Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
virus TR/PSW.Lmir.UMK.1 Trojan
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
uomodeighiacci
Dio minore
Dio minore


Registrato: 01/01/09 20:29
Messaggi: 769
MessaggioInviato: 01 Gen 2009 22:41    Oggetto: virus TR/PSW.Lmir.UMK.1 Trojan Rispondi citando
Ciao a tutti. Spero possiate aiutarmi.
Ho un pò da dire, cercherò di essere sintetico.

Allora io ho win xp service pack 2 ed all'inizio avg 7.5, il firewall di windows e spybot s&d 1.6 con SDHelper e TeaTimer disattivati. Ora ho avira antivir.

il danno
lo spybot aveva trovato una minaccia chiamata -drive cleaner 2006-, senza farci troppo caso l'ho eliminata e ho chiuso il programma. II giorno dopo l'ho trovata ancora così, facendo qualche prova, ho visto che si rigenerava ogni volta che la cancellavo (anche se ero disconnesso). Ad un certo punto un avviso mi dice di esegure scan disk perchè c'è una cartella danneggiata, lo faccio e trovo molti file di sistema danneggiati. Al riavvio diversi programmi funzionano solo in parte o non funzionano e compaiono alcuni avvisi di file che non è stato possibile caricare o in cui si sono verificati errori..

Ho fatto la scansione con tutto ciò che era noto all'uomo..
combofix ha eliminato c:\windows\system32\_000110_.tmp.dll
MCS Trojan Remover 2008 ha eliminato un trojan in c:\windows\ ma non c'è alcun log
poi ho installato kaspersky ma non ha trovato nulla di rilevante
Dato che spybot s&d 1.6 era l'unico programma a rilevare -drive cleaner 2006- ho dovuto disinstallare kaspersky (sono incompatibili) per fare un controllo, ma drive cleaner 2006 c'era ancora.
Ho installato avira antivir che ha trovato molti file infetti da TR/PSW.Lmir.UMK.1 Trojan, diversi altri ne ha eliminati una nuova scansione di combifix.

Il sistema ora fa schifo e dubito di poterlo recuperare ma aspetto a formattare perchè ho alcune domande:

quando ancora non sapevo di aver preso il virus ho collegato un disco esterno con l'autoplay inserito, il virus passa sui dischi rimovibili?
Come verifico che i miei dati siano puliti dal momento che inizialmente nessun antivirus lo rilevava (e anche ora ho seri dubbi di averlo eliminato del tutto)? Non vorrei che dopo aver formattato, il virus ripassi al sistema operativo dai miei dati.
La descrizione dello spybot è -DriveCleaner 2006 is spread by a trojan horse and pretends to be a registry cleanup utility-
così mi chiedo: il trojan che ho preso è direttamente collegato a DriveCleaner 2006 o è stata l'infezzione di DriveCleaner 2006 a facilitare l'ingresso ne mio compiuter di un altro trojan?

Grazie a chiunque mi da una mano.
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 01 Gen 2009 22:53    Oggetto: Re: virus TR/PSW.Lmir.UMK.1 Trojan Rispondi citando
uomodeighiacci ha scritto:
Ho fatto la scansione con tutto ciò che era noto all'uomo..
combofix ha eliminato c:\windows\system32\_000110_.tmp.dll

eccetera
Hai i log delle varie scansioni che hai fatto?
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 01 Gen 2009 23:00    Oggetto: Re: virus TR/PSW.Lmir.UMK.1 Trojan Rispondi citando
uomodeighiacci ha scritto:
così mi chiedo: il trojan che ho preso è direttamente collegato a DriveCleaner 2006 o è stata l'infezzione di DriveCleaner 2006 a facilitare l'ingresso ne mio compiuter di un altro trojan?
Dalla descrizione che tu hai riportato
uomodeighiacci ha scritto:
La descrizione dello spybot è -DriveCleaner 2006 is spread by a trojan horse and pretends to be a registry cleanup utility-
cioè "DriveCleaner 2006 è diffuso da un trojan horse e finge di essere un'utility di pulizia del registro

c'è un trojan horse che favorisce la diffusione di DriveCleaner 2006 (probabilmente proprio facendoti comparire quei messaggi d'errore che vedi, in modo da indurti ad installare DriveCleaner 2006

e a sua volta DriveCleaner 2006 è un trojan horse (programma che si finge una cosa -un'utility di pulizia del registro- mentre è dell'altro -un malware . Per caso ti propone insitentemente di comprare la versione completa del programma? - )


Ma tu DriveCleaner 2006 l'hai installato?
(prima di trovare per la prima volta la minaccia DriveCleaner 2006 con Spybot S&D?)

Attualmente è installato?
Top
Profilo Invia messaggio privato
uomodeighiacci
Dio minore
Dio minore


Registrato: 01/01/09 20:29
Messaggi: 769
MessaggioInviato: 02 Gen 2009 11:19    Oggetto: Rispondi citando
La prima cosa in assoluto che ho notato è stata la segnalazione dello spybot.
I messaggi che mi avvisavano di comprare DriveCleaner 2006 non li ho mai visti perchè uso firefox 1.5 con gmail notifier e le fineste popo-up sono disabilitate per predefinito.
Non l'avrei installato comunque.

ecco i log, li ho fatti prima di iscrivermi e non ho seguito tutte le regole scritte nel forum.. ci sono un sacco di prog inutili che ho installato per le scansioni e che ormai ho tolto

primo log di combofix

ComboFix 08-12-30.02 - utentep 2008-12-31 17.27.47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.511.178 [GMT 1:00]
Eseguito da: c:\documents and settings\utentep\Documenti\My Completed Downloads\ComboFix2.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000110_.tmp.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-11-28 al 2008-12-31 )))))))))))))))))))))))))))))))))))
.

