ecco il report
ComboFix 10-01-24.05 - JollyRoger 2010-01-26 16:14:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2047.1510 [GMT 1:00]
Eseguito da: c:\documents and settings\JollyRoger\Desktop\abc.exe
AV: avast! antivirus 4.8.1368 [VPS 100126-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\JollyRoger\Dati applicazioni\cmstp.exe
c:\documents and settings\JollyRoger\Dati applicazioni\Microsoft\cisvc.exe
c:\documents and settings\JollyRoger\Dati applicazioni\Microsoft\clipsrv.exe
c:\documents and settings\JollyRoger\Dati applicazioni\Microsoft\ieudinit.exe
c:\documents and settings\JollyRoger\Dati applicazioni\mqtgsvc.exe
c:\documents and settings\JollyRoger\Dati applicazioni\mstinit.exe
c:\documents and settings\JollyRoger\Dati applicazioni\spoolsv.exe
c:\windows\dllhst3g.exe
c:\windows\sessmgr.exe
c:\windows\system\logman.exe
c:\windows\System\mstinit.exe
c:\windows\system\sessmgr.exe
c:\windows\system32\d58e3988.dll
c:\windows\system32\drivers\sessmgr.exe
----- BITS: Possibili siti infetti -----
hxxp://armmf.adobe.com.
((((((((((((((((((((((((( Files Creati Da 2009-12-26 al 2010-01-26 )))))))))))))))))))))))))))))))))))
.
2010-01-26 14:45 . 2010-01-26 14:45 -------- d-----w- c:\documents and settings\JollyRoger\Impostazioni locali\Dati applicazioni\SEGA
2010-01-25 23:57 . 2010-01-25 23:57 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2010-01-25 23:57 . 2010-01-25 23:57 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2010-01-25 23:57 . 2010-01-25 23:57 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-25 23:57 . 2010-01-26 13:03 -------- d-----w- c:\documents and settings\JollyRoger\Dati applicazioni\Spyware Terminator
2010-01-25 23:57 . 2010-01-26 13:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2010-01-25 23:57 . 2010-01-26 13:25 -------- d-----w- c:\programmi\Spyware Terminator
2010-01-25 15:25 . 2010-01-25 15:53 -------- d-----w- C:\Lop SD
2010-01-25 14:03 . 2010-01-25 14:01 93696 ----a-w- c:\windows\clipsrv.exe
2010-01-25 13:55 . 2010-01-25 13:55 -------- d-----w- c:\documents and settings\JollyRoger\Dati applicazioni\Malwarebytes
2010-01-25 13:55 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 13:55 . 2010-01-25 13:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-25 13:55 . 2010-01-25 13:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-25 13:55 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-24 18:11 . 2009-01-13 10:43 65536 ----a-w- c:\windows\system32\XInputTest.exe
2010-01-15 15:16 . 2010-01-15 15:16 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-15 15:16 . 2010-01-15 15:16 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-01-15 14:59 . 2010-01-15 15:26 -------- d-----w- c:\programmi\Playlogic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 15:07 . 2008-02-09 16:46 -------- d-----w- c:\documents and settings\JollyRoger\Dati applicazioni\uTorrent
2010-01-26 14:37 . 2008-02-09 13:40 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-26 14:07 . 2008-07-04 22:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MumboJumbo
2010-01-26 13:59 . 2008-02-17 12:21 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-25 16:05 . 2009-05-15 22:56 2467712 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-01-25 12:47 . 2008-05-31 23:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Codemasters
2010-01-23 23:15 . 2008-07-04 10:47 -------- d-----w- c:\programmi\PoigpsGo
2010-01-21 18:27 . 2009-07-09 11:55 -------- d-----w- c:\documents and settings\JollyRoger\Dati applicazioni\vlc
2010-01-21 06:31 . 2008-03-12 10:51 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-18 13:26 . 2008-02-12 10:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-01-15 15:05 . 2008-05-08 22:53 -------- d-----w- c:\programmi\AGEIA Technologies
2010-01-15 15:04 . 2009-10-16 13:32 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-01-11 15:09 . 2008-09-16 21:48 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-12-24 15:21 . 2009-11-23 15:12 -------- d-----w- c:\programmi\esyPlanner
2009-12-22 13:30 . 2008-08-18 22:40 -------- d-----w- c:\documents and settings\JollyRoger\Dati applicazioni\PC Suite
2009-12-22 13:28 . 2008-08-18 22:30 -------- d-----w- c:\programmi\NSS
2009-12-22 12:51 . 2008-08-02 15:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-12-22 12:51 . 2008-08-02 15:26 -------- d-----w- c:\programmi\Nokia
2009-12-22 12:49 . 2008-08-18 22:39 -------- d-----w- c:\programmi\File comuni\Nokia
2009-12-22 12:49 . 2009-12-22 12:49 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-12-22 12:49 . 2009-12-22 12:49 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-12-22 12:49 . 2009-12-22 12:49 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-12-22 12:48 . 2009-12-22 12:49 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_it.exe
