . 2010-04-03 09:46 -------- d-----w- c:\programmi\Reference Assemblies
2010-04-03 09:46 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-03 09:45 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-02 11:35 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-01 16:06 . 2010-04-01 16:08 -------- d-----r- c:\documents and settings\Giusi e Marla\Documenti
2010-04-01 16:06 . 2010-04-01 16:08 -------- d--h--r- c:\documents and settings\Giusi e Marla\Dati applicazioni
2010-04-01 16:06 . 2010-04-01 16:07 -------- d-----r- c:\documents and settings\Giusi e Marla\Preferiti
2010-04-01 16:06 . 2010-04-01 15:42 -------- d-----w- c:\documents and settings\Giusi e Marla\Impostazioni locali\Dati applicazioni\Adobe
2010-04-01 16:06 . 2010-04-01 12:14 -------- d--h--w- c:\documents and settings\Giusi e Marla\Risorse di stampa
2010-04-01 16:06 . 2010-04-01 12:14 -------- d--h--w- c:\documents and settings\Giusi e Marla\Risorse di rete
2010-04-01 16:06 . 2010-04-01 12:14 -------- d-----r- c:\documents and settings\Giusi e Marla\Menu Avvio
2010-04-01 16:06 . 2010-04-01 11:23 -------- d--h--w- c:\documents and settings\Giusi e Marla\Modelli
2010-04-01 16:06 . 2010-04-06 13:22 -------- d-----w- c:\documents and settings\Giusi e Marla
2010-04-01 15:50 . 2010-04-01 15:50 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\Malwarebytes
2010-04-01 15:47 . 2010-04-01 15:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo Downloader
2010-04-01 15:46 . 2010-04-01 15:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\COMODO
2010-04-01 15:45 . 2010-04-01 15:45 -------- d-----w- c:\programmi\COMODO
2010-04-01 15:42 . 2010-04-01 15:42 -------- d-----w- c:\documents and settings\Default User\Impostazioni locali\Dati applicazioni\Adobe
2010-04-01 15:40 . 2010-04-01 15:41 -------- d-----w- c:\programmi\File comuni\Adobe
2010-04-01 15:38 . 2010-04-02 20:07 -------- d-----w- c:\documents and settings\Gaetano\Impostazioni locali\Dati applicazioni\Adobe
2010-04-01 15:38 . 2010-04-01 15:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-04-01 15:37 . 2010-04-01 15:37 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-01 15:37 . 2010-04-01 15:37 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\skypePM
2010-04-01 15:36 . 2010-04-01 15:37 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\Skype
2010-04-01 15:36 . 2010-04-01 15:36 -------- d-----w- c:\programmi\File comuni\Skype
2010-04-01 15:35 . 2010-04-03 19:57 -------- d-----r- c:\programmi\Skype
2010-04-01 15:35 . 2010-04-01 15:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-04-01 15:33 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 15:33 . 2010-04-01 15:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-01 15:33 . 2010-04-01 15:33 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-01 15:33 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 15:32 . 2010-04-11 19:17 -------- d-----w- c:\documents and settings\Gaetano\Tracing
2010-04-01 15:31 . 2010-04-01 15:31 -------- d-----w- c:\programmi\Microsoft
2010-04-01 15:31 . 2010-04-01 15:31 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-04-01 15:30 . 2010-04-01 15:31 -------- d-----w- c:\programmi\Windows Live
2010-04-01 15:30 . 2010-04-01 15:30 5918720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\LocalCopy\{2E5E5D15-B046-3DC4-F28E-4D78BFD70AE4}-mbam-setup.exe
2010-04-01 15:28 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-01 15:25 . 2010-04-01 15:25 77312 ----a-w- C:\mbr.exe
2010-04-01 15:23 . 2010-04-01 15:23 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-04-01 15:22 . 2010-04-01 15:22 -------- d-----w- c:\windows\system32\Adobe
2010-04-01 15:22 . 2010-04-01 15:22 -------- d-----w- c:\programmi\VS Revo Group
2010-04-01 15:20 . 2010-04-01 15:20 -------- d-----w- c:\programmi\Trend Micro
2010-04-01 15:18 . 2010-04-01 15:19 -------- d-----w- c:\programmi\Microsoft Security Essentials
2010-04-01 15:12 . 2010-04-01 15:12 -------- d-sh--w- c:\documents and settings\Gaetano\IECompatCache
2010-04-01 15:12 . 2010-04-01 15:12 -------- d-sh--w- c:\documents and settings\Gaetano\PrivacIE
2010-04-01 15:11 . 2010-04-01 15:11 -------- d-sh--w- c:\documents and settings\Gaetano\IETldCache
2010-04-01 14:56 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-01 14:55 . 2010-04-01 14:56 -------- dc-h--w- c:\windows\ie8
2010-04-01 14:46 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-01 13:46 . 2010-04-03 09:48 -------- d-----w- c:\windows\system32\it-it
2010-04-01 13:46 . 2010-04-01 13:46 -------- d-----w- c:\windows\l2schemas
2010-04-01 13:46 . 2010-04-01 13:46 -------- d-----w- c:\windows\system32\it
2010-04-01 13:46 . 2010-04-01 13:46 -------- d-----w- c:\windows\system32\bits
2010-04-01 13:44 . 2010-04-01 13:44 -------- d-----w- c:\windows\ServicePackFiles
2010-04-01 13:35 . 2004-08-19 13:23 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
2010-04-01 13:25 . 2010-04-01 13:25 -------- d-sh--w- c:\documents and settings\Gaetano\UserData
2010-04-01 13:22 . 2010-04-01 13:22 -------- d-----w- c:\programmi\7-Zip
2010-04-01 13:21 . 2010-04-01 13:21 -------- d-----w- c:\programmi\CCleaner
2010-04-01 13:15 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-01 13:15 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-01 13:15 . 2009-10-15 16:29 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-01 13:15 . 2009-10-15 16:29 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-01 13:14 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-01 13:13 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-04-01 13:13 . 2008-05-01 14:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-04-01 13:12 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-01 13:12 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-01 13:12 . 2008-04-21 21:14 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-01 13:12 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-01 13:11 . 2009-12-09 10:07 2192896 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-01 13:11 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-04-01 13:11 . 2009-06-25 08:25 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-04-01 13:11 . 2009-03-06 14:19 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-04-01 13:11 . 2009-02-09 11:22 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-04-01 13:11 . 2009-02-09 10:51 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-04-01 13:11 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-04-01 13:11 . 2009-02-09 10:51 736256 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-04-01 13:11 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-04-01 13:11 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-04-01 13:11 . 2009-12-09 10:07 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-01 13:11 . 2009-12-09 10:07 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-01 13:10 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-01 13:10 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-01 13:10 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-01 13:10 . 2010-04-01 13:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\muvee Technologies
2010-04-01 13:05 . 2009-07-31 04:32 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-04-01 13:05 . 2010-04-01 13:07 -------- d-----w- c:\windows\nview
2010-04-01 13:05 . 2006-08-11 13:42 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-01 13:05 . 2006-08-11 17:58 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-01 13:04 . 2002-07-27 16:01 5306 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2010-04-01 13:04 . 2010-04-01 13:04 -------- d-----w- c:\programmi\Vtune
2010-04-01 13:02 . 2010-04-01 13:02 0 ----a-w- c:\windows\nsreg.dat
2010-04-01 13:02 . 2010-04-01 13:02 -------- d-----w- c:\documents and settings\Gaetano\Impostazioni locali\Dati applicazioni\Mozilla
2010-04-01 13:02 . 2009-01-07 16:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-01 13:02 . 2010-04-01 22:14 -------- d--h--w- c:\windows\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 12:56 . 2010-04-01 12:48 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-04 14:00 . 2010-04-01 16:07 13688 ----a-w- c:\documents and settings\Giusi e Marla\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-03 12:29 . 2004-08-19 12:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-04-03 12:29 . 2004-08-19 12:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-04-03 12:03 . 2010-04-01 12:35 13688 ----a-w- c:\documents and settings\Gaetano\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-01 16:13 . 2010-04-01 16:13 -------- d-----w- c:\programmi\MyDefrag v4.2.9
2010-04-01 13:48 . 2010-04-01 11:26 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-01 13:05 . 2010-04-01 12:46 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-04-01 12:55 . 2010-04-01 12:55 -------- d-----w- c:\programmi\Marvell
2010-04-01 12:50 . 2010-04-01 12:50 -------- d-----w- c:\programmi\Analog Devices
2010-04-01 12:48 . 2010-04-01 12:48 -------- d-----w- c:\programmi\VIA
2010-04-01 11:27 . 2010-04-01 11:27 -------- d-----w- c:\programmi\microsoft frontpage
2010-04-01 11:25 . 2010-04-01 11:25 -------- d-----w- c:\programmi\Servizi in linea
2010-04-01 11:23 . 2010-04-01 11:23 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-23 16:40 . 2010-03-23 16:40 224808 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-03-06 09:28 . 2010-04-01 16:13 1030144 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.2.9.exe
2010-03-03 15:54 . 2010-03-03 15:54 276648 ----a-w- c:\windows\system32\guard32.dll
2010-03-03 15:54 . 2010-03-03 15:54 86720 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-03-03 15:54 . 2010-03-03 15:54 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-03-03 15:54 . 2010-03-03 15:54 15376 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-02-26 05:41 . 2010-02-26 05:41 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 06:16 . 2004-08-19 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-17 08:48 . 2010-04-01 16:13 432640 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.2.9.scr
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-10_22.37.38 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Gainward"="c:\programmi\Vtune\TBPanel.exe" [2006-09-13 2154496]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"MSSE"="c:\programmi\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2010-03-23 1994640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [01/04/2010 14.48.44 77312]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [23/03/2010 18.40.00 224808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [03/03/2010 17.54.14 25160]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
FF - ProfilePath - c:\documents and settings\Gaetano\Dati applicazioni\Mozilla\Firefox\Profiles\4ljt2ezn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 21:32
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2010-04-11 21:33:33
ComboFix-quarantined-files.txt 2010-04-11 19:33
ComboFix2.txt 2010-04-10 22:38

