ComboFix 10-04-04.01 - User 06/04/2010 10.51.10.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1607 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Documenti\Downloads\ComboFix.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
FILE ::
"c:\windows\system32\01.tmp"
"c:\windows\system32\bbduiqam.dll"
"F:\autorun.exe"
"G:\Autorun.exe"
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NSCXGKPR
-------\Service_nscxgkpr
((((((((((((((((((((((((( Files Creati Da 2010-03-06 al 2010-04-06 )))))))))))))))))))))))))))))))))))
.
2010-04-03 16:34 . 2010-04-03 16:34 -------- d-----w- c:\programmi\Trend Micro
2010-04-03 14:21 . 2010-04-03 14:21 7792 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-31 07:43 . 2010-03-31 07:48 -------- d-----w- c:\programmi\PartyItalia
2010-03-29 18:01 . 2010-03-29 18:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SpeedBit
2010-03-15 17:54 . 2006-05-03 21:53 174592 ------w- c:\windows\system32\framedyn.dll
2010-03-15 17:53 . 2010-04-02 11:11 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-03-15 17:53 . 2006-07-24 15:05 5632 ------w- c:\windows\system32\drivers\StarOpen.sys
2010-03-15 12:55 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-14 13:39 . 2010-03-14 13:39 -------- d-----w- c:\documents and settings\User\dwhelper
2010-03-11 17:05 . 2010-03-11 17:05 -------- d-----w- c:\programmi\Total Uninstall 5
2010-03-11 17:05 . 2010-03-11 17:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Martau
2010-03-10 17:40 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 09:02 . 2010-01-19 13:43 521444 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-04-05 20:37 . 2009-07-30 14:39 -------- d-----w- c:\documents and settings\User\Dati applicazioni\vlc
2010-04-05 20:25 . 2009-07-17 17:58 -------- d-----w- c:\documents and settings\User\Dati applicazioni\uTorrent
2010-04-03 21:05 . 2009-08-19 14:52 -------- d-----w- c:\programmi\Google
2010-04-03 20:52 . 2010-01-01 20:40 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-03 20:51 . 2010-04-03 20:51 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-03 09:27 . 2009-12-16 15:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2010-04-03 09:26 . 2009-12-16 14:38 -------- d-----w- c:\programmi\Electronic Arts
2010-04-03 09:18 . 2009-07-17 20:09 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-02 17:50 . 2010-01-02 16:21 407960 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-02 15:32 . 2009-07-28 15:46 1 ----a-w- c:\documents and settings\User\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-02 11:10 . 2009-11-27 10:10 -------- d-----w- c:\programmi\Creative
2010-04-02 11:04 . 2009-12-16 18:00 -------- d-----w- c:\programmi\DivX
2010-04-02 11:01 . 2009-07-31 08:57 -------- d-----w- c:\programmi\ATI Technologies
2010-04-01 12:39 . 2009-08-31 13:57 4873640 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-04-01 07:30 . 2010-03-01 19:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-03-29 22:46 . 2010-01-01 20:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-01-01 20:40 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 18:40 . 2010-01-18 14:16 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-27 21:47 . 2009-07-17 17:59 -------- d-----w- c:\programmi\uTorrent
2010-03-08 13:00 . 2010-03-01 19:12 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Autodesk
2010-03-01 19:21 . 2010-03-01 19:21 36864 ----a-w- c:\documents and settings\User\Dati applicazioni\Autodesk\AutoCAD 2010\R18.0\ita\ContextualTabSelectorRules.dll
2010-03-01 19:20 . 2010-03-01 19:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-03-01 19:14 . 2010-03-01 19:14 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2010-02-27 13:19 . 2009-07-31 11:50 -------- d-----w- c:\documents and settings\User\Dati applicazioni\dvdcss
2010-02-25 06:16 . 2004-08-19 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-18 19:17 . 2009-07-28 06:29 -------- d-----w- c:\documents and settings\User\Dati applicazioni\PC Suite
2010-02-18 13:58 . 2010-02-18 13:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\KONAMI
2010-02-13 18:49 . 2010-02-13 18:49 0 ------w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-02-13 18:49 . 2010-02-13 18:49 0 ------w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-02-13 18:49 . 2009-07-28 06:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-02-11 14:26 . 2009-07-28 06:29 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Nokia
2010-02-11 14:22 . 2010-02-11 14:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nokia
2010-02-11 14:22 . 2010-02-10 18:07 -------- d-----w- c:\programmi\File comuni\Nokia
2010-02-11 14:22 . 2010-02-10 18:06 -------- d-----w- c:\programmi\Nokia
2010-02-11 14:21 . 2010-02-11 14:21 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-02-11 14:21 . 2010-02-11 14:21 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-02-11 14:21 . 2010-02-11 14:21 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-02-11 14:21 . 2009-07-28 06:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-02-10 18:59 . 2010-02-11 14:22 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_it.exe
2010-02-10 18:07 . 2010-02-10 18:07 -------- d-----w- c:\programmi\File comuni\PCSuite
2010-02-10 18:07 . 2010-02-10 18:07 -------- d-----w- c:\programmi\DIFX
2010-02-10 18:07 . 2010-02-10 18:07 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-02-10 18:06 . 2010-02-10 18:06 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-02-10 18:06 . 2010-02-10 18:06 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-10 18:06 . 2010-02-10 18:06 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-10 18:06 . 2010-02-10 18:06 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-10 18:05 . 2010-02-10 18:06 34541248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ita_web.exe
2010-02-05 18:05 . 2010-02-02 15:04 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Nero
2010-02-03 12:56 . 2010-01-15 17:05 26176 ------w- c:\windows\system32\hamachi.sys
2010-01-11 17:40 . 2009-07-18 09:18 691696 ------w- c:\windows\system32\drivers\sptd.sys
.
------- Sigcheck -------
[-] 2009-12-25 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-11-13 . 1DBD3966123AC2F6ADE783F7F17F8C7F . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"EA Core"="c:\programmi\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^AeroShake.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\AeroShake.lnk
backup=c:\windows\pss\AeroShake.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^Refresh Icon Cache.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\Refresh Icon Cache.lnk
backup=c:\windows\pss\Refresh Icon Cache.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^Styler toolbar.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\Styler toolbar.lnk
backup=c:\windows\pss\Styler toolbar.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^Styler.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^VisualTaskTips.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\VisualTaskTips.lnk
backup=c:\windows\pss\VisualTaskTips.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^YzShadow.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\YzShadow.lnk
backup=c:\windows\pss\YzShadow.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ggm]
c:\windows\system32\ggm.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\programmi\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27 144784 ----a-w- c:\programmi\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ----a-w- c:\windows\Updreg.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Electronic Arts\\EADM\\Core.exe"=
"e:\\Programmi\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"1708:TCP"= 1708:TCP:Services
"8170:TCP"= 8170:TCP:fnvdbgah
"4144:TCP"= 4144:TCP:Services
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31/07/2008 20.45.42 19592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/07/2009 11.18.10 691696]
S2 Sukoku Service;Sukoku Service; [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24/09/2009 14.38.42 22528]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 14.58.48 25480]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/02/2010 20.06.55 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/02/2010 20.06.55 8320]
S4 PskSvcRetailInst;PskSvcRetailInst;c:\docume~1\User\IMPOST~1\Temp\ISSCAN\PskSvc.exe --> c:\docume~1\User\IMPOST~1\Temp\ISSCAN\PskSvc.exe [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5570908-e19b-11de-88f3-0017c2ba26e1}]
\Shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f913ec81-14c9-11df-8a18-0017c2ba26e1}]
\Shell\AutoRun\command - G:\Autorun.exe
.
.
------- Scansione supplementare -------
.
uStart Page =
www.google.comuInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) =
hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: {{4B21E152-BA59-4ebf-B522-8C55B265EE1A} - c:\programmi\PartyItalia\PartyPokerIt\RunApp.exe
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\axqs6up4.default\
FF - prefs.js: browser.search.selectedEngine - Trova Rapido
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.itFF - prefs.js: keyword.URL -
hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\axqs6up4.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-06 11:00
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spao.sys >>UNKNOWN [0x8A5CA938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7253cb8
\Driver\atapi -> atapi.sys @ 0xf71e8b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-602162358-630328440-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"GameDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2008\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2008"
"SaveDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2008\\"
"LastSaveGame"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2008\\games\\fiorenza23.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000002
"Currency"=dword:0000001c
"WindowHeight"=dword:000001f5
"WindowWidth"=dword:000002e4
"WindowLeft"=dword:0000008e
"WindowTop"=dword:00000086
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
[HKEY_USERS\S-1-5-21-602162358-630328440-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
[HKEY_USERS\S-1-5-21-602162358-630328440-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
[HKEY_USERS\S-1-5-21-602162358-630328440-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
[HKEY_USERS\S-1-5-21-602162358-630328440-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
[HKEY_USERS\S-1-5-21-602162358-630328440-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2009\\"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="15-8280-E85F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(5692)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\programmi\File comuni\Nero\SMC\NeroDigitalExt.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-06 11:06:23 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-06 09:06
ComboFix2.txt 2010-04-04 08:11
ComboFix3.txt 2010-01-10 18:04
ComboFix4.txt 2010-01-02 11:29
Pre-Run: 6.692.446.208 byte disponibili
Post-Run: 6.636.646.400 byte disponibili
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AD97B858E8076A641AA1C029C52EF27F