ComboFix 09-08-22.06 -i 23/08/2009 10.35.21.19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.618 [GMT 2:00]
Eseguito da: c:\documents and settings\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\52737b.msp
c:\windows\Installer\52737c.msp
.
((((((((((((((((((((((((( Files Creati Da 2009-07-23 al 2009-08-23 )))))))))))))))))))))))))))))))))))
.
2009-08-22 11:24 . 2009-08-22 11:24 -------- d-----w- c:\programmi\Veoh Networks
2009-08-22 07:50 . 2009-08-22 07:50 -------- d-----w- c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Cooliris
2009-08-22 07:49 . 2009-08-22 07:49 -------- d-----w- c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\LastPass
2009-08-22 07:47 . 2009-07-06 20:44 937984 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-08-22 07:47 . 2009-07-06 20:44 103424 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-08-22 07:47 . 2009-07-06 20:44 65536 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-08-22 07:47 . 2009-07-06 20:44 106496 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-08-22 07:47 . 2009-07-06 20:44 4722688 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-08-22 07:47 . 2009-07-06 20:44 344064 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-08-22 07:47 . 2009-06-09 12:18 575488 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2009-08-18 14:43 . 2009-08-18 14:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WebcamMax
2009-08-18 14:42 . 2009-08-18 14:43 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\Webcammax
2009-08-18 14:41 . 2008-03-11 13:14 941784 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys
2009-08-18 14:40 . 2009-08-18 14:44 -------- d-----w- c:\programmi\WebcamMax
2009-08-18 14:15 . 2009-08-18 14:15 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\EmailNotifier
2009-08-18 14:14 . 2009-08-18 14:16 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\ooVoo Details
2009-08-18 14:14 . 2009-08-18 14:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EmailNotifier
2009-08-18 14:14 . 2009-08-21 14:13 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\oovootb
2009-08-18 14:14 . 2009-08-18 14:14 -------- d-----w- c:\programmi\oovootb
2009-08-18 14:13 . 2009-08-18 14:14 -------- d-----w- c:\programmi\ooVoo
2009-08-18 08:18 . 2009-08-18 08:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-18 08:10 . 2009-08-18 08:10 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Windows Search
2009-08-14 13:16 . 2009-08-14 13:16 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\Temp
2009-08-14 06:37 . 2009-08-14 06:37 -------- d-----w- C:\Toolbar4Free Toolbar images
2009-08-12 12:47 . 2009-08-14 12:00 -------- d-----w- c:\programmi\SuperCopier2
2009-08-12 06:40 . 2009-07-10 13:26 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 12:07 . 2009-08-11 12:07 -------- d-----w- c:\programmi\Lavalys
2009-08-11 07:07 . 2009-08-11 07:07 3942047 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-11 06:43 . 2009-08-11 06:44 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\TeraCopy
2009-08-10 08:32 . 2009-08-18 09:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-10 08:32 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 08:32 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-10 08:32 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-10 08:32 . 2009-08-10 08:32 -------- d-----w- c:\programmi\Avira
2009-08-10 08:32 . 2009-08-10 08:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-08-09 07:48 . 2009-08-09 07:48 152576 ----a-w- c:\documents and settings\xxxi\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-08 19:29 . 2009-08-21 13:15 -------- d-----w- c:\documents and settings\xxxi\Dati applicazioni\Skype
2009-08-08 19:28 . 2009-08-08 19:28 -------- d-----w- c:\programmi\File comuni\Skype
2009-08-08 19:28 . 2009-08-08 19:29 -------- d-----r- c:\programmi\Skype
2009-08-08 19:24 . 2009-08-08 19:24 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\Logitech-LS
2009-08-08 19:23 . 2005-05-27 09:38 7136 ----a-r- c:\windows\system32\drivers\lv302af.sys
2009-08-08 19:23 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-08 19:23 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-08 19:23 . 2005-05-27 09:36 372736 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-08-08 19:23 . 2005-05-27 09:31 22016 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-08-08 19:23 . 2005-05-27 09:29 204800 ----a-r- c:\windows\system32\LVUI2.dll
2009-08-08 19:23 . 2005-05-27 09:19 106496 ----a-r- c:\windows\system32\lvcoinst.dll
2009-08-08 19:23 . 2005-05-27 09:26 204800 ----a-r- c:\windows\system32\lvcodec2.dll
2009-08-08 19:23 . 2005-05-27 09:23 2180096 ----a-r- c:\windows\system32\drivers\LVSVF2.sys
2009-08-08 19:23 . 2005-05-27 09:46 913280 ----a-r- c:\windows\system32\drivers\LV302AV.SYS
2009-08-08 19:16 . 2005-07-19 15:31 53248 ----a-r- c:\windows\system32\InstMed.exe
2009-08-08 19:14 . 2005-06-08 13:12 462848 ----a-w- c:\windows\system32\LCamCpl.dll
2009-08-08 19:14 . 2005-06-08 12:31 215552 ----a-w- c:\windows\system32\Lvkrn12n.dll
2009-08-08 19:14 . 2003-03-18 19:44 49152 ----a-w- c:\windows\system32\MFC71KOR.DLL
2009-08-08 19:14 . 2003-03-18 19:44 49152 ----a-w- c:\windows\system32\MFC71JPN.DLL
2009-08-08 19:14 . 2003-03-18 19:44 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2009-08-08 19:14 . 2003-03-18 19:44 61440 ----a-w- c:\windows\system32\MFC71ITA.DLL
2009-08-08 19:14 . 2003-03-18 19:44 61440 ----a-w- c:\windows\system32\MFC71ESP.DLL
2009-08-08 19:14 . 2003-03-18 19:44 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL
2009-08-08 19:14 . 2003-03-18 19:44 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL
2009-08-08 19:14 . 2003-03-18 19:44 65536 ----a-w- c:\windows\system32\MFC71DEU.DLL
2009-08-08 19:13 . 2005-06-08 12:41 466944 ----a-w- c:\windows\system32\QCUI2.dll
2009-08-08 19:13 . 2005-06-08 12:31 856064 ----a-w- c:\windows\system32\Ltwvc12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 406016 ----a-w- c:\windows\system32\ltkrn12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 207872 ----a-w- c:\windows\system32\ltefx12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 164864 ----a-w- c:\windows\system32\ltimg12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 131072 ----a-w- c:\windows\system32\ltfil12n.DLL
2009-08-08 19:13 . 2005-06-08 12:31 259072 ----a-w- c:\windows\system32\LTDIS12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 141312 ----a-w- c:\windows\system32\lftif12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 78336 ----a-w- c:\windows\system32\lffax12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 328704 ----a-w- c:\windows\system32\LFCMP12n.DLL
2009-08-08 19:13 . 2005-06-08 12:31 30720 ----a-w- c:\windows\system32\lfbmp12n.dll
2009-08-08 19:13 . 2005-06-08 12:38 90112 ----a-w- c:\windows\system32\LQCUI2.dll
2009-08-08 19:12 . 2009-08-08 19:12 81920 ------r- c:\windows\bwUnin-6.1.4.68-8876480L.exe
2009-08-08 19:12 . 2009-08-08 19:12 -------- d-----w- C:\Program Files
2009-08-08 19:00 . 2009-07-03 16:55 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-08 19:00 . 2009-07-03 16:55 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-05 08:59 . 2009-08-05 08:59 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 08:33 . 2009-03-29 11:29 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-23 08:32 . 2008-12-30 12:29 -------- d-----w- c:\programmi\PeerGuardian2
2009-08-23 08:32 . 2009-02-02 09:40 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\uTorrent
2009-08-23 07:39 . 2009-01-28 14:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-08-22 12:59 . 2008-09-12 06:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-21 09:55 . 2008-12-07 19:19 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\skypePM
2009-08-21 08:27 . 2008-09-17 15:21 -------- d-----w- c:\programmi\eMule
2009-08-18 14:13 . 2008-09-12 08:33 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-18 08:22 . 2009-03-05 15:02 -------- d-----w- c:\programmi\CrossLoop
2009-08-14 13:44 . 2008-09-12 06:35 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-11 14:36 . 2009-03-29 11:32 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2009-08-11 14:28 . 2008-09-12 07:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-08-11 14:28 . 2008-09-12 07:01 -------- d-----w- c:\programmi\NOS
2009-08-11 07:08 . 2009-05-06 10:39 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-09 07:49 . 2008-09-12 08:33 -------- d-----w- c:\programmi\Java
2009-08-09 07:25 . 2008-09-12 06:27 -------- d-----w- c:\programmi\Windows Desktop Search
2009-08-08 19:28 . 2008-09-11 23:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-08-08 19:14 . 2008-11-06 13:06 -------- d-----w- c:\programmi\File comuni\Logitech
2009-08-08 19:13 . 2008-11-06 13:06 -------- d-----w- c:\programmi\Logitech
2009-08-05 08:59 . 2004-09-03 09:36 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-05-06 10:39 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-05-06 10:39 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 03:23 . 2009-05-06 05:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-09-03 09:36 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-09-03 09:37 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:55 . 2004-09-03 09:36 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 22:08 . 2009-06-30 22:08 564224 ----a-w- c:\windows\system32\b4fm.dll
2009-06-16 14:36 . 2004-09-03 09:36 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-09-03 09:36 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:43 . 2004-09-03 09:36 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-09-03 09:36 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 12:39 . 2009-06-10 12:39 554456 ----a-w- c:\documents and settings\Michela Ravarelli\Dati applicazioni\oovootb\oovootb.dll
2009-06-10 07:19 . 2004-09-03 09:50 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-09-03 09:36 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-09-03 09:36 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 11:13 . 2009-05-25 11:13 108992 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-05-08 19:00 86016 ----a-w- c:\programmi\oovootb\oovoodx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\programmi\oovootb\oovoodx.dll" [2009-05-08 86016]
[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"SuperCopier2.exe"="c:\programmi\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Google Update"="c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-08-14 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-01 7118848]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-01-10 385024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-05-04 14396416]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
"Run StartupMonitor"="StartupMonitor.exe" - c:\windows\StartupMonitor.exe [2000-05-20 86016]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33386:TCP"= 33386:TCP:eMule_TCP
"38360:UDP"= 38360:UDP:eMule_UDP
"1720:TCP"= 1720:TCP:utorrent
"1750:TCP"= 1750:TCP:utorrent_tcp
"443:TCP"= 443:TCP:Porta TCP ooVoo 443
"443:UDP"= 443:UDP:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:Porta UDP ooVoo 37675
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/03/2009 13.29.55 130424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/03/2009 13.30.13 159600]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [16/09/2008 16.37.26 81920]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [18/08/2009 16.41.02 941784]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [29/03/2009 13.29.55 73840]
R3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [01/01/1980 5120]
R3 kbd;Keyboard;c:\windows\system32\drivers\kbd.sys [01/01/1980 21504]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [22/09/2005 10.57.11 800000]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [22/09/2005 10.57.38 226768]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [16/09/2008 16.37.32 100480]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [16/09/2008 16.37.32 87552]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [16/09/2008 16.37.32 100480]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [29/03/2009 13.32.25 95640]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-08-23 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-16 15:09]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.mininova.org/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabFF - ProfilePath - c:\documents and settings\Michela Ravarelli\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.mystart.com?pr=oovoo2_0FF - prefs.js: keyword.URL -
hxxp://urlseek40.vmn.net/search.php?lg= ... oo2_0dn&q=FF - component: c:\documents and settings\Michela Ravarelli\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\documents and settings\Michela Ravarelli\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Michela Ravarelli\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-23 10:40
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\MICHEL~1\IMPOST~1\Temp\mc22.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2009-08-23 10.43.13
ComboFix-quarantined-files.txt 2009-08-23 08:42
ComboFix2.txt 2009-08-19 05:39
Pre-Run: 20.188.053.504 byte disponibili
Post-Run: 20.135.587.840 byte disponibili
309 --- E O F --- 2009-08-12 07:55
Registrazione
di elaisa83 » 14/08/09 13:59 