Pre-Run: 110.203.666.432 byte disponibili
Post-Run: 110.174.261.248 byte disponibili

- - End Of File - - ADA3C8DED0A9FAED5217C28ACE7939B6



Hijackthis è pulito, ma se volete ve lo posto ugualmente, inoltre GMER nella miniscansione iniziale che fa (che a me ha aiutato a disinfettare parecchi PC) non trova niente.

I problemi più evidenti sono dati da dei messaggi di errori che però escono molto saltuariamente: esce scritto o che drwtsn32 o che wunprep non sono stati inizializzati correttamente (.exe), dopo di ciò si cominciano a sentire infiniti suoni di errore dalla cassa e nel Task Manager si avviano miriadi di drwtsn32.exe e dwwin.exe e devo solo riavviare.

Inoltre mi è capitata una cosa alquanto strana, ho avviato in modalità provvisoria per far funzionare il tool di rimozione del virus VIRUT della Symatec che non ha trovato niente, finito ciò il PC si è bloccato ed il Bios ha cominciato a cantare, nel senso che non la finiva più di fare beep...

Oltre ciò, il Pc non dà problemi, è veloce e funzionante.

Eccovi un log di Smitfraud Fix:

SmitFraudFix v2.424

Scan done at 21.49.52,87, 11/04/2010
Run from C:\Documents and Settings\Gaetano\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Microsoft Security Essentials\msseces.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gaetano\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gaetano


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Gaetano\IMPOST~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gaetano\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Gaetano\PREFER~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Pagina iniziale corrente"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\guard32.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport dell'Utilità di pianificazione pacchetti
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{24D6115F-E452-4251-A180-294EEA7BD0E7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{24D6115F-E452-4251-A180-294EEA7BD0E7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{24D6115F-E452-4251-A180-294EEA7BD0E7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Ho sostituito la pasta termica la settimana scorsa [B)] .

Vi avviso che questo è uno dei Pc che formatto spesso, se la cosa si fa troppo conplicata....
Avatar utente
Trinità
Aficionado
Aficionado
 
Messaggi: 145
Iscritto il: lun dic 14, 2009 9:15 pm
Località: Salerno
Top

Re: Can you help me? Virus...

Messaggioda stevens » dom apr 11, 2010 9:59 pm

ciao

il file pev.exe appartiene a combofix

disinstallalo con questo tool

eseguilo
Clicca su CleanUp.
Alla richiesta di riavvio clicca SI

elimina la cartella qoobox da C:\ e analizza il file segnalato su virus total

c:\windows\system32\5.tmp
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Can you help me? Virus...