2008-12-31 17:21 . 2008-12-31 17:21 <DIR> d-------- c:\programmi\MCS Studios
2008-12-31 17:21 . 2005-12-14 22:16 237,568 --a------ c:\windows\system32\mcstabs.ocx
2008-12-31 17:21 . 2000-05-22 17:58 115,920 --a------ c:\windows\system32\msinet.ocx
2008-12-31 17:21 . 2000-07-15 00:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2008-12-31 17:21 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2008-12-31 15:03 . 2008-12-31 15:03 <DIR> d-------- c:\programmi\ShellSearch
2008-12-31 15:03 . 1998-10-14 20:41 27,648 --a------ c:\windows\system32\SSubTmr.dll
2008-12-31 14:55 . 2008-12-31 16:14 <DIR> d-------- c:\programmi\Google
2008-12-31 14:48 . 2008-12-31 14:49 2,560 --a------ c:\windows\system32\drivers\mchInjDrv.sys
2008-12-31 14:47 . 2008-12-31 14:50 <DIR> d-------- c:\programmi\Enigma Software Group
2008-12-30 21:29 . 2008-12-30 21:30 2,957 --a------ c:\windows\system32\x_dtrace_log
2008-12-30 21:29 . 2008-12-30 21:29 14 --a------ c:\windows\system32\getfile.dat
2008-12-30 21:05 . 2008-12-31 17:16 2,375 --a------ c:\windows\system32\BIN_STRSBW.SPT
2008-12-30 20:50 . 2008-12-30 20:50 <DIR> d-------- c:\programmi\Kaspersky Lab
2008-12-30 20:50 . 2008-12-31 17:33 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2008-12-30 20:50 . 2008-12-31 17:33 1,250,848 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-30 20:50 . 2008-12-31 17:31 204,832 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-30 20:50 . 2008-12-30 20:50 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-12-30 20:50 . 2008-12-30 20:50 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-12-30 20:50 . 2008-12-31 17:33 10,852 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-30 20:50 . 2008-12-31 17:31 1,780 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-30 20:45 . 2008-12-30 20:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-12-30 20:41 . 2008-12-31 16:17 <DIR> d-------- c:\programmi\Spyware Terminator
2008-12-30 20:41 . 2008-12-31 16:58 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\Spyware Terminator
2008-12-30 20:41 . 2008-12-30 21:07 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2008-12-30 20:41 . 2008-12-30 20:41 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-30 20:35 . 2008-12-30 21:12 <DIR> d-------- c:\programmi\Trojan Remover
2008-12-30 20:15 . 2008-12-30 20:15 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\Malwarebytes
2008-12-30 20:15 . 2008-12-30 20:15 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-30 18:00 . 2008-12-30 18:00 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Macrium
2008-12-30 17:56 . 2008-12-30 17:56 <DIR> d-------- c:\programmi\Macrium
2008-12-30 16:47 . 2008-12-30 16:47 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\PCToolsFirewallPlus
2008-12-30 16:45 . 2008-12-30 18:16 <DIR> d-------- c:\programmi\File comuni\PC Tools
2008-12-30 16:45 . 2008-12-11 12:32 132,976 --a------ c:\windows\system32\drivers\PCTCore.sys
2008-12-30 16:45 . 2008-12-11 12:32 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2008-12-30 16:38 . 2006-08-11 21:09 108,032 --a------ c:\windows\system32\FASTFwLib.dll
2008-12-30 15:14 . 2008-12-30 16:37 <DIR> d-------- c:\programmi\Sunbelt Software
2008-12-30 14:46 . 2008-12-31 11:15 <DIR> d-------- c:\programmi\File comuni\Softwin
2008-12-30 11:51 . 2008-12-30 11:51 <DIR> d-------- c:\programmi\File comuni\Adobe
2008-12-30 11:51 . 2008-12-30 11:51 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\AdobeUM
2008-12-30 11:33 . 2008-12-30 11:33 754 --a------ c:\windows\WORDPAD.INI
2008-12-30 10:23 . 2008-12-30 10:23 <DIR> d-------- c:\programmi\CountDown
2008-12-30 10:23 . 2003-08-22 12:12 3,156,496 --a------ c:\windows\_UninstallCountDown.exe
2008-12-29 17:37 . 2008-12-29 20:36 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-29 17:36 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2008-12-29 17:36 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-29 17:32 . 2008-08-14 14:42 2,184,064 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-29 17:32 . 2008-08-14 14:42 2,139,648 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-29 17:32 . 2008-08-14 14:42 2,061,440 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-29 17:32 . 2008-08-14 14:42 2,019,328 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-29 14:57 . 2008-12-29 14:57 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\Apple Computer
2008-12-29 14:56 . 2008-12-29 14:56 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-29 14:56 . 2008-12-29 14:56 1,409 --a------ c:\windows\QTFont.for
2008-12-29 11:54 . 2008-12-29 11:54 <DIR> d-------- c:\programmi\Xesc & Technology
2008-12-29 11:53 . 2008-12-29 11:53 <DIR> d-------- c:\programmi\SONY
2008-12-29 11:50 . 2008-12-29 21:14 <DIR> d-------- C:\VEXPLITE
2008-12-29 11:50 . 2008-08-30 12:11 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2008-12-29 11:48 . 2008-12-29 11:48 <DIR> d-------- c:\programmi\VDOWNLOADER
2008-12-29 11:48 . 2008-12-29 11:48 <DIR> d-------- C:\DriveKey
2008-12-29 11:47 . 2008-12-29 11:47 <DIR> d-------- c:\programmi\QuickZip
2008-12-29 11:46 . 2008-12-29 11:46 <DIR> d-------- c:\programmi\Smart Projects
2008-12-29 11:45 . 2008-12-29 11:45 <DIR> d-------- c:\programmi\Drive Rescue
2008-12-29 11:45 . 2008-12-29 11:45 <DIR> d-------- c:\programmi\bobyte
2008-12-29 10:34 . 2008-12-29 12:27 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\Ulead Systems
2008-12-29 10:30 . 2008-12-29 10:30 <DIR> d-------- c:\programmi\File comuni\Fellowes
2008-12-29 10:26 . 2008-12-29 10:26 <DIR> d-------- c:\programmi\Pinnacle
2008-12-29 10:26 . 2008-12-29 10:26 1,816,779 --a------ c:\windows\Recorder.reg
2008-12-29 10:26 . 2008-12-29 10:26 2,423 --a------ c:\windows\NewRecorder.reg
2008-12-29 10:22 . 2008-12-29 10:22 <DIR> d-------- c:\programmi\File comuni\Ulead Systems
2008-12-29 10:22 . 2008-12-29 12:27 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2008-12-29 10:20 . 2008-12-29 10:22 <DIR> d-------- c:\programmi\Ulead Systems
2008-12-29 09:02 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-28 21:33 . 2008-12-29 11:07 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\dvdcss
2008-12-28 20:58 . 2008-12-28 21:19 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\vlc
2008-12-28 17:22 . 2008-12-28 17:22 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\GlarySoft
2008-12-28 16:54 . 2008-12-28 16:54 <DIR> d-------- c:\programmi\Roxio
2008-12-28 16:54 . 2008-12-28 16:54 <DIR> d-------- c:\programmi\File comuni\Adaptec Shared
2008-12-28 16:54 . 2008-12-28 16:54 61,424 --a------ c:\windows\system32\drivers\cdr4_xp.sys
2008-12-28 16:54 . 2008-12-28 16:54 57,344 --a------ c:\windows\uneng.exe
2008-12-28 16:54 . 2008-12-28 16:54 23,436 --a------ c:\windows\system32\drivers\cdralw2k.sys
2008-12-28 16:53 . 1997-06-02 15:16 108,032 --------- c:\windows\system32\sh33w32.dll
2008-12-28 16:50 . 2008-12-28 16:50 <DIR> d-------- c:\programmi\WexTech
2008-12-28 16:50 . 2008-12-28 16:50 <DIR> d-------- c:\programmi\File comuni\WexTech Shared
2008-12-28 16:50 . 2008-12-28 16:50 <DIR> d-------- c:\programmi\File comuni\LHSPF
2008-12-28 16:50 . 2008-12-28 16:50 <DIR> d-------- c:\documents and settings\utentep\WINDOWS
2008-12-28 16:50 . 1998-08-04 11:22 111,616 --a------ c:\windows\system32\Ltih30tb.dll
2008-12-28 16:50 . 2008-12-28 16:50 557 --a------ c:\windows\system32\mapisvc.inf
2008-12-28 16:49 . 2008-12-28 16:49 <DIR> d-------- c:\programmi\Borland
2008-12-28 16:48 . 2008-12-28 17:14 <DIR> d-------- c:\windows\Corel
2008-12-28 16:48 . 2008-12-28 16:52 <DIR> d-------- c:\programmi\Corel
2008-12-28 16:44 . 2008-12-28 16:44 <DIR> d-------- c:\programmi\GLScene
2008-12-28 16:30 . 2008-12-31 16:06 32 --a------ c:\windows\DxPlayer.INI
2008-12-28 15:57 . 2008-12-29 21:41 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-28 15:57 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-12-28 15:36 . 2008-12-28 15:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2008-12-28 15:09 . 2008-12-28 15:09 13,646 --a------ c:\windows\system32\wpa.bak
2008-12-28 15:03 . 2008-12-28 15:03 0 --a------ c:\windows\nsreg.dat
2008-12-28 15:02 . 2008-12-28 15:02 81,920 --a------ c:\windows\system32\W32N50.DLL
2008-12-28 15:02 . 2008-12-28 15:02 17,134 --a------ c:\windows\system32\PCANDIS5.SYS
2008-12-28 15:02 . 2008-12-28 15:02 15,781 --a------ c:\windows\system32\drivers\mdc8021x.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 16:32 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-30 19:47 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-12-30 19:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-30 19:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Grisoft
2008-12-30 19:43 --------- d-----w c:\programmi\DAP
2008-12-30 19:21 107,134 ----a-w c:\windows\UninstallFirefox.exe
2008-12-30 18:08 --------- d-----w c:\documents and settings\utentep\Dati applicazioni\AVG7
2008-12-29 10:53 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-28 14:57 --------- d-----w c:\documents and settings\utentep\Dati applicazioni\OpenOffice.org2
2008-12-28 13:58 --------- d-----w c:\programmi\ICQ6.5
2008-12-28 13:53 --------- d-----w c:\programmi\Microsoft.NET
2008-12-28 13:48 --------- d-----w c:\programmi\VideoLAN
2008-12-28 13:48 --------- d-----w c:\programmi\USB 2.0 Flash Drive Utility
2008-12-28 13:48 --------- d-----w c:\programmi\File comuni\InstallShield
2008-12-28 13:47 --------- d-----w c:\programmi\QuickTime
2008-12-28 13:47 --------- d-----w c:\programmi\Apple Software Update
2008-12-28 13:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-28 13:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2008-12-28 13:46 --------- d-----w c:\programmi\OpenOffice.org 2.1
2008-12-28 13:44 --------- d-----w c:\programmi\Sure Delete
2008-12-28 13:44 --------- d-----w c:\programmi\ScanSoft
2008-12-28 13:42 --------- d-----w c:\programmi\CCleaner
2008-12-28 13:41 --------- d-----w c:\programmi\GustoSoft
2008-12-28 13:39 --------- d-----w c:\documents and settings\utentep\Dati applicazioni\ICQ
2008-12-28 13:36 --------- d-----w c:\programmi\Glary Utilities
2008-12-28 13:34 --------- d-----w c:\documents and settings\LocalService\Dati applicazioni\AVG7
2008-12-28 12:55 --------- d-----w c:\programmi\microsoft frontpage
2008-12-28 12:54 --------- d-----w c:\programmi\Servizi in linea
2008-12-30 19:21 60,518 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2008-12-30 19:21 49,248 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2008-12-30 19:21 165,992 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Glary Memory Optimizer"="c:\programmi\Glary Utilities\memdefrag.exe" [2008-12-01 89600]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-14 3784704]
"DownloadAccelerator"="c:\programmi\DAP\DAP.EXE" [2008-12-28 3364616]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2007-06-29 286720]
"TSE_PLUtil"="c:\programmi\USB 2.0 Flash Drive Utility\PLBkMon.exe" [2004-09-15 94208]
"PLFFAP"="c:\windows\system32\HotfixQ0306270.exe" [2003-08-05 45056]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2008-10-16 249856]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-12-30 2267136]
"nwiz"="nwiz.exe" [2004-05-14 c:\windows\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2002-07-29 c:\windows\mHotkey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\utentep\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a CountDown.lnk - c:\programmi\CountDown\CountDown.exe [2008-12-30 3156496]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
CorelCENTRAL - Avvisi.LNK - c:\programmi\Corel\WordPerfect Office 2000\programs\alarm.exe [2008-12-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
-ra------ 2004-05-14 06:41 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ledpointer"=CNYHKey.exe
"SoundMan"=SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2008-05-20 15328]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [2008-12-29 40960]
R0 VOBID;VOBID;c:\windows\system32\DRIVERS\vobid.sys [2003-08-01 29239]
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-30 142592]
R2 PCTAppEvent;PCTAppEvent Driver;\??\c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-30 73840]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [2008-08-06 216032]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\viritsvc.exe [2007-10-10 57344]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S1 pctgntdi;pctgntdi;\??\c:\windows\system32\drivers\pctgntdi.sys []
S3 pctplfw;pctplfw;\??\c:\windows\system32\drivers\pctplfw.sys []
S3 PLFF;USB Flash Disk Driver;c:\windows\system32\Drivers\PLFF.sys [2008-12-28 7424]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-31 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2008-12-01 09:38]
.
.
------- Supplementare di scansione -------
.
uStart Page = about:blank
IE: &Clean Traces - c:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

