Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

troian Crypt.ZPACK.Gen con antivir

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

troian Crypt.ZPACK.Gen con antivir

Messaggioda m.lana » dom nov 22, 2009 4:27 pm

ciao a tutti, sono nuovo del forum.
chissà se qualcuno riesce ad aiutarmi con questo troian: mi è venuta l'idea perché la prima immagine dell'articolo "Vaccinare il proprio PC" qui su MegaLab mostra proprio la situazione in cui mi trovo: un rilevamento del troian Crypt.ZPACK.Gen (su cui mi sembra che non ci siano messaggi precedenti; se però si fosse già parlato altrove dell'eliminazione del troian vi ringrazio di indicarmelo).

ho winXP SP3, con tutti gli aggiornamenti a posto.
l'antivirus avir premium, regolarmente aggiornato, rileva il troian, ma non lo elimina.
cioè: periodicamente nel giro di un paio di secondi compaiono 3 messaggi identici di antivir, che indicano il rilevamento del troian suddetto nel file ../system32/tdlcmd.dll; nessuna delle possibilità proposte (vault, elimina, sovrascrivi, ecc.) elimina il virus. cioè: se scelgo elimina o sposta, andando in system32 il file tdlcmd.dll non c'è più; ma antivir continua a segnalare il troian (e in effetti il famigerato tdlcmd.dll è ricomparso in system32). (il ripristino di sistema è disattivato).

avete suggerimenti su come posso eliminare il troian?

se mi proponete di fare una scansione in modalità provvisoria, lì compare il secondo problema: quando dalla schermata nera di avvio ottenuta con F8 scelgo "modalità provvisoria" o "modalità provvisoria con rete" il computer dopo un inizio di modalità provvisoria (quella in cui scorrono i nomi dei driver sullo schermo nero) va all'avvio normale di windows, quello in cui c'è il logo colorato con la barretta che scorre. se scelgo "modalità con provvisoria con prompt dei comandi" invece riesco a entrare in modalità provvisoria (ma non so che farmene).

grazie dell'aiuto!
maurizio
Avatar utente
m.lana
Aficionado
Aficionado
 
Messaggi: 26
Iscritto il: dom dic 04, 2005 11:43 pm

Re: troian Crypt.ZPACK.Gen con antivir

Messaggioda crazy.cat » dom nov 22, 2009 5:08 pm

Vediamo il log della scansione di combofix tanto per iniziare.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: troian Crypt.ZPACK.Gen con antivir

Messaggioda m.lana » dom nov 22, 2009 6:43 pm

grazie crazy cat, sei stato rapidissimo.
allego qui il log di combofix, che ne ha fatte, di cose! deve aver proprio messo a posto molto, tanto che adesso riesco di nuovo ad andare in modalità provvisoria.
però aspetto il tuo parere, prima di pensare che il PC sia di nuovo sulla retta via.

ComboFix 09-11-21.03 - m.lana 22/11/2009 17.58.42.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1264 [GMT 1:00]
Eseguito da: c:\documents and settings\m.lana\Desktop\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {00000001-F11C-0012-A410-1300080015C0}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {00C100C0-00C2-00C3-C400-C500C600C700}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {7C80E9D1-0000-0000-1900-0000689BB000}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\nk.dat
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

La copia infetta di c:\windows\system32\drivers\atapi.sys è stata trovata e disinfettata
ipristinata copia da - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2009-10-22 al 2009-11-22 )))))))))))))))))))))))))))))))))))
.