Messaggioda Trinità » lun apr 12, 2010 4:56 pm

Scusa non ho capito che file devo far analizzare, non ho 5.tmp ;-)
Avatar utente
Trinità
Aficionado
Aficionado
 
Messaggi: 145
Iscritto il: lun dic 14, 2009 9:15 pm
Località: Salerno
Top
Top

Re: Can you help me? Virus...

Messaggioda stevens » lun apr 12, 2010 5:53 pm

il file c'e' o almeno e' presente nel log di combofix

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"


se non e' nel pc forse e' meglio, non sembra essere niente di buono clicca

hai installato sophos antirootkit?
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Can you help me? Virus...

Messaggioda Trinità » lun apr 12, 2010 6:27 pm

SI!

P.s. Mio dio i mouse wireless con pile scariche sono inutilizzabili
Avatar utente
Trinità
Aficionado
Aficionado
 
Messaggi: 145
Iscritto il: lun dic 14, 2009 9:15 pm
Località: Salerno
Top

Re: Can you help me? Virus...

Messaggioda Trinità » dom apr 18, 2010 8:16 pm

Il pc ha funzionato per un paio di giorni così pensavo che il problema fosse scomparso, ed invece oggi le casse hanno ricominciato a fare du du du dud u e a far aprire miriadi di drwtsn32.exe e dwwin.exe [rotfl]

Ho riscansionato con Combofix in safe mode però:

ComboFix 10-04-17.07 - Gaetano 18/04/2010 20.50.30.4.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.278 [GMT 2:00]
Eseguito da: c:\documents and settings\Gaetano\Desktop\vres.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-03-18 al 2010-04-18 )))))))))))))))))))))))))))))))))))
.

