RikyToro ha scritto:
Ho fatto tutto, ma purtroppo il problema rimane
Vi posto qui i log dei vari software:
Combofix:
Codice:
ComboFix 10-03-12.04 - Andrea 13/03/2010 17.10.11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2037.867 [GMT 1:00]
Eseguito da: c:\users\Andrea\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1071822641-4109121943-650434243-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2361521538-3377709696-1930857971-1012
c:\$recycle.bin\S-1-5-21-647803361-4016804179-1602436937-500
c:\windows\system32\SHELLLNK.TLB
.
((((((((((((((((((((((((( Files Creati Da 2010-02-13 al 2010-03-13 )))))))))))))))))))))))))))))))))))
.
2010-03-13 16:20 . 2010-03-13 16:20 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2010-03-13 10:35 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-13 10:35 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-13 10:35 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-13 10:32 . 2010-03-13 10:32 -------- d-----w- c:\users\Andrea\AppData\Roaming\System Tweaker
2010-03-13 10:17 . 2010-03-13 10:17 -------- d-----w- c:\users\Andrea\AppData\Roaming\Uniblue
2010-03-13 10:17 . 2010-03-13 10:32 -------- d-----w- c:\program files\Uniblue
2010-03-13 01:31 . 2010-03-13 01:31 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-13 01:20 . 2010-03-13 01:21 -------- d-----w- C:\MSNCleaner
2010-03-12 23:09 . 2010-03-12 23:09 -------- d-----w- c:\windows\McAfee.com
2010-03-12 22:48 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-12 22:48 . 2010-03-12 22:48 -------- d-----w- c:\program files\Panda Security
2010-03-12 22:42 . 2010-03-12 22:56 -------- d-----w- c:\windows\BDOSCAN8
2010-03-12 00:04 . 2010-03-12 00:04 -------- d-----w- c:\program files\AxBx
2010-03-12 00:03 . 2010-03-12 00:03 -------- d-----w- C:\BackUpMSNCleaner
2010-03-08 22:55 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-03-08 22:54 . 2010-02-02 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-08 21:26 . 2010-03-08 21:37 -------- d-----w- C:\Update
2010-03-01 21:44 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-01 21:44 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-01 21:44 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-01 21:44 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-01 21:44 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-03-01 21:44 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-01 21:44 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-01 21:44 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-01 21:44 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-01 21:44 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-01 21:44 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-03-01 21:44 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-01 21:40 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-03-01 21:40 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-27 11:07 . 2010-02-27 11:07 -------- d-----w- c:\users\Andrea\AppData\Roaming\Babylon
2010-02-27 11:07 . 2010-02-27 11:07 -------- d-----w- c:\programdata\Babylon
2010-02-19 21:11 . 2010-02-20 14:17 -------- d-----w- c:\program files\MyDefrag v4.2.8
2010-02-18 21:11 . 2010-02-18 21:03 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-02-18 21:11 . 2010-02-18 21:03 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-02-18 20:53 . 1998-08-22 04:55 95216 ----a-w- c:\windows\system32\DCAL.DLL
2010-02-18 20:53 . 2010-02-18 21:22 -------- d-----w- c:\program files\GSL
2010-02-18 20:52 . 1998-05-16 02:01 159744 ----a-w- c:\windows\system32\MFCANS32.DLL
2010-02-18 20:52 . 1995-05-21 22:00 640512 ----a-w- c:\windows\system32\OC30.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 16:06 . 2009-04-29 21:21 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-13 10:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-13 10:38 . 2007-03-01 08:58 -------- d-----w- c:\programdata\Microsoft Help
2010-03-13 01:32 . 2007-12-24 16:30 -------- d-----w- c:\program files\Windows Live
2010-03-13 01:31 . 2009-02-19 19:50 -------- d-----w- c:\program files\Microsoft
2010-03-12 22:01 . 2010-02-02 21:00 -------- d-----w- c:\users\Andrea\AppData\Roaming\Money Manager Ex
2010-03-11 23:46 . 2007-12-23 09:26 162488 ----a-w- c:\users\Andrea\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-08 23:01 . 2007-12-24 14:52 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-08 22:53 . 2008-12-06 13:22 -------- d-----w- c:\program files\VistaCodecPack
2010-03-08 21:47 . 2007-02-28 15:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-08 21:47 . 2007-02-28 14:15 -------- d-----w- c:\program files\sony
2010-03-08 21:46 . 2007-03-01 08:56 -------- d-----w- c:\programdata\Sony Corporation
2010-03-08 21:45 . 2007-03-01 08:35 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-03-06 11:04 . 2007-03-01 08:49 -------- d-----w- c:\program files\Google
2010-03-02 20:57 . 2006-11-06 01:52 665702 ----a-w- c:\windows\system32\perfh010.dat
2010-03-02 20:57 . 2006-11-06 01:52 121302 ----a-w- c:\windows\system32\perfc010.dat
2010-02-18 21:23 . 2008-12-07 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 21:23 . 2008-12-07 21:39 5115823 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-18 21:02 . 2009-11-16 21:34 -------- d-----w- c:\programdata\avg9
