Ciao Francesco,
ho eseguito combofix:
ComboFix 12-08-31.08 - vincenzo 01/09/2012 14.32.54.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.952.263 [GMT 2:00]
Eseguito da: c:\users\vincenzo\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\vincenzo\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-01 al 2012-09-01 )))))))))))))))))))))))))))))))))))
.
.
2012-09-01 12:43 . 2012-09-01 12:47 -------- d-----w- c:\users\vincenzo\AppData\Local\temp
2012-09-01 12:43 . 2012-09-01 12:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-01 12:43 . 2012-09-01 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-01 10:56 . 2012-09-01 10:56 -------- d-----w- c:\users\vincenzo\AppData\Roaming\Malwarebytes
2012-09-01 10:56 . 2012-09-01 10:56 -------- d-----w- c:\programdata\Malwarebytes
2012-08-31 23:18 . 2012-08-31 23:59 -------- d-----w- c:\users\vincenzo\AppData\Roaming\dvdcss
2012-08-31 23:17 . 2012-09-01 00:01 -------- d-----w- c:\users\vincenzo\AppData\Roaming\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-03-17 19872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-01-12 1549608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start
http://www.avg.com/it.special-uninstall ... =10.0.1424" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-03-17 21:07 896912 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-03-17 21:07 19872 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-03-17 21:07 3373456 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-11-07 08:26 67456 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sepang Olivetti ModemListener]
2010-07-23 07:45 106496 ----a-w- c:\program files\Chiavetta Internet Olicard 200\BackgroundService\ModemListener.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2011-08-02 18:36 3318784 ----a-w- d:\antiv\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpeedUpMyPC"="c:\progra~1\Uniblue\SPEEDU~1\launcher.exe" -d 20000
"DriverScanner"="c:\progra~1\Uniblue\DRIVER~1\launcher.exe" delay 20000
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-424778327-3926714098-57245874-1003Core.job
- c:\users\vincenzo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-22 07:20]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-424778327-3926714098-57245874-1003UA.job
- c:\users\vincenzo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-22 07:20]
.
2012-09-01 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-01-08 08:26]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/mStart Page =
hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5230IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: samsungsetup.com\www
FF - ProfilePath - c:\users\vincenzo\AppData\Roaming\Mozilla\Firefox\Profiles\y26umku9.default\
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl -
hxxp://search.softonic.com/MON00080/tb_ ... e=1&cc=&q=FF - user.js: extensions.softonic_i.id - 5a003357000000000000000000000000
FF - user.js: extensions.softonic_i.instlDay - 15373
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.512:47
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - it12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00080
FF - user.js: extensions.softonic_i.dfltLng - it
FF - user.js: extensions.softonic_i.excTlbr - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - d:\spyware\Nuova cartella\SASWINLO.DLL
MSConfigStartUp-DriverScanner - c:\progra~1\Uniblue\DRIVER~1\launcher.exe
MSConfigStartUp-SpeedUpMyPC - c:\progra~1\Uniblue\SPEEDU~1\launcher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-09-01 14:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattStatSys]
"ImagePath"="\??\c:\users\vincenzo\AppData\Local\Temp\BSSA877.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\70AE.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-424778327-3926714098-57245874-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:4c,d9,e9,fc,ab,17,94,68,5e,52,16,9f,1a,16,92,fd,07,53,c8,ff,81,ce,a3,
d2,84,79,52,13,b0,84,65,3b,cf,42,77,72,6a,e6,38,64,4f,6a,57,24,12,3c,e7,7a,\
"??"=hex:5d,b2,48,37,08,a9,b5,37,6f,81,4c,55,b0,28,55,84
.
[HKEY_USERS\S-1-5-21-424778327-3926714098-57245874-1003\Software\SecuROM\License information*]
"datasecu"=hex:9f,f8,8a,dd,9a,4e,db,67,b7,67,86,ca,b5,9d,91,4c,65,72,bb,ea,23,
27,db,8f,09,1c,a5,3e,94,0f,9c,3b,06,d0,f8,e4,65,85,6f,40,9d,13,0a,a1,68,0f,\
"rkeysecu"=hex:0b,a4,9a,64,2f,c5,d3,29,d4,3b,82,2c,de,2d,c0,73
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(2328)
c:\windows\System32\SysHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
d:\freemake\CaptureLib\CaptureLibService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
d:\lec\LogoMedia TranslateDotNet Server.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Chiavetta Internet Olicard 200\BackgroundService\ServiceManager.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
d:\antiv\Spyware Terminator\sp_rsser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\users\vincenzo\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\system32\igfxext.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Ora fine scansione: 2012-09-01 14:55:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-09-01 12:55
ComboFix2.txt 2012-01-19 20:10
ComboFix3.txt 2011-08-03 01:30
.
Pre-Run: 32.930.025.472 byte disponibili
Post-Run: 32.740.745.216 byte disponibili
.
- - End Of File - - C251207B8F1A58B9571515004C12CDE2
Grazie