2009-11-22 15:53 . 2009-11-22 15:56 -------- d-----w- c:\programmi\CCleaner
2009-11-21 14:20 . 2009-11-21 14:20 -------- d-----w- c:\documents and settings\m.lana\Impostazioni locali\Dati applicazioni\Threat Expert
2009-11-21 13:46 . 2009-11-22 17:13 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-21 13:46 . 2009-10-08 10:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-21 13:46 . 2009-10-08 10:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-21 13:46 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2009-11-21 13:46 . 2009-10-08 10:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-21 13:46 . 2009-10-08 10:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-21 13:46 . 2009-10-02 13:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-21 13:43 . 2009-09-24 07:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-21 13:43 . 2009-09-23 15:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-21 13:43 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-21 13:42 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-21 13:42 . 2009-11-21 13:46 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-11-21 13:42 . 2009-11-22 17:16 -------- d-----w- c:\programmi\Spyware Doctor
2009-11-21 13:42 . 2009-11-21 13:42 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\PC Tools
2009-11-21 13:42 . 2009-11-21 13:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-11-21 11:44 . 2009-11-21 11:44 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-21 11:40 . 2009-11-22 14:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-11-21 11:40 . 2009-11-21 11:40 -------- d-----w- c:\programmi\Lavasoft
2009-11-21 10:02 . 2009-11-21 10:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-21 10:02 . 2009-11-21 10:47 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-20 22:45 . 2009-11-20 22:45 -------- d-----w- c:\documents and settings\m.lana\Impostazioni locali\Dati applicazioni\PCHealth
2009-11-20 22:22 . 2009-11-20 22:22 -------- d-----w- c:\programmi\Resource Kit
2009-11-20 21:09 . 2009-11-20 21:09 -------- d-----w- c:\programmi\ToniArts
2009-11-20 20:56 . 2009-11-20 20:56 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\Uniblue
2009-11-19 16:34 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-17 21:13 . 2009-11-17 21:13 367104 ------w- C:\removaltool-win32-en(2).exe
2009-11-17 21:13 . 2009-11-17 21:12 367616 ------w- C:\removaltool-win32-en.exe
2009-11-16 22:29 . 2009-11-17 13:33 395296 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-16 22:29 . 2009-11-17 13:33 10528 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-16 18:16 . 2009-11-17 12:43 -------- d-----w- c:\programmi\File comuni\ParetoLogic
2009-11-16 18:16 . 2009-11-17 12:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic
2009-11-15 22:36 . 2009-11-15 22:36 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-11-15 22:36 . 2009-11-15 22:38 -------- d-----w- c:\programmi\DivX
2009-11-13 15:07 . 2009-11-13 15:07 -------- d-----w- C:\loesch
2009-11-12 18:13 . 2009-11-13 15:57 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\.oit
2009-11-12 18:08 . 2009-11-19 20:33 -------- d-----w- c:\programmi\X1
2009-11-12 16:59 . 2009-11-12 16:59 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2009-11-11 22:58 . 2009-11-11 22:58 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\EPSON
2009-11-11 22:49 . 2007-07-12 23:00 71680 ----a-w- c:\windows\system32\escwiad.dll
2009-11-11 00:15 . 2009-11-11 00:15 -------- d-----w- c:\programmi\WebCD
2009-11-05 00:11 . 2009-11-05 00:11 -------- d-----w- c:\programmi\Dnote Software
2009-11-04 21:29 . 2009-11-18 21:04 -------- d-----w- C:\symcache
2009-11-04 21:28 . 2009-11-04 21:28 -------- d-----w- c:\windows\sym
2009-11-04 21:20 . 2009-11-04 21:20 -------- d-----w- c:\programmi\Debugging Tools for Windows (x86)
2009-11-04 21:14 . 2009-11-04 21:14 -------- d-----w- c:\windows\system32\process explorer symbols
2009-11-04 11:47 . 2009-11-04 11:47 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_it[1].exe
2009-11-04 11:31 . 2009-11-04 11:31 152576 ----a-w- c:\documents and settings\m.lana\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-03 20:23 . 2009-11-03 20:23 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-11-01 08:10 . 2009-11-01 08:10 -------- d-----w- c:\programmi\iPod
2009-11-01 08:10 . 2009-11-01 08:12 -------- d-----w- c:\programmi\iTunes
2009-11-01 07:59 . 2009-11-01 07:59 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 07:32 . 2009-10-31 07:32 -------- d-----w- c:\documents and settings\m.lana\Impostazioni locali\Dati applicazioni\ATI
2009-10-31 07:32 . 2009-10-31 07:32 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\ATI
2009-10-31 07:32 . 2009-10-31 07:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ATI
2009-10-31 00:38 . 2009-10-31 00:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\createpart
2009-10-31 00:05 . 2009-10-31 00:02 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_1.8.10IT.exe
2009-10-31 00:04 . 2009-10-31 00:10 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-31 00:02 . 2009-10-31 00:02 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-10-31 00:02 . 2009-10-31 00:02 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-10-31 00:02 . 2009-10-31 00:02 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-10-30 23:11 . 2009-10-30 23:11 -------- d-----w- c:\documents and settings\m.lana\Impostazioni locali\Dati applicazioni\bluesoleil