O16 -: 
FF - ProfilePath - c:\documents and settings\utentep\Dati applicazioni\Mozilla\Firefox\Profiles\i7cfic1h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\programmi\DAP\DAPFireFox\components\DAPFireFox.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("general.useragent.contentlocale", "chrome://navigator-region/locale/region.properties");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("accessibility.typeaheadfind.soundURL", "default");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.warnOnCloseOther", true);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadGroup", 1);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadOnNewTab", 0);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("browser.windows.loadOnNewWindow", 1);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.HTMLDocument.close.get", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.HTMLDocument.open.get", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Location.reload.get", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.Components", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("dom.disable_window_open_feature.resizable", false);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections", 24);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections-per-server", 8);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-server", 2);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-proxy", 4);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.http.accept.default", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.dns.ipv4OnlyDomains", ".doubleclick.net");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.standard-url.encode-utf8", false);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.image.warnAboutImages", false);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.proxy.autoconfig_url", "");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3p", "ffffaaaa");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("ime.password.onFocus.dontCare", false);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("ime.password.onBlur.dontCare", false);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("ui.key.generalAccessKey", 18);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("dom.max_script_run_time", 5);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.enable_ssl2", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_128", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_128", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_ede3_192", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_64", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_40", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_40", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_fips_des_sha", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_des_sha", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_rc4_56_sha", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_des_cbc_sha", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc4_40_md5", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc2_40_md5", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_rsa_des_sha", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_dss_des_sha", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.default_personal_cert", "Select Automatically");
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_entering_secure", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_leaving_secure", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_submit_insecure", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.OCSP.enabled", 0);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ui.enable", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("startup.homepage_override_url","chrome://browser-region/locale/region.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.skin", "chrome://mozapps/content/extensions/extensions.xul?type=themes");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.chrome", "chrome://mozapps/content/extensions/extensions.xul?type=extensions");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.skin", "Extension:Manager-themes");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.chrome", "Extension:Manager-extensions");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url.manual", "http://www.mozilla.org/products/firefox/");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url.details", "chrome://browser-region/locale/region.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.nagTimer.download", 86400);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.nagTimer.restart", 1800);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.url", "chrome://mozapps/locale/extensions/extensions.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("keyword.URL", "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage", "resource:/browserconfig.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.defaulturl", "chrome://browser-region/locale/region.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.1", "chrome://branding/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.2", "chrome://branding/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo", "chrome://branding/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.basic.min_ver", "0.0");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.link.open_newwindow", 2);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.tabs.opentabfor.urlbar", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.enabled", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.autoload", 1); // 0 = Always, 1 = After first use, 2 = Never
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.provider", "http://www-rl.netscape.com/wtgn?");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.disabledForDomains", "");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.goBrowsing.enabled", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_open_feature.location", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_flip", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.trim_user_and_password", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.history", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.formdata", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.passwords", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.downloads", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.cookies", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.cache", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.siteprefs", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.sessions", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.enableForCurrentSessionOnly", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.denyRemovedCookies", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.throbber.url","chrome://browser-region/locale/region.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("alerts.height", 50);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("signon.SignonFileName", "signons.txt");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_entering_secure.show_once", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_leaving_secure.show_once", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_submit_insecure.show_once", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.display.screen_resolution", 96);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 17:32:46
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-1614895754-1229272821-725345543-1004
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-1614895754-1229272821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1614895754-1229272821-725345543-1004
@Allowed: (Full) (S-1-5-21-1614895754-1229272821-725345543-1004)
@Allowed: (Full) (S-1-5-21-1614895754-1229272821-725345543-1004)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-1614895754-1229272821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*NULL*]
@Owner=S-1-5-21-1614895754-1229272821-725345543-1004
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1614895754-1229272821-725345543-1004
@Allowed: (Full) (S-1-2-0)
@Allowed: (Read) (Users)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (S-1-5-21-1614895754-1229272821-725345543-1004)
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-31 17:36:00 - macchina è stato riavviato [utentep]
ComboFix-quarantined-files.txt 2008-12-31 16:35:34

