Problemone con trojan Click.Cycler... chi mi aiuta???

[arimi81]

Salve a tutti, ho bisogno del vostro aiuto... Sono tre giorni che combatto con un infame virus che si chiama click. cycler, un trojan che ha infettato il restore, generando due file service.exe e smss.exe (nella cartella system volume information).
Nonostante la battaglia, ad avere la meglio è sempre il virus!!! ho smanettato fino alla nausa... provando veramente di tutto (compresi vari programmi scaricati da internet, ma il virus è sempre lì).
Ho disattivato le impostazioni di ripristino, riavviato il computer, effettuato scansione in modalità provvisoria... disperata ho anche provato ad eliminare i file incriminati a mano (naturalmente non te li fa eliminare così facilmente - dice che il processo è in uso.)
Siccome il processo di qsti file non si blocca, perchè sono "processi critici" (così viene fuori dal task...), ho provato a terminarli forzatamente con un programma scaricato da internet (non mi ricordo però come si chiama). Il programmino scaricato funziona anche, pare che i processi li blocchi, ma i due file .exe proprio non ne vogliono sapere di farsi cancellare!!!!
Che faccio??? dove sbaglio??? forse devo eliminare qlche altro file annidato chissà dove???
Vi prego qualcuno può aiutarmi??? proprio non mi va di far formattare il mio pc...
Ora se non bastasse Avira mi segnala anche un altri virus...worm e trojan drop.agent...
Che faccio lo butto sto portatile????

Grazie a tuttiiiiiiiiiiiiiiiiiiiiiiii

[menatwork]

Buonasera

vediamo di togliere questo ''ospite'' sgradito

scarica ed esegui rkill

disattiva il ripristino e lascialo disattivato per ora

Start/tasto destro del mouse su risorse del computer/proprietà/Ripristino configurazione del sistema/e metti la spunta su "disattiva ripristino configurazione del sistema"

disattiva il tuo antivirus

scarica combofix sul desktop (non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

guida all'utilizzo di combofix

[arimi81]

Ohhhhhh anima buona, grazie x la risposta!!!!
Allora, ho già disattivato le opzioni di ripristino e le tengo così da tre giorni, ho anche provato con combofix... ma ora proverò come mi hai suggerito tu di fare e poi posto il risultato.
Grazie ancora!!!!

[arimi81]

Eccomi qua... ti copio il report di combofix


ComboFix 10-06-23.05 - LUCREZIA 24/06/2010 20.52.07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1550 [GMT 2:00]
Eseguito da: c:\documents and settings\LUCREZIA\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\docume~1\LUCREZIA\IMPOST~1\Temp\icabpp.sys
c:\documents and settings\Administrator\csrss.exe
c:\documents and settings\Administrator\Dati applicazioni\mrpky.exe
c:\documents and settings\LUCREZIA\csrss.exe
c:\documents and settings\LUCREZIA\Dati applicazioni\mrpky.exe
c:\documents and settings\LUCREZIA\Dati applicazioni\oreaw.exe
c:\documents and settings\LUCREZIA\Impostazioni locali\temp\icabpp.sys
c:\windows\system32\drivers\str.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ygcdgnyfataulql
-------\Service_ygcdgnyfataulql


((((((((((((((((((((((((( Files Creati Da 2010-05-24 al 2010-06-24 )))))))))))))))))))))))))))))))))))
.

2010-06-24 18:29 . 2010-06-24 18:29 4 ----a-w- c:\programmi\67049140.dat
2010-06-23 19:00 . 2010-06-23 19:00 -------- d--h--w- c:\windows\PIF
2010-06-22 19:19 . 2010-06-23 22:51 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-06-22 18:59 . 2010-06-22 18:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-22 18:46 . 2010-06-22 18:46 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-20 22:26 . 2010-06-20 22:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-12 01:11 . 2010-06-12 01:11 -------- d-----w- C:\Poker
2010-06-11 01:11 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-06-11 01:11 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-06-09 22:22 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 18:27 . 2010-06-09 18:27 -------- d-----w- c:\programmi\Stanza
2010-06-09 18:24 . 2010-06-09 18:24 -------- d-----w- c:\programmi\Java
2010-06-09 18:24 . 2010-06-09 18:24 -------- d-----w- c:\programmi\File comuni\Java
2010-06-08 04:22 . 2010-06-08 04:22 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-06-08 04:22 . 2010-06-08 04:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-03 20:57 . 2010-06-03 20:57 430682 ----a-w- c:\windows\Minnie Screensaver.scr
2010-06-03 20:57 . 2010-06-03 20:57 284530 ----a-w- c:\windows\Minnie Screensaver.exe
2010-06-03 20:46 . 2010-06-03 20:46 77824 ----a-w- c:\windows\pysoft_uninstaller.exe
2010-06-03 20:46 . 2010-06-03 20:46 1536546 ----a-w- c:\windows\system32\Kittysky.scr
2010-06-03 20:39 . 2010-06-03 20:39 568887 ----a-w- c:\windows\Fantasia.exe
2010-06-03 20:39 . 2010-06-03 20:39 341240 ----a-w- c:\windows\Fantasia.scr
2010-06-03 20:33 . 2010-06-03 20:57 29696 ----a-w- c:\windows\mickey32.dll
2010-06-03 20:33 . 2010-06-03 20:34 326268 ----a-w- c:\windows\UnderTheSea.scr
2010-06-03 20:33 . 2010-06-03 20:34 307293 ----a-w- c:\windows\UnderTheSea.exe
2010-05-25 23:14 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-25 23:14 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-25 23:13 . 2008-08-26 14:17 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-05-25 23:13 . 2008-07-24 10:02 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-05-25 23:13 . 2008-04-14 07:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-05-25 23:13 . 2007-08-09 02:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-05-25 23:13 . 2010-05-25 23:15 -------- d-----w- c:\programmi\Alice MOBILE E169

.





Un po' lungo... lo divido in due post... ma adesso come procedo????
Grazie x l'aiuto che mi stai dando

[menatwork]

puoi postarlo intero e caricarlo qui ??

[arimi81]

ecco il resto


((( Find3M Report ))
.
2010-06-24 18:45 . 2006-03-02 12:00 48012 ----a-w- c:\windows\system32\perfc010.dat
2010-06-24 18:45 . 2006-03-02 12:00 345620 ----a-w- c:\windows\system32\perfh010.dat
2010-06-09 18:27 . 2010-05-06 17:10 -------- d-----w- c:\programmi\Bonjour
2010-05-27 19:29 . 2010-05-06 10:14 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-05-25 16:34 . 2010-05-25 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Boss Media
2010-05-25 16:34 . 2010-05-25 16:33 -------- d-----w- c:\programmi\Poker Club for Totosi
2010-05-25 16:13 . 2010-05-06 10:05 68680 ----a-w- c:\documents and settings\LUCREZIA\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-25 01:02 . 2010-05-06 09:47 -------- d-----w- c:\programmi\Microsoft Works
2010-05-22 00:29 . 2010-05-22 00:29 47240 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-09 02:17 . 2010-05-09 02:17 0 ----a-w- c:\windows\nsreg.dat
2010-05-09 01:26 . 2010-05-09 01:26 1956808 ----a-w- c:\documents and settings\LUCREZIA\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-05-09 00:00 . 2010-05-09 00:00 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-05-08 23:59 . 2010-05-09 00:00 38208 ----a-w- c:\documents and settings\LUCREZIA\Dati applicazioni\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-05-06 17:46 . 2010-05-06 17:20 -------- d-----w- c:\documents and settings\LUCREZIA\Dati applicazioni\Apple Computer
2010-05-06 17:18 . 2010-05-06 17:15 -------- d-----w- c:\programmi\iTunes
2010-05-06 17:18 . 2010-05-06 17:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-06 17:16 . 2010-05-06 17:16 -------- d-----w- c:\programmi\iPod
2010-05-06 17:16 . 2010-05-06 17:09 -------- d-----w- c:\programmi\File comuni\Apple
2010-05-06 17:15 . 2010-05-06 17:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-05-06 17:14 . 2010-05-06 17:12 -------- d-----w- c:\programmi\QuickTime
2010-05-06 17:12 . 2010-05-06 17:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2010-05-06 17:12 . 2010-05-06 17:11 -------- d-----w- c:\programmi\Apple Software Update
2010-05-06 10:32 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:15 . 2010-05-06 10:15 -------- d-----w- c:\documents and settings\LUCREZIA\Dati applicazioni\vlc
2010-05-06 10:15 . 2010-05-06 10:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-05-06 10:14 . 2010-05-06 10:14 -------- d-----w- c:\programmi\Microsoft
2010-05-06 10:14 . 2010-05-06 10:13 -------- d-----w- c:\programmi\Windows Live
2010-05-06 10:13 . 2010-05-06 10:13 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-05-06 10:10 . 2010-05-06 10:10 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-05-06 10:09 . 2010-05-06 10:04 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-06 10:04 . 2010-05-06 10:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-05-06 10:04 . 2010-05-06 10:04 -------- d-----w- c:\programmi\Avira
2010-05-06 10:02 . 2010-05-06 10:02 -------- d-----w- c:\programmi\VideoLAN
2010-05-06 10:01 . 2010-05-06 09:57 -------- d-----w- c:\programmi\File comuni\Adobe
2010-05-06 09:52 . 2010-05-06 09:52 -------- d-----w- c:\programmi\LHSP
2010-05-06 09:47 . 2010-05-06 09:47 -------- d-----w- c:\programmi\Microsoft.NET
2010-05-06 09:43 . 2010-05-06 09:43 -------- d-----w- c:\documents and settings\LUCREZIA\Dati applicazioni\CyberLink
2010-05-06 09:43 . 2010-05-06 09:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-05-06 09:41 . 2010-05-06 09:39 -------- d-----w- c:\programmi\CyberLink DVD Solution
2010-05-06 09:41 . 2010-05-06 07:41 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-06 09:40 . 2010-05-06 09:39 -------- d-----w- c:\programmi\Ahead
2010-05-06 09:39 . 2010-05-06 09:39 -------- d-----w- c:\programmi\File comuni\Ahead
2010-05-06 09:39 . 2010-05-06 09:39 -------- d-----w- c:\programmi\CyberLink
2010-05-06 08:42 . 2010-05-05 18:17 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-06 08:01 . 2010-05-06 08:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2010-05-06 08:01 . 2010-05-06 08:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr _01005.Wdf
2010-05-06 08:01 . 2010-05-06 07:41 -------- d-----w- c:\programmi\Hewlett-Packard
2010-05-06 08:01 . 2010-05-06 08:01 -------- d-----w- c:\documents and settings\LUCREZIA\Dati applicazioni\InstallShield
2010-05-06 07:58 . 2010-05-06 07:58 -------- d-----w- c:\programmi\Synaptics
2010-05-06 07:58 . 2010-05-06 07:41 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-05-06 07:56 . 2010-05-06 07:55 -------- d-----w- c:\programmi\Intel
2010-05-06 07:53 . 2010-05-06 07:53 -------- d-----w- c:\programmi\WIDCOMM
2010-05-06 07:53 . 2010-05-06 07:53 155136 ----a-w- c:\windows\system32\imapihp.exe
2010-05-06 07:51 . 2010-05-06 07:51 -------- d-----w- c:\documents and settings\LUCREZIA\Dati applicazioni\hpqLog
2010-05-06 07:51 . 2010-05-06 07:49 -------- d-----w- c:\programmi\HPQ
2010-05-06 07:50 . 2010-05-06 07:50 1595 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP 550_YN_0U_QCNU8345B25_EU_46_I3618_SHP_VKBC Version 12.00_B68MVU Ver. F.01_T080620_WXP2_L410_M2040_J160_7Intel_8Core2 Duo T5270_91.4_#100506_N_()_XMOBILE_CN10_Z_2F.01_G_OHL-DT-ST DVDRAM GSA-T40L_D.MRK
2010-05-06 07:43 . 2010-05-06 07:42 -------- d-----w- c:\programmi\Analog Devices
2010-05-05 18:18 . 2010-05-05 18:18 -------- d-----w- c:\programmi\microsoft frontpage
2010-05-05 18:16 . 2010-05-05 18:16 -------- d-----w- c:\programmi\Servizi in linea
2010-05-05 18:14 . 2010-05-05 18:14 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-02 08:06 . 2006-03-02 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 13:45 . 2010-04-28 13:45 73000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-20 05:30 . 2006-03-02 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 06:33 . 2010-05-06 17:11 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 06:33 . 2010-05-06 17:11 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2004-10-01 13:00 . 2010-05-06 09:39 40960 ----a-w- c:\programmi\Uninstall_CDS.exe

((((( Punti Reg Caricati )))))
.*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PTHOSTTR"="c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2008-03-27 1040384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-05-22 137752]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"RemoteControl"="c:\programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.e xe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-6 110592]
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

[arimi81]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Java\\jre1.6.0_07\\launch4j-tmp\\Stanza.exe"=

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [06/05/2010 12.04.44 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [06/05/2010 12.04.45 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [06/05/2010 12.04.44 434945]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [06/05/2010 10.01.21 193840]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.s ys [06/05/2010 9.53.04 30008]
S3 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [08/06/2007 9.06.42 172131]
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-25 20:18]
.
.------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\LUCREZIA\Dati applicazioni\Mozilla\Firefox\Profiles\l5wr3q0t.def ault\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
************************************************** ****
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 21:01
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,46,29 ,c1,79,08,66,41,b4,b1,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,46,29 ,c1,79,08,66,41,b4,b1,7c,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\DeviceNP.dll

- - - - - - - > 'lsass.exe'(1008)
c:\programmi\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(2508)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\system volume information\Microsoft\smss.exe
c:\windows\system32\agrsmsvc.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\igfxsrvc.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\programmi\Internet Explorer\IEXPLORE.EXE
c:\programmi\Internet Explorer\IEXPLORE.EXE
c:\programmi\Internet Explorer\IEXPLORE.EXE
.
Ora fine scansione: 2010-06-24 21:05:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-24 19:05
ComboFix2.txt 2010-06-23 18:12

Pre-Run: 68.290.752.512 byte disponibili
Post-Run: 68.210.311.168 byte disponibili
End Of File - - 9F190D3FCC698B58EFA91911593D8AEE

[arimi81]

Scusa... si in effetti era lunghino
l'ho caricato dove mi hai detto tu

[menatwork]

sinceramente pensavo peggio....questo e' la scansione fatta stasera (giusto)? non hai anche il rapporto dell'altra scansione che hai fatto?

[arimi81]

No cancellata!!!
pensavi peggio???? ok che non sono proprio un geniaccio in informatica io, ma come cavolo è possibile allora che nn riesco a liberarmene???
Uffaaaaaaa