2010-04-18 18:40 . 2010-04-18 18:40 -------- d-----w- c:\programmi\Windows Media Connect 2
2010-04-18 18:37 . 2010-04-18 18:37 -------- d-----w- c:\windows\system32\LogFiles
2010-04-18 16:57 . 2010-04-18 16:57 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-18 16:36 . 2010-04-18 16:57 -------- d-----w- C:\f7c7ab0ad02f87d81744543b0451fec6
2010-04-18 16:35 . 2010-04-18 18:38 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-04-18 16:02 . 2010-04-18 16:57 -------- d-----w- c:\documents and settings\Gaetano 2\Tracing
2010-04-18 15:57 . 2010-04-18 15:57 -------- d-----w- c:\documents and settings\Gaetano 2\Impostazioni locali\Dati applicazioni\Mozilla
2010-04-17 18:14 . 2010-04-17 18:14 -------- d-----w- c:\documents and settings\Gaetano 2\PrivacIE
2010-04-16 17:21 . 2010-04-16 17:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-04-11 15:43 . 2010-04-11 15:43 3911676 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\LocalCopy\{82D91576-50F1-51C6-42BC-961853A5F050}-ComboFix(3).exe
2010-04-11 15:43 . 2010-04-11 15:43 3911676 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\LocalCopy\{226C026A-95F9-7C2E-2F7F-424D819BD53B}-ComboFix.exe
2010-04-11 15:08 . 2010-04-11 15:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-10 14:19 . 2010-04-10 14:19 -------- d--h--w- c:\windows\PIF
2010-04-07 18:25 . 2010-04-07 18:25 -------- d-----w- c:\documents and settings\Gaetano\Impostazioni locali\Dati applicazioni\Help
2010-04-07 18:20 . 2010-04-07 18:20 -------- d-----w- c:\programmi\PowerQuest
2010-04-06 19:50 . 2010-04-06 19:50 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\Canneverbe Limited
2010-04-06 19:50 . 2010-04-06 19:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2010-04-06 19:49 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-04-06 19:49 . 2010-04-06 19:49 -------- d-----w- c:\programmi\CDBurnerXP
2010-04-06 13:26 . 2008-04-14 02:13 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-04-06 13:26 . 2008-04-14 02:13 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-04-06 13:04 . 2010-04-06 13:04 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\Cyberlink
2010-04-06 12:41 . 2010-04-06 12:56 -------- d-----w- c:\programmi\CyberLink DVD Solution
2010-04-06 11:25 . 2010-04-06 11:25 -------- d-----w- c:\documents and settings\Gaetano\Impostazioni locali\Dati applicazioni\Identities
2010-04-05 18:42 . 2010-04-05 18:42 -------- d-----w- C:\ef3331d909b7b3be1344878688356ee1
2010-04-05 09:48 . 2010-04-05 09:51 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\JackSMS Desktop
2010-04-05 09:48 . 2010-04-05 09:48 -------- d-----w- c:\programmi\JackSMS Desktop
2010-04-03 19:38 . 2010-04-03 19:38 -------- d-----w- c:\programmi\Sierra
2010-04-03 13:48 . 2010-04-03 13:48 -------- d-----r- C:\Sandbox
2010-04-03 13:44 . 2010-04-03 13:44 -------- d-----w- c:\programmi\Sandboxie
2010-04-03 10:58 . 2010-04-17 18:14 13688 ----a-w- c:\documents and settings\Gaetano 2\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-03 10:43 . 2010-04-03 10:43 -------- d-----w- C:\91b513fe23694857eadc
2010-04-03 10:42 . 2010-04-03 10:56 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-03 10:34 . 2010-04-03 10:34 -------- d-----w- c:\programmi\winMd5Sum
2010-04-03 09:46 . 2010-04-03 09:46 -------- d-----w- c:\programmi\MSBuild
2010-04-03 09:46 . 2010-04-03 10:44 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-03 09:46 . 2010-04-03 09:46 -------- d-----w- c:\programmi\Reference Assemblies
2010-04-03 09:46 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-03 09:45 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-02 11:35 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-01 18:13 . 2010-04-18 13:46 -------- d-----w- c:\documents and settings\Giusi e Marla\Tracing
2010-04-01 16:13 . 2010-03-06 09:28 1030144 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.2.9.exe
2010-04-01 16:13 . 2010-02-17 08:48 432640 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.2.9.scr
2010-04-01 16:13 . 2010-04-01 16:13 -------- d-----w- c:\programmi\MyDefrag v4.2.9
2010-04-01 16:06 . 2010-04-01 16:07 -------- d-----r- c:\documents and settings\Giusi e Marla\Preferiti
2010-04-01 16:06 . 2010-04-01 15:42 -------- d-----w- c:\documents and settings\Giusi e Marla\Impostazioni locali\Dati applicazioni\Adobe
2010-04-01 16:06 . 2010-04-01 12:14 -------- d--h--w- c:\documents and settings\Giusi e Marla\Risorse di stampa
2010-04-01 16:06 . 2010-04-01 12:14 -------- d--h--w- c:\documents and settings\Giusi e Marla\Risorse di rete
2010-04-01 16:06 . 2010-04-01 12:14 -------- d-----r- c:\documents and settings\Giusi e Marla\Menu Avvio
2010-04-01 16:06 . 2010-04-01 11:23 -------- d--h--w- c:\documents and settings\Giusi e Marla\Modelli
2010-04-01 16:06 . 2010-04-18 16:57 -------- d-----w- c:\documents and settings\Giusi e Marla
2010-04-01 15:50 . 2010-04-01 15:50 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\Malwarebytes
2010-04-01 15:47 . 2010-04-01 15:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo Downloader
2010-04-01 15:46 . 2010-04-01 15:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\COMODO
2010-04-01 15:45 . 2010-04-01 15:45 -------- d-----w- c:\programmi\COMODO
2010-04-01 15:42 . 2010-04-01 15:42 -------- d-----w- c:\documents and settings\Default User\Impostazioni locali\Dati applicazioni\Adobe
2010-04-01 15:40 . 2010-04-01 15:41 -------- d-----w- c:\programmi\File comuni\Adobe
