ComboFix 10-03-16.01 - F & B 16/03/2010 21.03.00.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.508 [GMT 1:00]
Eseguito da: c:\downloads\ComboFix.exe
.
I seguenti file sono stati disabilitati durante la scansione:
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\F & B\Impostazioni locali\Dati applicazioni\av.exe
c:\documents and settings\F & B\Impostazioni locali\Dati applicazioni\bobpcpdq.dat
c:\documents and settings\F & B\Impostazioni locali\Dati applicazioni\bobpcpdq.exe
c:\documents and settings\F & B\Impostazioni locali\Dati applicazioni\bobpcpdq_nav.dat
c:\documents and settings\F & B\Impostazioni locali\Dati applicazioni\bobpcpdq_navps.dat
c:\documents and settings\F & B\Impostazioni locali\Temporary Internet Files\lA0XBYp.jpg
c:\documents and settings\F & B\Impostazioni locali\Temporary Internet Files\nba56o2.jpg
c:\documents and settings\F & B\Impostazioni locali\Temporary Internet Files\P71Y4.jpg
c:\documents and settings\F & B\Impostazioni locali\Temporary Internet Files\xMJY7Ny.jpg
c:\programmi\WinPCap
c:\programmi\WinPCap\daemon_mgm.exe
c:\programmi\WinPCap\npf_mgm.exe
c:\programmi\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
----- BITS: Possibili siti infetti -----
hxxp://liveupdate.symantec.comhxxp://definitions.symantec.com.
((((((((((((((((((((((((( Files Creati Da 2010-02-16 al 2010-03-16 )))))))))))))))))))))))))))))))))))
.
2010-03-16 19:45 . 2010-03-16 19:45 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-16 19:45 . 2010-03-16 19:45 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-16 19:45 . 2010-03-16 19:45 -------- d-----w- c:\programmi\Symantec
2010-03-16 19:44 . 2010-03-16 19:44 -------- d-----w- c:\windows\system32\drivers\N360
2010-03-15 20:38 . 2010-03-15 20:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PCSettings
2010-03-15 20:36 . 2010-03-15 20:36 -------- d-----w- c:\programmi\NortonInstaller
2010-03-15 20:36 . 2010-03-15 20:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2010-03-15 20:29 . 2010-03-15 20:29 -------- d-----w- c:\documents and settings\F & B\Dati applicazioni\ZipGenius
2010-03-15 20:27 . 2010-03-15 20:27 -------- d-----w- c:\programmi\ZipGenius 6
2010-03-15 20:27 . 2010-03-15 20:27 -------- d-----w- c:\programmi\Conduit
2010-03-15 20:27 . 2010-03-15 20:27 -------- d-----w- c:\documents and settings\F & B\Impostazioni locali\Dati applicazioni\Conduit
2010-03-15 20:20 . 2010-03-15 20:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2010-03-14 20:40 . 2010-03-14 20:40 -------- d-----w- c:\programmi\TrendMicro
2010-03-14 18:01 . 2010-03-14 18:01 -------- d-sh--w- c:\documents and settings\F & B\PrivacIE
2010-03-14 17:51 . 2010-03-14 17:51 -------- d-----w- c:\documents and settings\F & B\Dati applicazioni\Uniblue
2010-03-14 17:17 . 2010-03-14 17:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-14 17:02 . 2010-03-14 17:02 -------- d-sh--w- c:\documents and settings\F & B\IETldCache
2010-03-14 16:58 . 2010-03-14 16:58 -------- d-----w- c:\windows\ie8updates
2010-03-14 16:53 . 2010-03-14 16:53 -------- d--h--w- c:\windows\ie8
2010-03-14 16:47 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-03-14 16:47 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-14 16:47 . 2009-12-21 19:06 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-14 14:45 . 2010-03-14 14:45 -------- d-----w- c:\documents and settings\F & B\Dati applicazioni\Malwarebytes
2010-03-14 14:45 . 2010-03-14 14:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-14 14:45 . 2010-03-14 14:45 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-14 14:15 . 2010-03-14 15:04 2560 ----a-w- c:\windows\system32\drivers\mchInjDrv.sys
2010-03-14 14:14 . 2010-03-14 14:14 -------- d-----w- c:\programmi\Enigma Software Group
2010-03-14 11:20 . 2010-03-14 11:20 -------- d-----w- c:\documents and settings\F & B\Impostazioni locali\Dati applicazioni\Symantec
2010-03-13 20:42 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-10 13:31 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-05 11:58 . 2010-03-05 11:58 -------- d-----w- c:\documents and settings\F & B\Dati applicazioni\vlc
2010-03-05 11:54 . 2010-03-05 11:54 -------- d-----w- c:\programmi\VideoLAN
2010-03-03 18:02 . 2010-03-03 18:02 -------- d-----w- C:\msorb3
2010-02-20 15:59 . 2010-02-20 15:59 -------- d-----w- C:\Buziol Games
2010-02-20 15:43 . 2010-02-20 15:43 -------- d-----w- c:\programmi\Mario bros
2010-02-20 10:27 . 2010-02-20 10:27 -------- d-----w- c:\documents and settings\F & B\Dati applicazioni\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 19:45 . 2010-03-16 19:45 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-16 19:45 . 2010-03-16 19:45 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-15 00:00 . 2010-03-16 20:12 84912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100316.003\NAVENG.SYS
2010-03-15 00:00 . 2010-03-16 20:12 177520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100316.003\NAVENG32.DLL
2010-03-15 00:00 . 2010-03-16 20:12 1647984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100316.003\NAVEX32A.DLL
2010-03-15 00:00 . 2010-03-16 20:12 1324720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100316.003\NAVEX15.SYS
2010-03-15 00:00 . 2010-03-16 20:12 371248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100316.003\EECTRL.SYS
2010-03-15 00:00 . 2010-03-16 20:12 2747440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100316.003\CCERASER.DLL
2010-03-15 00:00 . 2010-03-16 20:12 259440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100316.003\ECMSVR32.DLL
2010-03-15 00:00 . 2010-03-16 20:12 102448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100316.003\ERASER.SYS
2010-03-14 20:40 . 2010-03-14 20:40 388096 ----a-r- c:\documents and settings\F & B\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-05 13:13 . 2010-03-05 13:13 443912 ----a-w- c:\documents and settings\F & B\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-02-14 10:19 . 2008-05-21 21:43 104120 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-09 16:26 . 2010-03-15 20:26 52224 ----a-w- c:\documents and settings\F & B\Dati applicazioni\Mozilla\Firefox\Profiles\ltpwb7rg.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
2010-02-09 16:26 . 2010-03-15 20:26 101376 ----a-w- c:\documents and settings\F & B\Dati applicazioni\Mozilla\Firefox\Profiles\ltpwb7rg.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
2010-02-05 17:50 . 2010-02-05 17:50 -------- d-----w- c:\programmi\InterActual
2009-12-31 16:50 . 2004-08-19 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2006-01-09 19:01 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2004-08-19 04:00 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-17 07:10 . 2010-03-16 19:45 893296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CLT\cltLMSx.dll
2007-02-08 09:48 . 2007-02-08 09:48 133920 ----a-w- c:\programmi\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 18:03 . 2007-07-24 18:03 118784 ----a-w- c:\programmi\internet explorer\plugins\LV85ActiveXControl.dll
2006-01-23 09:32 . 2006-01-23 09:32 131072 ----a-w- c:\programmi\internet explorer\plugins\LV80ActiveXControl.dll
2004-03-15 16:51 . 2004-03-15 16:51 114688 ----a-w- c:\programmi\internet explorer\plugins\LV71ActiveXControl.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2009-09-08 19:57 . 2009-09-08 19:56 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-08 19:57 . 2009-09-08 19:57 56 --sh--r- c:\windows\system32\C6403AABD6.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-16 94208]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315]
"ntiMUI"="c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ImageItEncrypt"="c:\windows\system32\ImageItEncrypt.exe" [2005-12-30 40960]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-06-21 185896]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 88204]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMSX"="c:\programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2006-07-20 237568]
"LogitechVideo[inspector]"="c:\programmi\Acer\OrbiCam\InstallHelper.exe" [2006-07-20 23:15 73728]
"LogitechCameraAssistant"="c:\programmi\Acer\OrbiCam\CameraAssistant.exe" [2006-07-20 331776]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Programmi\\Wolfram Research\\Mathematica\\7.0\\Mathematica.exe"=
"c:\\Programmi\\Wolfram Research\\Mathematica\\7.0\\MathKernel.exe"=
"c:\\Programmi\\Wolfram Research\\Mathematica\\7.0\\math.exe"=
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [10/07/2007 20.08.14 15448]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0400000.07F\SymDS.sys [16/03/2010 20.45.12 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0400000.07F\SymEFA.sys [16/03/2010 20.45.12 172592]
R1 BHDrvx86;BHDrvx86;c:\docume~1\ALLUSE~1\DATIAP~1\Norton\{0C55C~1\N360_4~1.127\DEFINI~1\BASHDefs\20091205.001\BHDrvx86.sys [16/03/2010 20.45.11 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0400000.07F\cchpx86.sys [16/03/2010 20.45.11 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0400000.07F\Ironx86.sys [16/03/2010 20.45.12 116272]
R2 N360;Norton 360;c:\programmi\Norton 360\Norton 360\Engine\4.0.0.127\ccSvcHst.exe [16/03/2010 20.45.00 126392]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [19/07/2007 11.56.44 11360]
R3 IDSxpx86;IDSxpx86;c:\docume~1\ALLUSE~1\DATIAP~1\Norton\{0C55C~1\N360_4~1.127\DEFINI~1\IPSDefs\20091105.001\IDSxpx86.sys [16/03/2010 20.45.12 329592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/03/2009 17.59.56 691696]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate1ca2ef05b14b856;Servizio di Google Update (gupdate1ca2ef05b14b856);c:\programmi\Google\Update\GoogleUpdate.exe [06/09/2009 14.48.33 133104]
S3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\drivers\HDJCTRL.sys [19/06/2008 19.44.45 11008]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys [19/06/2008 19.44.46 39424]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [22/06/2009 11.28.39 1097728]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [12/07/2007 18.18.14 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [18/07/2007 21.11.02 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [18/07/2007 21.12.02 11896]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [19/07/2007 11.48.36 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [19/07/2007 11.56.44 11360]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12/03/2009 21.54.30 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12/03/2009 21.54.34 8320]
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-09-06 13:48]
2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-09-06 13:48]
.
.
------- Scansione supplementare -------
.
uStart Page =
www.google.comuInternet Connection Wizard,ShellNext =
hxxp://global.acer.com/IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\F & B\Dati applicazioni\Mozilla\Firefox\Profiles\ltpwb7rg.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-IT Customized Web Search
FF - prefs.js: browser.startup.homepage -
hxxp://search.conduit.com/?ctid=CT25302 ... hSource=13FF - prefs.js: keyword.URL -
hxxp://search.conduit.com/ResultsExt.as ... 2530241&q=FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\F & B\Dati applicazioni\Mozilla\Firefox\Profiles\ltpwb7rg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\F & B\Dati applicazioni\Mozilla\Firefox\Profiles\ltpwb7rg.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\F & B\Dati applicazioni\Mozilla\Firefox\Profiles\ltpwb7rg.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\F & B\Dati applicazioni\Mozilla\Firefox\Profiles\ltpwb7rg.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\nplv85win32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-updateMgr - c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-NWEReboot - (no file)
AddRemove-bobpcpdq - c:\documents and settings\f & b\impostazioni locali\dati applicazioni\bobpcpdq.exe
AddRemove-NI Uninstaller - g:\labview\Shared\NIUninstaller\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-16 21:17
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\programmi\Norton 360\Norton 360\Engine\4.0.0.127\ccSvcHst.exe\" /s \"N360\" /m \"c:\programmi\Norton 360\Norton 360\Engine\4.0.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-03-16 21:19:32
ComboFix-quarantined-files.txt 2010-03-16 20:19
Pre-Run: 15.210.938.368 byte disponibili
Post-Run: 15.217.229.824 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 5C17BE95284E9FABD93D4A8FEBD46F71