ComboFix 10-07-30.04 - Sandro 31/07/2010 20.13.00.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.510.256 [GMT 2:00]
Eseguito da: c:\documents and settings\Sandro\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sandro\Dati applicazioni\qmkin.exe
.
((((((((((((((((((((((((( Files Creati Da 2010-06-28 al 2010-07-31 )))))))))))))))))))))))))))))))))))
.
2010-07-31 14:20 . 2010-07-31 14:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autorun Eater
2010-07-28 20:55 . 2010-07-28 20:55 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-07-27 10:16 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-07-27 10:16 . 1998-08-05 06:45 122128 ----a-w- c:\windows\system32\VB6IT.DLL
2010-07-27 10:16 . 1998-08-05 06:45 150528 ----a-w- c:\windows\system32\MSCMCIT.DLL
2010-07-27 10:16 . 1998-08-05 06:45 63488 ----a-w- c:\windows\system32\MSCC2IT.DLL
2010-07-27 10:16 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-07-27 10:16 . 2010-07-27 10:16 -------- d-----w- c:\programmi\PDFCreator
2010-07-14 17:10 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 12:31 . 2009-07-23 09:57 100480 ----a-r- c:\windows\system32\drivers\ewusbfake.sys
2010-07-08 13:47 . 2010-07-08 13:47 -------- d-----w- c:\documents and settings\Sandro\Dati applicazioni\it.vodafone.counterswidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
2010-07-08 13:44 . 2010-07-08 13:44 -------- d-----w- c:\documents and settings\Sandro\Dati applicazioni\FLEXnet
2010-07-08 13:37 . 2010-07-08 13:37 -------- d-----w- c:\documents and settings\Sandro\Dati applicazioni\Vodafone
2010-07-08 13:36 . 2009-07-23 09:57 112640 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2010-07-08 13:36 . 2009-07-23 09:57 102528 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2010-07-08 13:35 . 2010-07-08 13:35 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Vodafone
2010-07-08 13:35 . 2010-07-08 13:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Vodafone
2010-07-08 13:35 . 2010-07-08 13:35 -------- d-----w- c:\programmi\Vodafone
2010-07-08 13:35 . 2010-07-08 13:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-07-08 13:35 . 2010-07-08 13:35 -------- d-----w- c:\documents and settings\Sandro\Impostazioni locali\Dati applicazioni\{4D4E02EE-0904-4442-8E6A-B77395E9B072}
2010-07-06 21:28 . 2010-07-06 21:27 53632 ----a-w- c:\documents and settings\Sandro\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-06 21:28 . 2010-07-06 21:28 -------- d-----w- c:\programmi\Widget Contatori
2010-07-06 21:28 . 2010-07-06 21:28 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-07-06 21:27 . 2010-07-06 21:27 -------- d-----w- c:\documents and settings\Sandro\Impostazioni locali\Dati applicazioni\Adobe
2010-07-04 20:44 . 2010-07-04 20:44 49152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-04 20:44 . 2010-07-04 20:44 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-04 20:44 . 2010-07-04 20:44 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-04 20:44 . 2010-07-04 20:44 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-04 20:44 . 2010-07-04 20:44 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-04 20:44 . 2010-07-04 20:44 40960 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-04 20:44 . 2010-07-04 20:44 308808 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-04 20:44 . 2010-07-04 20:44 14848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-04 20:44 . 2010-07-04 20:44 341600 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-04 20:43 . 2010-07-04 20:43 -------- d-----w- c:\programmi\File comuni\xing shared
2010-07-04 20:42 . 2010-07-04 20:43 -------- d-----w- c:\programmi\Real
2010-07-04 20:42 . 2010-07-04 20:43 -------- d-----w- c:\programmi\File comuni\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 16:44 . 2010-04-26 12:59 -------- d-----w- c:\documents and settings\Sandro\Dati applicazioni\HPAppData
2010-07-31 14:20 . 2010-01-04 19:47 -------- d-----w- c:\programmi\Autorun Eater
2010-07-31 13:34 . 2009-08-05 13:11 -------- d-----w- c:\documents and settings\Sandro\Dati applicazioni\TeraCopy
2010-07-30 18:46 . 2009-08-06 14:31 -------- d-----w- c:\documents and settings\Sandro\Dati applicazioni\vlc
2010-07-29 09:28 . 2010-02-12 10:32 -------- d-----w- c:\documents and settings\Sandro\Dati applicazioni\Skype
2010-07-29 09:24 . 2010-02-12 10:36 -------- d-----w- c:\documents and settings\Sandro\Dati applicazioni\skypePM
2010-07-27 06:35 . 2010-03-14 22:28 -------- d-----w- c:\programmi\River Past
2010-07-27 06:35 . 2010-02-28 22:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\River Past G5
2010-07-27 06:33 . 2005-02-02 07:15 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-07-27 06:33 . 2005-02-02 07:15 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-07-19 15:53 . 2009-08-17 08:29 -------- d-----w- c:\documents and settings\Sandro\Dati applicazioni\dvdcss
2010-07-04 20:42 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-04 20:42 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-26 09:37 . 2010-04-26 12:22 202179 ----a-w- c:\windows\hpoins43.dat
2010-06-26 09:06 . 2010-06-26 09:04 -------- d-----w- c:\documents and settings\Sandro\Dati applicazioni\U3
2010-06-23 15:20 . 2010-06-10 10:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SlySoft
2010-06-23 15:20 . 2010-06-23 15:20 -------- d-----w- c:\programmi\SlySoft
2010-06-14 14:31 . 2005-02-02 07:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 13:17 . 2010-06-14 13:12 -------- d-----w- c:\programmi\eMule
2010-06-14 11:39 . 2010-06-14 11:39 -------- d-----w- c:\programmi\Sandboxie
2010-06-14 09:04 . 2010-06-09 16:58 -------- d-----w- c:\documents and settings\Sandro\Dati applicazioni\uTorrent
2010-06-10 17:44 . 2010-06-10 17:44 -------- d-----w- c:\programmi\Freeware PDF Unlocker
2010-06-10 10:57 . 2010-06-09 16:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2010-06-10 09:57 . 2010-06-10 09:57 -------- d-----w- c:\programmi\DVD Shrink
2010-06-10 07:11 . 2010-06-09 16:58 -------- d-----w- c:\programmi\uTorrent
2010-06-09 17:22 . 2010-02-16 18:14 -------- d-----w- c:\programmi\PeerBlock
2010-06-08 20:24 . 2010-06-08 20:24 -------- d-----w- c:\documents and settings\Sandro\Dati applicazioni\MPEG Streamclip
2010-06-05 07:53 . 2009-11-29 23:13 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-06-04 15:06 . 2010-06-04 15:05 -------- d-----w- c:\programmi\Paint.NET
.
------- Sigcheck -------
[-] 2010-02-22 . 7EE936A57B5901D6B1C4AF9A9E6C500A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RamBooster"="c:\programmi\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2004-03-23 196608]
"TFncKy"="TFncKy.exe" [BU]
"Tvs"="c:\programmi\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 73728]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-12-21 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-26 5529600]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="c:\programmi\KeyScrambler\getting_started.html" [X]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^RAMASST.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-10-28 13:37 88363 ----a-w- c:\windows\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autorun Eater]
2010-05-06 16:59 516216 ----a-w- c:\programmi\Autorun Eater\oldmcdonald.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
2004-11-29 08:10 667648 -c--a-w- c:\programmi\TOSHIBA\E-KEY\CeEKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-22 23:03 916240 ----a-w- c:\programmi\Eraser\Eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2004-12-23 17:07 28672 -c--a-w- c:\programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-09-18 15:48 2412032 ----a-w- c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-01-26 23:07 1490944 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
2004-06-29 17:04 1077326 ----a-w- c:\programmi\TOSHIBA\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-04-17 10:56 394984 ----a-w- c:\programmi\Sandboxie\SbieCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
2004-08-30 14:37 286720 ----a-w- c:\windows\vsnpstd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-06 20:48 149280 -c--a-w- c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2004-12-27 09:26 61440 -c--a-w- c:\programmi\TOSHIBA\Windows Utilities\SVPWUTIL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]
2005-01-24 12:51 28672 ----a-w- c:\windows\system32\TCtrlIOHook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-04 20:42 202256 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]
2005-01-14 12:40 24576 -c--a-w- c:\programmi\TOSHIBA\Accessibility\FnKeyHook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
2004-11-29 20:06 53248 -c--a-w- c:\programmi\TOSHIBA\TouchPad\TPTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2004-12-23 12:52 266240 ----a-w- c:\windows\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
2004-07-14 15:07 24576 ----a-w- c:\windows\system32\ZoomingHook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [03/05/2010 0.18.02 20968]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18/09/2009 17.48.28 9216]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [29/12/2009 22.40.46 115312]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\documents and settings\Sandro\Desktop\hwhardware\HWiNFO32.SYS
c:\documents and settings\Sandro\Desktop\hwhardware\HWiNFO32.SYS
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [08/07/2010 15.36.39 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [09/07/2010 14.31.12 100480]
S3 pbfilter;pbfilter;c:\programmi\PeerBlock\pbfilter.sys [16/02/2010 20.14.31 14424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
2010-07-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2978951802-1120063500-3202925473-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
2010-07-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2978951802-1120063500-3202925473-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {7D4DFAFC-B8D4-4E9D-BCF0-F37B20E0E157} = 8.8.4.4,85.37.17.16
FF - ProfilePath - c:\documents and settings\Sandro\Dati applicazioni\Mozilla\Firefox\Profiles\sr0tafyo.Sandrino\
FF - prefs.js: browser.startup.homepage -
www.google.itFF - component: c:\documents and settings\Sandro\Dati applicazioni\Mozilla\Firefox\Profiles\sr0tafyo.Sandrino\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-31 20:17
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2010-07-31 20:19:59
ComboFix-quarantined-files.txt 2010-07-31 18:19
Pre-Run: 23.324.663.808 byte disponibili
Post-Run: 23.298.490.368 byte disponibili
- - End Of File - - C3DD376172DC5959FE29115C82A12364