2009-10-30 22:04 . 2008-07-08 16:55 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-10-30 22:04 . 2009-02-06 16:32 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2009-10-30 22:04 . 2009-02-06 16:32 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2009-10-30 22:04 . 2009-02-06 16:32 169256 ----a-w- c:\windows\system32\SynCOM.dll
2009-10-30 22:04 . 2009-02-06 16:33 205232 ----a-w- c:\windows\system32\drivers\SynTP.sys
2009-10-30 22:04 . 2008-04-13 17:51 53248 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2009-10-30 22:04 . 2008-04-13 17:47 23552 ----a-w- c:\windows\system32\drivers\mouclass.sys
2009-10-30 21:59 . 2005-07-14 11:14 27904 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2009-10-30 21:38 . 2008-01-07 13:36 2216064 ----a-r- c:\windows\system32\drivers\w29n51.sys
2009-10-30 21:38 . 2007-02-12 11:41 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2009-10-30 21:38 . 2007-02-12 11:40 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2009-10-30 21:37 . 2009-10-30 21:37 -------- d-----w- c:\programmi\File comuni\Intel
2009-10-30 20:32 . 2009-10-30 20:32 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Dati applicazioni\Intel
2009-10-30 20:32 . 2009-10-30 20:32 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Dati applicazioni\Intel
2009-10-30 16:08 . 2009-10-30 17:43 -------- d-----w- c:\windows\Tmp
2009-10-30 15:44 . 2009-10-30 15:41 185856 ----a-w- c:\windows\system32\framedyn.dll
2009-10-30 15:43 . 2009-10-30 15:41 5415 ----a-w- c:\windows\system32\Choice.com
2009-10-30 15:26 . 2009-10-30 15:26 -------- d-----w- c:\documents and settings\Administrator.INSPIRON6000\Dati applicazioni\Logitech
2009-10-30 15:23 . 2009-10-30 15:23 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft
2009-10-30 14:24 . 2009-02-25 14:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-10-30 13:52 . 2009-10-30 13:52 -------- d-----w- c:\programmi\Synaptics
2009-10-30 09:41 . 2009-10-30 09:41 -------- d-----w- c:\programmi\Driver-Soft
2009-10-30 08:54 . 2009-10-30 08:54 -------- d-----w- c:\programmi\XML Notepad 2007
2009-10-30 08:46 . 2009-11-19 23:59 -------- d-----w- c:\programmi\Paint.NET
2009-10-30 08:46 . 2009-11-20 00:00 -------- d-----w- c:\documents and settings\m.lana\Impostazioni locali\Dati applicazioni\Paint.NET
2009-10-28 19:48 . 2009-10-28 19:48 695787 ----a-w- c:\windows\system32\Kukuxumusu Kosmos.scr
2009-10-28 19:41 . 2009-10-28 19:41 495113 ----a-w- c:\windows\system32\Kukuxumusu Kaput.scr
2009-10-28 18:34 . 2009-10-28 18:34 859007 ----a-w- c:\windows\system32\Kukuxumusu Volare.scr
2009-10-28 18:31 . 2009-10-28 18:31 419516 ----a-w- c:\windows\system32\Kukuxumusu White season.scr
2009-10-28 18:28 . 2009-10-28 18:28 387414 ----a-w- c:\windows\system32\Kukuxumusu Dinner.scr
2009-10-28 18:27 . 2009-10-28 19:48 -------- d-----w- c:\programmi\Kukuxumusu
2009-10-28 18:27 . 2009-10-28 18:27 521925 ----a-w- c:\windows\system32\Kukuxumusu Terrific Gifts.scr
2009-10-28 18:27 . 2009-11-02 16:50 -------- d-----w- c:\documents and settings\m.lana\Impostazioni locali\Dati applicazioni\Axialis
2009-10-28 18:26 . 2009-10-28 18:26 341065 ----a-w- c:\windows\system32\Kukuxumusu Underwater.scr
2009-10-28 06:44 . 2009-10-28 06:44 518189 ----a-w- c:\windows\system32\Kukuxumusu Underwater2.scr
2009-10-27 19:55 . 2009-10-27 19:55 -------- d-----w- c:\documents and settings\m.lana\Impostazioni locali\Dati applicazioni\Identities
2009-10-27 19:54 . 2009-10-27 19:54 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\Windows Desktop Search
2009-10-25 19:23 . 2009-10-25 19:23 -------- d-----w- c:\documents and settings\m.lana\Impostazioni locali\Dati applicazioni\Broad Intelligence
2009-10-25 19:17 . 2009-10-25 19:23 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\Broad Intelligence
2009-10-25 19:16 . 2009-10-25 19:17 -------- d-----w- c:\programmi\MediaCoder Mobile Phone Edition
2009-10-24 20:47 . 2009-10-24 20:47 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\hpqLog
2009-10-24 20:44 . 2009-10-24 20:44 4 ----a-w- c:\windows\trcwin32.dat
2009-10-24 20:44 . 2009-10-24 20:44 -------- d-----w- c:\programmi\GDN Soft
2009-10-24 20:43 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe
2009-10-24 20:36 . 2009-10-24 20:36 -------- d--h--w- c:\windows\PIF
2009-10-24 15:48 . 2008-02-09 00:16 94848 ----a-w- c:\windows\system32\drivers\Gt50Ip.sys
2009-10-24 15:48 . 2008-02-09 00:16 5120 ----a-w- c:\windows\system32\drivers\GtFUsb.sys
2009-10-24 15:48 . 2008-02-09 00:16 34560 ----a-w- c:\windows\system32\drivers\gtuqbus.sys
2009-10-24 15:48 . 2008-02-09 00:16 196704 ----a-w- c:\windows\system32\GtDetectSc.exe
2009-10-24 15:48 . 2008-02-09 00:16 115840 ----a-w- c:\windows\system32\drivers\Gtm51Irp.sys
2009-10-24 15:48 . 2008-02-09 00:16 167680 ----a-w- c:\windows\system32\drivers\NWVNdis.sys
2009-10-24 15:48 . 2008-02-09 00:16 155264 ----a-w- c:\windows\system32\drivers\NWADIEnum.sys
2009-10-24 15:41 . 2009-11-16 18:16 -------- d-----w- c:\documents and settings\m.lana\Impostazioni locali\Dati applicazioni\Downloaded Installations
2009-10-23 20:28 . 2009-10-23 20:28 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\JGoodies
2009-10-23 20:28 . 2009-10-23 20:28 -------- d-----w- c:\programmi\JGoodies