2010-02-08 20:28 . 2008-05-08 20:15 -------- d-----w- c:\program files\AVG
2010-02-06 16:53 . 2010-02-06 16:10 -------- d-----w- c:\program files\NFR
2010-02-06 16:38 . 2010-02-06 16:38 -------- d-----w- c:\program files\Speccy
2010-02-06 16:27 . 2010-02-06 16:27 -------- d-----w- c:\program files\Defraggler
2010-02-06 16:05 . 2010-02-06 16:05 -------- d-----w- c:\program files\Trend Micro
2010-02-05 20:45 . 2008-11-06 20:54 -------- d-----w- c:\users\Andrea\AppData\Roaming\proDAD
2010-02-05 20:45 . 2008-05-01 22:32 -------- d-----w- c:\program files\Pinnacle
2010-02-05 20:32 . 2009-09-22 12:45 -------- d-----w- c:\program files\KellySoftware
2010-02-05 20:31 . 2008-01-18 19:24 -------- d-----w- c:\program files\PokerTH
2010-02-05 20:21 . 2008-11-06 20:51 -------- d-----w- c:\program files\Boris FX, Inc
2010-02-05 20:18 . 2009-04-11 19:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-02 21:21 . 2010-02-02 21:21 9624 ----a-w- c:\users\Andrea\AppData\Roaming\Microsoft\IdentityCRL\Production\WLIDClientConfig.dll
2010-02-02 21:20 . 2010-02-02 21:20 -------- d-----w- c:\program files\SkyDrive Explorer
2010-02-02 20:59 . 2010-02-02 21:00 1195073 ----a-w- c:\users\Andrea\AppData\Roaming\Money Manager Ex\unins000.exe
2010-01-24 00:13 . 2010-01-24 00:13 -------- d-----w- c:\programdata\LGMOBILEAX
2010-01-23 09:26 . 2010-03-01 21:43 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-22 05:58 . 2010-01-24 00:13 1038272 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-01-22 05:43 . 2010-01-24 00:13 499712 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-01-21 21:04 . 2008-03-28 12:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-15 04:24 . 2010-01-24 00:13 59328 ----a-w- c:\programdata\LGMOBILEAX\LGMLauncher.exe
2010-01-14 10:12 . 2009-10-11 22:31 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 15:07 . 2008-12-07 21:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-12-07 21:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:38 . 2010-03-01 21:44 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-01 21:44 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-03-01 21:44 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-01 21:44 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-02 06:38 . 2010-03-01 21:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-03-01 21:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-03-01 21:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-03-01 21:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-27 11:49 . 2009-12-27 11:49 0 ----a-w- c:\windows\PowerReg.dat
2009-12-20 23:08 . 2009-12-20 23:08 407304 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2002-07-26 15:02 . 2008-05-01 22:32 153088 ----a-w- c:\program files\UNWISE.EXE
2006-05-03 10:06 . 2010-02-06 16:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-02-06 16:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-02-06 16:18 216064 --sh--r- c:\windows\System32\nbDX.dll
.
------- Sigcheck -------
[-] 2009-11-21 . E8F0D3B322C7C2DFE8F33BFF26F2A88B . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"UniblueRegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-02-15 60208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 321656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 14:19 98304 ------w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-01 18:48 133104 ----atw- c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2006-10-16 11:50 202312 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-01-24 10:21 563080 ----a-w- c:\windows\WindowsMobile\wmdc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ab,20,18,70,0b,fc,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2361521538-3377709696-1930857971-1003]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-04-06 717296]
R2 gupdate1c9470ecd5ea948;Google Update Service (gupdate1c9470ecd5ea948);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-15 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]
R3 VUAgent;VUAgent;c:\program files\sony\VAIO Update 5\VUAgent.exe [2009-12-08 673136]
R3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys [2004-10-06 248320]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-11-16 333192]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-11-16 360584]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-11-16 285392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2008-08-05 2368]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-03-05 5189992]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-08 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-11-02 16:05]
2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-15 10:41]
2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-15 10:41]
2010-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361521538-3377709696-1930857971-1003Core.job
- c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-05 18:48]
2010-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361521538-3377709696-1930857971-1003UA.job
- c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-05 18:48]
2010-03-13 c:\windows\Tasks\User_Feed_Synchronization-{4026069E-55F7-47CB-B69C-322CAF0CCF66}.job
- c:\windows\system32\msfeedssync.exe [2010-03-01 04:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.forospyware.com
mWindow Title =
uInternet Settings,ProxyOverride = <local>
Trusted Zone: infonis.com
Trusted Zone: infonis.com\eliteweb4
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\9be3vlq6.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\9be3vlq6.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Andrea\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\9be3vlq6.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\Andrea\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Apoint - c:\program files\Apoint\Apoint.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 17:20
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\keyhole.com\keyholeclient]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Magnet\Handlers\LimeWire\Type]
@DACL=(02 0000)
"urn:sha1"=dword:00000000
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MediaPlayer\Preferences\EqualizerSettings]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MediaPlayer\Preferences\HME]
@DACL=(02 0000)
@SACL=
"LocalLibraryID"="{40D50398-4A11-4B42-BC90-57A0986D700F}"
"UPnPID"="{56F316CD-83E8-4660-80EF-70E310FD46EE}"
"DisableBrowse"=dword:00000000
"DisableDiscovery"=dword:00000001
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MediaPlayer\Preferences\HME\ErrorFolders]
@DACL=(02 0000)
"Folders"=dword:00000000
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MediaPlayer\Preferences\HME\ShareFolders]
@DACL=(02 0000)
"ProcessedCount"=dword:00000000
"Folders"=dword:00000000
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MediaPlayer\Preferences\HME\UnShareFolders]
@DACL=(02 0000)
"ProcessedCount"=dword:00000000
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MediaPlayer\Preferences\ProxySettings]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MSDN\8.0\External Tools]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MSDN\8.0\FontAndColors]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MSDN\8.0\General]
@DACL=(02 0000)
"DefaultMDIChildState"=dword:00000002
"UILanguageFromSetup"=dword:00000000
"UILanguage"=dword:00000410
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MSDN\8.0\Help]
@DACL=(02 0000)
"VS_Docs_Installed"=""
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MSDN\8.0\LanguageResources]
@DACL=(02 0000)
"WinXPLanguagePatch"=dword:00000001
"InstallLanguage"=dword:00000410
"PreviousInstallLanguage"=dword:00000410
"UILanguage"=dword:00000000
"HelpLanguage"=dword:00000000
"WebLocale"=dword:00000000
"1040"="On"
"LangTuneUp"="OfficeCompleted"
"1033"="Off"
"2057"="On"
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MSDN\8.0\Profile]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Microsoft\MSDN\8.0\WebBrowser]
@DACL=(02 0000)
"Flags"=dword:00000140
"HomePage"=""
"SearchPage"=""
"ExtEditor"="%SYSTEMROOT%\\system32\\notepad.exe"
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:21,f7,96,b2,6b,80,8e,7e,86,7b,83,8a,14,4b,ab,4d,a2,1c,cd,63,ca,77,37,
ba,2d,05,f9,7a,04,e0,5c,0a,53,f1,37,22,20,50,42,ee,17,e9,56,da,68,8a,1e,7b,\
"??"=hex:ea,81,b7,91,3f,76,41,fd,1f,a8,6f,66,4d,24,2c,d9
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Siber Systems\RoboForm]
@DACL=(02 0000)
"RootUserDataDir"="c:\\Users\\Andrea\\Desktop\\Documents\\My RoboForm Data\\Default Profile"
"RefID"="[s-f]"
"LocalizationFile"="it-italian"
"Common AppData Path"="c:\\ProgramData"
"UseTrueColor"=dword:00000001
"LastUpdateCheck"=dword:4b3ddf0b
"ToolBandVisible"=dword:00000001
"AutoFillDialogWidth"=dword:000000dc
"AutoFillDialogHeight"=dword:000000fa
"AutoFillDialogListsRatio"=dword:00000032
"LowerToolbarVisiblefirefox.exe"=dword:00000000
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Siber Systems\RoboForm\Identities Editor]
@DACL=(02 0000)
"WindowLeft"=dword:0000016f
"WindowTop"=dword:000000b4
"WindowRight"=dword:00000391
"WindowBottom"=dword:0000024e
"ListBoxFrontier"=dword:00000078
"WindowMaximized"=dword:00000000
"AlwaysOnTop"=dword:00000000
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Siber Systems\RoboForm\Passcards Editor]
@DACL=(02 0000)
"WindowLeft"=dword:00000192
"WindowTop"=dword:000000c4
"WindowRight"=dword:0000036d
"WindowBottom"=dword:0000023d
"ListBoxFrontier"=dword:000000f1
"WindowMaximized"=dword:00000001
"AlwaysOnTop"=dword:00000000
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Siber Systems\UserReg]
@DACL=(02 0000)
"Name"="Andrea"
"Email"=""
"Referr"=""
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Skype\Phone\UI]
@DACL=(02 0000)
@SACL=
"Version"=dword:030600f4
[HKEY_USERS\S-1-5-21-2361521538-3377709696-1930857971-1003\Software\Temp\Liveme~1]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-03-13 17:22:54
ComboFix-quarantined-files.txt 2010-03-13 16:22
Pre-Run: 51.989.798.912 byte disponibili
Post-Run: 52.008.394.752 byte disponibili
- - End Of File - - 06941553C80676C2DDC802A120274AE5
Malwarebytes:
Codice:
Malwarebytes' Anti-Malware 1.44
Versione del database: 3862
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
13/03/2010 23.00.35
mbam-log-2010-03-13 (23-00-35).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 343889
Tempo trascorso: 58 minute(s), 4 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
Grazie ancora a chiunque vorrà aiutarmi...inizio ad essere disperato
Forum
Login
Iscriviti
FAQ
Cerca
