ComboFix 09-05-05.04 - User 06/05/2009 12.59.17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.219 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\okwsk.dat
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\okwsk_nav.dat
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\okwsk_navps.dat
.
((((((((((((((((((((((((( Files Creati Da 2009-04-06 al 2009-05-06 )))))))))))))))))))))))))))))))))))
.
2009-05-03 10:36 . 2009-05-03 10:36 -------- d-----w c:\documents and settings\User\Tracing
2009-05-03 10:35 . 2009-05-03 10:35 -------- d-----w c:\programmi\Microsoft Sync Framework
2009-05-03 10:31 . 2009-05-03 10:31 -------- d-----w c:\programmi\Microsoft
2009-05-03 10:31 . 2009-05-03 10:31 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-05-03 10:26 . 2009-05-03 10:26 -------- d-----w c:\programmi\File comuni\Windows Live
2009-04-30 18:45 . 2009-05-01 18:09 -------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-04-30 18:44 . 2009-04-28 14:25 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-04-28 18:49 . 2009-04-28 18:50 -------- d-----w c:\programmi\ConvertHelper
2009-04-26 17:14 . 2009-04-26 17:14 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Pinnacle
2009-04-26 14:35 . 2009-04-26 18:26 -------- d-----w c:\documents and settings\All Users\PinnacleExtractor
2009-04-26 09:38 . 2008-07-10 11:56 107864 ----a-w c:\windows\system32\tsccvid.dll
2009-04-26 09:38 . 2009-04-26 09:38 -------- d-----w c:\windows\system32\QuickTime
2009-04-26 09:38 . 2009-04-26 09:38 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\TechSmith
2009-04-26 09:37 . 2009-04-26 09:37 -------- d-----w c:\programmi\File comuni\TechSmith Shared
2009-04-26 09:37 . 2009-04-26 09:37 -------- d-----w c:\programmi\TechSmith
2009-04-17 14:14 . 2009-04-17 14:13 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-16 16:21 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 16:20 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 16:20 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 16:20 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 16:20 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 16:20 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 16:20 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 16:20 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 16:20 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 16:15 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 11:03 . 2008-10-14 08:53 21084704 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-05 19:10 . 2008-10-14 08:53 283916 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-04 11:57 . 2008-09-21 11:33 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-05-04 11:57 . 2008-01-03 15:11 -------- d-----w c:\programmi\Creative
2009-05-03 10:35 . 2007-12-10 19:18 -------- d-----w c:\programmi\Windows Live
2009-05-03 10:35 . 2007-12-10 19:33 -------- d-----w c:\programmi\Windows Live Toolbar
2009-05-03 09:53 . 2007-12-10 19:14 -------- d-----w c:\programmi\Google
2009-04-30 18:44 . 2008-08-08 12:18 -------- d-----w c:\programmi\File comuni\SourceTec
2009-04-30 18:43 . 2008-08-08 12:18 -------- d-----w c:\programmi\SourceTec
2009-04-26 12:14 . 2007-12-09 18:08 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-26 12:01 . 2009-04-26 12:17 1056256 ----a-w c:\windows\Internet Logs\xDB1CB.tmp
2009-04-17 14:13 . 2007-12-10 21:36 -------- d-----w c:\programmi\Java
2009-04-17 14:10 . 2006-03-02 12:00 72022 ----a-w c:\windows\system32\perfc010.dat
2009-04-17 14:10 . 2006-03-02 12:00 443886 ----a-w c:\windows\system32\perfh010.dat
2009-04-12 09:05 . 2009-04-12 10:56 1484288 ----a-w c:\windows\Internet Logs\xDB60.tmp
2009-04-12 08:51 . 2009-04-12 08:59 1483776 ----a-w c:\windows\Internet Logs\xDB5F.tmp
2009-03-26 17:38 . 2009-03-27 18:57 1467392 ----a-w c:\windows\Internet Logs\xDB5E.tmp
2009-03-25 17:50 . 2009-03-26 17:37 176640 ----a-w c:\windows\Internet Logs\xDB5D.tmp
2009-03-20 17:10 . 2009-03-21 12:26 1462272 ----a-w c:\windows\Internet Logs\xDB5C.tmp
2009-03-20 17:10 . 2009-03-21 12:26 28672 ----a-w c:\windows\Internet Logs\xDB5B.tmp
2009-03-19 21:54 . 2009-03-20 08:07 1461760 ----a-w c:\windows\Internet Logs\xDB5A.tmp
2009-03-19 21:54 . 2009-03-20 08:07 2503168 ----a-w c:\windows\Internet Logs\xDB59.tmp
2009-03-18 07:11 . 2008-10-02 18:46 -------- d-----w c:\programmi\McAfee
2009-03-09 12:00 . 2009-03-09 18:08 2669568 ----a-w c:\windows\Internet Logs\xDB57.tmp
2009-03-09 12:00 . 2009-03-09 18:08 1417728 ----a-w c:\windows\Internet Logs\xDB58.tmp
2009-03-06 14:19 . 2006-03-02 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-26 20:17 . 2009-02-27 18:46 1678848 ----a-w c:\windows\Internet Logs\xDB55.tmp
2009-02-26 20:16 . 2009-02-26 20:17 1678848 ----a-w c:\windows\Internet Logs\xDB54.tmp
2009-02-26 20:16 . 2009-02-26 20:17 986112 ----a-w c:\windows\Internet Logs\xDB53.tmp
2009-02-26 19:50 . 2009-02-27 18:46 1678336 ----a-w c:\windows\Internet Logs\xDB56.tmp
2009-02-20 17:08 . 2006-03-02 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 19:11 . 2009-02-19 18:47 1653760 ----a-w c:\windows\Internet Logs\xDB52.tmp
2009-02-18 19:11 . 2009-02-19 18:47 1166848 ----a-w c:\windows\Internet Logs\xDB51.tmp
2009-02-18 13:51 . 2009-02-18 13:51 2274899 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-02-15 12:36 . 2009-02-15 19:59 1651712 ----a-w c:\windows\Internet Logs\xDB50.tmp
2009-02-10 17:02 . 2004-08-19 15:34 2069760 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 20:58 . 2009-02-10 12:30 328704 ----a-w c:\windows\Internet Logs\xDB4F.tmp
2009-02-09 14:04 . 2006-03-02 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 12:09 . 2009-02-09 12:17 1642496 ----a-w c:\windows\Internet Logs\xDB4E.tmp
2009-02-09 11:23 . 2006-03-02 12:00 2192768 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2006-03-02 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2006-03-02 12:00 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2006-03-02 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2006-03-02 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2006-03-02 12:00 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-08 20:21 . 2009-02-08 20:47 1641984 ----a-w c:\windows\Internet Logs\xDB4D.tmp
2009-02-08 17:36 . 2009-02-08 18:55 971264 ----a-w c:\windows\Internet Logs\xDB4B.tmp
2009-02-08 17:36 . 2009-02-08 18:55 1641984 ----a-w c:\windows\Internet Logs\xDB4C.tmp
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2006-03-02 12:00 35328 ----a-w c:\windows\system32\sc.exe
2008-08-09 12:03 . 2008-08-11 09:53 3241472 ----a-w c:\programmi\Veedub64.exe
2008-08-09 12:03 . 2008-08-11 09:53 275167 ----a-w c:\programmi\Veedub64.vdi
2008-08-09 12:02 . 2008-08-11 09:53 9728 ----a-w c:\programmi\vdub64.exe
2008-08-09 12:02 . 2008-08-11 09:53 72704 ----a-w c:\programmi\vdremote64.dll
2008-08-09 12:02 . 2008-08-11 09:53 57856 ----a-w c:\programmi\vdsvrlnk64.dll
2008-04-12 14:24 . 2008-08-11 09:53 1296 ----a-w c:\programmi\frameserver64.reg
2008-04-12 14:24 . 2008-08-11 09:53 18321 ----a-w c:\programmi\copying
2008-02-25 07:33 . 2008-08-21 11:49 29409880 ----a-w c:\programmi\kav7.0.1.321en.exe
2000-09-10 12:00 . 2008-03-10 17:47 49 ----a-w c:\programmi\setup.lid
2000-09-10 12:00 . 2008-03-10 17:47 334 ----a-w c:\programmi\layout.bin
2000-09-10 12:00 . 2008-03-10 17:47 1865883 ----a-w c:\programmi\data1.cab
2000-09-10 12:00 . 2008-03-10 17:47 73 ----a-w c:\programmi\SETUP.INI
2000-09-10 12:00 . 2008-03-10 17:47 45255 ----a-w c:\programmi\_user1.cab
2000-09-10 12:00 . 2008-03-10 17:47 109 ----a-w c:\programmi\DATA.TAG
2000-09-10 12:00 . 2008-03-10 17:47 186302 ----a-w c:\programmi\_sys1.cab
2000-09-10 11:54 . 2008-03-10 17:47 1994 ----a-w c:\programmi\ReadMe.htm
2000-09-10 11:52 . 2008-03-10 17:47 1463 ----a-w c:\programmi\ReadMe.txt
2000-09-10 11:26 . 2008-03-10 17:47 57252 ----a-w c:\programmi\setup.ins
1997-11-19 15:08 . 2008-03-10 17:47 11264 ----a-w c:\programmi\_setup.dll
1997-11-19 15:05 . 2008-03-10 17:47 8192 ----a-w c:\programmi\_ISDEL.EXE
1997-11-19 15:05 . 2008-03-10 17:47 300178 ----a-w c:\programmi\_INST32I.EX_
1997-05-30 10:31 . 2008-03-10 17:47 4557 ----a-w c:\programmi\lang.dat
1997-05-06 13:15 . 2008-03-10 17:47 417 ----a-w c:\programmi\os.dat
2007-12-11 10:20 . 2007-12-11 10:20 952 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-11 02:06 . 2007-10-10 18:51 39792 c:\programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
2008-03-23 15:50 . 2007-10-10 18:51 39792 c:\programmi\Adobe\Reader 8.0\Reader\Reader_SL.exe
2007-12-10 17:14 . 2004-09-23 12:41 860160 c:\programmi\Analog Devices\SoundMAX\bak\smax4.exe
2007-12-10 17:14 . 2004-10-14 09:11 1388544 c:\programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe
2006-05-10 10:12 . 2006-05-10 10:12 90112 c:\programmi\ATI Technologies\ATI.ACE\bak\CLIStart.exe
2008-01-03 15:12 . 2006-08-07 09:06 700416 c:\programmi\Creative\Sync Manager Unicode\bak\CTSyncU.exe
2007-12-10 17:18 . 2007-12-10 17:18 949376 c:\programmi\ESET\bak\nod32kui.exe
2007-03-09 17:53 . 2007-03-09 17:53 153136 c:\programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe
2007-03-12 12:49 . 2007-03-12 12:49 153136 c:\programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe
2007-12-10 21:36 . 2007-09-25 00:11 132496 c:\programmi\Java\jre1.6.0_03\bin\bak\jusched.exe
2006-10-26 23:47 . 2006-10-26 23:47 31016 c:\programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe
2007-08-24 05:00 . 2007-08-24 05:00 33648 c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
2007-10-18 10:34 . 2007-10-18 10:34 5724184 c:\programmi\Windows Live\Messenger\bak\msnmsgr.exe
2009-02-06 16:52 . 2009-02-06 16:52 3885408 c:\programmi\Windows Live\Messenger\msnmsgr.exe
2007-12-10 22:00 . 2006-05-17 12:14 20480 c:\windows\bak\CameraFixer.exe
2008-08-14 10:13 . 2006-05-17 11:14 20480 c:\windows\CameraFixer.exe
2007-12-10 22:00 . 2005-12-20 13:39 94208 c:\windows\bak\tsnpstd3.exe
2008-08-13 20:24 . 2005-12-20 12:39 94208 c:\windows\tsnpstd3.exe
2007-12-10 22:00 . 2006-09-19 08:07 827392 c:\windows\bak\vsnpstd3.exe
2008-08-13 20:24 . 2006-09-19 07:07 827392 c:\windows\vsnpstd3.exe
2006-03-02 12:00 . 2006-03-02 12:00 15360 c:\windows\system32\bak\ctfmon.exe
2006-03-02 12:00 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadwin PrintScreen"="c:\programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"SBI"="c:\documents and settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\U1D3EWHX\setup_sbd_it[1].exe" [N/A]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [N/A]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [N/A]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-13 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-17 148888]
"mcagent_exe"="c:\programmi\McAfee.com\Agent\mcagent.exe" [N/A]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-08-03 185896]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-06-12 413696]
"CameraFixer"="c:\windows\CameraFixer.exe" [2006-05-17 20480]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 14:28 352256 ----a-w c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATnotes.exe]
[N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\bak\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\kav\\kav7.0\\english\\setup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [03/09/2008 14.07.14 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 14.07.12 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [02/10/2008 20.47.29 210216]
R2 SeaPort;SeaPort;c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 17.53.02 226656]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 14.07.16 7408]
.
Contenuto della cartella 'Scheduled Tasks'
2009-05-06 c:\windows\Tasks\User_Feed_Synchronization-{C10F9DA9-F13E-46B1-AB9F-06B7C1EB9322}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page =
hxxp://www.google.it/uInternet Settings,ProxyOverride = 127.0.0.1;<local>
IE: Download Image with Download Manager - tbr:iemenudownload
IE: Download URL in selection with Download Manager - tbr:iemenudownsel
IE: Download URL with Download Manager - tbr:iemenudownload
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\54ny0rsn.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage -
hxxp://google.itFF - prefs.js: keyword.URL -
hxxp://www.wcsearch.com/search/?ie=UTF- ... &gfns=1&q=FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\54ny0rsn.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\54ny0rsn.default\extensions\capturefoxmovie@advancity.net\components\test.dll
FF - component: c:\programmi\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL -
hxxp://www.wcsearch.com/search/?ie=UTF- ... &gfns=1&q=FF - user.js: general.useragent.extra.zencast - .
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-06 13:03
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SBI = c:\documents and settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\U1D3EWHX\setup_sbd_it[1].exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-05-06 13.08.55
ComboFix-quarantined-files.txt 2009-05-06 11:08
Pre-Run: 216.790.171.648 byte disponibili
Post-Run: 218.081.181.696 byte disponibili
270 --- E O F --- 2009-05-04 18:00