2009-10-23 20:05 . 2007-02-21 17:56 49904 ----a-w- c:\windows\system32\drivers\BVRPMPR5.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 16:41 . 2009-07-16 00:42 -------- d-----w- c:\programmi\Everything
2009-11-20 23:23 . 2009-10-21 01:14 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2009-11-20 21:51 . 2009-07-17 17:25 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-20 21:51 . 2009-07-17 17:25 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-20 21:51 . 2009-07-17 17:25 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-20 21:51 . 2009-07-17 17:25 132808 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-20 21:09 . 2009-07-16 00:23 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-19 14:50 . 2009-09-24 17:46 -------- d-----w- c:\programmi\SystemRequirementsLab
2009-11-19 07:20 . 2009-10-05 16:07 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\vlc
2009-11-17 13:33 . 2009-11-16 22:29 5684 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-17 13:33 . 2009-11-16 22:29 2060 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-17 13:26 . 2009-07-17 14:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Mozilla Firefox
2009-11-15 22:38 . 2009-10-16 10:09 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-11-15 22:38 . 2009-10-09 17:21 -------- d-----w- c:\programmi\Eudora 8.0 Beta 7
2009-11-15 20:30 . 2009-09-22 13:54 -------- d-----w- c:\programmi\Unlocker
2009-11-11 22:44 . 2009-10-01 20:10 -------- d-----w- c:\programmi\epson
2009-11-11 22:43 . 2009-11-11 22:43 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\InstallShield
2009-11-11 22:19 . 2001-08-31 12:00 99096 ----a-w- c:\windows\system32\perfc010.dat
2009-11-11 22:19 . 2001-08-31 12:00 526814 ----a-w- c:\windows\system32\perfh010.dat
2009-11-10 06:43 . 2009-07-17 14:25 10799576 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Mozilla Firefox\xul.dll
2009-11-04 11:33 . 2009-09-14 13:34 -------- d-----w- c:\programmi\Java
2009-11-03 20:23 . 2009-07-16 15:04 -------- d-----w- c:\programmi\File comuni\Nokia
2009-11-03 20:23 . 2009-07-16 15:04 -------- d-----w- c:\programmi\Nokia
2009-11-03 20:14 . 2009-07-16 15:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-11-02 10:37 . 2009-07-16 14:17 72816 ----a-w- c:\documents and settings\m.lana\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-01 08:10 . 2009-07-16 22:00 -------- d-----w- c:\programmi\File comuni\Apple
2009-10-31 10:57 . 2009-09-14 14:56 -------- d-----w- c:\programmi\MSECACHE
2009-10-30 21:37 . 2009-07-16 00:21 -------- d-----w- c:\programmi\Intel
2009-10-30 21:16 . 2009-10-16 09:49 -------- d-----w- c:\programmi\File comuni\Logishrd
2009-10-30 21:13 . 2009-10-16 10:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2009-10-30 14:52 . 2009-07-16 14:22 -------- d-----w- c:\programmi\7-Zip
2009-10-30 14:26 . 2009-07-16 00:23 -------- d-----w- c:\programmi\ATI Technologies
2009-10-30 13:53 . 2009-10-30 13:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-10-30 06:51 . 2009-10-21 00:37 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdw.DAT
2009-10-29 08:50 . 2009-09-24 07:37 1 ----a-w- c:\documents and settings\m.lana\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-27 23:27 . 2009-10-07 21:16 -------- d-----w- c:\programmi\Sun
2009-10-25 20:52 . 2009-10-14 19:19 -------- d-----w- c:\programmi\Carambis
2009-10-24 15:47 . 2009-10-24 15:47 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\ICS
2009-10-24 14:48 . 2009-10-04 10:46 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\dvdcss
2009-10-22 17:14 . 2009-10-21 01:51 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2009-10-21 01:53 . 2009-10-21 00:38 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\Nikon
2009-10-21 01:52 . 2009-10-21 01:52 -------- d-----w- c:\programmi\File comuni\muvee Technologies
2009-10-21 01:52 . 2009-10-21 01:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nikon
2009-10-21 01:52 . 2009-07-16 17:06 -------- d-----w- c:\programmi\File comuni\Nikon
2009-10-21 01:52 . 2009-10-21 00:38 -------- d-----w- c:\programmi\Nikon
2009-10-21 01:51 . 2009-10-21 01:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Repeat Routines
2009-10-21 01:51 . 2009-10-21 00:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ultima_T15
2009-10-21 01:51 . 2009-10-21 00:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EnterNHelp
2009-10-21 01:51 . 2003-03-19 10:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-10-21 01:48 . 2009-10-21 01:48 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLck.DAT
2009-10-21 01:48 . 2009-10-21 01:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Guides
2009-10-21 01:48 . 2009-10-21 01:17 -------- d--h--r- c:\documents and settings\All Users\Dati applicazioni\Helper Scripts
2009-10-21 01:21 . 2009-07-16 16:18 49152 ----a-r- c:\documents and settings\m.lana\Dati applicazioni\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-10-21 00:55 . 2009-10-21 00:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Screen Savers
2009-10-21 00:40 . 2009-07-16 16:18 335872 ----a-r- c:\documents and settings\m.lana\Dati applicazioni\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-10-21 00:39 . 2009-07-16 16:18 57344 ----a-r- c:\documents and settings\m.lana\Dati applicazioni\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2009-10-21 00:32 . 2009-07-16 17:08 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-17 17:04 . 2009-10-17 17:04 -------- d-----w- c:\programmi\LexarMedia
