Non riesco ad accedere a Internet con WIndows mentre con una distro live di linux si.





ComboFix 10-04-03.02 - Mimmo 04/04/2010 15.46.36.4.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1279.962 [GMT 2:00]

Eseguito da: c:\documents and settings\Mimmo\Desktop\ComboFix.exe

FW: Alice Total Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}



ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

.



((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\windows\system32\AutoRun.inf

c:\windows\system32\winlogon.bak



.

((((((((((((((((((((((((( Files Creati Da 2010-03-04 al 2010-04-04 )))))))))))))))))))))))))))))))))))

.



2010-04-03 13:07 . 2010-04-03 13:07 -------- d-----w- c:\documents and settings\Firo & Gabri\Impostazioni locali\Dati applicazioni\kompozer.net

2010-04-03 13:07 . 2010-04-03 13:07 -------- d-----w- c:\documents and settings\Firo & Gabri\Dati applicazioni\kompozer.net

2010-04-02 16:52 . 2010-04-02 16:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia

2010-03-30 16:55 . 2010-03-31 06:49 -------- d-----w- c:\documents and settings\Firo & Gabri\Dati applicazioni\BitTorrent

2010-03-29 07:30 . 2010-03-29 07:30 -------- d-----w- c:\documents and settings\Firo & Gabri\Dati applicazioni\SkypePM

2010-03-28 17:22 . 2010-03-28 17:22 -------- d-----w- c:\documents and settings\Chiara\Dati applicazioni\Ashampoo

2010-03-28 13:16 . 2010-03-28 13:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab

2010-03-28 08:08 . 2009-11-05 14:44 75712 ----a-w- c:\windows\system32\ashoddac.dll

2010-03-25 15:48 . 2010-03-25 15:48 -------- d-----w- c:\documents and settings\Firo & Gabri\Impostazioni locali\Dati applicazioni\Skype

2010-03-25 15:39 . 2010-04-04 08:51 -------- d-----w- c:\documents and settings\Chiara\Dati applicazioni\Skype

2010-03-25 15:38 . 2010-03-25 15:38 371272 ----a-r- c:\documents and settings\Chiara\Dati applicazioni\Microsoft\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe

2010-03-25 15:38 . 2010-03-25 15:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype

2010-03-25 15:38 . 2010-03-25 15:38 -------- d-----r- c:\documents and settings\Chiara\Impostazioni locali\Dati applicazioni\Skype

2010-03-25 15:30 . 2010-03-31 07:17 1 ----a-w- c:\documents and settings\Chiara\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-03-25 15:29 . 2010-03-25 15:29 -------- d-----w- c:\documents and settings\Chiara\Dati applicazioni\OpenOffice.org

2010-03-24 17:44 . 2010-03-24 17:46 -------- d-----w- c:\documents and settings\Mimmo\Impostazioni locali\Dati applicazioni\Adobe

2010-03-22 15:16 . 2010-03-22 15:16 -------- d-----w- c:\documents and settings\Firo & Gabri\Impostazioni locali\Dati applicazioni\HP

2010-03-21 17:56 . 2010-03-31 06:49 -------- d-----w- c:\documents and settings\Chiara\Dati applicazioni\uTorrent

2010-03-21 16:45 . 2010-03-21 16:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA

2010-03-20 14:31 . 2010-03-20 14:33 -------- d-----w- c:\windows\nview

2010-03-20 14:31 . 2006-10-22 11:22 208896 ----a-w- c:\windows\system32\nvudisp.exe

2010-03-20 14:30 . 2006-10-22 14:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-03-20 14:29 . 2010-03-20 14:29 -------- d-----w- C:\NVIDIA

2010-03-19 17:17 . 2010-03-19 17:17 -------- d-----w- c:\documents and settings\Chiara\Dati applicazioni\HP

2010-03-19 17:16 . 2010-03-19 17:16 -------- d-----w- c:\documents and settings\Chiara\Impostazioni locali\Dati applicazioni\HP

2010-03-19 17:10 . 2010-03-19 17:10 18064 ----a-w- c:\documents and settings\Chiara\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT

2010-03-19 12:42 . 2010-04-04 11:38 -------- d-----w- c:\documents and settings\Firo & Gabri\Dati applicazioni\uTorrent