2009-12-21 19:06 . 2004-08-19 13:39 916480 ------w- c:\windows\system32\wininet.dll
2009-12-18 14:29 . 2009-12-18 14:27 -------- d-----w- c:\documents and settings\JollyRoger\Dati applicazioni\Mipony
2009-12-18 14:26 . 2009-12-18 14:26 -------- d-----w- c:\programmi\MiPony
2009-12-13 17:35 . 2009-12-13 17:35 -------- d-----w- c:\programmi\BRS
2009-12-13 17:33 . 2008-02-22 15:04 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-13 17:33 . 2008-02-22 15:04 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-13 17:33 . 2008-02-22 15:04 -------- d-----w- c:\programmi\OpenAL
2009-12-10 14:00 . 2009-12-10 14:00 -------- d-----w- c:\programmi\Vibration
2009-12-04 14:39 . 2009-02-13 23:22 -------- d-----w- c:\programmi\USB Vibration
2009-11-24 23:54 . 2008-12-30 12:36 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-12-30 12:36 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-12-30 12:36 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-12-30 12:36 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-12-30 12:36 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-12-30 12:36 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-30 12:36 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-30 12:36 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-12-30 12:36 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-23 15:30 . 2001-08-31 12:00 84282 ----a-w- c:\windows\system32\perfc010.dat
2009-11-23 15:30 . 2001-08-31 12:00 489370 ----a-w- c:\windows\system32\perfh010.dat
2009-11-21 15:54 . 2004-08-19 13:39 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2008-02-09 214456]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"esyPlanner.exe"="c:\programmi\esyPlanner\esyPlanner.exe" [2009-10-21 3981312]
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-25 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-11-09 198160]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ClipSrv"="c:\windows\clipsrv.exe" [2010-01-25 93696]
c:\documents and settings\JollyRoger\Menu Avvio\Programmi\Esecuzione automatica\
emule (2).lnk - d:\emule0.49c-sharkx_v1.7rc1-bin\emule.exe [2010-1-2 2206720]
FreePOPs.lnk - c:\programmi\FreePOPs\freepopsd.exe [2008-12-27 49152]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
emule (2).lnk - d:\emule0.49c-sharkx_v1.7rc1-bin\emule.exe [2010-1-2 2206720]
FreePOPs.lnk - c:\programmi\FreePOPs\freepopsd.exe [2008-12-27 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 ----a-w- c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 16:40 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 11:47 1205760 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\programmi\QuickTime Alternative\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-09 09:16 198160 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Activision\\Prototype\\prototypef.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\eMule0.49c-SharkX_v1.7RC1-BIN\\emule.exe"=
"d:\\Programmi\\SEGA\\Vancouver 2010\\Vancouver.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:File and Printer Sharing
"5448:TCP"= 5448:TCP:yxox
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-30 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-01-26 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-30 20560]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [2009-04-07 12416]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-19 54752]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [2009-07-24 12856]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-25 236368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-01-25 19160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-02-09 717296]
S1 SASDIFSV;SASDIFSV; [x]
S1 SASKUTIL;SASKUTIL; [x]
S2 ieakui32;Microsoft IEAK Shared UI DLL;c:\windows\system32\rundll32.exe ieakui32.dll,yxox --> c:\windows\system32\rundll32.exe ieakui32.dll,yxox [?]
S2 RoxLiveShare10;LiveShare P2P Server 10; [x]
S2 SessionLauncher;SessionLauncher; [x]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\drivers\aexpamdrv.sys [2005-12-20 27008]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2008-08-18 32377]
S3 SASENUM;SASENUM; [x]
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2009-04-07 c:\windows\Tasks\DriverCure.job
- c:\programmi\ParetoLogic\DriverCure\DriverCure.exe [2008-12-29 13:17]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://home.mywebsearch.com/index.jhtml ... n=77ce5afduInternet Connection Wizard,ShellNext = iexplore
IE: Add to AMV Converter...