2010-04-01 15:38 . 2010-04-02 20:07 -------- d-----w- c:\documents and settings\Gaetano\Impostazioni locali\Dati applicazioni\Adobe
2010-04-01 15:38 . 2010-04-16 18:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-04-01 15:37 . 2010-04-01 15:37 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-01 15:37 . 2010-04-01 15:37 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\skypePM
2010-04-01 15:36 . 2010-04-01 15:37 -------- d-----w- c:\documents and settings\Gaetano\Dati applicazioni\Skype
2010-04-01 15:36 . 2010-04-01 15:36 -------- d-----w- c:\programmi\File comuni\Skype
2010-04-01 15:35 . 2010-04-03 19:57 -------- d-----r- c:\programmi\Skype
2010-04-01 15:35 . 2010-04-01 15:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-04-01 15:33 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 15:33 . 2010-04-01 15:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-01 15:33 . 2010-04-01 15:33 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-01 15:33 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 15:32 . 2010-04-18 17:59 -------- d-----w- c:\documents and settings\Gaetano\Tracing
2010-04-01 15:31 . 2010-04-01 15:31 -------- d-----w- c:\programmi\Microsoft
2010-04-01 15:31 . 2010-04-01 15:31 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-04-01 15:30 . 2010-04-01 15:31 -------- d-----w- c:\programmi\Windows Live
2010-04-01 15:30 . 2010-04-01 15:30 5918720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\LocalCopy\{2E5E5D15-B046-3DC4-F28E-4D78BFD70AE4}-mbam-setup.exe
2010-04-01 15:28 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-01 15:25 . 2010-04-18 18:41 77312 ----a-w- C:\mbr.exe
2010-04-01 15:23 . 2010-04-01 15:23 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-04-01 15:22 . 2010-04-01 15:22 -------- d-----w- c:\windows\system32\Adobe
2010-04-01 15:22 . 2010-04-01 15:22 -------- d-----w- c:\programmi\VS Revo Group
2010-04-01 15:20 . 2010-04-01 15:20 -------- d-----w- c:\programmi\Trend Micro
2010-04-01 15:18 . 2010-04-01 15:19 -------- d-----w- c:\programmi\Microsoft Security Essentials
2010-04-01 15:12 . 2010-04-01 15:12 -------- d-sh--w- c:\documents and settings\Gaetano\IECompatCache
2010-04-01 15:12 . 2010-04-01 15:12 -------- d-sh--w- c:\documents and settings\Gaetano\PrivacIE
2010-04-01 15:11 . 2010-04-01 15:11 -------- d-sh--w- c:\documents and settings\Gaetano\IETldCache
2010-04-01 14:56 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-01 14:55 . 2010-04-01 14:56 -------- dc-h--w- c:\windows\ie8
2010-04-01 14:46 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-01 13:46 . 2010-04-03 09:48 -------- d-----w- c:\windows\system32\it-it
2010-04-01 13:46 . 2010-04-01 13:46 -------- d-----w- c:\windows\l2schemas
2010-04-01 13:46 . 2010-04-01 13:46 -------- d-----w- c:\windows\system32\it
2010-04-01 13:46 . 2010-04-01 13:46 -------- d-----w- c:\windows\system32\bits
2010-04-01 13:44 . 2010-04-01 13:44 -------- d-----w- c:\windows\ServicePackFiles
2010-04-01 13:35 . 2004-08-19 13:23 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
2010-04-01 13:25 . 2010-04-01 13:25 -------- d-sh--w- c:\documents and settings\Gaetano\UserData
2010-04-01 13:22 . 2010-04-01 13:22 -------- d-----w- c:\programmi\7-Zip
2010-04-01 13:21 . 2010-04-01 13:21 -------- d-----w- c:\programmi\CCleaner
2010-04-01 13:15 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-01 13:15 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-01 13:15 . 2009-10-15 16:29 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-01 13:15 . 2009-10-15 16:29 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-01 13:14 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-01 13:13 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-04-01 13:13 . 2008-05-01 14:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-04-01 13:12 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-01 13:12 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-01 13:12 . 2008-04-21 21:14 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-01 13:12 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-01 13:11 . 2010-02-17 12:05 2193664 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-01 13:11 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-04-01 13:11 . 2009-06-25 08:25 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-04-01 13:11 . 2009-03-06 14:19 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-04-01 13:11 . 2009-02-09 11:22 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-04-01 13:11 . 2009-02-09 10:51 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-04-01 13:11 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-04-01 13:11 . 2009-02-09 10:51 736256 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-04-01 13:11 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-04-01 13:11 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-04-01 13:11 . 2010-02-16 19:05 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-01 13:11 . 2010-02-16 19:05 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-01 13:10 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-01 13:10 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-01 13:10 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-01 13:10 . 2010-04-01 13:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\muvee Technologies
2010-04-01 13:05 . 2009-07-31 04:32 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-04-01 13:05 . 2010-04-01 13:07 -------- d-----w- c:\windows\nview