2010-03-18 14:25 . 2010-02-09 16:26 52224 ----a-w- c:\documents and settings\Firo & Gabri\Dati applicazioni\Mozilla\Firefox\Profiles\bir2td3w.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll

2010-03-18 14:25 . 2010-02-09 16:26 101376 ----a-w- c:\documents and settings\Firo & Gabri\Dati applicazioni\Mozilla\Firefox\Profiles\bir2td3w.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll

2010-03-17 18:11 . 2010-03-17 18:11 -------- d-----w- c:\documents and settings\Firo & Gabri\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files

2010-03-17 15:11 . 2010-03-17 15:11 -------- d-----w- c:\documents and settings\Chiara\Impostazioni locali\Dati applicazioni\Adobe

2010-03-16 11:12 . 2010-03-16 11:12 -------- d-----w- c:\documents and settings\Chiara\Impostazioni locali\Dati applicazioni\Mozilla

2010-03-16 11:06 . 2010-03-16 11:06 -------- d-sh--w- c:\documents and settings\Chiara\PrivacIE

2010-03-16 11:04 . 2010-03-16 11:04 -------- d-sh--w- c:\documents and settings\Chiara\IETldCache

2010-03-15 12:36 . 2010-02-19 18:31 67360 ----a-w- c:\documents and settings\Firo & Gabri\Dati applicazioni\Mozilla\Firefox\Profiles\bir2td3w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlus_Helper.dll

2010-03-15 12:36 . 2010-02-19 18:31 350064 ----a-w- c:\documents and settings\Firo & Gabri\Dati applicazioni\Mozilla\Firefox\Profiles\bir2td3w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe.exe

2010-03-15 12:36 . 2010-02-19 18:31 31936 ----a-w- c:\documents and settings\Firo & Gabri\Dati applicazioni\Mozilla\Firefox\Profiles\bir2td3w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

2010-03-15 12:36 . 2010-02-19 18:31 29344 ----a-w- c:\documents and settings\Firo & Gabri\Dati applicazioni\Mozilla\Firefox\Profiles\bir2td3w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

2010-03-14 18:09 . 2010-03-14 18:09 -------- d-----w- c:\documents and settings\Firo & Gabri\Dati applicazioni\HP

2010-03-14 17:46 . 2010-03-14 17:46 -------- d-----w- c:\programmi\MSXML 4.0

2010-03-14 17:08 . 2010-03-14 17:10 -------- d-----w- c:\documents and settings\Firo & Gabri\Impostazioni locali\Dati applicazioni\Adobe

2010-03-14 16:00 . 2010-03-18 14:06 -------- d-----w- c:\documents and settings\Firo & Gabri\Dati applicazioni\dvdcss

2010-03-14 14:23 . 2010-03-14 14:23 -------- d-----w- c:\documents and settings\Mimmo\Dati applicazioni\Auslogics

2010-03-13 21:05 . 2010-03-13 21:05 -------- d-----w- c:\windows\ServicePackFiles

2010-03-13 21:05 . 2010-03-13 21:05 -------- d-----w- c:\windows\ie8updates

2010-03-13 20:38 . 2010-03-13 20:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WEBREG

2010-03-13 20:22 . 2009-12-09 10:18 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-03-13 20:22 . 2009-12-09 10:18 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-03-13 20:22 . 2009-12-09 10:18 2189696 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-03-13 20:22 . 2009-12-09 10:18 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-03-13 20:19 . 2007-03-06 12:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2010-03-13 20:19 . 2007-03-06 12:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys

2010-03-13 20:19 . 2010-03-13 20:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard

2010-03-13 20:18 . 2007-03-28 23:29 267864 ----a-r- c:\windows\system32\hpzids01.dll

2010-03-13 20:18 . 2007-03-28 12:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll

2010-03-13 20:18 . 2007-03-28 13:01 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll

2010-03-13 20:18 . 2007-03-06 12:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys

2010-03-13 20:16 . 2007-03-06 12:20 309760 ----a-r- c:\windows\system32\difxapi.dll

2010-03-13 20:16 . 2007-03-06 12:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll

2010-03-13 20:16 . 2007-03-15 14:39 303104 ----a-r- c:\windows\system32\hpovst11.dll

2010-03-13 20:16 . 2007-03-15 14:39 958464 ----a-r- c:\windows\system32\hpotiop4.dll

2010-03-13 20:16 . 2007-03-15 14:39 675840 ----a-r- c:\windows\system32\hpowiax4.dll

2010-03-13 20:16 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2010-03-13 20:16 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-03-13 20:08 . 2010-03-13 20:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HPSSUPPLY

2010-03-13 19:58 . 2010-03-13 19:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant

2010-03-13 19:58 . 2010-03-13 20:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP

2010-03-13 19:57 . 2010-03-13 19:57 -------- d-----w- c:\programmi\File comuni\HP

2010-03-13 19:55 . 2010-03-13 19:55 -------- d-----w- c:\programmi\Hewlett-Packard

2010-03-13 19:54 . 2010-03-13 19:54 -------- d-----w- c:\programmi\File comuni\Hewlett-Packard

2010-03-13 19:52 . 2010-03-13 19:53 -------- dc----w- c:\windows\system32\DRVSTORE

2010-03-13 19:51 . 2010-03-13 20:08 -------- d-----w- c:\programmi\HP

2010-03-13 19:46 . 2010-03-13 20:40 153283 ----a-w- c:\windows\hpoins15.dat

2010-03-13 19:46 . 2007-12-12 20:02 1039 ------w- c:\windows\hpomdl15.dat

2010-03-13 15:15 . 2010-03-13 15:15 -------- d-----w- c:\programmi\File comuni\Adobe

2010-03-13 13:44 . 2010-04-04 09:04 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-03-13 12:42 . 2010-03-14 12:50 -------- d-----w- c:\documents and settings\Firo & Gabri\Impostazioni locali\Dati applicazioni\Help

2010-03-12 17:10 . 2010-03-14 10:20 -------- d-----w- c:\documents and settings\Firo & Gabri\Dati applicazioni\ZipGenius

2010-03-12 14:48 . 2010-03-12 14:48 -------- d-----w- c:\documents and settings\Firo & Gabri\Impostazioni locali\Dati applicazioni\Identities

2010-03-12 12:53 . 2010-03-12 12:53 -------- d-----w- c:\programmi\OpenAL

2010-03-12 12:53 . 2010-03-12 12:53 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2010-03-12 12:53 . 2010-03-12 12:53 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2010-03-11 20:15 . 2010-03-20 14:15 -------- d-----w- c:\documents and settings\Mimmo\Dati applicazioni\ZipGenius

2010-03-11 19:58 . 2010-03-25 18:37 -------- d-----w- c:\documents and settings\Firo & Gabri\Dati applicazioni\Skype

2010-03-11 19:00 . 2010-03-28 09:07 -------- d-----w- c:\documents and settings\Firo & Gabri\Dati applicazioni\Ashampoo

2010-03-11 18:27 . 2010-04-04 12:52 -------- d-----w- c:\documents and settings\Firo & Gabri\Dati applicazioni\vlc

2010-03-11 14:20 . 2010-03-11 14:20 63180 ----a-w- c:\windows\system32\prfc0410.dat

2010-03-11 14:20 . 2010-03-11 14:20 425432 ----a-w- c:\windows\system32\prfh0410.dat

2010-03-11 14:08 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2010-03-11 14:08 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2010-03-11 14:06 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-03-11 14:06 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-03-11 13:19 . 2010-03-28 09:15 -------- d-----w- c:\documents and settings\Mimmo\Dati applicazioni\Ashampoo

2010-03-11 13:19 . 2010-03-11 13:19 -------- d-----w- c:\documents and settings\Mimmo\Impostazioni locali\Dati applicazioni\ashampoo

2010-03-11 13:19 . 2010-03-11 13:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ashampoo

2010-03-11 13:04 . 2010-04-04 12:36 1 ----a-w- c:\documents and settings\Firo & Gabri\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-03-11 13:03 . 2010-03-11 13:03 -------- d-----w- c:\documents and settings\Firo & Gabri\Dati applicazioni\OpenOffice.org

2010-03-11 12:43 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-03-11 12:43 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys

2010-03-11 12:39 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-03-11 12:39 . 2006-03-21 03:23 23040 ------w- c:\windows\kb913800.exe

2010-03-10 20:29 . 2010-04-04 13:43 49355296 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-03-10 20:27 . 2009-04-14 13:41 33160 ----a-w- c:\windows\zllsputility_loc0410.dll

2010-03-10 20:27 . 2009-04-14 13:41 7048 ----a-w- c:\windows\system32\imslsp_install_loc0410.dll

2010-03-10 20:27 . 2009-04-14 13:41 10632 ----a-w- c:\windows\system32\imsinstall_loc0410.dll

2010-03-10 20:27 . 2010-03-27 14:32 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-03-10 20:27 . 2009-04-14 13:42 34696 ----a-w- c:\windows\system32\vsutil_loc0410_oem1466.dll

2010-03-10 20:27 . 2009-04-14 13:41 46472 ----a-w- c:\windows\system32\vsutil_loc0410.dll

2010-03-10 20:27 . 2009-04-14 13:41 72584 ----a-w- c:\windows\zllsputility.exe

2010-03-10 20:26 . 2009-04-14 13:41 69000 ----a-w- c:\windows\system32\zlcomm.dll

2010-03-10 20:26 . 2009-04-14 13:41 103816 ----a-w- c:\windows\system32\zlcommdb.dll

2010-03-10 20:26 . 2009-04-14 13:41 1221512 ----a-w- c:\windows\system32\zpeng25.dll

2010-03-10 20:26 . 2010-03-11 13:07 -------- d-----w- c:\windows\system32\ZoneLabs

2010-03-10 20:23 . 2010-03-10 20:28 -------- d-----w- c:\programmi\Alice Total Security

2010-03-10 20:22 . 2010-04-04 12:28 -------- d-----w- c:\windows\Internet Logs

2010-03-10 19:18 . 2010-04-04 11:13 -------- d-----w- c:\documents and settings\Firo & Gabri\Impostazioni locali\Dati applicazioni\ApplicationHistory

2010-03-10 19:18 . 2010-03-10 19:18 141 ----a-w- c:\documents and settings\Firo & Gabri\Impostazioni locali\Dati applicazioni\fusioncache.dat

2010-03-10 19:17 . 2010-03-10 19:17 -------- d-sh--w- c:\documents and settings\Firo & Gabri\IECompatCache

2010-03-10 18:00 . 2010-03-21 12:09 -------- d-----w- c:\documents and settings\Firo & Gabri\Impostazioni locali\Dati applicazioni\Mozilla

2010-03-10 17:57 . 2010-03-10 17:57 -------- d-sh--w- c:\documents and settings\Firo & Gabri\PrivacIE

2010-03-10 17:55 . 2010-03-10 17:55 -------- d-sh--w- c:\documents and settings\Firo & Gabri\IETldCache

2010-03-10 17:06 . 2010-03-10 17:06 -------- d-----w- c:\documents and settings\Mimmo\Impostazioni locali\Dati applicazioni\Identities

2010-03-10 16:35 . 2010-03-10 16:35 -------- d-sh--w- c:\documents and settings\Mimmo\IECompatCache

2010-03-10 16:34 . 2010-03-10 16:34 -------- d-sh--w- c:\documents and settings\Mimmo\PrivacIE

2010-03-10 16:34 . 2010-03-10 16:34 -------- d-sh--w- c:\documents and settings\Mimmo\IETldCache



.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-04 13:43 . 2010-03-10 20:29 664172 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-04-04 12:25 . 2010-04-04 12:25 -------- d-----w- c:\documents and settings\Firo & Gabri\Dati applicazioni\Nvu

2010-04-04 10:40 . 2010-04-04 11:09 388608 ----a-w- c:\windows\Internet Logs\xDB1.tmp

2010-04-04 08:48 . 2010-03-10 13:39 18064 ----a-w- c:\documents and settings\Mimmo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT

2010-03-29 14:15 . 2010-03-21 16:55 2834269 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-03-28 07:43 . 2004-09-07 12:00 63180 ----a-w- c:\windows\system32\perfc010.dat

2010-03-28 07:43 . 2004-09-07 12:00 425432 ----a-w- c:\windows\system32\perfh010.dat

2010-03-18 19:09 . 2010-03-10 13:11 87747 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-03-15 10:57 . 2004-09-07 12:00 504832 ----a-w- c:\windows\system32\winlogon.exe

2010-03-10 16:18 . 2010-03-10 16:18 2232 ----a-w- c:\windows\java\Packages\Data\BLBDBRR7.DAT

2010-03-10 16:18 . 2010-03-10 16:18 155995 ----a-w- c:\windows\java\Packages\XZHBPFB9.ZIP

2010-03-10 16:18 . 2010-03-10 16:18 2678 ----a-w- c:\windows\java\Packages\Data\E7LVD31Z.DAT

2010-03-10 16:18 . 2010-03-10 16:18 2678 ----a-w- c:\windows\java\Packages\Data\V3XRBJ5B.DAT

2010-03-10 16:18 . 2010-03-10 16:18 2678 ----a-w- c:\windows\java\Packages\Data\JNH7F7LB.DAT

2010-03-10 16:18 . 2010-03-10 16:18 2678 ----a-w- c:\windows\java\Packages\Data\DV931BDB.DAT

2010-03-10 16:18 . 2010-03-10 16:18 2678 ----a-w- c:\windows\java\Packages\Data\CVRRFFZX.DAT

2010-03-10 13:28 . 2010-03-10 13:28 134 ----a-w- c:\documents and settings\Mimmo\Impostazioni locali\Dati applicazioni\fusioncache.dat

2010-03-10 13:14 . 2010-03-10 13:14 -------- d-----w- c:\programmi\microsoft frontpage

2010-03-10 13:10 . 2010-03-10 13:10 -------- d-----w- c:\programmi\Servizi in linea

2010-03-10 13:06 . 2010-03-10 13:06 21840 ----a-w- c:\windows\system32\emptyregdb.dat

2010-03-10 13:05 . 2010-03-10 13:05 -------- d-----w- c:\programmi\Windows Plus

.



------- Sigcheck -------



[-] 2010-03-15 . 094E16523B015A54949AB700EED6061C . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\winlogon.exe

[7] 2004-09-07 . BD11ECE6A5BD592FDDCF9545B4296D17 . 504832 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="c:\programmi\Alice Total Security\zlclient.exe" [2009-04-14 982408]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]



c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=



S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [10/03/2010 17.42.53 8192]

S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [05/12/2009 17.01.32 135320]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenuto della cartella 'Scheduled Tasks'



2010-04-04 c:\windows\Tasks\User_Feed_Synchronization-{7A74CF55-B93D-44D0-BC1B-190E2341B868}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]



2010-04-04 c:\windows\Tasks\User_Feed_Synchronization-{CD3E16D8-8A00-4314-8BFE-DEBB74E9306A}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.google.it/

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Mimmo\Dati applicazioni\Mozilla\Firefox\Profiles\ymwc0wub.default\

FF - prefs.js: browser.startup.homepage - www.google.it

FF - plugin: f:\programmi\Adobe\Reader 9.0\Reader\browser\nppdf32.dll



---- FIREFOX POLICIES ----

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

f:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

f:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

f:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

f:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

f:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

f:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

f:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

f:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.



**************************************************************************



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-04 15:51

Windows 5.1.2600 Service Pack 2 NTFS



scansione processi nascosti ...



scansione entrate autostart nascoste ...



Scansione files nascosti ...



Scansione completata con successo

Files nascosti: 0



**************************************************************************

.

Ora fine scansione: 2010-04-04 15:53:50

ComboFix-quarantined-files.txt 2010-04-04 13:53



Pre-Run: 7.985.811.456 byte disponibili

Post-Run: 7.952.732.160 byte disponibili



- - End Of File - - 348869644A7D543105DB8E02374B20EC

Hai provato a disabilitare il Firewall?

Prova a installare un altro firewall, diverso da quello che hai dopo averlo disinstallato.

---

alfonso_aiutamici@hotmail.it

sicu ( utenti abilitati ) ramente sarete ammmmmministratori anche se un controllino sul task non fa' male ....

prova ad installare cleanup e fai una scansione senza toccare nulla .... alle volte funziona :o)

---