Malwarebytes' Anti-Malware 1.40
Versione del database: 2574
Windows 6.0.6001 Service Pack 1
07/08/2009 17.09.46
mbam-log-2009-08-07 (17-09-09).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 192824
Tempo trascorso: 38 minute(s), 5 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qwyugem (Trojan.Agent.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\v0230cvw.dll (Trojan.Agent) -> No action taken.
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
c:\Users\jimmy\AppData\Local\qwyugem.exe (Trojan.Agent.H) -> No action taken.
ComboFix 09-08-06.01 - jimmy 07/08/2009 17.30.16.1.4 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.39.1040.18.3070.1869 [GMT 2:00]
Eseguito da: c:\users\jimmy\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3429346259-3954536561-3438569738-500
c:\users\jimmy\AppData\Local\qwyugem.dat
c:\users\jimmy\AppData\Local\qwyugem_nav.dat
c:\users\jimmy\AppData\Local\qwyugem_navps.dat
c:\windows\system32\CmdLineExt.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-07-07 al 2009-08-07 )))))))))))))))))))))))))))))))))))
.
2009-08-07 15:34 . 2009-08-07 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-07 14:26 . 2009-08-07 14:26 -------- d-----w- c:\users\jimmy\AppData\Roaming\Malwarebytes
2009-08-07 14:26 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-07 14:26 . 2009-08-07 14:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-07 14:26 . 2009-08-07 14:26 -------- d-----w- c:\programdata\Malwarebytes
2009-08-07 14:26 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-07 12:50 . 2009-08-07 12:50 -------- d-----w- c:\program files\Trend Micro
2009-07-23 21:35 . 2009-07-23 21:35 -------- d-----w- c:\program files\Ubisoft
2009-07-15 05:19 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 05:19 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 05:19 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 05:19 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 15:16 . 2008-01-21 06:30 662624 ----a-w- c:\windows\system32\perfh010.dat
2009-08-07 15:16 . 2008-01-21 06:30 120120 ----a-w- c:\windows\system32\perfc010.dat
2009-08-07 14:04 . 2009-03-15 19:33 90 ----a-w- c:\users\jimmy\AppData\Local\skyqi.bat
2009-07-25 07:08 . 2009-05-17 21:55 -------- d-----w- c:\users\jimmy\AppData\Roaming\Ahead
2009-07-25 07:08 . 2009-05-17 21:55 -------- d-----w- c:\programdata\Ahead
2009-07-25 06:25 . 2009-03-16 21:11 -------- d-----w- c:\users\jimmy\AppData\Roaming\dvdcss
2009-07-23 21:35 . 2008-04-21 21:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-23 21:18 . 2009-05-05 17:29 -------- d-----w- c:\programdata\Media Center Programs
2009-07-21 21:52 . 2009-07-29 05:43 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 05:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 05:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 05:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-09 19:10 . 2009-04-28 18:21 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 13:11 . 2009-07-01 13:11 10134 ----a-r- c:\users\jimmy\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-01 13:11 . 2009-07-01 13:11 -------- d-----w- c:\program files\Microsoft WSE
2009-07-01 13:05 . 2009-07-01 13:05 -------- d-----w- c:\program files\Electronic Arts
2009-06-30 17:48 . 2008-04-21 21:39 -------- d-----w- c:\program files\Acer GameZone
2009-06-29 17:38 . 2009-06-29 17:21 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-29 17:38 . 2009-06-29 17:21 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-29 17:34 . 2009-06-29 17:34 -------- d-----w- c:\program files\Bohemia Interactive
2009-06-29 17:21 . 2009-06-29 17:21 -------- d-----w- c:\program files\OpenAL
2009-06-29 16:42 . 2009-06-26 21:34 -------- d-----w- c:\users\jimmy\AppData\Roaming\DAEMON Tools Lite
2009-06-28 16:51 . 2009-05-31 09:37 -------- d-----w- c:\programdata\Lavasoft
2009-06-28 16:51 . 2009-05-31 09:37 -------- d-----w- c:\program files\Lavasoft
2009-06-28 15:47 . 2009-06-28 15:46 -------- d-----w- c:\program files\ewido anti-malware
2009-06-27 20:14 . 2009-06-27 20:14 -------- d-----w- c:\program files\DAEMON Tools
2009-06-26 22:14 . 2009-06-26 21:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-26 21:48 . 2009-06-26 21:48 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-06-26 21:34 . 2009-06-26 21:34 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-24 06:14 . 2009-04-28 18:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 06:14 . 2009-04-28 18:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-12 21:13 . 2009-06-12 21:12 -------- d-----w- c:\users\jimmy\AppData\Roaming\U3
2009-06-10 11:32 . 2009-06-10 11:32 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb65CC.tmp.exe
2009-05-11 18:34 . 2009-04-28 18:21 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-15 68856]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-15 24064]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-06 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-15 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
c:\users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Digimax Viewer 2.1.lnk - c:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2009-3-15 634880]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-21 535336]
Winter Fun Wallpaper Changer.lnk - c:\windows\Installer\{038A524F-58DB-438A-8391-8F7F0CA14B9E}\Icon038A524F.exe [2009-5-24 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A1A27045-44B8-4CFF-85DA-0460BB0998F8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1A531558-2500-48C2-A7DC-311A86265B8B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8F6FDB65-492D-44B0-864F-2F040A4AE193}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{147DA05F-5618-4F41-BAA8-A15CE565E1FA}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{A55486F2-A48E-493D-8E9A-3D9A7265FC29}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{CEAACCC5-3C40-43C3-B602-B04C0F8FABEF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4DD37A9A-8732-4446-AE40-7614DD226A63}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{797628EE-5404-4EE8-B908-0974CA8B5203}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7B152F59-5609-4CB2-96A9-D51CA2B9F5AD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BD09C243-7A0C-49B9-AC6C-C5F8BCD0EB22}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25AD1C29-32F6-4782-BD28-E69DD6D6707A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D095E283-F375-4BFA-A56D-453C5BFD234F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{79CAD2E7-2678-45BF-8107-A42337A38834}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{F8D7F602-8C57-4FEE-930C-11A6D627A148}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{FBD861FB-57FF-43CD-A0A1-1F2C648A41F8}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes
"{9845D500-C842-4183-A978-70EB9441C2AC}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes
"{504609A2-73E6-4C59-920A-A0D267B931BF}"= UDP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{607E957B-C480-45CE-BB9B-9CF2DC6294B2}"= TCP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{12C852B2-F7CF-4F9D-BC9E-4AC915010DC7}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{FA08500D-132F-4AE6-B1C0-1FB65BA86E56}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{D909006D-F515-4817-97ED-1AC10DFF84AE}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{D4042EE1-A364-4DF0-B991-E992FE242D5C}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [28/04/2009 20.21.53 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [28/04/2009 20.21.57 108552]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [30/12/2005 13.12.19 3072]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [28/04/2009 20.21.51 298776]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [25/11/2006 9.34.32 42528]
R3 V0230Vfx;V0230Vfx;c:\windows\System32\drivers\V0230Vfx.sys [15/03/2009 18.34.58 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\System32\drivers\V0230VID.sys [15/03/2009 18.34.58 500480]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/03/2009 18.14.14 24064]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [16/03/2009 22.36.43 75776]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-08-07 c:\windows\Tasks\User_Feed_Synchronization-{22960CE3-4805-464B-A5FA-8CB739ADEE93}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-PCMMediaSharing - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NWEReboot - (no file)
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.eurosport.yahoo.com/calcio/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=1&o=vp32&d=1208&m=aspire_m3641
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\qa0oqrq6.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.eurosport.yahoo.com/calcio/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-07 17:34
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-08-07 17.36.40
ComboFix-quarantined-files.txt 2009-08-07 15:36
Pre-Run: 83.236.114.432 byte disponibili
Post-Run: 89.529.585.664 byte disponibili
254 --- E O F --- 2009-08-07 06:20
