ComboFix 13-04-02.01 - bibbuccio 2013-04-03 0:26.19.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.3062.2394 [GMT 2:00]
Eseguito da: c:\documents and settings\bibbuccio\Documenti\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: Avira Desktop *Disabled/Outdated* {0012F2B4-5C49-7C92-0300-000100000000}
AV: Avira Desktop *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira Desktop *Enabled/Outdated* {00000000-0715-0000-08F2-12003094807C}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\36D
c:\documents and settings\All Users\Dati applicazioni\36D\{CE74FC39-384A-4F87-B94A-F88E2797DDE4}.swf
c:\documents and settings\bibbuccio\Dati applicazioni\CHRONIC.EXE
c:\documents and settings\bibbuccio\Dati applicazioni\Toolbar4
c:\documents and settings\bibbuccio\WINDOWS
C:\InfoSat.txt
C:\Muestras
C:\Thumbs.db
c:\windows\IsUn0410.exe
c:\windows\system32\CddbCdda.dll
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\SETB7.tmp
c:\windows\system32\SETB9.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32 mp.reg
c:\windows\wininit.ini
D:\install.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2013-03-02 al 2013-04-02 )))))))))))))))))))))))))))))))))))
.
.
2013-04-02 14:56 . 2013-04-02 16:21 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-03-28 16:37 . 2013-03-28 16:37 -------- d-----w- c:\windows\SysWOW64
2013-03-20 20:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-20 20:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-16 17:42 . 2008-06-27 09:39 332928 ----a-r- c:\windows\system32\drivers\RTL8187.sys
2013-03-07 06:45 . 2013-02-11 10:28 35896 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-03-07 06:06 . 2012-11-29 13:45 44424 ----a-r- c:\windows\system32\SBBD.EXE
2013-03-07 06:06 . 2012-10-30 12:46 66344 ----a-r- c:\windows\system32\drivers\sbapifs.sys
2013-03-07 06:06 . 2012-10-30 12:46 22064 ----a-r- c:\windows\system32\drivers\sbaphd.sys
2013-03-07 06:06 . 2013-03-07 13:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\STOPzilla!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 13:13 . 2012-12-30 09:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 13:13 . 2012-01-11 07:12 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2008-08-04 20:15 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2003-04-08 19:00 12928 ------w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2003-04-08 19:00 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 07:24 . 2003-04-08 19:00 2152448 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:24 . 2002-09-09 13:34 2031104 ------w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:09 . 2003-04-08 19:00 1867264 ------w- c:\windows\system32\win32k.sys
2013-01-11 16:34 . 2013-01-11 16:34 262704 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2009-02-04 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-09-11 348664]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"RTHDCPL"="rthdcpl.exe" [2007-07-11 16132608]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2012-04-18 421888]
"SwitchBoard"="c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\programmi\File comuni\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\documents and settings\bibbuccio\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-11-30 05:28 1637312 ----a-w- c:\programmi\SlySoft\AnyDVD\AnyDVD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DexrexIMBackup]
2010-04-13 14:50 175104 ----a-w- c:\programmi\Dexrex\DexrexIMBackup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-07-11 04:07 155648 ------w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-07-11 04:07 131072 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-07-03 09:40 2328576 ----a-w- c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 09:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\programmi\Windows Media Player\WMPNSCFG.exe
"EPSON Stylus DX7400 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "c:\windows\TEMP\E_S8E.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DVAPTray"=c:\windows\System32\DVAPTray.exe
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe"
"SwitchBoard"=c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"Persistence"=c:\windows\System32\igfxpers.exe
"RTHDCPL"=RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Nokia\\Nokia Home Media Server\\Media Server\ wonkymedia.exe"=
"c:\\Programmi\\Nokia\\Nokia Home Media Server\\Media Server\ wonkymediaserver.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\Programmi\\ODEON\\JAF\\JCOP.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"5061:TCP"= 5061:TCP:SPF Port 5061 TCP
"39801:TCP"= 39801:TCP:SPF Port 39801 TCP
"49643:UDP"= 49643:UDP:SPF Port 49643 UDP
"5985:TCP"= 5985:TCP:Gestione remota Windows
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-12-26 14776]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-11-26 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-11-07 64512]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-31 36000]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programmi\IObit\Advanced SystemCare 4\ASCService.exe [2012-12-26 328536]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [2011-12-31 86224]
R2 BBUpdate;BBUpdate;c:\programmi\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-09-22 66560]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-07-03 9216]
S0 eiqhe;eiqhe;c:\windows\system32\drivers\ulwwn.sys --> c:\windows\system32\drivers\ulwwn.sys [?]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-11-26 61328]
S0 vhlmf;vhlmf;c:\windows\system32\drivers\odiirker.sys --> c:\windows\system32\drivers\odiirker.sys [?]
S2 BBSvc;Bing Bar Update Service;c:\programmi\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S3 AVMAP_CP;AvMap Chart Plotter USB Driver (x86);c:\windows\system32\drivers\avmap_cp.sys [2010-12-16 18736]
S3 AVMAP_S3C;AvMap S3C Chart Plotter USB Driver (avmap_cp.sys);c:\windows\system32\drivers\avmap_cp.sys [2010-12-16 18736]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-06-12 112640]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-03-07 35896]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-06-12 102656]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-12-28 35144]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-08-22 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-08-22 8320]
S3 phil2vid;Fotocamera VGA USB Philip;c:\windows\system32\drivers\philcam2.sys [2011-06-07 173696]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2010-08-22 32377]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2013-02-23 606056]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2013-03-16 332928]
S3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S4 DexrexDaemon;DexrexDaemon;c:\programmi\Dexrex\DexrexDaemon.exe [2010-04-13 174592]
S4 TwonkyMedia;TwonkyMedia;c:\programmi\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\programmi\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 16695132
*Deregistered* - 16695132
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 13:13]
.
2013-03-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-DESK1-bibbuccio.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20 06:27]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-17 20:32]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-17 20:32]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1383384898-839522115-1004Core.job
- c:\documents and settings\bibbuccio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-05-21 12:41]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1383384898-839522115-1004UA.job
- c:\documents and settings\bibbuccio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-05-21 12:41]
.
2013-04-02 c:\windows\Tasks\SmartDefragUpdate.job
- c:\programmi\IObit\Smart Defrag 2\AutoUpdate.exe [2012-12-25 10:06]
.
2013-04-02 c:\windows\Tasks\User_Feed_Synchronization-{44FB57ED-4C15-4C80-BB0C-ADFC6F44AEDE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: Apri un'immagine con PhotoME... - c:\programmi\PhotoME\iemenuext.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\bibbuccio\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Locate Spot on Map by GPS - c:\programmi\Opanda\IExif 2.3\IExifMap.htm
IE: Post Image to Blog - c:\programmi\ImageShackToolbar\ImageShackToolbar.dll/5003
IE: Tag This Image - c:\programmi\ImageShackToolbar\ImageShackToolbar.dll/5002
IE: Transload Image to ImageShack - c:\programmi\ImageShackToolbar\ImageShackToolbar.dll/5004
IE: Upload All Images to ImageShack - c:\programmi\ImageShackToolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\programmi\ImageShackToolbar\ImageShackToolbar.dll/5001
IE: View Exif/GPS/IPTC with IExif - c:\programmi\Opanda\IExif 2.3\IExifCom.htm
FF - ProfilePath - c:\documents and settings\bibbuccio\Dati applicazioni\Mozilla\Firefox\Profiles\xq9zggwi.default\
FF - prefs.js: browser.startup.homepage - www.virgilio.it
FF - prefs.js: network.proxy.type - 0
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
FF - user.js: app.update.disable_button.showUpdateHistory - false
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1359806571
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1358627154
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1359806691
FF - user.js: app.update.lastUpdateTime.browser-cleanup-thumbnails - 1359806451
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1361629871
FF - user.js: browser.cache.disk.capacity - 358400
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size.use_old_max - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 358400
FF - user.js: browser.download.dir - c:\\Documents and Settings\\bibbuccio\\Documenti\\Download
FF - user.js: browser.download.manager.alertOnEXEOpen - false
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.migration.version - 8
FF - user.js: browser.newtabpage.storageVersion - 1
FF - user.js: browser.pagethumbnails.storage_version - 2
FF - user.js: browser.places.smartBookmarksVersion - 4
FF - user.js: browser.preferences.advanced.selectedTabIndex - 0
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.update - false
FF - user.js: browser.search.useDBForOrder - false
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - www.virgilio.it
FF - user.js: browser.startup.homepage_override.buildID - 20130104151925
FF - user.js: browser.startup.homepage_override.mstone - 18.0
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.urlbar.autocomplete.enabled - false
FF - user.js: extensions.blocklist.pingCountTotal - 7
FF - user.js: extensions.blocklist.pingCountVersion - 3
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 14
FF - user.js: extensions.enabledAddons - iobit%40mybrowserbar.com:7.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{ABDE892B-13A8-4d1b-88E6-365A6E755758}\:{\descriptor\:\c:\\\\Programmi\\\\Real\\\\RealPlayer\\\\browserrecord\,\mtime\:1228773435000},\jqs@sun.com\:{\descriptor\:\c:\\\\Programmi\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1229334209171},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1251804199809},\helperframework@zonemedia.com\:{\descriptor\:\c:\\\\Programmi\\\\Internet Explorer\\\\bin\,\mtime\:1352045330046},\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\:{\descriptor\:\c:\\\\Programmi\\\\File comuni\\\\DVDVideoSoft\\\\plugins\\\\ff\,\mtime\:1357922978250}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Programmi\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1357922060703}}},{\name\:\app-profile\,\addons\:{\iobit@mybrowserbar.com\:{\descriptor\:\c:\\\\Programmi\\\\IObit Toolbar\\\\FF\,\mtime\:1362167189062}}}]
FF - user.js: extensions.lastAppVersion - 18.0
FF - user.js: extensions.lastPlatformVersion - 18.0
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: gecko.buildID - 20130104151925
FF - user.js: gecko.mstone - 18.0
FF - user.js: idle.lastDailyNotification - 1357764462
FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.proxy.type - 0
FF - user.js: places.database.lastMaintenance - 1357764462
FF - user.js: places.history.enabled - false
FF - user.js: places.history.expiration.transient_current_max_pages - 80267
FF - user.js: pref.privacy.disable_button.cookie_exceptions - false
FF - user.js: pref.privacy.disable_button.view_cookies - false
FF - user.js: privacy.sanitize.didShutdownSanitize - true
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.sanitizeOnShutdown - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.globalScore - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.nextSync - 0
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: signon.rememberSignons - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1356897692
FF - user.js: toolkit.startup.last_success - 1362638567
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: toolkit.telemetry.rejected - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1365230576
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.180 -
FF - user.js: xpinstall.whitelist.add.36 -
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - (no file)
HKCU-Run-AdobeBridge - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SearchSettings - c:\programmi\File comuni\Spigot\Search Settings\SearchSettings.exe
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0410.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-03 00:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,0f,b0,90,d0,99,fa,4f,81,5b,27,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,0f,b0,90,d0,99,fa,4f,81,5b,27,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:e5,43,10,f6,94,47,72,77,b7,94,76,d0,42,52,10,f6,3b,ff,ca,a3,9a,
37,c4,3b,f0,f9,3c,be,c2,ae,2f,01,b9,24,c1,ad,fd,ef,f7,4e,8c,e8,b0,11,bf,27,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:e5,43,10,f6,94,47,72,77,b7,94,76,d0,42,52,10,f6,3b,ff,ca,a3,9a,
37,c4,3b,f0,f9,3c,be,c2,ae,2f,01,b9,24,c1,ad,fd,ef,f7,4e,8c,e8,b0,11,bf,27,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2013-04-03 00:33:11
ComboFix-quarantined-files.txt 2013-04-02 22:33
ComboFix2.txt 2009-02-11 17:10
ComboFix3.txt 2009-02-01 15:14
ComboFix4.txt 2009-01-30 17:25
ComboFix5.txt 2009-03-13 07:57
.
Pre-Run: 15,594,532,864 byte disponibili
Post-Run: 16,333,766,656 byte disponibili
.
- - End Of File - - 75F3EB6C5EC09AA6B437D22F07B44942