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file
IE: Scarica con Mipony -
file://c:\programmi\MiPony\Browser\IEContext.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00
FF - ProfilePath - c:\documents and settings\JollyRoger\Dati applicazioni\Mozilla\Firefox\Profiles\dufxs4g0.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage -
hxxp://search.conduit.com/?ctid=CT20867 ... hSource=13FF - prefs.js: keyword.URL -
hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor=FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.http.pipelining - false
FF - user.js: browser.feeds.handler - ask
FF - user.js: network.http.proxy.pipelining - falsec:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Explorer_Run-Cisvc - c:\docume~1\JOLLYR~1\DATIAP~1\MICROS~1\cisvc.exe
HKLM-Explorer_Run-CmSTP - c:\docume~1\JOLLYR~1\DATIAP~1\cmstp.exe
HKLM-Explorer_Run-SessMgr - c:\windows\System32\drivers\sessmgr.exe
HKLM-Explorer_Run-DllHst - c:\windows\dllhst3g.exe
HKLM-Explorer_Run-Logman - c:\windows\System\logman.exe
HKCU-Explorer_Run-ClipSrv - c:\docume~1\JOLLYR~1\DATIAP~1\MICROS~1\clipsrv.exe
HKU-Default-Explorer_Run-Spool - c:\docume~1\JOLLYR~1\DATIAP~1\spoolsv.exe
HKU-Default-Explorer_Run-rsvp - c:\documents and settings\JollyRoger\LOCALS~1\APPLIC~1\rsvp.exe
HKU-Default-Explorer_Run-CmSTP - c:\docume~1\JOLLYR~1\DATIAP~1\cmstp.exe
HKU-Default-Explorer_Run-MqtgSVC - c:\docume~1\JOLLYR~1\DATIAP~1\mqtgsvc.exe
HKU-Default-Explorer_Run-SessMgr - c:\windows\System\sessmgr.exe
HKU-Default-Explorer_Run-IEudinit - c:\windows\System32\drivers\ieudinit.exe
AddRemove-InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A} - c:\programmi\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-26 16:17
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1177238915-113007714-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:a9,85,98,85,58,81,6a,8a,43,be,8e,b0,91,cb,25,43,d1,a0,e1,c0,e5,
57,c7,fd,ac,5c,72,f5,8a,1e,81,d6,24,99,a8,e1,72,98,c4,42,ad,b0,d0,fe,ab,ed,\
"rkeysecu"=hex:af,cf,60,8e,58,2d,7f,c2,3d,33,91,66,06,f8,1d,70
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="AF97D3471FD3C5A859E9166D2B5DAE3B36C88EE5B8071C1E491ABD9E205E9B09D457F8603CB8F15CB8F5260AB267846497E85062FDF791305B2604F5DF853AFA7C4283838A20D723A299C47E2BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C5D575E7D6A3B9808BA7FD869164D67940CB5F7DD2AFA09B651D8C14BE13F4F3B2E552E90DD993E4CD103017CE8146D8FA3A493B195F50968A3BDC34BE8C35EFA5FBD8243910DDE00737765B2B48E456B1DE6CEDD4927415FDCCE258E7F90B771AB9F15433EF210BE392EEFA82D4A9151C23B0AE9CD0ED353F050B44AA7393F944FE4C6917F96965CC9D7B1CB28E2161443B724D054BD28B337DAC4250A661C0E69CA7BA497547A5F2DF6BE7D1E0C5DB5B1C383012FDC67216BDD2D3BF355B9BE006519E36A9C070550E5B0942F8C3470031E925ED4A77F71AA9AC71E535545B57B9B8CAC8175CE3A07CD235B9ABDAAAF12563DBF5F6D22AE7BA6F2CFBD4B34BD27A7C4CF0978232504AF370EC88E17949E51786F8F11C694C36C9149E92EBCCD3497B593D1D19E9C61DF92E04100127449C8362C470AA7164FA88AF6330D5916B6D058AF51441C2A9E855C793429F8569948F12B8D6241594D6D48389B05CAF8A68726D222243B101B1C417072B46CF6F931A9918D3BD736D1213AE0C5CB920D61471F1C7DDAE0C09B7373D472E0D248B6B7DE7B96476F3CD27D51B879A9789BA76EC7A1C6E536E2CB2FA5A84D0054ED856516F699CDD32B2C10057DA27A88A41C31286B0256A553B7C89262C0775E3FFA9659872F2A13F89DB950DD51AF915B4815CAF758D160A0D009F46BAFC2224A917C37A3914A7ECECBB132FEB94CA52319F540379711D9106C920E211FEE944FA79B413721342C0CBB01AC7733E81C995D811C0E2F61CA1744582356B91FEEC200CB0C215E7CF740DA85C6D3B932110D4B3B745735A4AF6175A0FCD1CD882ECDC0BA323372CFFC3176F18A936EE663FDF878E6DDE0CFC74F8109E64C4B7793CB74E9D0B6A6EBA05944CA07AC935EB5A4E5E59263916C17F4CD803374494824CD092D0AE4EA2787E4DAE9CF0592FDEF6B70819A1EC6966698244BB46C03ED2A97512E82ECD1E51BB735FC7979F4C33C6F5D9D27B52481C2B53200C5C9D36FB12305E765F211A48A64B107205A6DBE0B0554E1E3C6F4F07A7D080CC196BFE50C1C3C2DDF0C85F2C7B695DCE26B4D930EB1E2C87F6425BE23D19C2E8AD1EA80CEE2F6A1A2462D730A2B082862640FFBBDB079A0AE914557944AC77A846C2180D10D163E631D2B5EC8F31467C7F14D42D46FEB8DA8488ABD6AB348D8174C4F3D34E1E1CFDD8646FC44F5A9EB3CB3C647D191F204A9F4CD06040DBD84AFCC0720D4DD03764D"
"OODEFRAG11.00.00.01WORKSTATION"="A4E41FE07E2A3A18C0F62457EACD0E7C20355ADFB75438321DB389A7E7AA1A9D77F2804D6EF63846544CD036C06EBDCD57309D2EF27611BC4930EF55679CF296CB5DA5E20AD9B24124F46735A42571C3105A3AB3BADA7148A968927BF4707D79E087036423F6D7A581A0754CCAF33E3E49D3F53FC201781A8F880FDE67410310F8CAAFAA51AA3961BFF4A98A29941D708A2C3B33061EA7C852FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC79339DB7CE019D40AA5C24BA55CE1244CD59F50203E5D71DF1D54EE0492E6592B2BB884D137C077B61909DC53F9731FBF7309360FE9E6E57A3B0555E097408511CD74BDC18BC13A4CCA3440A3CECC302C8E03674F96A0DA19BCF4B633DB71D6A58DA39BE18B1989F8CE1758E53E2B626EC862982CF5DA2D6E99F858B352B30607D24D809F5CD5EB7DA3982811D4A302065C32B6E6C49CF3674934F1554457D9A741621F0ABC8DE1EC71F31B247BD870603BCECC255CA6660F321676312C078657B187D55C31EC7E6B489B8971218C5D8EE1914AD1EBA71DDF44182FCF71AC36FA3124F345F0CFB8A59F548495379ADF6A586BC81F1BE2D1857F1C58D27153CCB54F569B133169165BF637F04F4C63128F6B472330F3988DB52B3CDE2D2366CF246B494160703D439C7D47329F3A7F61505593A5DC7532A5EEB0EA8F0C14997C087440D4D37DE42A7A3D22D3DE1085C49C8AB073D037BE8B4828A59CD4F5CB272782181E633778D3B59E72AEA63196F390E6AC435B9E25259C63556B5E940E6ACD149171780611D6044A45BFB314D7538F3D3504BFAFCA62A3C208C06170B13771BBEE535B6F30BE5941C256499DE64016FAE7C2969055A6ABDE159C2EB99C7BC320979BD03C82682C96661B6FDC867AF4743101C3B7615BF761410111586C9CDC8B25351A4BEF0CBBD9FDC2DD2CA5FC717DC431839933535E75478BECFB6945C66C964B16FFA22C09A6658A3A2E85FABCFCD46B044614A396642CCB772CD5400E26017484DE3A3C05D5E891D88ECAE26B46938214CA8199E9B073C1161396A35EC8EC72239249510DA31983CB8E1C9655C09B146D875981A82C969801A246CDA866F44EB44AB4856B807A24AF5975E7A35883CA3831BF7C66E386CE1AA812534059FD2FC13AD43A1F213B9351B2351D9FBC954DC7A2E96A40205D033B68990E892432B4BDB2041615607E08D93DC3B5E46B1ED3E0286879337E51396F533E1042C0077F1ED3EB06A079A1408E2DE64C3FB27EDB46D43955C599328D5323EFCF4A3815933A60834757C893DFC1D8BCE2D57182FD1A844BC270B4CF659CB2DFB0F9F7564F1FB41A29D0094BF6A6B06AE1E6AF4FECA32AE2C84BF5159B0B7462C0A99"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll
.
Ora fine scansione: 2010-01-26 16:19:35
ComboFix-quarantined-files.txt 2010-01-26 15:19
ComboFix2.txt 2010-01-25 13:26
Pre-Run: 72,125,308,928 byte disponibili
Post-Run: 72,098,263,040 byte disponibili
- - End Of File - - 9A43B2FCE308DDC2B4F5C262BFBF05C3
ormai non ci credo più è successo tutto dopo aver istallato un crack per far partire un gioco senza il disco inserito