2009-10-16 17:35 . 2009-10-16 09:47 -------- d-----w- c:\programmi\DellTPad
2009-10-16 17:33 . 2009-08-07 17:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skyline
2009-10-16 17:23 . 2009-10-16 17:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2009-10-16 17:23 . 2009-10-16 17:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-10-16 16:17 . 2009-10-16 16:17 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-16 15:10 . 2009-10-16 15:10 41984 ----a-w- c:\windows\system32\abll1.dll
2009-10-16 10:10 . 2009-10-16 10:10 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\Talkback
2009-10-16 10:00 . 2009-10-16 10:00 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\Leadertech
2009-10-16 09:58 . 2009-10-16 09:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-10-16 09:58 . 2009-10-16 09:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-10-16 09:58 . 2009-10-16 09:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-10-16 09:47 . 2009-10-16 09:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-10-14 21:30 . 2009-10-14 21:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2009-10-14 21:09 . 2009-10-14 21:09 -------- d-----w- c:\programmi\Broadcom
2009-10-14 20:12 . 2009-10-14 20:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Drivers HeadQuarters
2009-10-14 19:26 . 2009-10-14 19:26 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\Blitware
2009-10-14 13:58 . 2009-08-10 06:36 459960 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-10-11 18:06 . 2009-10-11 18:06 -------- d-----w- c:\programmi\PDF Password Remover v3.0
2009-10-11 03:17 . 2009-09-14 14:58 411368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Mozilla Firefox\plugins\npdeploytk.dll
2009-10-11 03:17 . 2009-07-16 14:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 12:37 . 2009-10-10 12:37 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\Stardock
2009-10-10 01:57 . 2009-10-10 01:56 1856647 ----a-w- c:\documents and settings\m.lana\Dati applicazioni\Thunderbird\Profiles\wgrqp58o.default\Mail\Local Folders\old.sbd\computershopper.com
2009-10-09 23:53 . 2009-10-09 23:52 1882767 ----a-w- c:\documents and settings\m.lana\Dati applicazioni\Thunderbird\Profiles\wgrqp58o.default\Mail\Local Folders\liste.sbd\computershopper.com
2009-10-09 20:47 . 2009-10-09 20:47 -------- d-----w- c:\programmi\iXi Tools
2009-10-09 12:01 . 2009-07-30 12:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2009-10-09 11:51 . 2009-10-09 11:51 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\RelevantReach
2009-10-09 11:50 . 2009-10-09 11:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-10-09 11:50 . 2009-07-23 22:41 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\ScanSoft
2009-10-09 11:50 . 2009-10-09 11:50 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2009-10-09 11:50 . 2009-07-16 00:23 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-10-09 11:48 . 2009-10-09 11:48 -------- d-----w- c:\programmi\ScanSoft
2009-10-09 11:44 . 2009-10-08 05:28 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\GetRightToGo
2009-10-06 05:40 . 2009-10-06 05:40 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\Downloaded Installations
2009-10-05 19:04 . 2009-10-05 19:04 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\Unity
2009-10-05 17:22 . 2009-10-05 17:22 -------- d-----w- c:\programmi\Unity
2009-10-05 13:59 . 2009-10-05 13:59 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\Nitro PDF
2009-10-05 13:59 . 2009-10-05 13:59 -------- d-----w- c:\programmi\Nitro PDF
2009-10-05 13:59 . 2009-10-05 13:59 -------- d-----w- c:\programmi\File comuni\Nitro PDF
2009-10-05 13:59 . 2009-10-05 13:59 -------- d-----w- c:\programmi\File comuni\BCL Technologies
2009-10-05 13:59 . 2009-10-05 13:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nitro PDF
2009-10-05 13:54 . 2009-07-17 20:30 -------- d-----w- c:\programmi\Secunia
2009-10-05 13:54 . 2009-10-05 13:22 -------- d-----w- c:\documents and settings\m.lana\Dati applicazioni\Secunia CSI
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2009-06-23 05:23 111872 ----a-w- c:\programmi\OO Software\DiskImage\oodishi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-06-23 745472]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everything"="c:\programmi\Everything\Everything.exe" [2009-03-17 604672]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"DrvIcon"="c:\programmi\vista drive icon\drvicon.exe" [2008-04-13 49152]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"Apoint"="c:\programmi\DellTPad\Apoint.exe" [2009-03-10 233472]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"OODITRAY.EXE"="c:\programmi\OO Software\DiskImage\OODITRAY.EXE" [2009-06-23 1893632]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-04 417792]
"Dimension4"="c:\programmi\D4\D4.exe" [2004-02-03 200704]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2009-11-20 1800464]
"IntelWireless"="c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 1202448]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpybotSnD"="c:\programmi\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-13 110592]