Pre-Run: 70.441.459.712 byte disponibili
Post-Run: 70,371,287,040 byte disponibili

386 --- E O F --- 2008-12-30 14:16:11
Top
Profilo Invia messaggio privato
uomodeighiacci
Dio minore
Dio minore


Registrato: 01/01/09 20:29
Messaggi: 769
MessaggioInviato: 02 Gen 2009 11:21    Oggetto: Rispondi citando
log di avira


Avira AntiVir Personal
Report file date: mercoledì 31 dicembre 2008 21:37

Scanning for 1138943 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: UTENTEP-F73F538

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 20:28:59
ANTIVIR2.VDF : 7.1.1.34 2048 Bytes 24/12/2008 20:28:59
ANTIVIR3.VDF : 7.1.1.57 277504 Bytes 31/12/2008 20:29:01
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 31/12/2008 20:29:13
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 31/12/2008 20:29:12
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 31/12/2008 20:29:11
AEHELP.DLL : 8.1.2.0 119159 Bytes 31/12/2008 20:29:04
AEGEN.DLL : 8.1.1.8 323956 Bytes 31/12/2008 20:29:04
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 31/12/2008 20:29:02
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercoledì 31 dicembre 2008 21:37

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SpybotSD.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Integrator.exe' - '1' Module(s) have been scanned
Scan process 'CountDown.exe' - '1' Module(s) have been scanned
Scan process 'alarm.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'memdefrag.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned
Scan process 'mHotkey.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
Scan process 'ReflectService.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\utentep\desktop\SaRa 28 dic in poi\da 23 dic\Linguaggio_di_programmazione_Java.htm
[DETECTION] Is the TR/PSW.Lmir.UMK.1 Trojan
[NOTE] The file was moved to '49c9d8aa.qua'!
C:\Documents and Settings\utentep\desktop\virus4\SmitfraudFix.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\Agent.OMZ.Fix.exe
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '49c4d8c0.qua'!
C:\Documents and Settings\utentep\desktop\virus4\SmitfraudFix\Agent.OMZ.Fix.exe
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '49c0d8c2.qua'!
C:\Documents and Settings\utentep\Documenti\My Completed Downloads\vecchi\install_flash_player.exe
[0] Archive type: NSIS
--> [UnknownDir]/NPSWF32_FlashUtil.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\utentep\Documenti\My Completed Downloads\vecchi\street.zip
[0] Archive type: ZIP
--> street.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.MJ.5 back-door program
[NOTE] The file was moved to '49cdd8ef.qua'!
C:\Documents and Settings\utentep\Documenti\Video\musica\Frou_Frou-_Breathe_In.flv
[DETECTION] Is the TR/PSW.Lmir.UMK.1 Trojan
[NOTE] The file was moved to '49cad983.qua'!
C:\Programmi\Corel\WordPerfect Office 2000\programs\ps90.dll
[DETECTION] Is the TR/PSW.Lmir.UMK.1 Trojan
[NOTE] The file was moved to '4994d9b5.qua'!
C:\Programmi\Corel\WordPerfect Office 2000\programs\tools\PR_WP.WCM
[DETECTION] Is the TR/PSW.Lmir.UMK.1 Trojan
[NOTE] The file was moved to '49bad99d.qua'!
C:\Programmi\SpicyTools\NCTVideoView.dll
[DETECTION] Is the TR/PSW.Lmir.UMK.1 Trojan
[NOTE] The file was moved to '49afdaa9.qua'!
C:\Programmi\SpicyTools\RMBin\tools\rnvideocodec.dll
[DETECTION] Is the TR/PSW.Lmir.UMK.1 Trojan
[NOTE] The file was moved to '49d1dadb.qua'!
C:\Programmi\Ulead Systems\Ulead DVD PictureShow 2 SE Basic\uExifLib.dll
[DETECTION] Is the TR/PSW.Lmir.UMK.1 Trojan
[NOTE] The file was moved to '49d3dae9.qua'!
C:\WINDOWS\SoftwareDistribution\Download\8dab4f2c899f11c2863dff51dfb836e7\wmadmoe.dll
[DETECTION] Is the TR/PSW.Lmir.UMK.1 Trojan
[NOTE] The file was moved to '49bcdcb7.qua'!
C:\WINDOWS\system32\c_949.nls
[DETECTION] Is the TR/PSW.Lmir.UMK.1 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4bc14e12.qua'!


End of the scan: mercoledì 31 dicembre 2008 21:58
Used time: 20:28 Minute(s)

The scan has been done completely.

3283 Scanning directories
158332 Files were scanned
12 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
12 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
158318 Files not concerned
1947 Archives were scanned
4 Warnings
12 Notes
Top
Profilo Invia messaggio privato
uomodeighiacci
Dio minore
Dio minore


Registrato: 01/01/09 20:29
Messaggi: 769
MessaggioInviato: 02 Gen 2009 11:22    Oggetto: Rispondi citando
secondo e ultimo log di combofix

ComboFix 08-12-31.01 - utentep 2009-01-01 11.11.19.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.511.348 [GMT 1:00]
Eseguito da: c:\documents and settings\utentep\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVG


((((((((((((((((((((((((( Files Creati Da 2008-12-01 al 2009-01-01 )))))))))))))))))))))))))))))))))))
.

