Pagina 1 di 3 123 UltimoUltimo
Mostra risultati da 1 a 10 di 28

Discussione: antivir e hidden objects..

  1. #1
    Data registrazione
    Jan 2010
    Messaggi
    1,628
    Grazie dati 
    1,374
    Grazie ricevuti 
    95
    Ringraziato in
    75 post

    antivir e hidden objects..

    ciao!

    ho antivir free ed ed ogni giorno faccio la scan completa del pc..ebbene a volte mi rileva 4 hidden objects..ed a volte 0,zero..,come mai..??!!
    ..eppure io non cambio assolutamente niente..!!

    grazie!!

    luca


  2. # ADS
    Google Adsense Circuito Adsense
    Data registrazione
    da sempre
    Messaggi
    molti
     
  3. #2
    Data registrazione
    Oct 2010
    Messaggi
    19
    Grazie dati 
    0
    Grazie ricevuti 
    8
    Ringraziato in
    8 post

    Riferimento: antivir e hidden objects..

    Ciao, scusa il ritardo.
    Puoi postare il Report generato a fine scansione da Avira?


  4. #3
    Data registrazione
    Jan 2010
    Messaggi
    1,628
    Grazie dati 
    1,374
    Grazie ricevuti 
    95
    Ringraziato in
    75 post

    Riferimento: antivir e hidden objects..

    ciao e grazie!!

    eccone uno con 4 hidden objects..il precedente,che ho cancellato..mi dava 0 zero hidden ob. e cosi' via..,..:

     


    Avira AntiVir Personal
    Report file date: domenica 27 febbraio 2011 11:51

    Scanning for 2437318 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : LUCA

    Version information:
    BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00
    AVSCAN.EXE : 10.0.3.5 435368 Bytes 13/12/2010 07:39:56
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:04
    LUKE.DLL : 10.0.3.2 104296 Bytes 13/12/2010 07:40:06
    LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 23:27:10
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 18:09:05
    VBASE003.VDF : 7.11.3.1 2048 Bytes 09/02/2011 18:09:05
    VBASE004.VDF : 7.11.3.2 2048 Bytes 09/02/2011 18:09:05
    VBASE005.VDF : 7.11.3.3 2048 Bytes 09/02/2011 18:09:05
    VBASE006.VDF : 7.11.3.4 2048 Bytes 09/02/2011 18:09:06
    VBASE007.VDF : 7.11.3.5 2048 Bytes 09/02/2011 18:09:06
    VBASE008.VDF : 7.11.3.6 2048 Bytes 09/02/2011 18:09:06
    VBASE009.VDF : 7.11.3.7 2048 Bytes 09/02/2011 18:09:07
    VBASE010.VDF : 7.11.3.8 2048 Bytes 09/02/2011 18:09:07
    VBASE011.VDF : 7.11.3.9 2048 Bytes 09/02/2011 18:09:08
    VBASE012.VDF : 7.11.3.10 2048 Bytes 09/02/2011 18:09:08
    VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 19:00:32
    VBASE014.VDF : 7.11.3.97 120320 Bytes 16/02/2011 19:00:43
    VBASE015.VDF : 7.11.3.148 128000 Bytes 19/02/2011 10:29:55
    VBASE016.VDF : 7.11.3.183 140288 Bytes 22/02/2011 18:26:55
    VBASE017.VDF : 7.11.3.216 124416 Bytes 24/02/2011 18:14:44
    VBASE018.VDF : 7.11.3.217 2048 Bytes 24/02/2011 18:14:44
    VBASE019.VDF : 7.11.3.218 2048 Bytes 24/02/2011 18:14:44
    VBASE020.VDF : 7.11.3.219 2048 Bytes 24/02/2011 18:14:44
    VBASE021.VDF : 7.11.3.220 2048 Bytes 24/02/2011 18:14:44
    VBASE022.VDF : 7.11.3.221 2048 Bytes 24/02/2011 18:14:44
    VBASE023.VDF : 7.11.3.222 2048 Bytes 24/02/2011 18:14:44
    VBASE024.VDF : 7.11.3.223 2048 Bytes 24/02/2011 18:14:44
    VBASE025.VDF : 7.11.3.224 2048 Bytes 24/02/2011 18:14:44
    VBASE026.VDF : 7.11.3.225 2048 Bytes 24/02/2011 18:14:44
    VBASE027.VDF : 7.11.3.226 2048 Bytes 24/02/2011 18:14:44
    VBASE028.VDF : 7.11.3.227 2048 Bytes 24/02/2011 18:14:44
    VBASE029.VDF : 7.11.3.228 2048 Bytes 24/02/2011 18:14:44
    VBASE030.VDF : 7.11.3.229 2048 Bytes 24/02/2011 18:14:44
    VBASE031.VDF : 7.11.3.240 62976 Bytes 25/02/2011 08:32:01
    Engineversion : 8.2.4.176
    AEVDF.DLL : 8.1.2.1 106868 Bytes 13/12/2010 07:39:51
    AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 26/02/2011 08:32:10
    AESCN.DLL : 8.1.7.2 127349 Bytes 13/12/2010 07:39:50
    AESBX.DLL : 8.1.3.2 254324 Bytes 13/12/2010 07:39:50
    AERDL.DLL : 8.1.9.2 635252 Bytes 13/12/2010 07:39:50
    AEPACK.DLL : 8.2.4.10 520567 Bytes 26/02/2011 08:32:08
    AEOFFICE.DLL : 8.1.1.16 205179 Bytes 30/01/2011 19:00:53
    AEHEUR.DLL : 8.1.2.81 3314038 Bytes 26/02/2011 08:32:07
    AEHELP.DLL : 8.1.16.1 246134 Bytes 04/02/2011 18:38:45
    AEGEN.DLL : 8.1.5.2 397683 Bytes 20/01/2011 19:01:24
    AEEMU.DLL : 8.1.3.0 393589 Bytes 13/12/2010 07:39:42
    AECORE.DLL : 8.1.19.2 196983 Bytes 20/01/2011 19:01:15
    AEBB.DLL : 8.1.1.0 53618 Bytes 13/12/2010 07:39:41
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 13/12/2010 07:39:56
    AVPREF.DLL : 10.0.0.0 44904 Bytes 13/12/2010 07:39:54
    AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 13:27:13
    AVREG.DLL : 10.0.3.2 53096 Bytes 13/12/2010 07:39:54
    AVSCPLR.DLL : 10.0.3.2 84328 Bytes 13/12/2010 07:39:56
    AVARKT.DLL : 10.0.22.6 231784 Bytes 13/12/2010 07:39:52
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 13/12/2010 07:39:53
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 13/12/2010 07:39:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 13/12/2010 07:40:20

