www.MegaLab.it

[Drping]

Salve ragazzi
come accennavo in un'altra discussione, ho voluto approfittare dell'offerta BitDefender, l'ho provata e insoddisfatto ho deciso di rimuoverla; Ora però non mi è permessa l'installazione di un'altro Antivirus (volevo provare GData) perché Avira Desktop risulta in esecuzione, inoltre anche Zone Alarm risulta disattivato; Entrambi i software sosno stati rimossi con Revounistaller e successivamente ho ripulito il registro con svariati software (CCleaner, Iobit Advanced System Care, Free Windows Registry repair, e l'utility inclusa in Spybot, infine ho usato l'utility RegCleaner Avira) non ottenendo nessun risultato!!
Ho cercato eventuali driver presenti e cercato manualmente chiavi di registro, senza nulla di buono!
Ora visto che sono senza antivirus ho pensato di scansionare con Combofix, magari mi dava qualche indicazione, ma nulla, comunque posto il log

ComboFix 10-04-21.01 - Drping 23/04/10 16.58.27.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.655 [GMT 2:00]
Eseguito da: c:\documents and settings\Drping\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000002-0002-0000-6C25-9E7C08000A00}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-03-23 al 2010-04-23 )))))))))))))))))))))))))))))))))))
.

2010-04-23 14:26 . 2010-04-23 14:26 -------- d-----w- c:\documents and settings\Drping\Impostazioni locali\Dati applicazioni\Downloaded Installations
2010-04-23 13:56 . 2010-04-23 13:56 -------- d-----w- C:\Downloads
2010-04-23 13:37 . 2010-04-23 14:54 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\Free Download Manager
2010-04-23 13:37 . 2010-04-23 13:37 -------- d-----w- c:\programmi\Free Download Manager
2010-04-23 13:37 . 2010-04-23 13:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FreeDownloadManager.ORG
2010-04-22 19:42 . 2008-04-13 18:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-04-21 14:53 . 2010-04-21 15:06 -------- d-----w- c:\programmi\Free Window Registry Repair
2010-04-20 23:47 . 2010-04-20 23:47 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-04-20 23:47 . 2010-04-20 23:47 16 ----a-w- c:\windows\system32\asdict.dat
2010-04-20 17:43 . 2010-04-20 19:07 -------- d-----w- c:\documents and settings\Drping\Impostazioni locali\Dati applicazioni\AskToolbar
2010-04-20 17:41 . 2010-04-20 17:41 -------- d-----w- c:\programmi\uTorrent
2010-04-20 17:40 . 2010-04-22 22:18 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\uTorrent
2010-04-20 15:01 . 2010-04-23 12:02 -------- d-----w- c:\programmi\CCleaner
2010-04-20 14:05 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-20 13:59 . 2010-04-20 13:59 -------- d-----w- c:\programmi\Windows Media Connect 2
2010-04-20 13:56 . 2010-04-20 13:57 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-04-20 13:56 . 2010-04-20 13:56 -------- d-----w- c:\windows\system32\LogFiles
2010-04-20 13:04 . 2010-04-23 11:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BitDefender
2010-04-20 13:03 . 2010-04-23 11:56 -------- d-----w- c:\programmi\File comuni\BitDefender
2010-04-16 15:25 . 2010-04-16 15:25 57344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-16 15:23 . 2010-04-16 15:23 144696 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-16 15:21 . 2010-04-16 15:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2010-04-15 09:58 . 2010-04-15 09:58 -------- d-----w- c:\windows\system32\Adobe
2010-04-14 19:00 . 2010-04-15 09:58 -------- d-----w- c:\windows\Downloaded Program Files
2010-04-14 17:23 . 2010-04-14 17:23 -------- d-----w- c:\programmi\AMR to MP3 Converter
2010-04-14 17:11 . 2010-04-14 17:11 -------- d-----w- c:\programmi\Audacity
2010-04-14 12:23 . 2008-04-13 17:13 29696 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-04-14 12:23 . 2008-04-13 17:13 29696 ----a-w- c:\windows\system32\irmon.dll
2010-04-14 12:23 . 2008-04-13 17:14 152576 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-04-14 12:23 . 2008-04-13 17:14 152576 ----a-w- c:\windows\system32\irftp.exe