2008-12-31 21:23 . 2008-12-31 21:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MailFrontier
2008-12-31 21:23 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2008-12-31 21:23 . 2008-12-31 21:24 4,212 ---h----- c:\windows\system32\zllictbl.dat
2008-12-31 21:22 . 2008-12-31 21:34 <DIR> d-------- c:\windows\Internet Logs
2008-12-31 21:13 . 2008-12-31 21:13 <DIR> d-------- c:\programmi\Avira
2008-12-31 21:13 . 2008-12-31 21:13 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2008-12-31 20:27 . 2008-12-31 20:28 <DIR> d-------- c:\programmi\SpicyTools Video Converter 1.0
2008-12-31 20:27 . 2008-12-31 21:47 <DIR> d-------- c:\programmi\SpicyTools
2008-12-31 18:44 . 2008-12-31 18:44 <DIR> d-------- c:\programmi\AVG
2008-12-31 18:44 . 2008-12-31 21:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2008-12-31 17:21 . 2008-12-31 17:21 <DIR> d-------- c:\programmi\MCS Studios
2008-12-31 17:21 . 2005-12-14 22:16 237,568 --a------ c:\windows\system32\mcstabs.ocx
2008-12-31 17:21 . 2000-05-22 17:58 115,920 --a------ c:\windows\system32\msinet.ocx
2008-12-31 17:21 . 2000-07-15 00:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2008-12-31 17:21 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2008-12-31 15:03 . 2008-12-31 15:03 <DIR> d-------- c:\programmi\ShellSearch
2008-12-31 15:03 . 1998-10-14 20:41 27,648 --a------ c:\windows\system32\SSubTmr.dll
2008-12-31 14:55 . 2008-12-31 16:14 <DIR> d-------- c:\programmi\Google
2008-12-31 14:47 . 2008-12-31 14:50 <DIR> d-------- c:\programmi\Enigma Software Group
2008-12-30 21:29 . 2008-12-30 21:30 2,957 --a------ c:\windows\system32\x_dtrace_log
2008-12-30 21:29 . 2008-12-30 21:29 14 --a------ c:\windows\system32\getfile.dat
2008-12-30 21:05 . 2008-12-31 21:48 380 --a------ c:\windows\system32\BIN_STRSBW.SPT
2008-12-30 20:50 . 2008-12-30 20:50 <DIR> d-------- c:\programmi\Kaspersky Lab
2008-12-30 20:45 . 2008-12-30 20:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-12-30 20:41 . 2008-12-31 18:00 <DIR> d-------- c:\programmi\Spyware Terminator
2008-12-30 20:41 . 2008-12-31 17:50 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\Spyware Terminator
2008-12-30 20:41 . 2008-12-31 18:00 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2008-12-30 20:41 . 2008-12-30 20:41 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-30 20:35 . 2008-12-30 21:12 <DIR> d-------- c:\programmi\Trojan Remover
2008-12-30 20:15 . 2008-12-30 20:15 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\Malwarebytes
2008-12-30 20:15 . 2008-12-30 20:15 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-30 18:00 . 2008-12-30 18:00 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Macrium
2008-12-30 17:56 . 2008-12-30 17:56 <DIR> d-------- c:\programmi\Macrium
2008-12-30 16:47 . 2008-12-30 16:47 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\PCToolsFirewallPlus
2008-12-30 16:45 . 2008-12-30 18:16 <DIR> d-------- c:\programmi\File comuni\PC Tools
2008-12-30 16:45 . 2008-12-11 12:32 132,976 --a------ c:\windows\system32\drivers\PCTCore.sys
2008-12-30 16:45 . 2008-12-11 12:32 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2008-12-30 16:38 . 2006-08-11 21:09 108,032 --a------ c:\windows\system32\FASTFwLib.dll
2008-12-30 15:14 . 2008-12-30 16:37 <DIR> d-------- c:\programmi\Sunbelt Software
2008-12-30 14:46 . 2008-12-31 11:15 <DIR> d-------- c:\programmi\File comuni\Softwin
2008-12-30 11:51 . 2008-12-30 11:51 <DIR> d-------- c:\programmi\File comuni\Adobe
2008-12-30 11:51 . 2008-12-30 11:51 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\AdobeUM
2008-12-30 11:33 . 2008-12-30 11:33 754 --a------ c:\windows\WORDPAD.INI
2008-12-30 10:23 . 2008-12-30 10:23 <DIR> d-------- c:\programmi\CountDown
2008-12-30 10:23 . 2003-08-22 12:12 3,156,496 --a------ c:\windows\_UninstallCountDown.exe
2008-12-29 17:37 . 2008-12-29 20:36 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-29 17:36 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2008-12-29 17:36 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-29 17:32 . 2008-08-14 14:42 2,184,064 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-29 17:32 . 2008-08-14 14:42 2,139,648 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-29 17:32 . 2008-08-14 14:42 2,061,440 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-29 17:32 . 2008-08-14 14:42 2,019,328 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-29 14:57 . 2008-12-29 14:57 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\Apple Computer
2008-12-29 14:56 . 2008-12-29 14:56 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-29 14:56 . 2008-12-29 14:56 1,409 --a------ c:\windows\QTFont.for
2008-12-29 11:54 . 2008-12-29 11:54 <DIR> d-------- c:\programmi\Xesc & Technology
2008-12-29 11:53 . 2008-12-29 11:53 <DIR> d-------- c:\programmi\SONY
2008-12-29 11:50 . 2008-12-31 21:15 <DIR> d-------- C:\VEXPLITE
2008-12-29 11:50 . 2008-08-30 12:11 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2008-12-29 11:48 . 2008-12-29 11:48 <DIR> d-------- c:\programmi\VDOWNLOADER
2008-12-29 11:48 . 2008-12-29 11:48 <DIR> d-------- C:\DriveKey
2008-12-29 11:47 . 2008-12-29 11:47 <DIR> d-------- c:\programmi\QuickZip
2008-12-29 11:46 . 2008-12-29 11:46 <DIR> d-------- c:\programmi\Smart Projects
2008-12-29 11:45 . 2008-12-29 11:45 <DIR> d-------- c:\programmi\Drive Rescue
2008-12-29 11:45 . 2008-12-29 11:45 <DIR> d-------- c:\programmi\bobyte
2008-12-29 10:34 . 2008-12-29 12:27 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\Ulead Systems
2008-12-29 10:30 . 2008-12-29 10:30 <DIR> d-------- c:\programmi\File comuni\Fellowes
2008-12-29 10:26 . 2008-12-29 10:26 <DIR> d-------- c:\programmi\Pinnacle
2008-12-29 10:26 . 2008-12-29 10:26 1,816,779 --a------ c:\windows\Recorder.reg
2008-12-29 10:26 . 2008-12-29 10:26 2,423 --a------ c:\windows\NewRecorder.reg
2008-12-29 10:22 . 2008-12-29 10:22 <DIR> d-------- c:\programmi\File comuni\Ulead Systems
2008-12-29 10:22 . 2008-12-29 12:27 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2008-12-29 10:20 . 2008-12-29 10:22 <DIR> d-------- c:\programmi\Ulead Systems
2008-12-29 09:02 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-28 21:33 . 2008-12-29 11:07 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\dvdcss
2008-12-28 17:22 . 2008-12-28 17:22 <DIR> d-------- c:\documents and settings\utentep\Dati applicazioni\GlarySoft
2008-12-28 16:54 . 2008-12-28 16:54 <DIR> d-------- c:\programmi\Roxio
2008-12-28 16:54 . 2008-12-28 16:54 <DIR> d-------- c:\programmi\File comuni\Adaptec Shared
2008-12-28 16:54 . 2008-12-28 16:54 61,424 --a------ c:\windows\system32\drivers\cdr4_xp.sys
2008-12-28 16:54 . 2008-12-28 16:54 57,344 --a------ c:\windows\uneng.exe
2008-12-28 16:54 . 2008-12-28 16:54 23,436 --a------ c:\windows\system32\drivers\cdralw2k.sys
2008-12-28 16:53 . 1997-06-02 15:16 108,032 --------- c:\windows\system32\sh33w32.dll
2008-12-28 16:50 . 2008-12-28 16:50 <DIR> d-------- c:\programmi\WexTech
2008-12-28 16:50 . 2008-12-28 16:50 <DIR> d-------- c:\programmi\File comuni\WexTech Shared
2008-12-28 16:50 . 2008-12-28 16:50 <DIR> d-------- c:\programmi\File comuni\LHSPF
2008-12-28 16:50 . 2008-12-28 16:50 <DIR> d-------- c:\documents and settings\utentep\WINDOWS
2008-12-28 16:50 . 1998-08-04 11:22 111,616 --a------ c:\windows\system32\Ltih30tb.dll
2008-12-28 16:50 . 2008-12-28 16:50 557 --a------ c:\windows\system32\mapisvc.inf
2008-12-28 16:49 . 2008-12-28 16:49 <DIR> d-------- c:\programmi\Borland
2008-12-28 16:48 . 2008-12-28 17:14 <DIR> d-------- c:\windows\Corel
2008-12-28 16:48 . 2008-12-28 16:52 <DIR> d-------- c:\programmi\Corel
2008-12-28 16:44 . 2008-12-28 16:44 <DIR> d-------- c:\programmi\GLScene
2008-12-28 16:30 . 2008-12-31 20:31 32 --a------ c:\windows\DxPlayer.INI
2008-12-28 15:57 . 2008-12-29 21:41 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-28 15:57 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-12-28 15:36 . 2008-12-28 15:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2008-12-28 15:09 . 2008-12-28 15:09 13,646 --a------ c:\windows\system32\wpa.bak
2008-12-28 15:03 . 2008-12-28 15:03 0 --a------ c:\windows\nsreg.dat
2008-12-28 15:02 . 2008-12-28 15:02 81,920 --a------ c:\windows\system32\W32N50.DLL
2008-12-28 15:02 . 2008-12-28 15:02 17,134 --a------ c:\windows\system32\PCANDIS5.SYS
2008-12-28 15:02 . 2008-12-28 15:02 15,781 --a------ c:\windows\system32\drivers\mdc8021x.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 10:08 107,134 ----a-w c:\windows\UninstallFirefox.exe
2008-12-31 18:16 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-31 18:13 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-12-31 17:52 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-30 19:43 --------- d-----w c:\programmi\DAP
2008-12-29 10:53 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-28 14:57 --------- d-----w c:\documents and settings\utentep\Dati applicazioni\OpenOffice.org2
2008-12-28 13:58 --------- d-----w c:\programmi\ICQ6.5
2008-12-28 13:53 --------- d-----w c:\programmi\Microsoft.NET
2008-12-28 13:48 --------- d-----w c:\programmi\VideoLAN
2008-12-28 13:48 --------- d-----w c:\programmi\USB 2.0 Flash Drive Utility
2008-12-28 13:48 --------- d-----w c:\programmi\File comuni\InstallShield
2008-12-28 13:47 --------- d-----w c:\programmi\QuickTime
2008-12-28 13:47 --------- d-----w c:\programmi\Apple Software Update
2008-12-28 13:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-28 13:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2008-12-28 13:46 --------- d-----w c:\programmi\OpenOffice.org 2.1
2008-12-28 13:44 --------- d-----w c:\programmi\Sure Delete
2008-12-28 13:44 --------- d-----w c:\programmi\ScanSoft
2008-12-28 13:42 --------- d-----w c:\programmi\CCleaner
2008-12-28 13:41 --------- d-----w c:\programmi\GustoSoft
2008-12-28 13:40 50,688 ----a-w c:\windows\system32\wbhelp2.dll
2008-12-28 13:39 --------- d-----w c:\documents and settings\utentep\Dati applicazioni\ICQ
2008-12-28 13:36 --------- d-----w c:\programmi\Glary Utilities
2008-12-28 12:55 --------- d-----w c:\programmi\microsoft frontpage
2008-12-28 12:54 --------- d-----w c:\programmi\Servizi in linea
2008-10-23 12:59 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 662,016 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2009-01-01 10:07 60,518 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2009-01-01 10:07 49,248 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2009-01-01 10:07 165,992 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