c:\documents and settings\m.lana\Menu Avvio\Programmi\Esecuzione automatica\
Secunia PSI.lnk - c:\programmi\Secunia\PSI\psi.exe [2009-6-24 803176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [07/01/2009 23.39.36 20744]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [10/08/2009 1.27.21 40560]
R0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\drivers\oodisr.sys [23/06/2009 6.26.28 95752]
R0 oodisrh;oodisrh;c:\windows\system32\drivers\oodisrh.sys [23/06/2009 6.26.30 28680]
R0 oodivd;O&O DiskImage VirtualDisk Driver;c:\windows\system32\drivers\oodivd.sys [23/06/2009 6.26.32 163336]
R0 oodivdh;oodivdh;c:\windows\system32\drivers\oodivdh.sys [23/06/2009 6.26.34 31240]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [21/11/2009 14.43.04 207280]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [17/07/2009 18.25.21 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [17/07/2009 18.25.21 25160]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [07/10/2009 22.17.13 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [07/10/2009 22.17.00 41424]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [27/10/2008 17.03.46 759072]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe [16/07/2009 16.14.03 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\programmi\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [16/07/2009 16.14.04 258305]
R2 AVEService;Servizio assistenza di Avira AntiVir Premium MailGuard;c:\programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe [16/07/2009 16.14.03 41217]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\Spyware Doctor\BDT\BDTUpdateService.exe [21/11/2009 14.46.16 112592]
R2 GtDetectSc;GtDetectSc;c:\programmi\Option\GlobeTrotter Connect\GtDetectSc.exe [30/04/2008 16.52.36 200704]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [21/08/2009 0.02.22 6656]
R2 O&O DiskImage;O&O DiskImage;c:\programmi\OO Software\DiskImage\oodiag.exe [23/06/2009 6.22.58 2295040]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [21/11/2009 14.42.18 358600]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [29/08/2007 13.55.16 20352]
R3 VBoxMouse;VirtualBox Guest Mouse Service;c:\windows\system32\drivers\VBoxMouse.sys [02/10/2009 10.04.40 39888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [02/10/2009 11.25.34 103568]
S1 VBoxSF;VirtualBox Shared Folders;c:\windows\system32\drivers\VBoxSF.sys [02/10/2009 10.04.48 195472]
S2 VBoxService;VirtualBox Guest Additions Service;system32\VBoxService.exe --> system32\VBoxService.exe [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [07/12/2008 12.44.54 29192]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [13/11/2007 14.50.40 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [09/10/2007 11.53.16 51968]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys --> c:\windows\system32\Drivers\IvtBtBus.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16/07/2009 16.04.18 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16/07/2009 16.04.18 8320]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 13.20.34 12648]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [07/10/2009 22.17.10 94992]
S4 dblhost;Diginext DBL Hosting Service;c:\programmi\Diginext\IQonn\dblhost.exe --> c:\programmi\Diginext\IQonn\dblhost.exe [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\programmi\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-22 c:\windows\Tasks\User_Feed_Synchronization-{BAC06AD9-0703-4D49-BB7D-22823E232914}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
LSP: avsda.dll
Trusted Zone: comindwork.com\digiliblt
Trusted Zone: unipmn.it\mail.rettorato
Trusted Zone: unipmn.it\moodle.lett
TCP: {40A01D8F-A60F-441B-9494-944AC094D602} = 193.206.62.100,193.206.52.33
FF - ProfilePath - c:\documents and settings\m.lana\Dati applicazioni\Mozilla\Firefox\Profiles\3bc46gag.default\
FF - plugin: c:\documents and settings\m.lana\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\documents and settings\All Users\Dati applicazioni\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 18:14
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="9D2A1C00F404D1DD69CC8BD3F004ECD453205E7F740C29976338D048366648E0D790C39EB892CEC2B0F6F0F0589179A743433A4A6291D910E06D7F4553DDF4360F5F8FC783A6F6EDCC299B9B829172E1E6F946C6F0A13899E3EDBCC0ECEA35527429E26F9596E6A9FDC6087D1537DE95B091B973C16DD2A72D9519AECA5CBF2EB876459D786E1F158823D651786B2725954BEDE13FD8990482314596763230971343626DF4EB8423B387CE6BD7C897480DDE60B897FB664CAD0619133DA20630BFFE0B129C805E994BB25630A39EE30C94F3B3B1BAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC79335D575E7D6A3B9808D5DAA24B02061AEF1C33F62438DFE14E442F578428ACB8D8B7F88D39E5C560D8D42E915835B98C1F01A83F1A0ED7BDD90D4DE23AE04AF40C6CED8AF53ABF348134BB36082AA64FE677CC4EC984F68AE2652AE854680E0DC33F79E4B6239820C39E24D1BD580DBFD00927A84AFEB47CF0D159D438AEC92AAAD4D68B533C1CE089736D7561A6D250A86F262532D1B1D8D10B4F62CE14F386AE00A440A61439470344FE085E7280847D1B1CEE20C72D7A98FCE6218572A7F0824CE5188E3085B7A2D7A544248D4376252F3C07339F0F4F9748DFF64F13A44E1B7683FCED88B7299F28903A273C6BD2B583A240108A60D86AC25A9CA1364D93347048AD2B072BA9766555