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 18:22 . 2010-04-01 16:07 13688 ----a-w- c:\documents and settings\Giusi e Marla\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-17 16:12 . 2010-04-01 12:35 13688 ----a-w- c:\documents and settings\Gaetano\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-12 20:48 . 2010-03-03 15:54 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-12 20:48 . 2010-03-03 15:54 86800 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-04-12 20:48 . 2010-03-03 15:54 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-12 20:48 . 2010-03-03 15:54 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-04-12 20:48 . 2010-03-23 16:40 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-06 12:56 . 2010-04-01 12:48 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-03 12:29 . 2004-08-19 12:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-04-03 12:29 . 2004-08-19 12:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-04-01 13:48 . 2010-04-01 11:26 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-01 13:05 . 2010-04-01 12:46 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-04-01 12:55 . 2010-04-01 12:55 -------- d-----w- c:\programmi\Marvell
2010-04-01 12:50 . 2010-04-01 12:50 -------- d-----w- c:\programmi\Analog Devices
2010-04-01 12:48 . 2010-04-01 12:48 -------- d-----w- c:\programmi\VIA
2010-04-01 11:27 . 2010-04-01 11:27 -------- d-----w- c:\programmi\microsoft frontpage
2010-04-01 11:25 . 2010-04-01 11:25 -------- d-----w- c:\programmi\Servizi in linea
2010-04-01 11:23 . 2010-04-01 11:23 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\32552\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\32552\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\32552\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\32552\AcrobatUpdater.exe
2010-03-10 06:15 . 2004-08-19 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:41 . 2010-02-26 05:41 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 06:16 . 2004-08-19 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-19 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:05 . 2004-08-19 12:00 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 15:34 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-19 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-19 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Gainward"="c:\programmi\Vtune\TBPanel.exe" [2006-09-13 2154496]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"MSSE"="c:\programmi\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2010-04-12 2029456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [01/04/2010 14.48.44 77312]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [23/03/2010 18.40.00 225344]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [03/03/2010 17.54.14 25240]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
FF - ProfilePath - c:\documents and settings\Gaetano\Dati applicazioni\Mozilla\Firefox\Profiles\4ljt2ezn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 20:54
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(248)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(304)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2010-04-18 20:56:38
ComboFix-quarantined-files.txt 2010-04-18 18:56