2010-04-14 12:23 . 2008-04-13 17:13 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-04-14 12:23 . 2008-04-13 17:13 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-04-13 19:35 . 2010-04-13 19:35 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-09 14:21 . 2010-04-09 16:19 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\Download Manager
2010-04-08 12:10 . 2010-04-19 13:43 -------- d--h--w- c:\windows\$hf_mig$
2010-04-07 17:19 . 2010-04-17 10:37 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\TeamViewer
2010-04-07 17:19 . 2010-04-17 10:37 -------- d-----w- c:\documents and settings\Drping\temp
2010-04-03 17:47 . 2010-04-14 18:31 -------- d-----w- c:\programmi\Wipeer
2010-04-03 17:47 . 2010-04-14 18:31 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\WiPeer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 14:00 . 2010-03-05 21:29 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\HPAppData
2010-04-23 12:53 . 2010-01-25 15:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-22 19:33 . 2010-02-09 09:58 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-20 17:36 . 2010-02-01 14:28 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\Skype
2010-04-20 14:11 . 2004-08-19 12:00 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-04-20 14:11 . 2004-08-19 12:00 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-04-20 14:07 . 2010-01-25 14:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-04-18 00:21 . 2010-02-16 16:11 -------- d-----w- c:\programmi\Google
2010-04-16 09:07 . 2010-02-10 21:23 -------- d-----w- c:\programmi\Avidemux 2.5
2010-04-14 19:56 . 2010-03-20 12:43 -------- d-----w- c:\programmi\Color Correction Wizard
2010-04-14 17:11 . 2010-03-19 00:04 -------- d-----w- c:\programmi\Lame for Audacity
2010-04-13 19:35 . 2010-03-15 11:31 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-29 22:46 . 2010-03-15 11:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-03-15 11:31 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 15:18 . 2010-03-22 23:41 -------- d-----w- c:\programmi\Trend Micro
2010-03-23 22:16 . 2010-03-23 22:16 -------- d-----w- c:\programmi\IObit
2010-03-23 22:16 . 2010-03-23 22:16 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\IObit
2010-03-23 22:01 . 2004-08-19 12:00 63744 ----a-w- c:\windows\system32\drivers\cdfs.sys
2010-03-20 18:32 . 2010-03-20 18:32 -------- d-----w- c:\programmi\File comuni\Skype
2010-03-18 23:55 . 2010-03-18 23:55 -------- d-----w- c:\programmi\FFmpeg for Audacity
2010-03-18 16:07 . 2010-03-18 16:07 3584 ----a-r- c:\documents and settings\Drping\Dati applicazioni\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-03-18 16:07 . 2010-03-18 16:07 -------- d-----w- c:\programmi\Windows Installer Clean Up
2010-03-18 16:07 . 2010-03-18 16:07 -------- d-----w- c:\programmi\MSECACHE
2010-03-17 16:53 . 2010-02-10 21:24 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\avidemux
2010-03-17 09:51 . 2010-03-16 22:56 -------- d-----w- c:\programmi\FairUse Wizard 2
2010-03-15 14:06 . 2010-03-15 14:06 -------- d-----w- c:\programmi\Nmap
2010-03-15 14:06 . 2010-03-15 14:06 -------- d-----w- c:\programmi\WinPcap
2010-03-15 13:24 . 2010-01-25 15:12 129840 ----a-w- c:\documents and settings\Drping\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-15 11:35 . 2010-03-15 11:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-03-15 11:31 . 2010-03-15 11:31 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\Malwarebytes
2010-03-15 11:31 . 2010-03-15 11:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-14 21:43 . 2010-02-12 19:08 -------- d-----w- c:\programmi\TI Education
2010-03-13 23:31 . 2010-03-05 16:14 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\Autodesk
2010-03-13 23:31 . 2010-03-05 16:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-03-13 22:10 . 2010-03-13 22:06 -------- d-----w- c:\programmi\QuickTime
2010-03-13 22:09 . 2010-03-13 22:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-03-13 22:08 . 2010-03-13 22:08 -------- d-----w- c:\programmi\File comuni\Apple
2010-03-13 22:08 . 2010-03-13 22:08 -------- d-----w- c:\programmi\Apple Software Update
2010-03-13 22:08 . 2010-03-13 22:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2010-03-12 22:37 . 2010-03-12 22:37 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\iolo
2010-03-12 22:36 . 2010-03-12 22:36 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-03-10 06:15 . 2004-08-19 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-06 16:08 . 2010-03-06 16:08 -------- d-----w- c:\programmi\WinHTTrack
2010-03-06 15:32 . 2010-03-06 09:30 439816 ----a-w- c:\documents and settings\Drping\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-03-06 12:26 . 2010-03-06 12:26 -------- d-----w- c:\programmi\MSBuild
2010-03-06 12:26 . 2010-03-06 12:26 -------- d-----w- c:\programmi\Reference Assemblies
2010-03-05 23:39 . 2010-01-25 13:25 -------- d-----w- c:\programmi\ATI Technologies
2010-03-05 23:39 . 2010-01-25 13:18 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-05 23:11 . 2010-03-05 23:11 -------- d-----w- c:\programmi\Phyxion.net
2010-03-05 22:53 . 2010-03-05 22:53 129456 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-05 16:18 . 2010-03-05 16:13 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-03-05 16:18 . 2010-03-05 16:14 -------- d-----w- c:\programmi\AutoCAD 2008
2010-03-05 16:13 . 2010-03-05 16:13 -------- d-----w- c:\programmi\Autodesk
2010-03-05 13:13 . 2010-01-26 15:00 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\HpUpdate
2010-03-05 13:13 . 2010-03-05 13:10 23149 ----a-w- c:\windows\hpqins15.dat
2010-03-05 13:10 . 2010-02-05 11:11 77469 ----a-w- c:\windows\hpqins05.dat
2010-03-05 13:09 . 2010-02-05 10:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2010-03-05 13:09 . 2010-03-05 13:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2010-03-02 23:58 . 2010-01-25 13:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\hpqwmi
2010-03-02 20:47 . 2010-03-02 20:47 304160 ----a-w- C:\PA7311.DAT
2010-02-26 10:51 . 2010-02-26 10:51 -------- d-----w- c:\documents and settings\Drping\Dati applicazioni\InterVideo
2010-02-25 06:16 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-19 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-17 12:05 . 2004-08-19 12:00 2193664 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 15:34 2070528 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-06 15:22 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 08:33 . 2010-02-12 08:33 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-12 08:33 . 2007-10-19 19:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-12 04:33 . 2004-08-19 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-19 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 15:32 . 2010-02-10 15:10 177118 ----a-w- c:\windows\hpoins21.dat
2010-02-10 14:45 . 2010-02-10 14:45 57 ----a-w- c:\documents and settings\Drping\Dati applicazioni\tigersetting.dll
2010-02-10 14:45 . 2010-02-10 14:45 57 ----a-w- c:\documents and settings\Drping\Dati applicazioni\tigersetting.dll
2010-02-10 11:18 . 2010-02-10 11:19 49152 ----a-w- c:\windows\system32\md5sum.exe
2010-02-09 10:24 . 2010-02-09 10:24 95744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SpeedBit\DAP\SDCondition.dll
2010-02-09 09:58 . 2010-02-09 09:58 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2010-02-05 13:04 . 2010-02-05 12:36 102303 ----a-w- c:\windows\hpqins01.dat
2010-02-01 14:34 . 2010-02-01 14:34 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-27 16:35 . 2010-01-27 16:35 503808 ----a-w- c:\documents and settings\Drping\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-10d0fb73-n\msvcp71.dll
2010-01-27 16:35 . 2010-01-27 16:35 499712 ----a-w- c:\documents and settings\Drping\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-10d0fb73-n\jmc.dll
2010-01-27 16:35 . 2010-01-27 16:35 348160 ----a-w- c:\documents and settings\Drping\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-10d0fb73-n\msvcr71.dll
2010-01-27 16:35 . 2010-01-27 16:35 61440 ----a-w- c:\documents and settings\Drping\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-79fe0743-n\decora-sse.dll
2010-01-27 16:35 . 2010-01-27 16:35 12800 ----a-w- c:\documents and settings\Drping\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-79fe0743-n\decora-d3d.dll
2010-01-27 16:34 . 2010-01-27 16:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-27 02:09 . 2010-01-27 02:09 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2010-01-27 02:09 . 2010-01-27 02:09 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-01-27 02:09 . 2010-01-27 02:09 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-01-27 02:09 . 2010-01-27 02:09 100880 ----a-w- c:\windows\system32\Packet.dll
2010-01-25 22:08 . 2010-01-25 22:08 292878 ----a-r- c:\documents and settings\Drping\Dati applicazioni\Microsoft\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\oodcnt_exe.53480420_ED54_41F1_B802_5A3B83DAF067.exe
2010-01-25 22:08 . 2010-01-25 22:08 292878 ----a-r- c:\documents and settings\Drping\Dati applicazioni\Microsoft\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\oodcnt_ds.53480420_ED54_41F1_B802_5A3B83DAF067.exe
2010-01-25 22:08 . 2010-01-25 22:08 292878 ----a-r- c:\documents and settings\Drping\Dati applicazioni\Microsoft\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\ARPPRODUCTICON.exe
2010-01-25 14:17 . 2010-01-25 13:08 79555 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-25 13:44 . 2010-01-25 13:44 139 ----a-w- c:\documents and settings\Drping\Impostazioni locali\Dati applicazioni\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2005-02-08 159744]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-20 344064]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\i:\0autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 15:50 221184 ----a-w- c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"hpqddsvc"=2 (0x2)
"O&O Defrag"=2 (0x2)
"helpsvc"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programmi\\Wipeer\\wipeer.exe"=
"c:\\Programmi\\Wipeer\\wipeerd\\wipeerd.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Drping\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Drping\\Impostazioni locali\\Dati applicazioni\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [30/01/10 11.43.58 5248]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [30/01/10 9.27.05 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [30/01/10 9.26.49 41616]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17/12/09 4.02.34 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [17/12/09 4.02.34 110096]
S3 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [16/02/10 6.11.55 135664]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\f47b92af.nmc\nse\bin\ndiskio.sys c:\docume~1\ADMINI~1\IMPOST~1\Temp\f47b92af.nmc\nse\bin\ndiskio.sys
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/10 4.09.02 50704]
S3 PAC7311;Trust WB-3300p Mini HiRes Webcam;c:\windows\system32\drivers\PA707UCM.SYS [18/10/05 12.48.38 154752]
S3 UnhookMBRS;UnhookMBRS;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\f47b92af.nmc\nse\bin\unhookmbrs.sys c:\docume~1\ADMINI~1\IMPOST~1\Temp\f47b92af.nmc\nse\bin\unhookmbrs.sys
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [30/01/10 11.43.58 160640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-06 c:\windows\Tasks\Aggiornamento Java.job
- c:\programmi\Java\jre1.5.0_04\bin\jusched.exe [2010-01-25 02:52]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-16 16:11]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-16 16:11]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: &Clean Traces
IE: &Download with &DAP
IE: Download &all with DAP
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
DPF: {423E32C6-2EC6-11D3-A65D-005004055C6C} - hxxp://www.egeo.unisi.it/ecwplugins/ncs.cab
FF - ProfilePath - c:\documents and settings\Drping\Dati applicazioni\Mozilla\Firefox\Profiles\zks45flz.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 17:02
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Applications\ContextMenu.exe\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FC8A9D70DDF786FAD0C0B95EC834993C41EC5E89C853E6A967691967920390EE91B1A6C06FFC9CD35BBF585E33AC136CFC71DD4A83DD63E4810BCE9F6882A1D23FBA10E1AF038820A4B283752623567ED4D906141C7072F01682C265324AEB5D8A32D0140770B7B9BE03A581A72454BD8986580652E12BA731C6AA398F1B491CEC4BF0D6138EEA7FB2B9BEA66F265577CDF9E6821F70F6EB5374D060551CEA9DD5DB916E238CB7D17987E049EB7FEFFE4B5DDC31AB3B169DF2CD91E089D3D279275CE2E5BB7C8516033DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E667C038D530D6EB3452C74F1808CCA82BE4A1DE770E7CC753308B041948EC2AF34F8CBAD0762F934FDF285B64CE8984013D40FD71CFF81ECD18BB63241F0E1B41A296F93881155595C9A36650D90CDCF403362697BA6EA003238EBA398D491EBA489B6AA4C02AAF1BD80D919C89D15EA00A30F7A63BBD4A98FCA14932A784213565518FA90E792280494EBFBD22A83893C7EA590D9E1D9F2BF3A8989C63F897F8417EAF932B62315A7CE498D84F36214ED43973F19793A3C6FA6BF0B81CB4F741C78056E03C96E43276620B4B1DF04F48700232AB3BFEE071AAC45FFC9219BC3E8846D1C24B9C488560EBC3A37DA4026AFBBEC7C8868F65223B233892E9DCE4933855B6A1C150EAC407393AA645F078927D7D2A08D5C943428C0B91D7288872DAAD45DB17F26061D4DC1924CA2E4BF6921FE18FDE6C080F31A294C3DD3B7A6C9EE6C2DBF0904FC18F74EC7E3B55F9C6322E21F8F4707563C1A2E76EE86FE35D5F018E1633B5F3A741882A89D7BC9834A99C0525286C935CBC59C7F2F4FA4C5491C0FA2D93DB78B4AA7559C935491811A8806D19084FB69D5BB406F7ACF38BE29C1072097C665D8B02BA17061A443B30CE944B1F5A6A88CACCC609E6F4555021DDF7EF540D1873D26F00164B815C1AEBB43525C315F3848F34C7CCEE607E9C29222A057E9799E1B78F0C1CEA1C2121A063E516586788FB19A992E0823A34C5993179553AA177A3E8F3CC7F774C090F2ED74BCA7231A31597B625E856FE1DF515405F977F66A1889A2252B0492BEDF778852F87E9852AC6C15C231C6561C4A9C1FDF61B8955EC320492D1AFFC818C44E95101A05DAE60DDD10CD2C3EDC51A344B087F3ED610919761B2A491F151852EEE17D102AC29727C04AC9F4171C5F13BDF735CF4AA6D2C047263477F4D4DDF487723D629FDA36E161C191887B62F01B732C897C78BF6BC9579F8DAB7775D0473F8B7EAA7BA8445F3DD226F9DC784E478F783DB54466C2940403D240B1B9CBEE86A0B8BA58E634F3392897D1F72799B9DEC13F84968C03748106D8C5DA95A4334CA"
"OODEFRAG10.00.00.01WORKSTATION"="B72444E97F96C3CC9A664E2F0E526E67C1AD5F6F0689951C01CD99E2664F42F5C15EA9322A59722FB2C3A1E7F4EA3C4B768E6032532302FEEC251170870AAF650DC4B1976C79148FC5482FDEDB4F3DD5F7C88E44B5F06F8479872A57E8A4A3D233AEF86213B01F2CBE586C50325391C7A0ECD7755E05C69312D2EC1D990E70675066C2EB32EA6F148AC876FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E667C038D530D6EB345286278B6FB84C8AD734F875D92A629A05ADCB77BD3DFAB94575AFA122AFDAAA370C091B9A34B46B8B506C09127B11899BB28EBFB28CC93B97B342C7D8EE86CABD3586B5909D5ED6A69AA74B2ED7F3D9A0B8E86C6B32B489991748E51F0398069601497EF91A7F4FC2E4D3DE5F498F98870726C142BCB162B6FB4E7D9A21976347803C5466A2CF4B9D975E9DBEAC6C4B65F7D2B3780C3C740051A2BE54CD0F61795890C446FE0D35992A799245B21AE8F6FCC2EBAED6D365281DD89137E58FEF7AC2B9156E5376E93CAC9801D1DF2A5B1B970CC8EE2879CA08F6488F94162C74B90C703B9891D13D304176DA260CB08153DF875BA25CB4341B8B0B8721E2FBC84D1630636280E773421E8E4AE865C82EC70154681BA58F1E021B01FC75219A39ECD5B9EBCC3D84C6660CA32B246C0FA9C23AD3EA898A997E7F784E250CFD2906775491EABD37F865AF6C3A8DC7F526ADB3DD2D8F07E2E5BC7B8D57EAC7F54A66EA307EA57F3219725A2E1B36A4AAB2EA2D554AB70FDD09350356CAEC6B5D25016F198E193DC53E0342D9D29EF086DE82651A5878007D9F38C4E294FD20DAE6F3CB558FF2895EC4A06B0935F1C8DB590DB83CC91D9D17470916D7EA24F1E83DCF6D3E18985A3B8DCAF9E8D391A84E529425DED5A28F5322DFED6CC29AD155DD9A6540FD2108EFFD72393E8B12F4D6FE19CD3876B8E0B2D86867EED6CF13457E4C68DC5FD6D0E4FC7D96DC75BBF1C29B8C799568C60184944444BD29E4EE2D5C53CFAA1C3B56D4F7C5A330768ACB31625613D4AFE5436F8307674D79B18159B68F97D0D6011C51E09A95B6B1B00F1A9851A9E990E2DF6DD9B65827D1C04B6750D5610E788E8D3C2A3D48819011B0C2014D6F5B9640724CCD51C3E5FA50B04A726F71322F01774ECEE338394044854AE58C3DC4903378AC1946F8BB06D37B4AE61AB22567A68B9349B88795B218C7A016C60C568E2556857AF9EBEA45EE55807E062FDDD8845EEA1BD87DE51C0B160AE2A57A52E63454A0B643354DCE7FD0DB8C58196B7951E98949D6810D765473A0A049CD10B5319C9B116F8F4E0013E020E8AA46EC05F78B755CB9A2807DD94550AAC56AFA5821BF6857BE5DEDF66ADFE2EF89AE98FD18048B"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3704)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-04-23 17:04:35
ComboFix-quarantined-files.txt 2010-04-23 15:04

Pre-Run: 21.403.402.240 byte disponibili
Post-Run: 21.377.028.096 byte disponibili

- - End Of File - - C5F20F798770E193B6506F531CDBE098

cosa potrei fare ulteriormente? qualcuno sà a che chiave fa riferimento il centro di sicurezza nella monitorizzazione dei software di sicurezza?

[developerwinme]

Sicuramente il tuo problema è dovuto ad un mancato aggiornamento del database del Centro Sicurezza PC.

Prova a chiudere il servizio e riavviarlo dopo qualche minuto: così ho risolto un problema simile, proprio con ZoneAlarm.

Altrimenti se non ricordo male il database è nella cartella C:\WINDOWS\system32\wbem o in una sua sottocartella. Magari può essere un punto di partenza per ulteriori ricerche.

Comunque l'installazione di un'altro AV non dovrebbe essere compromessa.

[Drping]

Pa ra pa po nzi pon zi po'!!! pa pa rapappa pa pa!!!

Grazie indizio azzeccato!!!!! non sai da quanto mi portavo dietro sta cosa, smadonnavo sul registro!!!

Dunque ho risolto arrestando il servizio del centro di sicurezza dal prompt dos con

Codice: Seleziona tutto

NET STOP WINMGMT /Y

poi ho rimosso la certella "Repository" al percorso [b]C:\Windows\System32\wmeb\/b] e riavvio!
Ora il messaggio fortunatamente " nessun software antivirus installato" e "nessun firewall installato"

grazie ancora Developerwinme!

[developerwinme]

grazie ancora Developerwinme!

Prego: sono felice che tu abbia risolto il tuo problema.

Ti suggerisco di verificare (ed eventualmente segnalare) effetti collaterali della modifica.

[Drping]

Certo; attualmente nessun effetto collaterale!