2008-10-16 11:22 670208 0ac5f7f2fe226ffa6922000f5797b95f c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
2008-10-16 02:00 668672 98cb139f777b4a3101db3642bfffeb23 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
2008-10-16 02:03 669696 bf40401a6e416e9e1cb9ddaec7c319d4 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
2004-08-19 13:00 658944 27966534a0820cd3bd988bd1517c8ff2 c:\windows\$NtUninstallKB958215$\wininet.dll
2008-10-16 11:37 662016 e746691a67c9349ffff1bef192fee628 c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP2GDR\wininet.dll
2008-10-16 11:22 670208 83bb1a4e231572574f0ef097c3b83bba c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP2QFE\wininet.dll
2008-10-16 02:00 668672 98cb139f777b4a3101db3642bfffeb23 c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP3GDR\wininet.dll
2008-10-16 02:03 669696 bf40401a6e416e9e1cb9ddaec7c319d4 c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP3QFE\wininet.dll
2008-04-14 03:13 668672 663e74d98d2e67c1343d367388edd711 c:\windows\SoftwareDistribution\Download\8dab4f2c899f11c2863dff51dfb836e7\wininet.dll
2008-10-16 11:37 662016 e746691a67c9349ffff1bef192fee628 c:\windows\system32\wininet.dll
2008-10-16 11:37 662016 e746691a67c9349ffff1bef192fee628 c:\windows\system32\dllcache\wininet.dll

2008-08-14 14:37 2066688 b3d66020c1667d33c3429869b191bb13 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
2008-08-14 14:22 2069760 58df0498cb38689dcca09a203b90de77 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
2008-08-14 19:25 2069760 c812d8551fd3b6acdbf7eb6b18b1b992 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2004-08-19 13:00 2060544 4dc3a3626b02c39aa69aae6f64bfbc2d c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 14:42 2061440 c11f2174a3c14778924b413425169a78 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-08-14 14:42 2061440 4220d4263c7d56a5c2ef425c36eeb8a7 c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP2GDR\ntkrnlpa.exe
2008-08-14 14:37 2066688 b3d66020c1667d33c3429869b191bb13 c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP2QFE\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP3GDR\ntkrnlpa.exe
2008-08-14 19:25 2069760 c812d8551fd3b6acdbf7eb6b18b1b992 c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP3QFE\ntkrnlpa.exe
2008-04-14 02:54 2069632 5e95f445b70adcf8876d1203852262a1 c:\windows\SoftwareDistribution\Download\8dab4f2c899f11c2863dff51dfb836e7\ntkrnlpa.exe
2008-08-14 14:42 2061440 4220d4263c7d56a5c2ef425c36eeb8a7 c:\windows\system32\ntkrnlpa.exe
2008-08-14 14:42 2061440 2034b322cf989749a4c2284cd4d752f3 c:\windows\system32\dllcache\ntkrnlpa.exe

2008-08-14 14:37 2189696 943548e50ab0443f1b1ec5f2c2867fcd c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
2008-08-14 19:25 2192896 0ee73494680235d59f4e57301d7ad580 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2004-08-19 13:00 2184704 4591cf1f202181113de2996e79a2905a c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 14:42 2184064 da01088ad01bf30a0aebb62f99e04bc7 c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-08-14 14:42 2184064 da01088ad01bf30a0aebb62f99e04bc7 c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP2GDR\ntoskrnl.exe
2008-08-14 14:37 2189696 943548e50ab0443f1b1ec5f2c2867fcd c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP2QFE\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP3GDR\ntoskrnl.exe
2008-08-14 19:25 2192896 0ee73494680235d59f4e57301d7ad580 c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP3QFE\ntoskrnl.exe
2008-04-14 02:55 2192768 7d804c28404e94f57967de3394201d55 c:\windows\SoftwareDistribution\Download\8dab4f2c899f11c2863dff51dfb836e7\ntoskrnl.exe
2008-08-14 14:42 2184064 da01088ad01bf30a0aebb62f99e04bc7 c:\windows\system32\ntoskrnl.exe
2008-08-14 14:42 2184064 da01088ad01bf30a0aebb62f99e04bc7 c:\windows\system32\dllcache\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Glary Memory Optimizer"="c:\programmi\Glary Utilities\memdefrag.exe" [2008-12-01 89600]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-14 3784704]
"DownloadAccelerator"="c:\programmi\DAP\DAP.EXE" [2008-12-28 3364616]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2007-06-29 286720]
"TSE_PLUtil"="c:\programmi\USB 2.0 Flash Drive Utility\PLBkMon.exe" [2004-09-15 94208]
"PLFFAP"="c:\windows\system32\HotfixQ0306270.exe" [2003-08-05 45056]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-12-30 2267136]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" [2004-05-14 c:\windows\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2002-07-29 c:\windows\mHotkey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\utentep\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a CountDown.lnk - c:\programmi\CountDown\CountDown.exe [2008-12-30 3156496]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
CorelCENTRAL - Avvisi.LNK - c:\programmi\Corel\WordPerfect Office 2000\programs\alarm.exe [2008-12-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
-ra------ 2004-05-14 06:41 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ledpointer"=CNYHKey.exe
"SoundMan"=SOUNDMAN.EXE

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2008-05-20 15328]
R0 VOBID;VOBID;c:\windows\system32\DRIVERS\vobid.sys [2003-08-01 29239]
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-30 142592]
R2 PCTAppEvent;PCTAppEvent Driver;\??\c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-30 73840]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [2008-08-06 216032]
S1 pctgntdi;pctgntdi;\??\c:\windows\system32\drivers\pctgntdi.sys []
S3 pctplfw;pctplfw;\??\c:\windows\system32\drivers\pctplfw.sys []
S3 PLFF;USB Flash Disk Driver;c:\windows\system32\Drivers\PLFF.sys [2008-12-28 7424]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-01 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2008-12-01 09:38]
.
- - - - ORFÃOS REMOVIDOS - - - -

Notify-avgrsstarter - avgrsstx.dll


.
------- Supplementare di scansione -------
.
uStart Page = about:blank
IE: &Clean Traces - c:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

O16 -: 
FF - ProfilePath - c:\documents and settings\utentep\Dati applicazioni\Mozilla\Firefox\Profiles\i7cfic1h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\DAP\DAPFireFox\components\DAPFireFox.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("general.useragent.contentlocale", "chrome://navigator-region/locale/region.properties");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("accessibility.typeaheadfind.soundURL", "default");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.warnOnCloseOther", true);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadGroup", 1);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadOnNewTab", 0);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("browser.windows.loadOnNewWindow", 1);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.HTMLDocument.close.get", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.HTMLDocument.open.get", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Location.reload.get", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.Components", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("dom.disable_window_open_feature.resizable", false);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections", 24);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections-per-server", 8);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-server", 2);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-proxy", 4);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.http.accept.default", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.dns.ipv4OnlyDomains", ".doubleclick.net");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.standard-url.encode-utf8", false);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.image.warnAboutImages", false);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.proxy.autoconfig_url", "");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3p", "ffffaaaa");
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("ime.password.onFocus.dontCare", false);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("ime.password.onBlur.dontCare", false);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("ui.key.generalAccessKey", 18);
c:\programmi\Mozilla Firefox\\greprefs\all.js - pref("dom.max_script_run_time", 5);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.enable_ssl2", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_128", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_128", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_ede3_192", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_64", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_40", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_40", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_fips_des_sha", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_des_sha", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_rc4_56_sha", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_des_cbc_sha", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc4_40_md5", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc2_40_md5", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_rsa_des_sha", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_dss_des_sha", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.default_personal_cert", "Select Automatically");
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_entering_secure", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_leaving_secure", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_submit_insecure", true);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.OCSP.enabled", 0);
c:\programmi\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ui.enable", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("startup.homepage_override_url","chrome://browser-region/locale/region.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.skin", "chrome://mozapps/content/extensions/extensions.xul?type=themes");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.chrome", "chrome://mozapps/content/extensions/extensions.xul?type=extensions");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.skin", "Extension:Manager-themes");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.chrome", "Extension:Manager-extensions");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url.manual", "http://www.mozilla.org/products/firefox/");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url.details", "chrome://browser-region/locale/region.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.nagTimer.download", 86400);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.nagTimer.restart", 1800);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.url", "chrome://mozapps/locale/extensions/extensions.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("keyword.URL", "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage", "resource:/browserconfig.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.defaulturl", "chrome://browser-region/locale/region.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.1", "chrome://branding/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.2", "chrome://branding/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo", "chrome://branding/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.basic.min_ver", "0.0");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.link.open_newwindow", 2);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.tabs.opentabfor.urlbar", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.enabled", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.autoload", 1); // 0 = Always, 1 = After first use, 2 = Never
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.provider", "http://www-rl.netscape.com/wtgn?");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.disabledForDomains", "");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.goBrowsing.enabled", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_open_feature.location", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_flip", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.trim_user_and_password", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.history", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.formdata", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.passwords", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.downloads", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.cookies", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.cache", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.siteprefs", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.sessions", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.enableForCurrentSessionOnly", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.denyRemovedCookies", false);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.throbber.url","chrome://browser-region/locale/region.properties");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("alerts.height", 50);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("signon.SignonFileName", "signons.txt");
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_entering_secure.show_once", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_leaving_secure.show_once", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_submit_insecure.show_once", true);
c:\programmi\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.display.screen_resolution", 96);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 11:13:39
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-1614895754-1229272821-725345543-1004
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-1614895754-1229272821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1614895754-1229272821-725345543-1004
@Allowed: (Full) (S-1-5-21-1614895754-1229272821-725345543-1004)
@Allowed: (Full) (S-1-5-21-1614895754-1229272821-725345543-1004)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-1614895754-1229272821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*NULL*]
@Owner=S-1-5-21-1614895754-1229272821-725345543-1004
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1614895754-1229272821-725345543-1004
@Allowed: (Full) (S-1-2-0)
@Allowed: (Read) (Users)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (S-1-5-21-1614895754-1229272821-725345543-1004)
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\Glary Utilities\Integrator.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-01 11:15:49 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2009-01-01 10:15:46
ComboFix2.txt 2008-12-31 16:36:01