CADDB76EDC0DA3C9C3602E4EAE6BF25F1FF40EA84E4ADEE43AB10E61D764706C2F45ACE4E74BCE958C5025ACFA3F96D75E4841E09CA09BE90A6FF0FC69ED6131EE5D3D8BDDD378C969907D707B489E91901C6B47B1BCB3CFD557F7C6A45901E5EBA77D433CCEC711FE563A3382B02E40BC771C4B55696AF22B60DE2A68B2CEACD7ADF69114A89978C5D84FB2F5659E7AC0635585E2B3B313ED8455B623C7FC0F38F9A59E0B91FDF088562851D0987C394DEC8E3148EE395151437FA0DAAC727AE91DFB3959FC3550E70F221522BD87DBE525332D8AB1D9B6601EF540A5B9C93D1AA95F4FCC24B94F56C68F270A8F36A466A3227B40D4252FF81D44913087508D4B3826784782360C9DC5B6574089AEB978812DC494F6E109CC496BB3BC768A0256E420EABD588A8757DA51948F6E4FA51EDB9D5147F90A77E0B2DC6A1DAAAD19E4CD8D86B9AA482774558EF6D443A7D62C542D92AB05C91390EA831F3C09A4B1F417224A57C0B9B4380A8D388250FBA0CB120A9AA78003D68789BADB14BF0D115AE888DAC8A6595EBBD1E6B4202246B7F73C599FB79C4CA149A9D0D1B53ABA5E3BEE5D8253AC55B3E809A4F0478CB137848130FB6B4A6DB62BE70CD3C4AF35A71358B1AD506793AB8190C29026211F9E93141AB065BFE53ED5"
"OODI03.00.00.01PRO"="48CE433766F6795CA8112A7560BF57034A7296CB25D654F789B24ED5A10B35DABA3AF39BE36072451847755E0EA8E0C6C4F4F649DD77EAB9D7915566435760E0FAC13FE505D94C5B99F3D03B7B735F60A1A64600D32A6FD1CC7A452FE68B79A0031928319E0347F6C7E9642B706B0FBBBB157AB1DF06B3E2A3D77ABA96AF10108E2995678B6ECC8280AF421F37D1CED83205EAF4DC9AB3215EC9B5E15F3C53B9210DD04BA72465FDE57CDBDD9C58244D69FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933A9C6AECB7A5D1407629DF78210B2317460F47DE08BE0A6E612A07D6C795546F678AAC87DED022906484BA7D842D973B11ED3AFAA317FCF4D051BED08C379C16FC8865E898A85C8921D96B3EE2DE74DC20F0CF45AC961DF5E4A985C8E18A14FDFAFA61B4DEF55853F37A356BB11BFB5E125690BD53EE3E31691ADADF6AEC2AF2437852672C4A1F2E91DF61B381FE73A0C869B83087186FDB4BD5296BD35F4B6DCA007FD2623BB3CB30C7C63E17E8B77058C3545DFB5ECDE3BE3E4A263CC75CE6EDDEFEF179798A0817502633ACA79A151C42E09CFD4DE527250A231698A26750198E7A1FB27D2F17DFB39A3C71424013C6FE1DDCE8948B26501B173D8778ABB00AAFE098B45A71513FA3A8294DBA46ED30490235704B9EFE2281B72BC8FCBC51C2425F204DCF985F4FB7E2FAC1A335CE9AB5B91E667E58FFDAB49862545B7CEC8C8AF7EA5CBCED1174164AFA13830CB93434CB0034E26298D270E6025FDBD233F0ED8A034E3509BB3BE2E5B8A979D54ADDBCC5FAF42F4692DE99E02D510F3A3FBA33D20F8EBCC1AC69D82DF010AA22253BBAD4EF7457490BC7392C1D04B93463DE45E19C09DB61792B86B3FA1D50B74E9DBA0056BC865F15E7DE4CB3870F89408E7A1FA5C2722EF1BA3D7CA0FB7451E156ABE5B9B37B1767970F71DAC32A32A2573D18A20294B97AA201BAEEEDCE205BE4A0301A06C651CB8EC8F0A583C3BB9A0821ADDE4BB0D154EA7E8E6E96A1DA6178DCC7694362F6F0C43D338E5AA8688C9C50D6387686C8156E6DDC22DF54D118E80DE12155BE41826FA51A3058D73EFB59FA0D7E72B0D8B59BDF7E76C8AF268DC9F61FD46137C4D7E4FF799696B92DCBCA7AC516AF83A762EC119CF5CA7B0E27A1D5F364D8712DAD0AC1DBECB3C9850F92B7036F8B5E19674BA88C6B63FCDCC27DC480E565BE6A01B387887E56EDE604DA70B42003D15D78B25EFECB83B340563FA6F2B10A0DD94214627C07760E1B55C5184076FDB093899B2DCB824F2F37EF6420C87AB617FBD69632888C5E9C28D8E10C466BC5499C90845C3F0BEB73FC06BB63AF0DF18F638404C6150185346B910FE9998DF5DC3B1"
"OODI04.00.00.01PRO"="43B629EEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D14075D575E7D6A3B98080E63BB2E136786A13F48B227A20407FB21DE9BC8119E13A581BA4210B9831B599D6E0D7B96FB28D4AEEDCB1E6EBB8FC1BE05D0CB51E2F525D26063D3EE86A9E4E422F54D35D6BE56A88A36EDBB488BE3A62A6B778E54673DA42C1B3135C4C19ADFAC0F74961887920D9D9BC02B6AD3F53FBCBF6F7C767AC8021E8C667325D5BF5CBC6866FA26705613A696E570A9F56F42AF157A63927B0949B8CBD1284C0FFC800882BD33A920D3C02D3551D04D342CBC7929851F306822AD85E1F86329C75FC246D438A70FEE23743A7A1829E603E992942B20A1A1731EB40E4C854CEA8FD9EFB5C7B7CF0969BD5E5B5D7569C68C4DF600BFFDECF884E63A637B451B85A94127163A423C8A4F0203214A4A9283AEDEF4BD7DF69A0CB4CEED1854A61E320F4EDBABFD018ECE15323C231F96BD76F907EA5571875777D288CF4531C0B46CE91F573FD9C2FCD1E37436F92E0495BE349889509ACF611BE1AE3906DDCA54739A34339E07F9515598D371C3C0DA59BDD7C4D6BEEE128F18983B54799B2388CB3375601833BAEADD43BF43A18F8CDB9A11A22DB1D4B748D6DF901F4320496DBFFDA8228302C0BA35A808D33ACA2A85BE422FB942A84D0902D8726C0C93E33358F37D91368768C7E84064203695EAD15881C87E083B006189D30964FD133B2068C584988FCE35ABC8B770F9C285AA4EDA96B351A3CFA6761F58E080CA303B8D01563479EED6CA96EAEF288492A8671F7A8016DAB71E387EBB206A8F236F7568FD3DE4C5388F75C828FB70395BFA44FB316F7C9BE953CEC8999A79B4C14A1FB1F8C6D4E4D5DF221A1EA50D6456F088AF40CAD562658E2D33B76A47E7E0AC90FED1F1A415B323E273AC69AAA841F09E9AA5AAF4D6D96335B259E5EFF13F79C67BAEF159E3C1A5ECD37A7657785D57952EABDD92F178DAEF4F8516F371A304E260F62E5E37F5A91A4CF0B2839EF0F021F25963C90177F088A608BB38DB5117A982D5C3FEC4C7E46985BB36083646031682FD7398A792954F676FC883F4186D05C53D02ED19B4037DB7CCCD1E3029C3F00FABF663D909AC38570F63835A44B90023DEE9BF933D2199B1D8F9E4526CDD51D9B80A72629C8E5A4D7EE5C8782CA14DA83535ED69655129D6596EDDB46670F73A3F006FDE148673B5975EC613A5BBBF77FBCE56A03698B91C8B936F456E8ECD1C1D5E6BC0B95461127A1057BF0D17D24432573A953C727D8B7008E44365BFDBFE745C594DDCADA8F40BF136EBC1B4A0591C9FBEF8094D4B45CC1AEBC3297DD2742CE90F20503972096EAE02532808EC92C2B16DCD30881B79AA5018AF233904"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\IWPDGINA.DLL
c:\programmi\Intel\WiFi\bin\LangResources\ITA\SsoGnITA.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1508)
c:\windows\system32\avsda.dll

- - - - - - - > 'explorer.exe'(4656)
c:\windows\system32\WININET.dll
c:\programmi\Spyware Doctor\pctgmhk.dll
c:\programmi\Unlocker\UnlockerHook.dll
c:\programmi\OO Software\DiskImage\oodishi.dll
c:\programmi\OO Software\DiskImage\oodishrs.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\system32\OLEPRO32.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\VBoxMRXNP.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\WiFi\bin\S24EvMon.exe
c:\programmi\Avira\AntiVir PersonalEdition Premium\sched.exe
c:\programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe
c:\programmi\Juniper Networks\Common Files\dsNcService.exe
c:\programmi\Intel\WiFi\bin\EvtEng.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\oodag.exe
c:\programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
c:\programmi\Spyware Doctor\pctsSvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\programmi\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\programmi\DellTPad\ApMsgFwd.exe
c:\programmi\DellTPad\HidFind.exe
c:\programmi\DellTPad\Apntex.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-22 18:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-22 17:25

Pre-Run: 79.202.164.736 byte disponibili
Post-Run: 79.201.869.824 byte disponibili

- - End Of File - - FF3EA82F1B3B1E9E9ECE7E7E1E424609

grazie!
maurizio
Avatar utente
m.lana
Aficionado
Aficionado
 
Messaggi: 26
Iscritto il: dom dic 04, 2005 11:43 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Google [Bot] e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising