file di sistema infetti

**menatwork** · 30-07-2010, 10:48

quando finisce la scansione con malwarebytes prova cosi'

rimuovi combofix con OTC by OldTimer

eseguilo
Clicca su CleanUp.
Alla richiesta di riavvio clicca SI

scaricalo nuovamente e procedi in questo modo:

clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata la scansione, riavvia il computer e posta il reprot C:\combofix.txt

**pij** · 30-07-2010, 11:00

questo è il rapporto ora provo quello che ha detto

www.malwarebytes.org

Versione database: 4369

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

30/07/2010 10.58.17
mbam-log-2010-07-30 (10-58-17).txt

Tipo di scansione: Scansione completa (C:\|F:\|)
Elementi esaminati: 232979
Tempo trascorso: 33 minuti, 58 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Voci infette nei dati di registro: 3
Cartelle infette: 9
File infetti: 55

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.NaviPromo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
C:\Programmi\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programmi\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\images (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\images\EN (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\rubs (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\resources (Rogue.SpywareSecure) -> Quarantined and deleted successfully.

File infetti:
C:\Documents and Settings\Pc\Documenti\KONAMI\Pro Evolution Soccer 2010 DEMO\patch.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
F:\emule download\patch\patch.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Programmi\Instant Access\Center\SERIALPLAYERS.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programmi\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\config.s3db (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\Gfx_it.bin (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\language (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\nbmw (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\quarantine.s3db (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\skin (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\sqlite3.dll (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\sws_translations.xml (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\uninst.exe (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\unrar.dll (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT.zip (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\explo_intro.htm (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\explo_menu.htm (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\file.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\fleche.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\folder.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\folder_f.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\folder_o.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\index.htm (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\menu.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\menu3.js (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\spy.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\Thumbs.db (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\trait_coud.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\trait_droit.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\trait_vert.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\images\fleche.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\images\folder.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\images\key.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\images\menu.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\images\support.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\images\Thumbs.db (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\images\title-hepfile.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\images\EN\dowload-file-antispyware.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\images\EN\menu.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\images\EN\scstep2.gif (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\rubs\3differentscan.htm (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\rubs\contactus.htm (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\rubs\found-objects.htm (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\rubs\lexic.htm (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\rubs\navigtabs.htm (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\rubs\quarantine.htm (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\help\help_Trial_IT\rubs\register.htm (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\resources\cookies_1-12.dat (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\resources\filesDesc_1-12.dat (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\resources\filesDesc_1-12.dic (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\resources\filesExt_1-12.dat (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\resources\filesMulti_1-12.idx (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\resources\filesSimple_1-12.idx (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\resources\malwaresDB_1-12 (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Programmi\Spyware-Secure\resources\register_1-12.dat (Rogue.SpywareSecure) -> Quarantined and deleted successfully.

**pij** · 30-07-2010, 11:28

allora mi dice questo quando lo metto nel box:impossibile trovare il file "C:/Documents and Settings|Pc|desktop|combofix.exe".Verificare il percorso e il nome dei file siano corretti e ritentare.Per cercare un file fare clic sul pulsante Start,quindi scegliere Trova.

**menatwork** · 30-07-2010, 11:33

allora mi dice questo quando lo metto nel box:impossibile trovare il file "C:/Documents and Settings|Pc|desktop|combofix.exe".Verificare il percorso e il nome dei file siano corretti e ritentare.Per cercare un file fare clic sul pulsante Start,quindi scegliere Trova.

ma quando lo scarichi dove lo metti? deve essere dul desktop....

**pij** · 30-07-2010, 11:55

si infatti...ora funziona...sperando che nn fa brutti scherzi.. ora aspetto 10 min se non va ti so dire!

**pij** · 30-07-2010, 12:07

ecco il report è un po lungo te lo mando spezzettato:
ComboFix 09-05-06.05 - Pc 30/07/2010 11.58.23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2642 [GMT 2:00]
Eseguito da: c:\documents and settings\Pc\desktop\combofix.exe
Opzioni usate :: /killall
AV: avast! antivirus 4.8.1368 [VPS 100729-1] *On-access scanning disabled* (Updated)
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((( Files Creati Da 2010-06-28 al 2010-07-30 )))))))))))))))))))))))))))))))))))
.

2010-07-30 07:43 . 2010-07-30 07:43 -------- d-----w c:\documents and settings\Pc\Dati applicazioni\Malwarebytes
2010-07-30 07:43 . 2010-04-29 13:39 38224 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 07:43 . 2010-07-30 07:43 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-30 07:43 . 2010-04-29 13:39 20952 ----a-w c:\windows\system32\drivers\mbam.sys
2010-07-30 07:43 . 2010-07-30 07:43 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2010-07-29 18:39 . 2010-07-29 18:39 -------- d-----w c:\programmi\Trend Micro
2010-07-29 18:19 . 2010-07-29 18:19 -------- d-----w c:\programmi\Microsoft CAPICOM 2.1.0.2
2010-07-29 18:18 . 2010-07-29 18:18 -------- d-----w c:\documents and settings\Default User\Impostazioni locali\Dati applicazioni\Microsoft Help
2010-07-29 18:13 . 2010-07-29 18:13 -------- d-----w c:\programmi\MSXML 4.0
2010-07-29 17:56 . 2009-10-13 10:33 271360 ------w c:\windows\system32\dllcache\oakley.dll
2010-07-29 17:53 . 2009-10-15 16:29 81920 ------w c:\windows\system32\dllcache\fontsub.dll
2010-07-29 17:53 . 2009-10-15 16:29 119808 ------w c:\windows\system32\dllcache\t2embed.dll
2010-07-29 17:51 . 2010-02-12 10:03 293376 ------w c:\windows\system32\browserchoice.exe
2010-07-29 17:50 . 2008-10-15 16:36 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2010-07-29 17:50 . 2009-07-31 04:32 1172480 ------w c:\windows\system32\dllcache\msxml3.dll
2010-07-29 16:42 . 2010-07-29 18:20 -------- d--h--w c:\windows\$hf_mig$
2010-07-29 16:40 . 2008-04-21 21:14 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2010-07-29 16:39 . 2009-08-13 15:15 512000 ------w c:\windows\system32\dllcache\jscript.dll
2010-07-29 16:39 . 2009-12-24 06:59 177664 ------w c:\windows\system32\dllcache\wintrust.dll
2010-07-29 16:39 . 2010-01-13 14:00 86528 ------w c:\windows\system32\dllcache\cabview.dll
2010-07-29 16:36 . 2009-08-06 17:23 274288 ----a-w c:\windows\system32\mucltui.dll
2010-07-29 09:59 . 2009-10-25 04:11 77312 ----a-w c:\windows\MBR.exe
2010-07-29 09:59 . 2010-04-26 13:58 256512 ----a-w c:\windows\PEV.exe
2010-07-29 07:30 . 2010-07-29 08:30 -------- d-----w c:\documents and settings\Pc\Dati applicazioni\AusLogics
2010-07-29 07:27 . 2010-07-29 07:27 -------- d-----w c:\programmi\Auslogics
2010-07-28 12:56 . 2010-07-28 12:56 -------- d-----w c:\programmi\CCleaner
2010-07-28 09:14 . 2010-07-30 07:28 3152 ----a-w c:\documents and settings\Pc\Impostazioni locali\Dati applicazioni\cmksr.dat
2010-07-28 09:14 . 2010-07-23 19:02 237159 ----a-w c:\documents and settings\Pc\Impostazioni locali\Dati applicazioni\cmksr_nav.dat
2010-07-28 09:14 . 2010-07-30 07:28 2807 ----a-w c:\documents and settings\Pc\Impostazioni locali\Dati applicazioni\cmksr_navps.dat
2010-07-28 09:14 . 2010-07-28 09:14 544768 ----a-w c:\documents and settings\Pc\Impostazioni locali\Dati applicazioni\cmksr.exe
2010-07-18 15:01 . 2008-05-30 12:17 65032 ----a-w c:\windows\system32\XAPOFX1_0.dll
2010-07-18 15:01 . 2008-05-30 12:19 507400 ----a-w c:\windows\system32\XAudio2_1.dll
2010-07-18 15:01 . 2008-05-30 12:18 238088 ----a-w c:\windows\system32\xactengine3_1.dll
2010-07-18 15:01 . 2008-05-30 12:17 25608 ----a-w c:\windows\system32\X3DAudio1_4.dll
2010-07-18 15:01 . 2008-05-30 12:11 1491992 ----a-w c:\windows\system32\D3DCompiler_38.dll
2010-07-18 15:01 . 2008-05-30 12:11 467984 ----a-w c:\windows\system32\d3dx10_38.dll
2010-07-18 15:01 . 2008-05-30 12:11 3850760 ----a-w c:\windows\system32\D3DX9_38.dll
2010-07-18 15:01 . 2008-03-05 14:03 479752 ----a-w c:\windows\system32\XAudio2_0.dll
2010-07-18 15:01 . 2008-03-05 14:03 238088 ----a-w c:\windows\system32\xactengine3_0.dll
2010-07-18 15:01 . 2008-03-05 14:00 25608 ----a-w c:\windows\system32\X3DAudio1_3.dll
2010-07-18 15:01 . 2010-07-18 15:01 -------- d-----w c:\windows\Logs
2010-07-18 14:27 . 2010-07-18 15:11 -------- d-----w c:\documents and settings\Pc\Impostazioni locali\Dati applicazioni\Rockstar Games
2010-07-18 14:22 . 2010-07-28 12:52 -------- d-----w c:\programmi\Rockstar Games
2010-07-18 14:18 . 2010-07-18 14:18 -------- d-----w c:\programmi\MSBuild
2010-07-18 14:18 . 2010-07-28 09:20 411360 ----a-w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-07-18 14:16 . 2010-07-18 14:19 -------- d-----w c:\windows\system32\XPSViewer
2010-07-18 14:16 . 2010-07-18 14:16 -------- d-----w c:\programmi\Reference Assemblies
2010-07-18 14:15 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2010-07-18 14:11 . 2008-03-05 13:56 1420824 ----a-w c:\windows\system32\D3DCompiler_37.dll
2010-07-18 14:11 . 2008-02-05 21:07 462864 ----a-w c:\windows\system32\d3dx10_37.dll
2010-07-18 14:11 . 2008-03-05 13:56 3786760 ----a-w c:\windows\system32\D3DX9_37.dll
2010-07-18 14:02 . 2010-07-18 14:02 -------- d--h--r c:\documents and settings\Pc\Dati applicazioni\SecuROM
2010-07-18 14:01 . 2010-07-18 14:01 1700352 ----a-w c:\windows\system32\gdiplus.dll

**pij** · 30-07-2010, 12:08

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-07-29 18:29 . 2001-08-31 11:00 77918 ----a-w c:\windows\system32\perfc010.dat
2010-07-29 18:29 . 2001-08-31 11:00 473816 ----a-w c:\windows\system32\perfh010.dat
2010-07-29 18:29 . 2008-06-17 05:36 76488 ----a-w c:\documents and settings\Pc\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-07-29 18:17 . 2008-06-17 12:13 -------- d-----w c:\programmi\Microsoft Works
2010-07-28 12:52 . 2008-06-17 05:43 -------- d--h--w c:\programmi\InstallShield Installation Information
2010-07-28 12:51 . 2008-08-22 14:20 -------- d--h--w c:\programmi\FX Uninstall Information
2010-07-19 09:10 . 2008-06-17 13:35 -------- d-----w c:\programmi\eMule
2010-07-07 06:10 . 2009-11-06 12:37 -------- d-----w c:\programmi\Microsoft Silverlight
2010-06-30 08:46 . 2010-05-19 14:19 -------- d-----w c:\programmi\Messenger_Plus_Live_Italy
2010-06-16 15:38 . 2008-06-30 19:24 -------- d-----w c:\programmi\Messenger Plus! Live
2010-06-05 10:31 . 2010-06-04 17:19 -------- d-----w c:\programmi\Epson Software
2010-06-05 10:31 . 2008-06-23 19:34 -------- d-----w c:\programmi\EPSON
2010-06-04 17:19 . 2008-06-17 05:42 -------- d-----w c:\programmi\File comuni\InstallShield
2010-06-04 17:18 . 2010-06-04 17:18 -------- d-----w c:\programmi\ABBYY FineReader 6.0 Sprint
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w c:\windows\system32\GPhotos.scr
2010-05-04 17:16 . 2007-01-03 10:56 832512 ----a-w c:\windows\system32\wininet.dll
2010-05-04 17:15 . 2007-01-03 10:56 78336 ----a-w c:\windows\system32\ieencode.dll
2010-05-04 17:15 . 2007-01-03 10:55 17408 ----a-w c:\windows\system32\corpol.dll
2010-05-02 08:06 . 2007-01-03 10:52 1851264 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08d495ab-a86c-47b0-82ef-da87bf92f730}]
2010-06-30 08:46 2734688 ----a-w c:\programmi\Messenger_Plus_Live_Italy\tbMes1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}]
2009-08-10 22:48 288056 ----a-w c:\programmi\PriceGong\1.5.0\PriceGongIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{08d495ab-a86c-47b0-82ef-da87bf92f730}"= "c:\programmi\Messenger_Plus_Live_Italy\tbMes1.dll " [2010-06-30 2734688]

[HKEY_CLASSES_ROOT\clsid\{08d495ab-a86c-47b0-82ef-da87bf92f730}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\G oogleToolbarNotifier.exe" [2008-06-17 68856]
"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 133576]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]
"E08IXLRD_11156031"="c:\programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE" [2007-06-12 351000]
"EPSON SX110 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATIFBE.EXE" [2008-09-27 199680]
"EPSON SX110 Series (Copia 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_ FATIFBE.EXE" [2008-09-27 199680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Ai Nap"="c:\programmi\ASUS\AI Suite\AiNap\AiNap.exe" [2007-12-10 1412608]
"CPU Power Monitor"="c:\programmi\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\programmi\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"ASUS Energy Saving"="c:\programmi\ASUS\AI Suite\EnergySaving\PwSave.exe" [2008-01-24 1352192]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\P DVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\programmi\CyberLink\PowerDV D\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-06-17 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-11-24 81000]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueI mage\TrueImageMonitor.exe" [2005-12-27 988736]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2005-12-27 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2007-09-16 81920]
"EPSON Stylus C62 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_S10IC2.EXE" [2002-07-01 74752]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-03-20 202256]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEv entManager.exe" [2009-04-07 673616]
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-20 16860672]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-16 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RealUpgradeHelper"="c:\programmi\File comuni\Real\Update_OB\upgrdhlp.exe" [2010-03-20 136744]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2010-05-04 124928]

c:\documents and settings\Pc\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
McAfee Security Scan Plus.lnk - c:\programmi\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Pc\\Desktop\\pes2009.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Pc\\Documenti\\Downloads\\Pro Evolution Soccer 2010 Crack Only-RELOADED\\pes2010.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2010\\PES2010 (M)\\Crack\\pes2010.exe"=
"c:\\Documents and Settings\\Pc\\Desktop\\pes2010.exe"=

**pij** · 30-07-2010, 12:09

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/05/2009 12.44.45 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19/06/2008 2.55.14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [19/06/2008 2.55.14 20560]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon .exe [28/01/2010 21.18.38 81920]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [06/11/2009 14.37.38 54752]
R2 SeaPort;SeaPort;c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 18.53.02 226656]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\T omTom HOME 2\TomTomHOMEService.exe [24/06/2010 16.41.38 92008]
S2 gupdate1c9bc4143bb8f12;Servizio di Google Update (gupdate1c9bc4143bb8f12);c:\programmi\Google\Updat e\GoogleUpdate.exe [13/04/2009 16.08.04 133104]
S3 {57C705BD-F6B0-45BE-862B52AA804854BE};{57C705BD-F6B0-45BE-862B52AA804854BE};c:\windows\System32\svchost.exe -k netsvcs [19/08/2004 15.39.46 14336]
S3 {C5AB7BDA-3DDB-412E-A4DEC5730E0AC2E0};{C5AB7BDA-3DDB-412E-A4DEC5730E0AC2E0};\??\c:\windows\TEMP\36.tmp --> c:\windows\TEMP\36.tmp [?]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 23.48.42 704864]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid810 1.sys [18/11/2009 17.18.53 31899]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 14.49.20 227232]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [17/06/2008 14.42.01 348752]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1411159c-7aa2-11dd-b992-001fc6680eb4}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - g:\recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1411159d-7aa2-11dd-b992-001fc6680eb4}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - g:\recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2f1d0948-42af-11dd-b8a5-001fc6680eb4}]
\Shell\AutoRun\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2f1d0949-42af-11dd-b8a5-001fc6680eb4}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - h:\recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{33d37ef6-45cd-11dd-b8b3-001fc6680eb4}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4739fa70-624d-11dd-b916-001fc6680eb4}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - g:\recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d0aef13a-78da-11dd-b97f-001fc6680eb4}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - g:\recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e479cf80-0c41-11df-bf08-001fc6680eb4}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-30 c:\windows\Tasks\Auslogics Boost Speed Integrator Start On Windows Logon.job
- c:\programmi\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2010-07-29 11:10]

2010-07-28 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\programmi\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]

2010-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-17 19:43]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-13 14:07]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-13 14:07]

2010-07-30 c:\windows\Tasks\PCConfidential.job
- c:\programmi\Winferno\PC Confidential\PCConfidential.exe [2009-11-10 13:10]

2010-07-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1965331169-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1965331169-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-30 c:\windows\Tasks\RegPowerClean.job
- c:\programmi\Winferno\RegistryPowerCleaner\RegPowe rClean.exe [2009-11-10 13:48]

2010-07-30 c:\windows\Tasks\RPCReminder.job
- c:\programmi\Winferno\RegistryPowerCleaner\RPCRemi nder.exe [2009-11-10 13:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-PEVSystemStart

c:\programmi\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\programmi\ASUS\AASP\1.00.59\aaCenter.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
.
************************************************** ************************
.
Ora fine scansione: 2010-07-30 12.01.29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-07-30 10:01

Pre-Run: 53.434.793.984 byte disponibili
Post-Run: 53.411.323.904 byte disponibili

415 --- E O F --- 2010-07-29 16:42

**pij** · 30-07-2010, 12:10

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Pc\Dati applicazioni\Mozilla\Firefox\Profiles\q1m0v72j.def ault\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567691&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - Messenger Plus Live Italy Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567691&q=
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\F irefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Pc\Dati applicazioni\Mozilla\Firefox\Profiles\q1m0v72j.def ault\extensions\{08d495ab-a86c-47b0-82ef-da87bf92f730}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Pc\Dati applicazioni\Mozilla\Firefox\Profiles\q1m0v72j.def ault\extensions\{08d495ab-a86c-47b0-82ef-da87bf92f730}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Pc\Dati applicazioni\Mozilla\Firefox\Profiles\q1m0v72j.def ault\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\M ozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneC lick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

**pij** · 30-07-2010, 12:11

.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 12:00
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 57C705BD-F6B0-45BE-862B52AA804854BE}]
"ServiceDll"="c:\docume~1\Pc\IMPOST~1\Temp\32. tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ C5AB7BDA-3DDB-412E-A4DEC5730E0AC2E0}]
"ImagePath"="\??\c:\windows\TEMP\36.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1482476501-1965331169-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e6,de,4e,4e,38,5c,75,cd,b6,30,87,b7 ,84,64,69,f3,bd,ad,32,77,10,
8e,b5,5c,f1,8f,4a,44,8a,fb,c1,08,13,2f,70,b0,c1,7f ,ec,0a,ce,1e,8a,23,11,c1,\
"rkeysecu"=hex:e3,c1,d6,7c,04,71,cd,bd,13,10,cf,5e ,80,1c,ee,78

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10d.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="DA7FE2B8250E1A74 364B48806ACC7995C4BC5AFCBA8571754EA50FF990A1B71182 7C099F6C426DED10028DE6DF32CD9B9500DEB15BE59FC85812 5862D68D0871D6025E8FC3BB140CA02EA13F5515305A85892C 340E9256B2901F44D02E541E7458349C84DD050D7592EDD2C3 38C9C4090C8C45A19F4B7D1D5DB9AB64DE3DC65677590D3B1F 0DA8D2070082752D0A83651866BDD98EAE507217F2F6FD64F1 A4D41F5C11FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E12 7BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B ECC74CA6A0AC4980AC79339DB7CE019D40AA5C5D575E7D6A3B 9808A2D97226D213B55502158F8FF628B08731625E279B0CE1 6C53B68158C04CE9DE3476045749526D497785C1760CAC6D9B FB2C3C2AC1625A82C54BF66B7508C25E83E171D38F338C9D94 5EA31FE8AEBF54ADC61672F48EE2B104AD7BEFF20BE0408EF0 70A53C2A87F551D4AEBF913D121340666E1609AF3F53272D3C 0580A00171AFB2F38EA6513673EA57BF5D0EE0F0CE6F73AB84 58D755520E50C69B698803F107E9D5282B350FCBDF829855ED 128E103E8A98FBC28F312ED9518DF8FA76EA55768CD0DB2956 31C774ABDD57BD3F42F671FBE212A65080F8F19CEA388713DF 45A645876705AA5C44B1D919E616CA04B611CB9DAFEA89975C 01D398C5677BAE7C0173FC5E251BF3B364C7B7DA0C8A73926A B3BF12F99F6C90F1CDB564F4BC46CCB6A899A7F583041A9AE6 8C61BFC750668F9F2249C0E71A67FA9146A88DDDBB18B82BA9 7E6635B791AAD84A774F428321D5AF843AB0ADDFC2106031FD 15D546D940F55E706B76DF462CF58DF25F2A93C355B9089E3F 302099EBA7C2A0718FC01CC7B84BE1FB7F717B7A4AD07A9AA6 3166EB45B402E72361790C8F29A40EECAC7F8DD3E808137E85 04359477892CD12D31BA8EF246A5ACCFFEB3F078EC58402E39 16DF146EB092594B424846F1C4B77D62A607139EFC6839DEE7 D82834C4530C1127258CF2D8514DCDC88D65551ADDBBCED7D2 4615F06590DF730A9389C86132E14D2478CA93C3679C35BF64 2C633726DA3DC9A3868C266D5D65F87ACDDE99311F568FDDF9 EB68CEDDB7ED34C2DDAF9E8008F824235D218B470ECF7F3686 A03C4A56CCAA5D712ED049C35B29B84B24AACEAB21A870F443 472083EA2B4DC10F2C7C24F52F2239FA60AC9201FC806E66F4 686237F1C5E86A267FA15DE6F01770FB62DA5A9E4C58A80F6A 9F894D63903E4B032963A751D2E84C90866C84D29145CC3B5A 7B1331EB0398F62BD41C7C7E649EE7C181521350878713928F 35F74000E0DCC412887D934B58DB3AF5CD3C0A0885F6B0A2E0 60837F44D96DF6123A340AA02E02085D2E73B7CFB593B32D66 0648BAA2BE0B26629001974B010316C906C099ACBCF9D81732 EF2436C40B65924C3E1AEF7934D814A3"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(1008)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4080)
c:\windows\system32\WININET.dll
c:\programmi\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\programmi\ASUS\AASP\1.00.59\aaCenter.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
.
************************************************** ************************
.
Ora fine scansione: 2010-07-30 12.01.29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-07-30 10:01

Pre-Run: 53.434.793.984 byte disponibili
Post-Run: 53.411.323.904 byte disponibili

415 --- E O F --- 2010-07-29 16:42

Discussione: file di sistema infetti

Strumenti discussione

Ricerca discussione

Visualizza

Permessi di invio