Pre-Run: 70.958.387.200 byte disponibili
Post-Run: 70,415,306,752 byte disponibili

446 --- E O F --- 2008-12-30 14:16:11
Top
Profilo Invia messaggio privato
uomodeighiacci
Dio minore
Dio minore


Registrato: 01/01/09 20:29
Messaggi: 769
MessaggioInviato: 02 Gen 2009 21:47    Oggetto: Rispondi citando
gravissssimo!!

Mi è venuta la genialata di controllare se drivecleaner 2006 lo segnava anche lo spybot sul portatile dato che una sett fa avevo passato dati.. ..c'è!
Può essere passato dai dati ma può anche arrivare da internet, i 2 compiuter hanno configurazione e programmi molto simili: se me lo sono beccato con uno può essere successo anche con l'altro (e non so quale delle 2 ipotesi sia peggio..)

Però il portatile lo usano anche i miei e il fatto che è ancora funzionante conferma la mia teoria secondo cui il trojan TR/PSW.Lmir.UMK.1 è arrivato sul mio pc successivamente a drivecleaner 2006.. credo ..spero
Comunque il fatto che è ancora funzionante mi induce a concentrarmi su quello prima che sia tardi..

Ditemi quali log devo fare e cosa vi serve. Per ora io ho solo constatato che anche nel portatile si rigenera appena lo spybot lo cancella, ho fatto scansione approfondita sempre con avira ma li non ha trovato nulla ..mi si sta affollando la testa di ipotesi..

C'è il rischio che connettendomi col portatile entrino altre schifezze o posso passare i log e i programmi con le chiavette se disattivo l'autoplay? Nel senso, con quale delle 2 rischio meno?
help
Top
Profilo Invia messaggio privato
uomodeighiacci
Dio minore
Dio minore


Registrato: 01/01/09 20:29
Messaggi: 769
MessaggioInviato: 03 Gen 2009 13:12    Oggetto: Rispondi citando
Per il problema sul portatile ho datto un'occhiata su altri forum, non sono l'unico ma glia ltri non hanno risolto..
Pare, dico "pare" che in se non faccia danni, il punto è che nessun programma lo rileva (spybot escluso) e che ogni volta che si cancella ricompare..

ecco la finestra dello spybot:

dfgdg.PNG

ditemi voi che fare Glub

p.s.
Ho appena notato che l'immagine verra salvata solo per 7 giorni, se serve la reinserisco

sempre sul portatile la scansione con virit non rileva nulla ma ogni volta che apro il programma appaiono 3 piccoli teschi vicino a dei percorsi file, mi devo preoccupare?
Top
Profilo Invia messaggio privato
uomodeighiacci
Dio minore
Dio minore


Registrato: 01/01/09 20:29
Messaggi: 769
MessaggioInviato: 03 Gen 2009 18:58    Oggetto: Rispondi citando
vi informo che potete ignorare i primi 3 log: il compiuter mi serve e così è messo male.. ho deciso che appena posso lo formatto.

Per il portatile invece confido nel vostro aiuto Wink
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 04 Gen 2009 14:48    Oggetto: Rispondi citando
Ciao uomodeighiacci, Ciao

sinceramente, non c'ho capito molto... Razz

Per il portatile, apri una nuova discussione e ti posteremo le istruzioni (da seguire alla lettera) per le operazioni preliminari.
Top
Profilo Invia messaggio privato
uomodeighiacci
Dio minore
Dio minore


Registrato: 01/01/09 20:29
Messaggi: 769
MessaggioInviato: 05 Gen 2009 16:51    Oggetto: Rispondi citando
ok, apro una nuova discussione per il portatile.

Prima ho ancora una domanda sul compiuter che sto usando (quello che ho appena formattato per capirci).
Ho reinstallato avira, con Tweak UI ho tolto l'autoplay ai dischi rimovibili e poi ho collegato il disco esterno con i miei dati ma l'autoplay è entrato in funzione lo stesso.
Il pc vede il mio disco esterno come secondo disco rigido e non come supporto rimovibile, come gli tolgo l'autoplay? (tra l'altro i dati erano pieni di virus..)
Top
Profilo Invia messaggio privato
uomodeighiacci
Dio minore
Dio minore


Registrato: 01/01/09 20:29
Messaggi: 769
MessaggioInviato: 12 Gen 2009 11:54    Oggetto: Rispondi citando
uomodeighiacci ha scritto:
ho tolto l'autoplay ai dischi rimovibili e poi ho collegato il disco esterno con i miei dati ma l'autoplay è entrato in funzione lo stesso.
Il pc vede il mio disco esterno come secondo disco rigido e non come supporto rimovibile, come gli tolgo l'autoplay?


risolto anche questo. ora è tutto ok
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 12 Gen 2009 12:00    Oggetto: Rispondi citando
Qual era la causa?
Top
Profilo Invia messaggio privato
uomodeighiacci
Dio minore
Dio minore


Registrato: 01/01/09 20:29
Messaggi: 769
MessaggioInviato: 12 Gen 2009 21:37    Oggetto: Rispondi
non penso ci fosse una "causa" intesa in senso negativo.
Con Tweak UI ho tolto l'autoplay ai dischi rimovibili ma poichè il mio HD esterno è visto dal pc come secondo disco fisso (quindi non rimovibile) per lui la regola non vale ..e parte l'utoplay. Suppongo sia così.

Cmq mi sono ricordato che mentre cercavo di debellare i miei virus era sparito anche questo problema. ho ripercorso quello che avevo fatto ed ho scoperto che a disattivare definitivamente l'autoplay anche al mio HD esterno è stato combofix.
Non chiedermi come mai ma dopo la scansione era sparito (e combofx non ha eliminato nulla dal momento che non mi ha nemmeno riavviato il pc)
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi