ComboFix 10-04-13.04 - Gianni 14/04/2010 13.31.29.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1791.1113 [GMT 2:00]
Eseguito da: c:\documents and settings\Gianni\Documenti\Download\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Gianni\Dati applicazioni\lsass.exe
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
((((((((((((((((((((((((( Files Creati Da 2010-03-14 al 2010-04-14 )))))))))))))))))))))))))))))))))))
.
2010-04-11 09:49 . 2010-04-11 09:49 -------- d-----w- c:\documents and settings\Gianni\Dati applicazioni\Malwarebytes
2010-04-11 09:49 . 2010-04-11 09:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-11 09:49 . 2010-04-11 14:02 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-11 09:49 . 2010-04-11 09:49 -------- d-----w- c:\documents and settings\Gianni\Impostazioni locali\Dati applicazioni\Conduit
2010-04-11 09:49 . 2010-04-11 09:49 -------- d-----w- c:\programmi\Conduit
2010-04-11 09:49 . 2010-03-18 18:48 52224 ----a-w- c:\documents and settings\Gianni\Dati applicazioni\Mozilla\Firefox\Profiles\m9bblmdd.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
2010-04-11 09:49 . 2010-03-18 18:48 101376 ----a-w- c:\documents and settings\Gianni\Dati applicazioni\Mozilla\Firefox\Profiles\m9bblmdd.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
2010-04-09 21:56 . 2010-04-09 21:56 177664 ----a-w- c:\windows\Bdonya.exe
2010-04-08 12:28 . 2010-04-08 12:29 -------- d-----w- c:\programmi\eMule
2010-04-06 12:33 . 2010-04-06 12:33 1 ----a-w- c:\documents and settings\Gianni\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-06 12:33 . 2010-04-06 12:33 -------- d-----w- c:\documents and settings\Gianni\Dati applicazioni\OpenOffice.org
2010-04-06 12:30 . 2010-04-06 12:30 7424000 ----a-r- c:\documents and settings\Gianni\Dati applicazioni\Microsoft\Installer\{D61B4347-26FD-40F5-92B7-5D020E574DFE}\soffice.exe
2010-04-06 12:29 . 2010-04-06 12:29 -------- d-----w- c:\programmi\JRE
2010-04-06 12:28 . 2010-04-06 12:29 -------- d-----w- c:\programmi\OpenOffice.org 3
2010-04-05 08:05 . 2010-04-05 08:05 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2010-04-05 08:05 . 2009-08-05 20:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-04-05 08:00 . 2010-04-05 08:00 -------- d-----w- c:\programmi\Microsoft Sync Framework
2010-04-05 07:58 . 2010-04-05 07:58 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2010-04-05 07:55 . 2010-04-05 08:06 -------- d-----w- c:\programmi\Microsoft
2010-04-05 07:55 . 2010-04-05 08:05 -------- d-----w- c:\programmi\Windows Live
2010-03-18 22:56 . 2010-03-18 23:22 -------- d-----w- c:\documents and settings\Gianni\Dati applicazioni\SecondLife
2010-03-18 22:56 . 2010-04-11 16:40 -------- d-----w- c:\documents and settings\Gianni\Impostazioni locali\Dati applicazioni\SecondLife
2010-03-18 22:55 . 2010-03-18 22:56 -------- d-----w- c:\programmi\SecondLife
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 11:38 . 2010-02-04 22:20 -------- d-----w- c:\documents and settings\Gianni\Dati applicazioni\Skype
2010-04-14 11:37 . 2010-01-09 15:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-04-14 08:55 . 2010-02-04 22:33 -------- d-----w- c:\documents and settings\Gianni\Dati applicazioni\skypePM
2010-04-12 11:40 . 2010-01-17 14:28 -------- d-----w- c:\documents and settings\Gianni\Dati applicazioni\Canon
2010-04-06 14:42 . 2010-01-09 11:57 73904 ----a-w- c:\documents and settings\Gianni\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-05 08:05 . 2001-08-31 10:00 70766 ----a-w- c:\windows\system32\perfc010.dat
2010-04-05 08:05 . 2001-08-31 10:00 440500 ----a-w- c:\windows\system32\perfh010.dat
2010-03-15 23:44 . 2010-01-10 11:45 -------- d-----w- c:\documents and settings\Gianni\Dati applicazioni\uTorrent
2010-03-11 21:50 . 2010-03-11 21:50 -------- d-----w- c:\programmi\File comuni\Java
2010-03-11 21:49 . 2010-03-11 21:49 503808 ----a-w- c:\documents and settings\Gianni\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63814ec7-n\msvcp71.dll
2010-03-11 21:49 . 2010-03-11 21:49 499712 ----a-w- c:\documents and settings\Gianni\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63814ec7-n\jmc.dll
2010-03-11 21:49 . 2010-03-11 21:49 348160 ----a-w- c:\documents and settings\Gianni\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63814ec7-n\msvcr71.dll
2010-03-11 21:49 . 2010-03-11 21:49 61440 ----a-w- c:\documents and settings\Gianni\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7024a289-n\decora-sse.dll
2010-03-11 21:49 . 2010-03-11 21:49 12800 ----a-w- c:\documents and settings\Gianni\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7024a289-n\decora-d3d.dll
2010-03-11 21:49 . 2010-01-09 22:35 -------- d-----w- c:\programmi\Java
2010-03-07 23:05 . 2010-03-07 23:05 -------- d-----w- c:\programmi\Audacity
2010-03-06 22:44 . 2010-01-10 11:46 -------- d-----w- c:\programmi\uTorrent
2010-03-03 16:15 . 2010-03-03 16:15 -------- d-----w- c:\programmi\I capolavori della letteratura
2010-02-18 15:42 . 2010-01-11 09:00 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-02-15 20:28 . 2010-02-15 20:28 -------- d-----w- c:\programmi\IrfanView
2010-02-14 17:01 . 2010-01-10 11:46 -------- d-----w- c:\programmi\Ask.com
2010-02-04 22:33 . 2010-02-04 22:33 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-02 08:34 . 2010-01-21 09:04 253952 ------w- c:\windows\Setup1.exe
2010-02-02 08:34 . 2010-01-21 09:04 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-01-31 09:55 . 2010-01-31 09:55 0 ----a-w- c:\windows\nsreg.dat
.
------- Sigcheck -------
[-] 2007-12-12 . 5DEF00B476192F4AE0E9515F08100443 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-09 39408]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2009-04-23 488808]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-21 13680640]
"nwiz"="nwiz.exe" [2009-01-21 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-21 86016]
"HDAudDeck"="c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-02-27 33599488]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SweetIM"="c:\programmi\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\Gianni\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.2.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
reminder-Registrazione del prodotto Scansoft.lnk - c:\programmi\Caere\OmniPagePro90\EREG\REMIND32.EXE [2010-1-17 67584]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\Magentic\\bin\\MgImp.exe"=
"c:\\Programmi\\Magentic\\bin\\Magentic.exe"=
"c:\\Programmi\\Magentic\\bin\\MgApp.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\SecondLife\\SLVoice.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 22.18.34 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 15.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 20.39.44 19472]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [09/01/2010 17.50.07 1057024]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/02/2010 17.29.56 135664]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys
c:\windows\system32\Drivers\SSPORT.sys
![[?]](http://www.megalab.it/forum/images/smilies/confused.gif "Confuso")
.
Contenuto della cartella 'Scheduled Tasks'
2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-05 15:29]
2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-05 15:29]
2010-04-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2010-02-04 15:50]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/mStart Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gianni\Dati applicazioni\Mozilla\Firefox\Profiles\m9bblmdd.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - component: c:\documents and settings\Gianni\Dati applicazioni\Mozilla\Firefox\Profiles\m9bblmdd.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Gianni\Dati applicazioni\Mozilla\Firefox\Profiles\m9bblmdd.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-msnmsgr - ~c:\programmi\Windows Live\Messenger\msnmsgr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-14 13:37
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background?
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(1868)
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchTrayHook.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Ora fine scansione: 2010-04-14 13:41:56 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-14 11:41
Pre-Run: 34.916.347.904 byte disponibili
Post-Run: 34.796.589.056 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - CAB273A82230A95CA0C94E5A3260C6A8
Esegui ![[:)]](http://www.megalab.it/forum/images/smilies/smile.gif "Smile")
da Gio76 » sab apr 10, 2010 4:18 pm 
![[V]](http://www.megalab.it/forum/images/smilies/sad.gif "Triste")
Grazie