Pre-Run: 110.381.318.144 byte disponibili
Post-Run: 110.432.595.968 byte disponibili

- - End Of File - - B4A4CDEA7AA0F693F07F664541755A47


Il file 5.tmp continua a non essere visibile
Ora farò un sfc /scannow per vedere se risolvo qualcosa, infatti mi ha dato un problema su Biosctl.exe. . Drwtsn invece mi dice che i problemi provengono da: UNREGMP2 - verclsid.exe - rundl32.exe - dwwin.exe.
Avatar utente
Trinità
Aficionado
Aficionado
 
Messaggi: 145
Iscritto il: lun dic 14, 2009 9:15 pm
Località: Salerno
Top

Re: Can you help me? Virus...

Messaggioda Trinità » lun apr 19, 2010 1:30 pm

fatto sfc /scannow, non ho risolto nulla!
Avatar utente
Trinità
Aficionado
Aficionado
 
Messaggi: 145
Iscritto il: lun dic 14, 2009 9:15 pm
Località: Salerno
Top

Re: Can you help me? Virus...

Messaggioda Trinità » mer apr 21, 2010 1:41 pm

Oggi nuovo errore:

Immagine
Poi esce un altro errore wuaucult.exe, ed il pc va in crash, aprendosi decine di dwwin.exe drwtsn32.exe [cry]
Avatar utente
Trinità
Aficionado
Aficionado
 
Messaggi: 145
Iscritto il: lun dic 14, 2009 9:15 pm
Località: Salerno
Top

Re: Can you help me? Virus...

Messaggioda farbix89 » mer apr 21, 2010 2:05 pm

io ti consiglierei una bella scansione in provvisoria con il tuo antivirus preferito.

se poi il problema persiste,come hai detto tu stesso, un bel format e ti eviti sonori mal di testa
ma prima prova la scansione [^]
Avatar utente
farbix89
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 14093
Iscritto il: ven feb 13, 2009 10:09 pm
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 17 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising