salve a tutti,
recentemente ho notato un notevole rallentamento del mio pc, in particolare di firefox, forse dovuto al fatto che molto spesso si aprono pop up di spam indesiderati. ho effettuato tutte le operazioni necessarie (ccleaner, combofix, malwarebytes, ecc) tranne kaspersky che purtroppo mi dice che non è disponibile la scan on line. comunque l'antivirus non rileva alcun virus. detto questo allego il log di hijack e combofix sperando che possa esere utile.
hijack
Logfile of HijackThis v1.99.1
Scan saved at 18.56.28, on 26/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\Roxio Creator 2009\5.0\CPMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\lally\impostazioni locali\dati applicazioni\iyldcp.exe
C:\Programmi\3M\PSNLite\PsnLite.exe
C:\Programmi\MSI\ArcSoft TotalMedia\TMMonitor.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Lally\Documenti\Altro\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programmi\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmi\File comuni\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Programmi\Roxio Creator 2009\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iyldcp] "c:\documents and settings\lally\impostazioni locali\dati applicazioni\iyldcp.exe" iyldcp
O4 - Startup: TMMonitor.lnk = C:\Programmi\MSI\ArcSoft TotalMedia\TMMonitor.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253807964593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253807948031
O17 - HKLM\System\CCS\Services\Tcpip\..\{A758098C-5503-4065-B400-4B8F722211BE}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programmi\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Norton Internet Security - Unknown owner - C:\Programmi\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Programmi\Norton Internet Security\Engine\16.8.0.41\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Programmi\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Programmi\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
combofix
ComboFix 10-04-26.02 - Lally 26/04/2010 21.48.59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2943.2527 [GMT 2:00]
Eseguito da: c:\documents and settings\Lally\Documenti\Immagini\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Lally\Impostazioni locali\Dati applicazioni\iyldcp.dat
c:\documents and settings\Lally\Impostazioni locali\Dati applicazioni\iyldcp.exe
c:\documents and settings\Lally\Impostazioni locali\Dati applicazioni\iyldcp_nav.dat
c:\documents and settings\Lally\Impostazioni locali\Dati applicazioni\iyldcp_navps.dat
c:\documents and settings\Lally\Menu Avvio\Programmi\Esecuzione automatica\TMMonitor.lnk
c:\windows\eSellerateEngine.dll
c:\windows\ktkm2.dll
c:\windows\ktkm3.dll
c:\windows\ktkm34.dll
c:\windows\ktkm36.dll
c:\windows\ktkm4.dll
c:\windows\ktkm8.dll
.
((((((((((((((((((((((((( Files Creati Da 2010-03-26 al 2010-04-26 )))))))))))))))))))))))))))))))))))
.
2010-04-26 18:36 . 2010-04-26 18:36 -------- d-----w- c:\documents and settings\Lally\Dati applicazioni\IObit
2010-04-26 18:36 . 2010-04-26 18:36 -------- d-----w- c:\programmi\IObit
2010-04-26 18:32 . 2010-04-26 18:32 -------- d-----w- c:\documents and settings\Lally\Dati applicazioni\Malwarebytes
2010-04-26 18:31 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-26 18:30 . 2010-04-26 18:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-26 18:30 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 18:30 . 2010-04-26 18:31 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-26 16:52 . 2010-03-25 08:00 84912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100426.003\NAVENG.SYS
2010-04-26 16:52 . 2010-03-25 08:00 371248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100426.003\EECTRL.SYS
2010-04-26 16:52 . 2010-03-25 08:00 2747440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100426.003\CCERASER.DLL
2010-04-26 16:52 . 2010-03-25 08:00 259440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100426.003\ECMSVR32.DLL
2010-04-26 16:52 . 2010-03-25 08:00 177520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100426.003\NAVENG32.DLL
2010-04-26 16:52 . 2010-03-25 08:00 1647984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100426.003\NAVEX32A.DLL
2010-04-26 16:52 . 2010-03-25 08:00 1324720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100426.003\NAVEX15.SYS
2010-04-26 16:52 . 2010-03-25 08:00 102448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100426.003\ERASER.SYS
2010-04-24 12:14 . 2010-03-05 17:55 811896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\Scxpx86.dll
2010-04-24 12:14 . 2010-03-05 17:55 488312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
2010-04-24 12:14 . 2010-03-05 17:55 343088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSvix86.sys
2010-04-24 12:14 . 2010-03-05 17:55 329592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
2010-04-24 12:14 . 2010-03-05 17:55 466992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSviA64.sys
2010-04-06 15:20 . 2010-04-06 15:20 -------- d-----w- c:\documents and settings\Lally\Dati applicazioni\inkscape
2010-04-06 14:56 . 2010-04-06 15:17 -------- d-----w- c:\programmi\Inkscape
2010-03-31 19:51 . 2010-03-31 19:51 -------- d-----w- c:\programmi\iPod
2010-03-31 19:47 . 2010-03-31 20:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-31 19:25 . 2010-03-31 19:25 -------- d-----w- c:\programmi\QuickTime
2010-03-31 19:18 . 2010-03-31 19:18 -------- d-----w- c:\programmi\Bonjour
2010-03-31 19:14 . 2010-03-31 19:14 73000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-31 19:06 . 2010-03-31 19:06 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-31 16:35 . 2010-03-31 16:35 -------- d-----w- c:\programmi\File comuni\Java
2010-03-31 16:34 . 2010-03-31 16:34 503808 ----a-w- c:\documents and settings\Lally\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a388a65-n\msvcp71.dll
2010-03-31 16:34 . 2010-03-31 16:34 499712 ----a-w- c:\documents and settings\Lally\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a388a65-n\jmc.dll
2010-03-31 16:34 . 2010-03-31 16:34 348160 ----a-w- c:\documents and settings\Lally\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a388a65-n\msvcr71.dll
2010-03-31 16:34 . 2010-03-31 16:34 61440 ----a-w- c:\documents and settings\Lally\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-10e83ff2-n\decora-sse.dll
2010-03-31 16:34 . 2010-03-31 16:34 12800 ----a-w- c:\documents and settings\Lally\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-10e83ff2-n\decora-d3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 19:34 . 2009-09-24 18:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sonic
2010-04-16 14:43 . 2009-09-24 11:21 176880 ----a-w- c:\documents and settings\Default User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-14 15:38 . 2009-09-24 18:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-04-13 13:43 . 2009-09-24 17:28 10 ----a-w- c:\windows\popcinfo.dat
2010-04-10 10:57 . 2009-09-28 15:46 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-31 20:16 . 2009-09-25 00:12 -------- d-----w- c:\programmi\iTunes
2010-03-31 19:49 . 2009-09-25 00:10 -------- d-----w- c:\programmi\File comuni\Apple
2010-03-31 19:10 . 2009-09-28 12:41 -------- d-----w- c:\programmi\Safari
2010-03-31 16:33 . 2009-10-23 14:13 -------- d-----w- c:\programmi\Java
2010-03-28 06:49 . 2001-08-31 11:00 84020 ----a-w- c:\windows\system32\perfc010.dat
2010-03-28 06:49 . 2001-08-31 11:00 488582 ----a-w- c:\windows\system32\perfh010.dat
2010-03-27 10:14 . 2010-03-26 18:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-03-26 21:53 . 2010-03-26 18:50 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2010-03-26 21:30 . 2010-03-26 18:50 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-26 21:30 . 2010-03-26 18:50 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-26 21:30 . 2010-03-26 18:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-26 21:30 . 2010-03-26 18:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-26 21:30 . 2010-03-26 18:50 -------- d-----w- c:\programmi\Symantec
2010-03-26 21:29 . 2010-03-26 18:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2010-03-26 19:00 . 2010-03-26 18:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2010-03-26 19:00 . 2010-03-26 19:00 796016 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-03-26 18:50 . 2010-03-26 18:50 1290592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-03-26 18:50 . 2010-03-26 18:50 136840 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-03-26 18:50 . 2010-03-26 18:50 -------- d-----w- c:\programmi\Norton Internet Security
2010-03-26 18:50 . 2010-03-26 18:50 -------- d-----w- c:\programmi\Windows Sidebar
2010-03-26 18:50 . 2010-03-26 18:50 -------- d-----w- c:\programmi\NortonInstaller
2010-03-10 20:30 . 2009-09-24 22:43 -------- d-----w- c:\documents and settings\Lally\Dati applicazioni\Any Video Converter
2010-03-10 06:15 . 2008-11-14 09:05 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-10-23 14:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 17:55 . 2010-03-26 19:14 811896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2010-03-05 17:55 . 2010-03-26 19:14 488312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2010-03-05 17:55 . 2010-03-26 19:14 343088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2010-03-05 17:55 . 2010-03-26 19:14 329592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2010-03-05 17:55 . 2010-03-26 19:14 466992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2010-03-05 00:10 . 2009-09-25 00:29 1576776 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-03-03 21:49 . 2010-03-03 21:49 50354 ----a-w- c:\documents and settings\Lally\Dati applicazioni\Facebook\uninstall.exe
2010-03-03 21:49 . 2010-03-03 21:49 -------- d-----w- c:\documents and settings\Lally\Dati applicazioni\Facebook
2010-03-02 12:58 . 2009-09-24 20:04 704 ----a-w- C:\Dionakra.DAT
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\documents and settings\Lally\Dati applicazioni\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Lally\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
2010-02-25 06:16 . 2008-11-14 09:06 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 11:57 . 2008-11-14 09:04 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 18:59 . 2008-11-14 09:05 2193792 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 18:59 . 2008-08-14 17:25 2070656 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 16:41 . 2010-04-26 19:47 558448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-12 10:03 . 2010-03-07 20:11 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:28 . 2008-04-13 16:13 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 11:36 . 2008-11-14 09:05 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-01 18:20 . 2010-04-26 19:46 165240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.
------- Sigcheck -------
[-] 2008-11-14 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-11-14 . 902E0A75C51196A82BED9CC0E3AC8756 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"D-Link AirPlus XtremeG DWL-G122"="c:\programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-12-18 1556480]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"RoxWatchTray"="c:\programmi\File comuni\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-13 240112]
"CPMonitor"="c:\programmi\Roxio Creator 2009\5.0\CPMonitor.exe" [2009-04-20 84464]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-01-16 72192]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-03-25 142120]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Post-it© Software Notes Lite.lnk - c:\programmi\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [26/03/2010 23.30.01 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [26/03/2010 23.30.01 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [26/03/2010 23.29.37 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSXpx86.sys [24/04/2010 14.14.20 329592]
R2 Norton Internet Security;Norton Internet Security;c:\programmi\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [26/03/2010 23.29.46 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/03/2010 21.14.46 102448]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/09/2009 19.40.42 721904]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\programmi\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [14/08/2008 0.25.24 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\programmi\File comuni\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [14/08/2008 0.24.06 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\programmi\File comuni\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [14/08/2008 0.24.02 170480]
S3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [24/09/2009 15.19.09 827008]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\programmi\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [14/08/2008 0.25.20 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\programmi\File comuni\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [04/03/2009 4.58.36 1122304]
.
Contenuto della cartella 'Scheduled Tasks'
2010-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = local;*.local
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {A758098C-5503-4065-B400-4B8F722211BE} = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\documents and settings\Lally\Dati applicazioni\Mozilla\Firefox\Profiles\45ya4lja.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.msn.com/?ocid=iehp
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Lally\Dati applicazioni\Mozilla\Firefox\Profiles\45ya4lja.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Lally\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Lally\Dati applicazioni\Mozilla\Firefox\Profiles\45ya4lja.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Lally\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pre
f", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-iyldcp - c:\documents and settings\lally\impostazioni locali\dati applicazioni\iyldcp.exe
AddRemove-iyldcp - c:\documents and settings\lally\impostazioni locali\dati applicazioni\iyldcp.exe
AddRemove-{6304587B-3C05-4031-A8E7-7938CB9162E7}_is1 - c:\programmi\meta-iPod
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 21:55
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programmi\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1292428093-484061587-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-1292428093-484061587-1644491937-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f3,4a,19,66,f5,f3,18,ef,17,89,db,bd,0f,ce,70,1e,84,d6,63,b5,8a,42,ff,
2c,1a,64,77,a3,03,98,a8,20,f9,e8,9f,08,0f,11,8b,da,27,a7,24,61,fe,e5,78,d4,\
"??"=hex:21,8c,66,7a,88,f0,b0,76,42,f3,52,cc,cd,ed,d7,29
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-04-26 21:58:07
ComboFix-quarantined-files.txt 2010-04-26 19:58
Pre-Run: 56.674.603.008 byte disponibili
Post-Run: 56.668.717.056 byte disponibili
- - End Of File - - 3750975A15BCDFBE03043F858597D468
grazie in anticipo