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\programmi\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:, E:, J:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium
    Skipped files.......................: C:\Programmi\Replay Media Catcher 3.02, C:\Programmi\Replay Media Catcher 3.03, D:\GUITAR PRO, E:\luca\Key, J:\back up 29.04.2010,

    Start of the scan: domenica 27 febbraio 2011 11:51

    Starting search for hidden objects.
    HKEY_LOCAL_MACHINE\Software\Classes\Applications\A croRd32.exe\shell\open\command
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\Applications\A croRd32.exe\shell\print\command
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\Applications\A croRd32.exe\shell\printto\command
    [NOTE] The registry entry is invisible.
    c:\programmi\isposure\isposureagent.exe
    c:\programmi\isposure\isposureagent.exe
    [NOTE] The process is not visible.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '70' Module(s) have been scanned
    Scan process 'mmc.exe' - '56' Module(s) have been scanned
    Scan process 'avcenter.exe' - '77' Module(s) have been scanned
    Scan process 'msdtc.exe' - '40' Module(s) have been scanned
    Scan process 'dllhost.exe' - '59' Module(s) have been scanned
    Scan process 'dllhost.exe' - '45' Module(s) have been scanned
    Scan process 'vssvc.exe' - '48' Module(s) have been scanned
    Scan process 'svchost.exe' - '39' Module(s) have been scanned
    Scan process 'HDDScan.exe' - '35' Module(s) have been scanned
    Scan process 'taskmgr.exe' - '37' Module(s) have been scanned
    Scan process 'plugin-container.exe' - '78' Module(s) have been scanned
    Scan process 'firefox.exe' - '101' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned
    Scan process 'alg.exe' - '33' Module(s) have been scanned
    Scan process 'IsposureAgent.exe' - '79' Module(s) have been scanned
    Scan process 'sp_rsser.exe' - '26' Module(s) have been scanned
    Scan process 'PSIA.exe' - '61' Module(s) have been scanned
    Scan process 'jqs.exe' - '90' Module(s) have been scanned
    Scan process 'avshadow.exe' - '26' Module(s) have been scanned
    Scan process 'IsposureAgent.exe' - '78' Module(s) have been scanned
    Scan process 'DkService.exe' - '85' Module(s) have been scanned
    Scan process 'avguard.exe' - '54' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'SpywareTerminatorUpdate.exe' - '52' Module(s) have been scanned
    Scan process 'DesktopWeather.exe' - '87' Module(s) have been scanned
    Scan process 'avgnt.exe' - '58' Module(s) have been scanned
    Scan process 'SpywareTerminatorShield.exe' - '38' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '162' Module(s) have been scanned
    Scan process 'sched.exe' - '45' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '54' Module(s) have been scanned
    Scan process 'svchost.exe' - '43' Module(s) have been scanned
    Scan process 'svchost.exe' - '32' Module(s) have been scanned
    Scan process 'svchost.exe' - '168' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'svchost.exe' - '51' Module(s) have been scanned
    Scan process 'lsass.exe' - '58' Module(s) have been scanned
    Scan process 'services.exe' - '27' Module(s) have been scanned
    Scan process 'winlogon.exe' - '72' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!
    Boot sector 'J:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '1818' files ).


    Starting the file scan:

    Begin scan in 'C:\' <Sistema>
    The directory 'C:\Programmi\Replay Media Catcher 3.02\' was excluded from scanning!
    The directory 'C:\Programmi\Replay Media Catcher 3.03\' was excluded from scanning!
    Begin scan in 'D:\' <Dati>
    The directory 'D:\GUITAR PRO\' was excluded from scanning!
    Begin scan in 'E:\' <Archivio>
    The directory 'E:\luca\Key\' was excluded from scanning!
    Begin scan in 'J:\'
    The directory 'J:\back up 29.04.2010\' was excluded from scanning!


    End of the scan: domenica 27 febbraio 2011 12:44
    Used time: 53:31 Minute(s)

    The scan has been done completely.

    13002 Scanned directories
    386368 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    386368 Files not concerned
    3032 Archives were scanned
    0 Warnings
    0 Notes
    794959 Objects were scanned with rootkit scan
    4 Hidden objects were found



    cosa ne pensate..??!!

    grazie in anticipo!!


  5. #4
    Data registrazione
    Jan 2010
    Sesso
    Uomo
    Località
    /home
    Messaggi
    429
    Grazie dati 
    177
    Grazie ricevuti 
    153
    Ringraziato in
    109 post

    Riferimento: antivir e hidden objects..

    Si anche a me lo dice a volte...sarei curioso di capire che sono....

    Il mio PC

  6. #5
    Data registrazione
    Oct 2010
    Messaggi
    19
    Grazie dati 
    0
    Grazie ricevuti 
    8
    Ringraziato in
    8 post

    Riferimento: antivir e hidden objects..

    Ciao.
    Evidentemente c'Ŕ qualche RootKit nascosto.
    Prova cosi:
    Scarica, preferibilmente con Internet Explorer, ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Posiziona ComboFix sul Desktop ed esegui queste operazioni preliminari:
    disconnettiti da Internet
    ● sconnetti, fisicamente, il modem/router dal Computer

    E' assolutamente necessario, se attivo:
    disattivare l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
    disattivare il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

    Eseguiti i passaggi indicati sopra:
    ● lancia ComboFix: per lanciare ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona di ComboFix e, dal men¨ contestuale, scegli la voce Esegui come Amministratore
    ● segui le istruzioni che verranno rilasciate per eseguire la scansione
    ● verrÓ richiesta l'installazione della Console di ripristino di emergenza: non la installare
    senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

    Note - durante la scansione:
    ● verranno creati alcuni file sul Desktop e poi eliminati
    ● spariranno, per un attimo, tutte le icone presenti sul Desktop
    ● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
    ● il firewall, se attivo, potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
    ● potrebbe apparire sul Desktop l'icona di Internet Explorer, qualora giÓ non fosse presente

    Quando ComboFix avrÓ concluso l'operazione di scansione:
    ● il sistema verrÓ riavviato automaticamente: in caso contrario, riavvialo tu
    ● ricollega, fisicamente, il modem/router al Computer
    connettiti a Internet
    ● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo


  7. #6
    Data registrazione
    Jan 2009
    Sesso
    Boh
    Località
    Vicenza
    Messaggi
    2,689
    Grazie dati 
    445
    Grazie ricevuti 
    2,879
    Ringraziato in
    1,250 post

    Riferimento: antivir e hidden objects..

    Evidentemente c'Ŕ qualche RootKit nascosto.
    Un controllo Ŕ sempre bene farlo ma non Ŕ detto che ci sia la presenza di RootKit.

    Per esempio tra i file nascosti c'Ŕ c:\programmi\isposure\isposureagent.exe e da quanto mi risulta viene installato con questo software isposure - Finding the fastest ISP in your area, quindi se l'utente ha installato il programma Ŕ normale la sua presenza.

    ama la vita.... Ŕ l'unico regalo che non riceverai due volte.....

    Il mio PC

  8. #7
    Data registrazione
    Oct 2009
    Messaggi
    255
    Grazie dati 
    173
    Grazie ricevuti 
    259
    Ringraziato in
    141 post

    Riferimento: antivir e hidden objects..

    A croRd32.exe invece dovrebbe essere relativo ad Acrobat.

    In ogni caso attendiamo il log di Combofix e da lý si vedrÓ come e se procedere.



  9. #8
    Data registrazione
    Jan 2010
    Messaggi
    1,628
    Grazie dati 
    1,374
    Grazie ricevuti 
    95
    Ringraziato in
    75 post

    Riferimento: antivir e hidden objects..

    ciao e grazie a tutti!!

    il combofix l'ho gia' usato..e non avevo niente sul pc come risultato..e tale stranezza degli hidden object c'era gia' ed ha continuato ad esserci..
    eccolo..:
     
    ComboFix 10-07-31.04 - Administrator 01/08/2010 14.50.32.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1437 [GMT 2:00]
    Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EE0C-E2C8-7C98-30EE-120028EE1200}
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EE1C-EE8C-0012-58EF-120000000000}

    ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
    .

    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .

    c:\documents and settings\Administrator\Dati applicazioni\chrtmp
    c:\windows\system32\pavqlaormpxlux.dll
    c:\windows\Tasks\Acrobat Update.job

    .
    ((((((((((((((((((((((((( Files Creati Da 2010-07-01 al 2010-08-01 )))))))))))))))))))))))))))))))))))
    .

    2010-08-01 09:28 . 2010-08-01 09:28 388096 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-07-31 15:21 . 2010-07-31 15:21 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Restore
    2010-07-31 15:21 . 2010-08-01 08:48 584704 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\WMR.exe
    2010-07-31 15:21 . 2010-07-31 15:21 -------- d-----w- c:\programmi\Xenocode
    2010-07-31 15:21 . 2010-07-31 15:21 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Xenocode
    2010-07-31 14:53 . 2010-07-31 15:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
    2010-07-21 14:49 . 2010-07-21 14:50 -------- d-----w- C:\svabi
    2010-07-21 14:47 . 2010-07-21 14:48 -------- d-----w- C:\RTE-NE40
    2010-07-17 20:21 . 2010-07-17 20:21 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ProgSense
    2010-07-13 18:14 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-10 17:13 . 2010-07-11 06:29 -------- d-----w- c:\programmi\Notepad++
    2010-07-10 17:13 . 2010-07-10 17:14 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Notepad++
    2010-07-10 15:07 . 2010-07-10 15:07 -------- d-----w- c:\programmi\XnView
    2010-07-10 13:37 . 2010-07-10 13:37 -------- d-----w- c:\programmi\gs
    2010-07-10 13:30 . 2010-07-10 15:07 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\XnView
    2010-07-10 07:39 . 2010-07-10 07:39 503808 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 6\f84c6ae-5cc7ad2f-n\msvcp71.dll
    2010-07-10 07:39 . 2010-07-10 07:39 499712 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 6\f84c6ae-5cc7ad2f-n\jmc.dll
    2010-07-10 07:39 . 2010-07-10 07:39 348160 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 6\f84c6ae-5cc7ad2f-n\msvcr71.dll
    2010-07-10 07:39 . 2010-07-10 07:39 61440 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\5 0\5535ab32-592dff5e-n\decora-sse.dll
    2010-07-10 07:39 . 2010-07-10 07:39 12800 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\5 0\5535ab32-592dff5e-n\decora-d3d.dll
    2010-07-10 07:37 . 2010-07-10 07:37 56765 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivXPlusShortcuts\Uninstaller.ex e
    2010-07-10 07:37 . 2010-07-10 07:37 57715 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Player\Uninstaller.exe
    2010-07-10 07:36 . 2010-07-10 07:36 54153 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DFXPlugin\Uninstaller.exe
    2010-07-06 17:59 . 2010-07-06 17:59 -------- d-----w- C:\Diskeeper
    2010-07-06 15:39 . 2010-07-06 15:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Diskeeper Corporation
    2010-07-04 14:39 . 2010-07-04 14:39 49152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\F irefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-07-04 14:39 . 2010-07-04 14:39 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\T hinShims\rpnpshimwmp.dll
    2010-07-04 14:39 . 2010-07-04 14:39 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\T hinShims\rpnpshimswf.dll
    2010-07-04 14:39 . 2010-07-04 14:39 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\T hinShims\rpnpshimrp.dll
    2010-07-04 14:39 . 2010-07-04 14:39 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\T hinShims\rpnpshimqt.dll
    2010-07-04 14:39 . 2010-07-04 14:39 40960 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\C hrome\Hook\rpchromebrowserrecordhelper.dll
    2010-07-04 14:39 . 2010-07-04 14:39 308808 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\C ommon\rpmainbrowserrecordplugin.dll
    2010-07-04 14:39 . 2010-07-04 14:39 14848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\M ozillaPlugins\nprphtml5videoshim.dll
    2010-07-04 14:38 . 2010-07-04 14:38 -------- d-----w- c:\programmi\File comuni\xing shared

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    2010-08-01 12:46 . 2008-01-17 16:38 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
    2010-08-01 12:35 . 2009-12-25 09:10 -------- d-----w- c:\programmi\isposure
    2010-07-31 22:01 . 2009-12-25 09:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Epitiro
    2010-07-31 16:56 . 2008-01-16 17:55 -------- d-----w- c:\programmi\SpeedFan
    2010-07-31 16:56 . 2008-01-20 16:52 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Media Player Classic
    2010-07-31 09:41 . 2010-01-28 20:17 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Nitro PDF
    2010-07-30 15:14 . 2008-10-16 21:07 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Spyware Terminator
    2010-07-30 15:09 . 2008-10-16 21:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
    2010-07-29 15:45 . 2008-06-08 16:22 -------- d-----w- c:\programmi\Orbitdownloader
    2010-07-26 14:49 . 2008-01-16 19:02 -------- d-----w- c:\programmi\CCleaner
    2010-07-25 16:03 . 2008-10-14 11:58 1 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\ca che\stamp.sys
    2010-07-24 13:40 . 2008-01-17 16:46 -------- d-----w- c:\programmi\uTorrent
    2010-07-21 18:56 . 2009-09-16 20:20 201081 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
    2010-07-21 18:56 . 2009-09-16 20:20 385396 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
    2010-07-20 19:36 . 2009-09-16 20:20 1364346 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
    2010-07-20 19:36 . 2009-09-16 20:20 614772 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
    2010-07-20 19:36 . 2009-09-16 20:20 471414 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
    2010-07-20 19:36 . 2009-09-16 20:20 2793846 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
    2010-07-20 19:35 . 2009-09-16 20:20 242039 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
    2010-07-20 19:35 . 2009-09-16 20:20 192887 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
    2010-07-18 16:11 . 2008-01-24 06:39 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\dvdcss
    2010-07-17 20:37 . 2009-06-06 22:04 -------- d-----w- c:\programmi\Replay Media Catcher 3.02
    2010-07-17 20:35 . 2008-10-17 10:09 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
    2010-07-17 20:35 . 2008-10-17 10:09 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
    2010-07-17 20:35 . 2008-10-17 10:09 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
    2010-07-17 20:35 . 2009-10-26 21:53 -------- d-----w- c:\programmi\Replay Media Catcher 3.01
    2010-07-17 20:35 . 2009-10-26 22:54 -------- d-----w- c:\programmi\Replay Media Catcher 2.4
    2010-07-17 20:27 . 2008-01-16 22:47 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Orbit
    2010-07-17 20:21 . 2009-10-27 17:46 -------- d-----w- c:\programmi\Replay Media Catcher 3.03
    2010-07-17 16:00 . 2010-03-15 14:58 -------- d-----w- c:\programmi\WMR14.1
    2010-07-16 17:27 . 2009-11-24 19:09 -------- d-----w- c:\programmi\Recuva
    2010-07-16 06:35 . 2008-04-07 13:14 -------- d-----w- c:\programmi\SIW
    2010-07-16 06:31 . 2010-04-26 20:42 -------- d-----w- c:\programmi\Speccy
    2010-07-10 07:39 . 2008-01-28 22:22 -------- d-----w- c:\programmi\File comuni\Java
    2010-07-10 07:38 . 2010-04-15 19:35 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-10 07:37 . 2010-04-16 16:27 57344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-07-10 07:37 . 2010-03-23 17:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
    2010-07-10 07:37 . 2008-01-21 21:18 -------- d-----w- c:\programmi\DivX
    2010-07-10 07:36 . 2010-04-16 16:26 144696 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-07-10 07:36 . 2010-03-23 17:44 1062184 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\Resource.dll
    2010-07-08 15:59 . 2008-03-02 21:27 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
    2010-07-07 18:30 . 2010-03-23 17:44 895256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
    2010-07-06 14:16 . 2008-01-16 23:23 -------- d-----w- c:\programmi\Unlocker
    2010-07-04 14:39 . 2010-02-19 22:57 341600 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\I E\rpbrowserrecordplugin.dll
    2010-07-04 14:39 . 2008-01-18 22:25 -------- d-----w- c:\programmi\File comuni\Real
    2010-07-04 14:38 . 2009-03-12 13:50 -------- d-----w- c:\programmi\Real
    2010-07-04 14:38 . 2009-02-25 07:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-07-04 14:38 . 2009-02-25 07:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-06-29 16:14 . 2008-01-16 11:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
    2010-06-29 14:00 . 2010-06-29 14:00 -------- d-----w- c:\programmi\Quicksys
    2010-06-29 13:46 . 2010-06-29 13:46 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Auslogics
    2010-06-29 13:30 . 2010-06-29 13:30 -------- d-----w- c:\programmi\Auslogics
    2010-06-29 13:28 . 2010-06-29 13:28 -------- d-----w- c:\programmi\File comuni\PSFactoryBuffer
    2010-06-29 05:34 . 2010-02-03 17:08 -------- d-----w- c:\programmi\Paint.NET
    2010-06-27 08:02 . 2008-01-17 23:34 -------- d-----w- c:\programmi\SpywareBlaster
    2010-06-24 05:45 . 2008-01-17 18:37 -------- d-----w- c:\programmi\Windows Media Connect 2
    2010-06-24 05:38 . 2004-08-19 12:00 79862 ----a-w- c:\windows\system32\perfc010.dat
    2010-06-24 05:38 . 2004-08-19 12:00 479512 ----a-w- c:\windows\system32\perfh010.dat
    2010-06-24 05:37 . 2010-04-15 21:12 -------- d-----w- c:\programmi\VS Revo Group
    2010-06-23 14:09 . 2010-05-27 15:56 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\MyGuitar
    2010-06-18 13:39 . 2010-04-15 19:32 79488 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\jre1.6.0_20\gtapi.dll
    2010-06-18 13:39 . 2010-04-15 19:32 152576 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\jre1.6.0_20\lzma.dll
    2010-06-15 13:13 . 2008-05-01 11:10 -------- d-----w- c:\programmi\Kantaris
    2010-06-15 05:34 . 2010-06-15 05:34 -------- d-----w- c:\programmi\PDFCreator
    2010-06-14 14:31 . 2008-01-16 09:30 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-11 20:33 . 2010-06-11 20:33 -------- d-----w- c:\programmi\Secunia
    2010-06-11 20:26 . 2008-11-24 22:34 -------- d-----w- c:\programmi\File comuni\Adobe AIR
    2010-06-11 20:26 . 2010-06-11 20:26 53632 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
    2010-06-05 15:31 . 2009-03-15 00:04 -------- d-----w- c:\programmi\File comuni\DivX Shared
    2010-06-05 15:31 . 2010-06-05 15:31 56997 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\WebPlayer\Uninstaller.exe
    2010-06-05 15:31 . 2010-06-05 15:31 53600 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Update\Uninstaller.exe
    2010-06-05 15:31 . 2010-06-05 15:31 54128 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Converter\Uninstaller.exe
    2010-06-05 15:31 . 2010-06-05 15:31 54644 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\TranscodeEngine\Uninstaller.exe
    2010-06-05 15:31 . 2010-06-05 15:31 54101 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\MPEG2Plugin\Uninstaller.exe
    2010-06-05 09:04 . 2008-01-16 21:46 90688 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
    2010-06-05 07:02 . 2008-10-14 11:54 -------- d-----w- c:\programmi\OpenOffice.org 3
    2010-06-04 12:48 . 2008-09-10 15:30 -------- d-----w- c:\programmi\Microsoft Silverlight
    2010-05-28 11:04 . 2010-05-28 11:04 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
    2010-05-27 16:18 . 2010-05-27 16:18 57409 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\ControlPanel\Uninstaller.exe
    2010-05-13 13:54 . 2009-09-16 20:20 127347 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
    2010-05-06 10:32 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2004-10-01 14:00 . 2008-01-16 10:59 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
    2008-01-21 20:53 . 2008-01-21 20:53 5 --sha-w- c:\windows\system32\ccacb6_d.dll
    2009-10-28 06:44 . 2009-10-28 06:44 23 --sha-w- c:\windows\system32\edacded0.dat
    2009-03-17 18:07 . 2009-03-17 18:07 23 --sha-w- c:\windows\system32\edacded0_x.dat
    2006-05-03 10:06 . 2010-02-12 17:41 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47 . 2010-02-12 17:41 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 . 2010-02-12 17:41 216064 --sh--r- c:\windows\system32\nbDX.dll
    .

    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "DW6"="c:\programmi\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-11-10 818288]
    "uTorrent"="c:\programmi\uTorrent\uTorrent.exe " [2010-07-24 327984]
    "SpywareTerminatorUpdate"="c:\programmi\Spywar e Terminator\SpywareTerminatorUpdate.exe" [2009-12-09 3037696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-30 2176512]
    "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\programmi\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
    "PSFactoryBuffer"= {38c8f34e-2cc7-4b04-9b75-1a35043970f8} - c:\programmi\File comuni\PSFactoryBuffer\PSFactoryBuffer.dll [2010-06-29 131072]

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Programmi\\Orbitdownloader\\orbitnet.exe" =
    "c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Programmi\\eMule\\emule.exe"=
    "c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Programmi\\Real\\RealPlayer\\realplay.exe "=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Programmi\\isposure\\IsposureAgent.exe"=
    "c:\\Programmi\\uTorrent\\uTorrent.exe"=
    "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "38188:TCP"= 38188:TCP:*:Disabled:utorrent
    "38188:UDP"= 38188:UDP:*:Disabled:utorrent
    "45871:TCP"= 45871:TCP:emule
    "53794:UDP"= 53794:UDP:emule

    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [16/10/2008 23.07.59 142592]
    R2 isposure_svc;IsposureAgent;c:\programmi\isposure\I sposureAgent.exe [18/06/2009 17.52.46 761856]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpoo l;c:\programmi\Nitro PDF\Professional\NitroPDFDriverService.exe [16/12/2009 11.09.04 188736]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [16/12/2009 11.11.06 65856]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 20.19.44 50704]
    R2 RVIEGVST;VSC VST Engine;c:\programmi\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [10/07/2009 13.16.24 188276]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [28/05/2010 13.04.52 14896]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\ TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contenuto della cartella 'Scheduled Tasks'

    2010-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

    2010-08-01 c:\windows\Tasks\emule.job
    - c:\programmi\eMule\emule.exe [2008-01-17 13:00]

    2010-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-436374069-616249376-725345543-500.job
    - c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

    2010-08-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-616249376-725345543-500.job
    - c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
    .
    .
    ------- Scansione supplementare -------
    .
    uStart Page = hxxp://www.yahoo.it/
    IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
    IE: E&sporta in Microsoft Excel
    FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\primo profilo 3.0\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.it
    FF - prefs.js: keyword.enabled - false
    FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\F irefox\Ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\primo profilo 3.0\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\M ozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava 1.dll
    FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\programmi\Mozilla Firefox\plugins\npagent.dll
    FF - plugin: c:\programmi\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\programmi\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
    FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
    FF - plugin: c:\programmi\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
    FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2010-08-01 14:55
    Windows 5.1.2600 Service Pack 3 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    ************************************************** ************************
    .
    --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

    [HKEY_USERS\S-1-5-21-436374069-616249376-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,6b,5d ,c9,0a,98,3d,49,80,22,fa,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,1a,22 ,77,0f,2e,ca,4d,9e,e9,28,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,6b,5d ,c9,0a,98,3d,49,80,22,fa,\

    [HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.\Driver ATI]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\Applications\A croRd32.exe\shell]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ UIPlugins\{292AE934-4F49-40bb-9E7E-6F6398ED9C31}]
    @DACL=(02 0000)
    "FriendlyName"="Nero Fast CD-Burning Plug-in"
    "Description"="Scrivere CD"
    "Capabilities"=dword:40000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Wind ows XP OOB\SP10\KB835221WXP\Filelist]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Setup\OOBE\CKPT]
    @DACL=(02 0000)
    "0"=dword:00000001
    "TOS"=dword:00000002
    "1"=dword:0000000a

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Setup\OOBE\Status]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\NeroBurnPlugin]
    @DACL=(02 0000)
    "ProgID"="MDNeroBurnPlugin.MDNeroBurnPlugin"

    [HKEY_LOCAL_MACHINE\software\REALTEK Semiconductor Corporation\REALTEK Gigabit and Fast Ethernet NIC Driver]
    @DACL=(02 0000)
    .
    --------------------- Dlls caricate dai processi in esecuzione ---------------------

    - - - - - - - > 'winlogon.exe'(876)
    c:\windows\system32\Ati2evxx.dll
    .
    Ora fine scansione: 2010-08-01 14:58:06
    ComboFix-quarantined-files.txt 2010-08-01 12:58
    ComboFix2.txt 2010-06-17 13:48

    Pre-Run: 69.197.770.752 byte disponibili
    Post-Run: 69.183.381.504 byte disponibili

    - - End Of File - - 55A305B16CA9BEEC9164F3D1F55BE572

    di fatti vi confermo che isposure l'ho installato io e non un rootkit..
    come anche,ovvio,acrobat..
    inoltre l'altra particolarita' e' che se parte la scan programmata da avira tali hidden objects sono pari a 0,zero,..diventano 4 solo se la scan la faccio partire io di mia iniziativa fuori da quella dello scheduler..e si che e' sempre fatta sulla totalita' del mio pc..

    grazie ancora!!

    luca
    Ultima modifica di p060477; 27-02-11 alle 20: 56.


  10. #9
    Data registrazione
    Oct 2009
    Messaggi
    255
    Grazie dati 
    173
    Grazie ricevuti 
    259
    Ringraziato in
    141 post

    Riferimento: antivir e hidden objects..

    Ciao p060477.

    Come mai il log riporta ComboFix 10-07-31.04 - Administrator 01/08/2010 14.50.32.2.2 - x86?


  11. #10
    Data registrazione
    Jan 2010
    Messaggi
    1,628
    Grazie dati 
    1,374
    Grazie ricevuti 
    95
    Ringraziato in
    75 post

    Riferimento: antivir e hidden objects..

    ciao e grazie!

    ..l'ho spiegato nel post precedente..e' l'ultima volta che ho usato il combofix..e' stato mesi fa..e gia' allora avevo la stranezza degli hidden objects con avira..che evidentemente pero' il combo non ha ne risolto ne svelato..
    la doppia data 31.7 -01.08 francamente non la so spiegare..io non c'ho messo mano questo e' sicuro..!!
    ..dato che gia' allora non risolse tale questione non e' che muoia dalla voglia di rilanciarlo..anche perche' tra i vari - regalini - mi lascia sempre che mi sparisce la funz di - autoplay- quando metto un disco nel player..e devo sempre ammattire un sacco per farla tornare..


Segnalibri

Regole di scrittura

  • Tu non puoi inviare nuove discussioni
  • Tu non puoi inviare risposte
  • Tu non puoi inviare allegati
  • Tu non puoi modificare i tuoi messaggi
  •  
Cookies:direttiva 2009/136/CE (E-Privacy)

Il sito utilizza cookies propri e di terze parti per maggiori informazioni faq - Termini di servizio - Cookies
Il forum non puo' funzionare senza l'uso dei cookies pertanto l'uso della community Ŕ vincolato dall'accettazione degli stessi, nel caso contrario siete pregati di lasciare la community, proseguendo la navigazione acconsenti allĺuso dei cookie