Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Controllo log ComboFix

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Controllo log ComboFix

Messaggioda Roberto88 » sab ago 15, 2009 5:37 pm

salve a tutti, qualcuno potrebbe controllare il seguente log?

ComboFix 09-08-10.06 - Roberto 15/08/2009 18.24.13.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.588 [GMT 2:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\xxx.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\b4cb8.msi
c:\windows\system32\mfc45.dll


.
((((((((((((((((((((((((( Files Creati Da 2009-07-15 al 2009-08-15 )))))))))))))))))))))))))))))))))))
.

2009-08-15 15:58 . 2009-08-15 15:58 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-13 07:23 . 2009-08-13 07:23 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Avira
2009-08-13 06:07 . 2009-08-15 16:05 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\OnlineArmor
2009-08-12 07:43 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 15:55 . 2009-08-11 16:01 240 ----a-w- C:\sccfg.sys
2009-08-11 15:55 . 2005-04-11 14:40 73728 ----a-w- c:\windows\system32\FLKill.exe
2009-08-08 16:16 . 2009-08-08 16:16 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\GrabPro
2009-08-08 16:16 . 2009-08-15 16:14 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Orbit
2009-08-08 16:16 . 2009-08-08 16:16 -------- d-----w- c:\programmi\Orbitdownloader
2009-08-08 16:14 . 2009-08-08 16:15 -------- d-----w- c:\programmi\ERUNT
2009-08-08 16:12 . 2009-08-08 16:13 -------- d-----w- c:\programmi\Eusing Free Registry Cleaner
2009-08-05 08:59 . 2009-08-05 08:59 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-01 14:05 . 2009-08-01 14:08 -------- d-----w- c:\documents and settings\Roberto\.gimp-2.6
2009-08-01 14:04 . 2009-08-01 14:04 -------- d-----w- c:\documents and settings\Roberto\.gegl-0.0
2009-08-01 14:03 . 2009-08-01 14:03 -------- d-----w- c:\programmi\GIMP-2.0
2009-08-01 13:29 . 2008-04-15 15:17 296960 -c----w- c:\windows\system32\dllcache\termsrv.dll
2009-07-31 12:46 . 2009-07-31 12:51 -------- d-----w- c:\programmi\Memory
2009-07-30 13:14 . 2009-07-30 13:13 100976 ------w- c:\windows\system32\UrlFilter.dll
2009-07-30 13:14 . 2009-07-30 13:13 96880 ------w- c:\windows\system32\KakaTool.dll
2009-07-30 13:14 . 2009-07-30 13:13 637592 ------w- c:\windows\system32\kmon.dll
2009-07-30 13:14 . 2009-07-30 13:13 15776 ------w- c:\windows\system32\kknative.exe
2009-07-30 10:41 . 2009-07-30 10:41 -------- d-----w- c:\programmi\TaskSwitchXP
2009-07-30 10:40 . 2009-07-30 10:34 42496 ----a-w- c:\windows\system32\XPize Logo.scr
2009-07-30 10:40 . 2009-07-30 10:34 1634304 ----a-w- c:\windows\system32\Windows XP 3D Flag.scr
2009-07-30 10:38 . 2009-07-30 10:38 -------- d-----w- c:\programmi\Anolis
2009-07-29 15:08 . 2009-07-29 15:08 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-29 15:08 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-29 15:08 . 2009-07-29 15:08 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-29 15:00 . 2009-08-08 22:54 117760 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-29 14:58 . 2009-08-08 21:08 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\vlc
2009-07-27 12:53 . 2009-07-27 12:53 -------- d-----w- c:\programmi\MyDefrag v4.1.1
2009-07-27 12:53 . 2009-07-25 15:00 95232 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-07-27 12:53 . 2009-07-25 15:00 854528 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-07-24 20:20 . 2009-07-24 20:41 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Skype
2009-07-21 19:03 . 2009-07-27 13:45 10 ----a-w- c:\windows\popcinfo.dat
2009-07-21 17:05 . 2009-07-21 17:05 -------- d-----w- c:\programmi\PopCap Games
2009-07-21 17:04 . 2009-07-21 17:06 -------- d-----w- c:\programmi\Zuma Deluxe
2009-07-20 08:43 . 2009-07-20 08:43 -------- d-----w- c:\windows\Downloaded Program Files
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 16:00 . 2009-01-12 10:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-08-15 15:58 . 2008-07-13 19:09 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\uTorrent
2009-08-13 06:07 . 2004-08-19 12:00 81240 ----a-w- c:\windows\system32\perfc010.dat
2009-08-13 06:07 . 2004-08-19 12:00 482458 ----a-w- c:\windows\system32\perfh010.dat
2009-08-12 19:03 . 2009-06-26 15:59 -------- d-----w- c:\programmi\COMODO
2009-08-12 10:58 . 2008-11-03 12:33 -------- d-----w- c:\programmi\Paragon Software
2009-08-11 17:14 . 2008-05-19 22:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-08 23:00 . 2008-05-20 16:57 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-08 22:51 . 2009-06-11 11:35 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-08 22:51 . 2009-07-14 10:15 3942048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-08 22:49 . 2008-05-19 22:18 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-06 18:25 . 2009-05-12 09:11 -------- d-----w- c:\programmi\Desktop Maestro
2009-08-05 08:59 . 2004-08-19 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-06-11 11:35 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-06-11 11:35 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 12:13 . 2008-08-14 20:31 -------- d-----w- c:\programmi\iolo
2009-08-01 07:34 . 2008-07-03 01:29 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-07-31 17:58 . 2008-05-19 20:54 59920 ----a-w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-31 14:29 . 2008-05-20 16:55 -------- d-----w- c:\programmi\Google
2009-07-31 13:43 . 2008-09-25 12:34 1 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-30 13:14 . 2009-06-20 15:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Rising
2009-07-30 10:41 . 2008-05-19 20:35 765440 ----a-w- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2009-07-30 10:41 . 2005-01-28 13:22 276992 ----a-w- c:\windows\system32\audiodev.dll
2009-07-30 10:41 . 2004-08-19 12:00 50176 ----a-w- c:\windows\system32\utilman.exe
2009-07-30 10:41 . 2004-08-19 12:00 2797568 ----a-w- c:\windows\system32\logonui.exe
2009-07-30 10:41 . 2004-08-19 12:00 203776 ----a-w- c:\windows\system32\tcpmonui.dll
2009-07-30 10:41 . 2004-08-19 12:00 541696 ----a-w- c:\windows\system32\sti_ci.dll
2009-07-30 10:41 . 2004-08-19 12:00 1265664 ----a-w- c:\windows\system32\rasdlg.dll
2009-07-30 10:41 . 2004-08-19 12:00 399360 ----a-w- c:\windows\system32\fsquirt.exe
2009-07-30 10:41 . 2004-08-19 12:00 201728 ----a-w- c:\windows\system32\mdminst.dll
2009-07-30 10:41 . 2004-08-19 12:00 221696 ----a-w- c:\windows\system32\fldrclnr.dll
2009-07-30 10:41 . 2004-08-19 12:00 808960 ----a-w- c:\windows\system32\dmdlgs.dll
2009-07-30 10:40 . 2004-08-19 12:00 794624 ----a-w- c:\windows\system32\sstext3d.scr
2009-07-30 10:40 . 2004-08-19 12:00 819200 ----a-w- c:\windows\system32\ss3dfo.scr
2009-07-30 10:40 . 2004-08-19 12:00 724992 ----a-w- c:\windows\system32\sspipes.scr
2009-07-30 10:40 . 2004-08-19 12:00 507904 ----a-w- c:\windows\system32\ssflwbox.scr
2009-07-30 10:40 . 2004-08-19 12:00 121856 ----a-w- c:\windows\system32\scrnsave.scr
2009-07-30 10:40 . 2008-05-19 20:34 20992 ----a-w- c:\windows\system32\write.exe
2009-07-30 10:40 . 2004-08-19 12:00 9202176 ----a-w- c:\windows\system32\wmploc.dll
2009-07-30 10:40 . 2005-08-30 03:55 2676736 ----a-w- c:\windows\system32\quartz.dll
2009-07-30 10:40 . 2004-08-19 12:00 388096 ----a-w- c:\windows\system32\msieftp.dll
2009-07-30 10:38 . 2004-08-19 12:00 1456128 ----a-w- c:\windows\system32\setupapi.dll
2009-07-29 15:07 . 2009-01-06 23:54 -------- d-----w- c:\programmi\TuneUp Utilities 2009
2009-07-29 14:59 . 2008-11-18 12:26 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-07-29 14:59 . 2008-07-21 15:15 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\SUPERAntiSpyware.com
2009-07-29 14:58 . 2009-05-26 07:34 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-07-26 17:41 . 2009-04-28 18:34 28600 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-25 11:12 . 2009-05-23 18:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-07-25 09:04 . 2009-05-09 19:11 -------- d-----w- c:\programmi\DivX
2009-07-24 23:12 . 2009-07-24 23:11 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-07-24 20:37 . 2008-05-24 11:05 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\skypePM
2009-07-24 20:19 . 2009-05-09 14:09 -------- d-----r- c:\programmi\Skype
2009-07-24 20:19 . 2008-05-24 11:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-07-24 09:42 . 2009-02-27 10:00 -------- d-----w- c:\programmi\Notepad++
2009-07-24 08:49 . 2008-10-18 18:12 -------- d-----w- c:\programmi\Ashampoo
2009-07-23 21:01 . 2008-07-26 08:54 -------- d-----w- c:\programmi\Safari
2009-07-17 19:01 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 14:43 . 2009-07-16 14:44 802644 ----a-w- c:\windows\Fonts\trashco_ttf_download_by_loosy.ttf
2009-07-16 14:43 . 2009-07-16 14:43 77996 ----a-w- c:\windows\Fonts\S_O_T_D_.TTF
2009-07-16 14:39 . 2009-07-16 14:40 40836 ----a-w- c:\windows\Fonts\Loveable_Scruff_by_gallow.ttf
2009-07-16 14:16 . 2009-07-16 14:16 24192 ----a-w- c:\windows\Fonts\Bobel_font_by_pitters.ttf
2009-07-16 14:09 . 2009-07-16 14:11 15348 ----a-w- c:\windows\Fonts\ABC___Font_Typeface_Version_2_by_MyFox.ttf
2009-07-16 14:08 . 2009-07-16 14:10 58160 ----a-r- c:\windows\Fonts\AB_Exp_by_III_wildcard_III.ttf
2009-07-16 13:36 . 2009-01-30 16:31 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-07-16 10:25 . 2009-07-16 14:33 69396 ----a-w- c:\windows\Fonts\duepuntozero_bold.ttf
2009-07-16 10:25 . 2009-07-16 14:33 71236 ----a-w- c:\windows\Fonts\duepuntozero.ttf
2009-07-15 11:25 . 2009-07-02 14:16 -------- d-----w- c:\programmi\a-squared Anti-Malware
2009-07-13 21:43 . 2004-08-19 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 16:30 . 2009-07-13 16:30 23558 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{BE82A2BE-FCD3-4C93-B727-6B2764433775}\_294823.exe
2009-07-13 16:30 . 2009-07-13 16:30 23558 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{BE82A2BE-FCD3-4C93-B727-6B2764433775}\_18be6784.exe
2009-07-13 16:30 . 2009-07-13 16:30 -------- d-----w- c:\programmi\Microsoft Calculator Plus
2009-07-13 12:24 . 2009-07-05 18:45 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-12 18:48 . 2009-06-03 18:42 -------- d-----w- c:\programmi\MessengerDiscovery 2
2009-07-12 18:31 . 2009-05-23 17:18 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-07-09 21:22 . 2009-07-16 15:03 24820 ----a-w- c:\windows\Fonts\MISO-LIG.OTF
2009-07-09 21:22 . 2009-07-16 15:03 24572 ----a-w- c:\windows\Fonts\MISO-BOL.OTF
2009-07-09 21:22 . 2009-07-16 15:03 60196 ----a-w- c:\windows\Fonts\miso-light.ttf
2009-07-09 21:22 . 2009-07-16 15:02 60860 ----a-w- c:\windows\Fonts\miso-bold.ttf
2009-07-09 21:22 . 2009-07-16 15:02 59328 ----a-w- c:\windows\Fonts\miso-regular.ttf
2009-07-09 21:22 . 2009-07-16 15:02 25024 ----a-w- c:\windows\Fonts\MISO____.OTF
2009-07-09 19:35 . 2009-06-04 14:26 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\MessengerDiscovery 2
2009-07-06 20:44 . 2009-07-07 15:59 937984 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-06 20:44 . 2009-07-07 15:59 65536 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-06 20:44 . 2009-07-07 15:59 106496 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-06 20:44 . 2009-07-07 15:59 103424 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-06 20:44 . 2009-07-07 15:59 4722688 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-06 20:44 . 2009-07-07 15:59 344064 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-05 18:45 . 2009-07-05 18:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-07-05 18:45 . 2009-07-05 18:45 -------- d-----w- c:\programmi\Avira
2009-07-05 09:03 . 2009-06-09 17:07 -------- d-----w- c:\programmi\Mozilla Firefox 3.5 Beta 4
2009-07-04 11:08 . 2008-05-19 20:43 -------- d-----w- c:\programmi\Java
2009-07-04 07:57 . 2008-09-25 17:17 -------- d-----w- c:\programmi\Rainlendar2
2009-07-04 07:56 . 2008-07-25 01:25 -------- d-----w- c:\programmi\Uniblue
2009-07-04 07:39 . 2009-07-04 07:39 -------- d-----w- c:\programmi\Glary Utilities
2009-07-03 11:52 . 2009-07-03 11:52 -------- d-----w- c:\programmi\WhoCrashed
2009-07-02 16:51 . 2008-06-30 00:44 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\IObit
2009-06-30 17:19 . 2009-07-02 13:16 106496 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Plugins\npcoolirisplugin.dll
2009-06-27 13:45 . 2009-06-27 13:31 -------- d-----w- c:\programmi\BOINC
2009-06-26 23:17 . 2009-05-05 14:48 2288640 ----a-w- c:\windows\system32\TUKernel.exe
2009-06-26 18:28 . 2009-06-26 16:01 1270256 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-06-23 23:12 . 2009-06-23 23:12 122880 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2005-09-02 23:53 663040 AF06731262917615B4DF9E0E88B7E436 c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2006-01-09 17:59 664576 B404779B16EB2CD8C574FB343D277521 c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll
[7] 2008-03-01 12:34 827392 93DB90BE4A10EC784DDC9C8601A28AA6 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 04:19 827392 FE184A2B736F216CCC22ABEEBB40787D c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 15:39 827904 BF9D17259082632F03F3FF5759C6AE32 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 8E694EC9DA095E518D9447B3293208EA c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 19:32 827904 F303CFED3D8B8348A54F7A53DDC7CCA0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2009-05-13 05:07 915456 4D9C680641CC367FEEFE308C6577E0CD c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 17:00 915456 D58780F07D0F5C83B3DB634BBB273D39 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2008-04-14 02:13 668672 663E74D98D2E67C1343D367388EDD711 c:\windows\ie7\wininet.dll
[7] 2008-03-01 12:58 826368 61D4F43D26EC9D21BEB6F38F22B396AB c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2007-08-13 16:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:15 826368 4B54220877703198E55F61CB7B87979E c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:57 817152 7AB81E00769B75B23A5FDCF8CAC76A88 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:04 826368 A4C79606C0D9835E8A5A8E5E5804AE60 c:\windows\ie8\wininet.dll
[7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2009-05-13 05:02 915456 F45D1DF0F6FD7AD945824CC9A0CE5597 c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-01-15 01:05 911872 203C05A174A45270A30CDD593092D91E c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-07-30 10:39 928768 D9E4AB4C746AB1C0CC966B28A76718B1 c:\windows\system32\wininet.dll
[7] 2009-07-03 16:55 915456 9A9F818B89CD92F1BAD393B525A16051 c:\windows\system32\dllcache\wininet.dll

[-] 2009-07-30 10:39 1800192 A4675F36090C3D748D21D8CD493D9966 c:\windows\explorer.exe
[-] 2008-04-14 02:14 978432 3D46C53CA961C49272037F98807537BD c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2008-04-14 02:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2009-07-30 10:38 30208 23DFF363C6203BE801C279F6FFEEB5DF c:\windows\system32\ctfmon.exe


[-] 2005-10-05 00:52 3015680 8A2B19DEE3D28C8BF0DD5F3454648AFB c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2006-02-01 02:52 3035648 F3701B305DBD8A6CD781AC4DA76FF23B c:\windows\$hf_mig$\KB912945\SP2QFE\mshtml.dll
[7] 2008-03-01 12:34 3593216 14154D51ED61852B3AD4845103302ECE c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2008-04-23 04:19 3593728 3B3A745E1C92A877C3F237ADFBA8348C c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-06-23 15:39 3594240 8E52FEC7D214C3B62871F8637F204114 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-08-26 09:08 3594752 FA61793E4E3F5C896C0728F350E30FAF c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-10-16 19:32 3595264 6EA04EE075C69345AB9B90C7A8740A04 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 06:27 3594752 C352D6D2EFC11942BA84B996BAFFB182 c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2009-05-13 05:07 5936128 A171E96E5830B6C269591415997C15C8 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 13:07 5938176 C1ABBFE345CC9557BAA8FBDC8B572D06 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2008-04-14 02:13 3066880 F543C74EB47E1C1DB9362BDFE06433EE c:\windows\ie7\mshtml.dll
[7] 2008-03-01 16:28 3591680 571EAAB1E810CE9595C67A0EC9AE6DCF c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2007-08-13 16:54 3578368 C6EC2493346ED8888A549F59210A8ED3 c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[7] 2008-06-24 08:15 3592192 080DEB244585EB5772F6E6DEA75B4380 c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-08-27 08:57 3866112 E01CD8C05F164938D9AB37A567E122A6 c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-10-17 00:34 3593216 6325783D4583E0EEBF26AA1286F26E70 c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-12-13 06:36 3593216 CA3BD4783DC7CA85E949EA6FF5906617 c:\windows\ie8\mshtml.dll
[7] 2009-03-08 02:41 5937152 D469A0EBA2EF5C6BEE8065B7E3196E5E c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[7] 2009-05-13 05:02 5936128 12AD3C143519BC4C0AA456F91B8330BD c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-01-15 01:13 5888512 42B04AFD48BE284B1615E890FC028CB3 c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2009-07-30 10:40 6023680 7E62EBBD5044B38F68721607745DA4D5 c:\windows\system32\mshtml.dll
[7] 2009-07-19 13:12 5937152 C977B8BD90795AB2AC79C364616C35CB c:\windows\system32\dllcache\mshtml.dll

[7] 2008-04-14 02:13 845824 C43124F63818E65CAFA49D3957C3CA67 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2009-07-30 10:39 860672 E8D99B2162A1779DA2C04BC1997A03FB c:\windows\system32\comres.dll

c:\windows\system32\appmgmts.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="c:\programmi\USB Safely Remove\USBSafelyRemove.exe" [2008-12-15 1100048]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-28 16248320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-07-30 30208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC654325-1273-C2A9-2B7C-45A29BCE2FBD}"= "c:\programmi\Stardock\Fences\DesktopDock.dll" [2009-02-04 513384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Dati applicazioni\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ninja.lnk]
backup=c:\windows\pss\ninja.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"filehippo.com"="c:\programmi\filehippo.com\UpdateChecker.exe" /background
"FreeRAM XP"="c:\programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"TuneUp MemOptimizer"="c:\programmi\TuneUp Utilities 2009\MemOptimizer.exe" autostart
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"DesktopMaestro"=c:\programmi\Desktop Maestro\deskmech.exe /H
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe"
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe"
"Google Update"="c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
"SUPERAntiSpyware"=c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
"AnVir Task Manager"="c:\programmi\AnVir Task Manager\AnVir.exe" Minimized
"F.lux"="c:\documents and settings\Roberto\Local Settings\Apps\F.lux\flux.exe" /noshow
"USB Safely Remove"=c:\programmi\USB Safely Remove\USBSafelyRemove.exe /startup
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe"
"TaskSwitchXP"=c:\programmi\TaskSwitchXP\TaskSwitchXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SmartDefrag"="c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
"mspwr"=c:\windows\system32\PuXpMan2.exe
"AppleSyncNotifier"=c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Device Detector"=DevDetect.exe -autorun
"flockbox"=c:\programmi\My Lockbox\flockbox.exe /a
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"
"Collegamento alla pagina delle proprietà di High Definition Audio"=HDAShCut.exe
"PWRISOVM.EXE"=c:\programmi\PowerISO\PWRISOVM.EXE
"RegistryMechanic"=c:\programmi\Registry Mechanic\RegMech.exe /QS
"AntiLogger"="c:\programmi\AntiLogger\AntiLogger.exe" /minimized
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"runeip"="c:\program files\Rising\AntiSpyware\rstray.exe" /startup
"ooccctrl.exe"=c:\programmi\OO Software\CleverCache\ooccctrl.exe /tasktray
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" /min

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9880:TCP"= 9880:TCP:*:Disabled:BitComet 9880 TCP
"9880:UDP"= 9880:UDP:*:Disabled:BitComet 9880 UDP
"24905:TCP"= 24905:TCP:*:Disabled:BitComet 24905 TCP
"24905:UDP"= 24905:UDP:*:Disabled:BitComet 24905 UDP

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [03/11/2008 14.34.26 40368]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/01/2009 10.20.52 64160]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [30/12/2008 4.19.36 17264]
R1 AntiLog32;AntiLog32;c:\programmi\AntiLogger\AntiLog32.sys [02/02/2009 19.45.53 108912]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [05/07/2009 20.45.07 97608]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [28/07/2009 10.53.16 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [28/07/2009 10.53.14 72944]
R2 AntiVirFirewallService;Avira Firewall;c:\programmi\Avira\AntiVir Desktop\avfwsvc.exe [05/07/2009 20.45.03 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [05/07/2009 20.45.03 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [05/07/2009 20.45.06 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [05/07/2009 20.45.04 434945]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [29/07/2009 17.08.06 604488]
R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\programmi\Uniblue\DiskRescue\UBDiskRescueSrv.exe [10/09/2008 17.22.32 229648]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\programmi\USB Safely Remove\USBSRService.exe [02/12/2008 3.51.08 208144]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [05/07/2009 20.45.07 69632]
R3 SbieDrv;SbieDrv;c:\programmi\Sandboxie\SbieDrv.sys [28/05/2009 15.32.24 108032]
S1 mchInjDrv;madCodeHook DLL injection driver;\??\c:\windows\system32\Drivers\mchInjDrv.sys --> c:\windows\system32\Drivers\mchInjDrv.sys [?]
S2 gupdate1c961f9cab9357a;Google Update Service (gupdate1c961f9cab9357a);c:\programmi\Google\Update\GoogleUpdate.exe [19/12/2008 18.49.41 133104]
S3 BioNT_BS;BioNT_BS;c:\programmi\Paragon Software\Total Defrag 2009\BlueScrn\biont_bs.sys [29/03/2009 14.32.57 18248]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [24/06/2009 1.11.47 30192]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [28/07/2009 10.53.16 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-15 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-07-04 09:50]

2009-08-15 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-20 12:56]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-162531612-725345543-1004Core.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-03 10:36]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-162531612-725345543-1004UA.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-03 10:36]

2009-07-19 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-03 07:22]

2009-05-04 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\programmi\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-yayxvsrR - yayxvsrR.dll


.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/firefox?client=fir ... T:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPAskSBr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 18:31
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="4D80CE41D48FA1059FFE1FEC9363086B5CD090E8062FA085EA75FEA56E0FF02A9B0408109B412DED8B011BFBBB3F699B58BA4A9BF5659AA4A2C5780355B2E7BEE7F25042860EC8F522EE8A09E62576603F59095BDCD02EDE61FE40E00717BDE6F9186A2FB8B1E8E4299B1638C2A718A6F2A67BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3DD4167A04F6122FE44E213CA51D36D5BD6F9C8DCC2B0EB1C3A7C1203E352B9ECCC3C6853AAF14DF885329C22DDA7B80571BCBFEB04048C9F5A563BB59C1E4C3F54FB3A4DBB9E7C67F721861F9A7829F751AE50742EECC41D2CD9311A52756096AE4386853770A0E6C6BD7036906E285BD1A7F0BF6FAF1B424DF309BCD8832F5BC7320079E0C2BC5C1FD41366FBCE96AA9CD9F92D56AC1A5091E927C8CCD5E724E71B0D950E0B05FC971A4AE93531B6908EAC3C8FB09FAF574510079B323F8CC58551DDF8DA333B0218E4442EF9BAA03F82D5B7E186610EEAB4437FA2A79CFB5669D903A13C6FC75B8A3D66DB5250398F2D3CAA6EFD228BE4B47698E6704E74258CA29AEACFC114BD402094DA647BF73409F69D95B691D73C1AD3AE379BBF6EC60E0F8273DC1A2B40EFE78A69A9BB33D7E5983D447037D0351CFC4D103DBE99288E78432BACF9B185274B7DDFC8064079FC9587533BF0DC4918894CE3665DE742B6D4882B1AA16C0E040CF80CC970C4269411E403381C076EBB7AAF9DE9C2B38F803316B3D9664DA4FC33A3B1D4817C8F3917ADEEFF04337A0C0FC92598855E6753B2068121C8B7A066466E216BA27542F118A9AA5F7F20CC18CF3FD97F6986F78B0EC1875884395C20DB76DF15F9205DB9A5EE525C664DBB5846CC59DF56521AC7FE1BBC16D7708152A84F50167E15D900EF952524FDBF5381B3716065BDEB192473AB7E5A0C88D62AD973BA548D2C5B54B5599244A5588D6429AC0FBBEDC3CFEACAA1862B98DCA630E309FD6BC57098A3C5C962A327E29F4F0CEB9447C693C98D9580ACE17CB442543032B22C394D69FC96FC90145B950CA248199B0B4C594DBFA5D5ED55AC166874CB487A39D6442DBE1E1D55F889DD8E05B529EAC4B640A1740C70D35E65E7E412A628411D2554378787B848BC0F504169957A8B4E76E45EE5E19AE3F6648BDD8E29915B0ABA5B50384F9C0647BBF761F6619BCDA783DD4DB8DC881D946D73D2C7FDD4FDDB64E57DC7F0C9AD785AE3901CF1505C32B612A290C3E6780B817756C8EA5EF8746F74CBCE7D6C56C74A73718623C4CA7F51F99F619DAE5BF3149C59D22DC5331717F1D2CC2F01B381DC64212B2F285550FEB5DB7F9ED283B6A61EF184E627EF39075338913E694679DDA0D705993C3AD73"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1596)
c:\windows\system32\SETUPAPI.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1676)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll

- - - - - - - > 'explorer.exe'(3692)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\programmi\RocketDock\RocketDock.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Stardock\Fences\DesktopDock.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\a-squared Anti-Malware\a2service.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\OO Software\CleverCache\ooccag.exe
c:\programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\programmi\Sandboxie\SbieSvc.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-15 18.37.09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-15 16:37

Pre-Run: 72.749.158.400 byte disponibili
Post-Run: 72.709.300.224 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /FASTDETECT /NOGUIBOOT /BOOTLOGO
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /FASTDETECT /TUTag=3QPKTG-BAK

520 --- E O F --- 2009-08-12 18:02
within the truth of evil and good there's more than you see
....much more than you should
Avatar utente
Roberto88
Bronze Member
Bronze Member
 
Messaggi: 968
Iscritto il: mar nov 11, 2008 11:17 pm

Re: Controllo log ComboFix

Messaggioda crazy.cat » sab ago 15, 2009 5:50 pm

Che problema hai?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Controllo log ComboFix

Messaggioda Roberto88 » dom ago 16, 2009 2:49 pm

allora, quando ho spento il pc mi è uscito il clasico blu screen, durato pochi secondi, (adesso ho installato whocrashed per maggiori info nel caso succedesse nuovamente)una volta riavviato nessun problema fino a quando non ho deciso di cambiare l'aspetto delle finestre, tutte le scritte nel pc sono diventate offuscate da un bianco intenso e mi diceva che non avevo l'autorizzazione per cambiare tema [sbigot], successivamente ho notato che sul pannello di controllo "installazione applicazioni" se cliccavo su cambia/rimuovi la voce del programma veniva eliminata dal menù ma effettivamente non veniva eseguita alcuna disinstallazione, ho provato a far partire qualche scansione ma ripeteva sempre lo stesso messaggio di errore sopra citato [boh]
ho utilizzato un punto di ripristino (creato durante l'installazione di OnlineArmor) e adesso tutto sembra risolto, la scansione con ComboFix l'ho eseguita quando il PC è stato ripristinato alla configurazione attuale
ha trovato nulla?
come si fa ad eliminare ComboFix dal PC?
within the truth of evil and good there's more than you see
....much more than you should
Avatar utente
Roberto88
Bronze Member
Bronze Member
 
Messaggi: 968
Iscritto il: mar nov 11, 2008 11:17 pm


Re: Controllo log ComboFix

Messaggioda ste_95 » dom ago 16, 2009 3:10 pm

Hai un driver maligno.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to delete:
c:\windows\system32\Drivers\mchInjDrv.sys


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger riporta un errore, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Controllo log ComboFix

Messaggioda crazy.cat » dom ago 16, 2009 4:03 pm

Roberto88 ha scritto:(creato durante l'installazione di OnlineArmor)

Io ieri ho tolto online armor dal mio pc fisso perché mi aveva bloccato la rete, non mi lasciva lanciare gli eseguibili e non potevo disinstallare niente.
Nessun virus presente nel mio pc, solo il firewall impazzito.
Adesso ho pc tools firewall.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Controllo log ComboFix

Messaggioda Roberto88 » dom ago 16, 2009 4:38 pm

@ ste

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "c:\windows\system32\Drivers\mchInjDrv.sys" not found!
Deletion of file "c:\windows\system32\Drivers\mchInjDrv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


@ crazy
Online Armor è un buon firewall (per quanto riguarda la sicurezza via web) ma di questi problemi ne ho sentiti molti... inizio a pensare che sia un po' sopravvalutato o che semplicemente nn venga tenuto conto di alcune cose che a "breve termine" come quando lo si usa per i test non emergono
within the truth of evil and good there's more than you see
....much more than you should
Avatar utente
Roberto88
Bronze Member
Bronze Member
 
Messaggi: 968
Iscritto il: mar nov 11, 2008 11:17 pm

Re: Controllo log ComboFix

Messaggioda ste_95 » dom ago 16, 2009 5:48 pm

Roberto88 ha scritto:@ ste

Falso allarme, non è stato trovato.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising