ComboFix 09-11-15.02 - francesco 17/11/2009 17.10.17..2 - FAT32x86
Eseguito da: c:\users\francesco\Desktop\ComboFix.exe
Opzioni usate :: c:\users\francesco\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\TEMP\TMP00000058317D8C4F7A9E864A"
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hdbga
((((((((((((((((((((((((( Files Creati Da 2009-10-17 al 2009-11-17 )))))))))))))))))))))))))))))))))))
.
2009-11-17 16:28 . 2009-11-17 16:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-15 13:36 . 2009-11-15 18:00 -------- d-----w- c:\program files\DNA
2009-11-15 13:33 . 2009-11-15 13:33 -------- d-----w- c:\users\francesco\AppData\Roaming\Malwarebytes
2009-11-15 13:33 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 13:33 . 2009-11-15 13:33 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 13:33 . 2009-11-15 13:33 -------- d-----w- c:\programdata\Malwarebytes
2009-11-15 13:33 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 21:50 . 2009-11-14 21:50 -------- d-----w- c:\program files\Trend Micro
2009-11-14 21:21 . 2009-11-14 21:21 -------- d-----w- c:\users\francesco\AppData\Local\IsolatedStorage
2009-11-13 19:50 . 2009-11-13 19:52 4096 d-----w- C:\AV_LOGS
2009-11-13 19:50 . 2009-11-13 19:50 -------- d-----w- c:\users\francesco\{0936e258-cbab-442f-b243-799a5f4f1005}
2009-11-13 19:49 . 2008-12-10 15:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys
2009-11-13 19:46 . 2009-11-14 14:29 -------- d-----w- c:\users\francesco\AppData\Roaming\GetRightToGo
2009-11-13 19:42 . 2009-11-13 19:43 4096 d-----w- c:\program files\All2WAV Recorder
2009-11-13 19:42 . 2002-01-05 10:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-11-12 19:52 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 19:51 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-09 14:39 . 2009-11-15 14:33 -------- d-----w- c:\program files\rkfree
2009-11-09 14:39 . 2009-11-09 14:39 -------- d---a-w- c:\programdata\rkfree
2009-11-08 18:45 . 2009-11-08 18:45 -------- d-----w- c:\programdata\PinnacleExtractor
2009-11-04 16:56 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-04 16:56 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-04 16:56 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-04 16:56 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-04 16:56 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-04 16:55 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-04 16:55 . 2009-09-15 11:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-04 16:30 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-04 16:30 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-04 16:30 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-04 16:30 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-04 16:29 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-04 16:29 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-04 16:29 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-04 16:29 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-04 16:29 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-04 16:18 . 2009-11-04 16:18 -------- d-----w- c:\users\francesco\AppData\Roaming\PeerNetworking
2009-10-28 19:14 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 19:14 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-23 15:34 . 2009-10-23 15:34 -------- d-----w- c:\program files\SweetIM
2009-10-23 15:34 . 2009-10-23 15:34 -------- d-----w- c:\programdata\SweetIM
2009-10-23 14:28 . 2009-10-23 14:28 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-22 17:34 . 2009-10-22 17:36 4096 d-----w- c:\program files\Windows Live Safety Center
2009-10-22 15:33 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-22 15:33 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-19 18:09 . 2009-11-17 15:55 -------- d-----w- c:\users\francesco\Tracing
2009-10-19 18:08 . 2009-10-23 14:38 4096 d-----w- c:\program files\Microsoft Silverlight
2009-10-19 18:08 . 2009-08-05 20:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-10-19 18:07 . 2009-10-19 18:07 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-19 18:06 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-19 18:05 . 2009-10-19 18:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-19 18:03 . 2009-10-19 18:08 -------- d-----w- c:\program files\Microsoft
2009-10-19 18:03 . 2009-10-19 18:03 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-19 18:03 . 2009-10-19 18:08 4096 d-----w- c:\program files\Windows Live
2009-10-19 17:56 . 2009-10-19 17:56 -------- d-----w- c:\program files\Common Files\Windows Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-17 16:38 . 2009-06-14 14:08 4096 d-----w- c:\users\francesco\AppData\Roaming\DNA
2009-11-17 16:36 . 2008-10-25 14:57 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-11-17 16:36 . 2008-10-25 14:57 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-11-17 16:29 . 2009-06-14 14:55 4096 d-----w- c:\users\francesco\AppData\Roaming\Hamachi
2009-11-14 14:33 . 2008-10-25 06:01 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 19:33 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-13 15:31 . 2008-10-25 06:59 8192 d-----w- c:\programdata\Microsoft Help
2009-11-02 19:42 . 2009-10-07 18:12 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 16:04 . 2008-10-25 06:48 28672 d-----w- c:\program files\Microsoft Works
2009-10-28 18:58 . 2009-05-26 23:48 76432 ----a-w- c:\users\francesco\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-20 18:14 . 2009-10-17 09:30 4096 d-----w- c:\users\francesco\AppData\Roaming\Apple Computer
2009-10-17 10:00 . 2009-10-17 10:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-17 10:00 . 2009-10-17 09:25 -------- d-----w- c:\programdata\Apple
2009-10-17 09:30 . 2009-10-17 09:29 4096 d-----w- c:\program files\iTunes
2009-10-17 09:30 . 2009-10-17 09:29 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-17 09:29 . 2009-10-17 09:29 -------- d-----w- c:\program files\iPod
2009-10-17 09:29 . 2009-10-17 09:25 -------- d-----w- c:\program files\Common Files\Apple
2009-10-17 09:29 . 2009-10-17 09:27 -------- d-----w- c:\programdata\Apple Computer
2009-10-17 09:28 . 2009-10-17 09:28 -------- d-----w- c:\program files\Bonjour
2009-10-17 09:28 . 2009-10-17 09:27 4096 d-----w- c:\program files\QuickTime
2009-10-17 09:27 . 2009-10-17 09:27 4096 d-----w- c:\program files\Apple Software Update
2009-10-13 18:05 . 2009-10-13 18:05 4096 d-----w- c:\program files\Guitar Pro 5
2009-10-13 18:01 . 2009-10-13 17:56 -------- d-----w- c:\users\francesco\AppData\Roaming\Anvil Studio
2009-10-13 17:56 . 2009-10-13 17:55 4096 d-----w- c:\program files\Anvil Studio
2009-10-13 17:39 . 2009-10-13 17:39 -------- d-----w- c:\users\francesco\AppData\Roaming\Video DVD Maker FREE
2009-10-13 17:38 . 2009-10-13 17:37 4096 d-----w- c:\program files\LMMS 0.4.5
2009-10-12 18:28 . 2009-10-12 18:28 4096 d-----w- c:\program files\VirtualDJ
2009-10-10 10:24 . 2009-10-10 10:10 164 ----a-w- c:\users\francesco\AppData\Roaming\wklnhst.dat
2009-10-10 10:10 . 2009-10-10 10:10 -------- d-----w- c:\users\francesco\AppData\Roaming\Template
2009-10-07 19:14 . 2009-10-07 19:14 8192 d-----w- c:\program files\Video DVD Maker
2009-10-07 18:51 . 2009-10-07 18:51 -------- d-----w- c:\program files\Activision
2009-09-21 15:09 . 2009-09-21 15:09 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-20 13:45 . 2009-09-20 13:45 4096 d-----w- c:\program files\P2P_MAX_IT_Atube
2009-09-20 13:44 . 2009-09-20 13:44 4096 d-----w- c:\program files\Ask.com
2009-09-20 13:44 . 2009-09-20 13:44 -------- d-----w- c:\program files\DsNET Corp
2009-09-14 09:44 . 2009-10-17 09:15 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 17:30 . 2009-10-17 10:06 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 12:24 . 2009-10-17 09:15 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 12:39 . 2009-09-03 06:52 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 06:52 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32 . 2009-10-17 10:30 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-17 10:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-17 10:30 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-25 15:19 . 2008-10-25 15:00 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((
SnapShot@2009-11-16_15.39.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-11-16 17:17 47204 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-05-26 23:45 . 2009-11-17 16:39 14414 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1444937143-3832624583-3029897473-1000_UserData.bin
- 2009-05-26 23:17 . 2009-11-16 15:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-26 23:17 . 2009-11-17 16:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-26 23:17 . 2009-11-16 15:32 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-26 23:17 . 2009-11-17 16:31 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-26 23:17 . 2009-11-17 16:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-26 23:17 . 2009-11-16 15:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-16 17:14 . 2009-11-16 17:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-16 17:14 . 2009-11-16 17:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-16 17:14 . 2009-11-16 17:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-17 16:30 . 2009-11-17 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-16 15:31 . 2009-11-16 15:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-16 15:31 . 2009-11-16 15:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-17 16:30 . 2009-11-17 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-11 20:35 . 2009-11-17 16:29 3152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-05-26 23:50 . 2009-11-16 19:55 252816 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:02 . 2009-11-17 16:39 100938 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-11-17 16:36 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-16 15:38 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-16 15:38 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-11-17 16:36 101250 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{45dd02aa-87d3-441a-9e77-068f8fa93fc8}"= "c:\program files\Cerca_Italia\tbCer1.dll" [2009-06-14 2094616]
"{8c2f6d41-2583-424f-a88b-46d5401b5a96}"= "c:\program files\P2P_MAX_IT_Atube\tbP2P_.dll" [2009-07-15 2224152]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]
[HKEY_CLASSES_ROOT\clsid\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]
[HKEY_CLASSES_ROOT\clsid\{8c2f6d41-2583-424f-a88b-46d5401b5a96}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]
2009-06-14 12:17 2094616 ----a-w- c:\program files\Cerca_Italia\tbCer1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8c2f6d41-2583-424f-a88b-46d5401b5a96}]
2009-07-15 08:09 2224152 ----a-w- c:\program files\P2P_MAX_IT_Atube\tbP2P_.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-06 16:11 1145736 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{45dd02aa-87d3-441a-9e77-068f8fa93fc8}"= "c:\program files\Cerca_Italia\tbCer1.dll" [2009-06-14 2094616]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]
"{8c2f6d41-2583-424f-a88b-46d5401b5a96}"= "c:\program files\P2P_MAX_IT_Atube\tbP2P_.dll" [2009-07-15 2224152]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{8c2f6d41-2583-424f-a88b-46d5401b5a96}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{45DD02AA-87D3-441A-9E77-068F8FA93FC8}"= "c:\program files\Cerca_Italia\tbCer1.dll" [2009-06-14 2094616]
[HKEY_CLASSES_ROOT\clsid\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-04 39408]
"BitTorrent DNA"="c:\users\francesco\Program Files\DNA\btdna.exe" [2009-10-07 323392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="~c:\program files\Windows Live\Messenger\msnmsgr.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-06 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-08-26 111928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\users\francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-6-14 625952]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-5 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [14/06/2009 13.27.21 130936]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [04/11/2009 17.56.06 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [04/11/2009 17.56.06 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [04/11/2009 17.55.38 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 3.33.13 21504]
R2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [14/06/2009 15.55.09 625952]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [25/10/2008 8.21.59 365952]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [24/08/2009 15.51.46 185640]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/10/2008 7.16.38 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [29/06/2008 15.52.26 112128]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [25/01/2008 10.12.34 25088]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\System32\drivers\vcsvad.sys [13/11/2009 20.49.47 17792]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [19/10/2009 19.08.20 54632]
S3 fsssvc;Servizio Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [14/06/2009 13.27.06 348752]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Cerca - c:\programdata\AOL\ieToolbar\resources\it-IT\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\francesco\AppData\Roaming\Mozilla\Firefox\Profiles\8ockxoen.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\users\francesco\AppData\Roaming\Mozilla\Firefox\Profiles\8ockxoen.default\extensions\{8c2f6d41-2583-424f-a88b-46d5401b5a96}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\francesco\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-17 17:38
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
Scansione files nascosti ...
c:\windows\bhdbga 132 bytes
c:\windows\clhdbga 0 bytes
c:\windows\klhdbga 192 bytes
c:\windows\mlhdbga 0 bytes
c:\windows\ohdbga 1504 bytes
c:\windows\plhdbga 0 bytes
c:\windows\prlhdbga 0 bytes
c:\windows\shdbga 0 bytes
c:\windows\ulhdbga 0 bytes
c:\windows\wlhdbga 0 bytes
c:\windows\eshdbga 0 bytes
c:\windows\hdbga
c:\windows\ihdbga 48 bytes
c:\windows\ilhdbga 0 bytes
c:\windows\system32\drivers\hdbga.sys 195832 bytes executable
Scansione completata con successo
Files nascosti: 15
**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\TeamViewer\Version4\TeamViewer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-17 17:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-17 16:46
ComboFix2.txt 2009-11-16 15:49
ComboFix3.txt 2009-11-15 15:18
Pre-Run: 225.480.146.944 byte disponibili
Post-Run: 224.871.444.480 byte disponibili
Current=1 Default=1 Failed=0 LastKnownGood=47 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47
- - End Of File - - D180B9802D2290D56E03806044BE70E1
