ComboFix 09-09-08.07 - jimmy 09/09/2009 23.39.08.3.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3070.1383 [GMT 2:00]
Eseguito da: c:\users\jimmy\Downloads\ComboFix.exe
Opzioni usate :: c:\users\jimmy\Desktop\CFScript.txt.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Creati Da 2009-08-09 al 2009-09-09 )))))))))))))))))))))))))))))))))))
.
2009-09-09 21:44 . 2009-09-09 21:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-09 21:44 . 2009-09-09 21:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-08 17:25 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-08 17:25 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-08 17:25 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-08 17:25 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-08 17:25 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-08 17:25 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-08 17:25 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-08 17:25 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-08 17:25 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-08 17:25 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-08 17:25 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-08 17:24 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-08 17:24 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-08 17:24 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-08 17:24 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-08 17:24 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-08 17:24 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-08-31 03:31 . 2009-08-31 03:33 -------- d-----w- c:\windows\system32\ca-ES
2009-08-31 03:31 . 2009-08-31 03:33 -------- d-----w- c:\windows\system32\eu-ES
2009-08-31 03:31 . 2009-08-31 03:33 -------- d-----w- c:\windows\system32\vi-VN
2009-08-31 03:29 . 2008-03-18 15:31 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2009-08-31 03:12 . 2009-08-31 03:12 -------- d-----w- c:\windows\system32\EventProviders
2009-08-30 19:00 . 2009-04-11 06:33 986600 ----a-w- c:\windows\system32\winload.exe
2009-08-30 18:59 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-08-30 18:59 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-08-30 18:59 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-08-30 18:59 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-08-30 18:59 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-08-30 18:59 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-08-30 18:59 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-08-30 18:59 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-08-30 18:59 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-08-30 18:59 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-08-30 18:59 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-08-27 05:06 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-27 05:06 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-27 05:06 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-27 05:06 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-27 05:06 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-27 05:06 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-27 05:06 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-27 05:06 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-26 10:00 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 17:07 . 2009-08-25 17:07 680 ----a-w- c:\users\jimmy\AppData\Local\d3d9caps.dat
2009-08-12 21:51 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 21:51 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 21:51 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 21:51 . 2009-04-11 06:28 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-08-12 21:51 . 2009-04-11 06:28 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-08-12 21:51 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 21:50 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 21:50 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 21:50 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 21:50 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 13:20 . 2009-08-12 13:20 -------- d-----w- c:\windows\Chapman Football Screensaver Uninstaller
2009-08-12 13:20 . 2008-02-20 14:50 903680 ----a-w- c:\windows\Chapman Football Screensaver.scr
2009-08-12 13:20 . 2008-02-20 14:49 495104 ----a-w- c:\windows\Chapman Football Screensaver.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 16:43 . 2009-06-12 21:12 -------- d-----w- c:\users\jimmy\AppData\Roaming\U3
2009-09-09 16:43 . 2008-01-21 06:30 662608 ----a-w- c:\windows\system32\perfh010.dat
2009-09-09 16:43 . 2008-01-21 06:30 120120 ----a-w- c:\windows\system32\perfc010.dat
2009-09-05 14:05 . 2009-03-16 21:11 -------- d-----w- c:\users\jimmy\AppData\Roaming\dvdcss
2009-08-31 03:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-31 03:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-31 03:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-31 03:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-31 03:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-31 03:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-31 03:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-25 17:26 . 2009-04-04 14:40 -------- d-----w- c:\users\jimmy\AppData\Roaming\Nokia Multimedia Player
2009-08-17 06:42 . 2009-04-28 18:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 06:42 . 2009-04-28 18:21 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 06:42 . 2009-04-28 18:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-09 16:33 . 2009-06-28 15:46 -------- d-----w- c:\program files\ewido anti-malware
2009-08-09 16:33 . 2009-04-21 19:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-09 16:32 . 2009-08-09 16:20 -------- d-----w- c:\program files\CCleaner
2009-08-07 14:26 . 2009-08-07 14:26 -------- d-----w- c:\users\jimmy\AppData\Roaming\Malwarebytes
2009-08-07 14:26 . 2009-08-07 14:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-07 14:26 . 2009-08-07 14:26 -------- d-----w- c:\programdata\Malwarebytes
2009-08-07 14:04 . 2009-03-15 19:33 90 ----a-w- c:\users\jimmy\AppData\Local\skyqi.bat
2009-08-07 12:50 . 2009-08-07 12:50 -------- d-----w- c:\program files\Trend Micro
2009-08-03 11:36 . 2009-08-07 14:26 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-08-07 14:26 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 07:08 . 2009-05-17 21:55 -------- d-----w- c:\users\jimmy\AppData\Roaming\Ahead
2009-07-25 07:08 . 2009-05-17 21:55 -------- d-----w- c:\programdata\Ahead
2009-07-23 21:35 . 2009-07-23 21:35 -------- d-----w- c:\program files\Ubisoft
2009-07-23 21:35 . 2008-04-21 21:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-23 21:18 . 2009-05-05 17:29 -------- d-----w- c:\programdata\Media Center Programs
2009-07-21 21:52 . 2009-07-29 05:43 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 05:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 05:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 05:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-01 13:11 . 2009-07-01 13:11 10134 ----a-r- c:\users\jimmy\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-29 17:38 . 2009-06-29 17:21 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-29 17:38 . 2009-06-29 17:21 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-26 21:34 . 2009-06-26 21:34 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-15 14:53 . 2009-07-15 05:19 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 05:19 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 05:19 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 05:19 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 05:19 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((
SnapShot@2009-09-09_14.50.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-09-09 16:41 63294 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-09 16:41 90612 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-15 16:15 . 2009-09-09 13:52 11344 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3429346259-3954536561-3438569738-1000_UserData.bin
+ 2009-03-15 16:15 . 2009-09-09 16:41 11344 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3429346259-3954536561-3438569738-1000_UserData.bin
+ 2008-12-09 07:24 . 2009-09-09 21:36 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-09 07:24 . 2009-09-09 14:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-09 07:24 . 2009-09-09 21:36 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-09 07:24 . 2009-09-09 14:37 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-09 07:24 . 2009-09-09 21:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-09 07:24 . 2009-09-09 14:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-09 16:39 . 2009-09-09 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-09 13:50 . 2009-09-09 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-09 13:50 . 2009-09-09 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-09 16:39 . 2009-09-09 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-09-09 16:43 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-09 13:57 586980 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-09-09 16:43 101052 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-09-09 13:57 101052 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-15 68856]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-15 24064]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-06 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-15 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
c:\users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Digimax Viewer 2.1.lnk - c:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2009-3-15 634880]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-21 535336]
Winter Fun Wallpaper Changer.lnk - c:\windows\Installer\{038A524F-58DB-438A-8391-8F7F0CA14B9E}\Icon038A524F.exe [2009-5-24 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a0,5c,06,86,ec,29,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A1A27045-44B8-4CFF-85DA-0460BB0998F8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1A531558-2500-48C2-A7DC-311A86265B8B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8F6FDB65-492D-44B0-864F-2F040A4AE193}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{147DA05F-5618-4F41-BAA8-A15CE565E1FA}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{A55486F2-A48E-493D-8E9A-3D9A7265FC29}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{CEAACCC5-3C40-43C3-B602-B04C0F8FABEF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4DD37A9A-8732-4446-AE40-7614DD226A63}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{797628EE-5404-4EE8-B908-0974CA8B5203}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7B152F59-5609-4CB2-96A9-D51CA2B9F5AD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BD09C243-7A0C-49B9-AC6C-C5F8BCD0EB22}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25AD1C29-32F6-4782-BD28-E69DD6D6707A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D095E283-F375-4BFA-A56D-453C5BFD234F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{79CAD2E7-2678-45BF-8107-A42337A38834}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{F8D7F602-8C57-4FEE-930C-11A6D627A148}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{FBD861FB-57FF-43CD-A0A1-1F2C648A41F8}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes
"{9845D500-C842-4183-A978-70EB9441C2AC}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes
"{504609A2-73E6-4C59-920A-A0D267B931BF}"= UDP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{607E957B-C480-45CE-BB9B-9CF2DC6294B2}"= TCP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{12C852B2-F7CF-4F9D-BC9E-4AC915010DC7}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{FA08500D-132F-4AE6-B1C0-1FB65BA86E56}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{D909006D-F515-4817-97ED-1AC10DFF84AE}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{D4042EE1-A364-4DF0-B991-E992FE242D5C}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"TCP Query User{FE9B39CF-9C74-496E-BA9C-83147F33AC2F}c:\\program files\\emule adunanza\\emule_adnza.exe"= UDP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{257BD168-9081-4C55-A2B3-C9FCF75749C4}c:\\program files\\emule adunanza\\emule_adnza.exe"= TCP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"{F0C57646-0B99-4B08-BD27-346DCAE7CC6F}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{C02C322D-F2BF-421D-AC95-1FCD43A4B1ED}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [28/04/2009 20.21.53 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [28/04/2009 20.21.57 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [28/04/2009 20.21.51 297752]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [07/08/2009 16.26.54 38160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [25/11/2006 9.34.32 42528]
R3 V0230Vfx;V0230Vfx;c:\windows\System32\drivers\V0230Vfx.sys [15/03/2009 18.34.58 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\System32\drivers\V0230VID.sys [15/03/2009 18.34.58 500480]
S2 uuinduizs;Installer Update;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 4.23.43 21504]
S2 zxgioxwv;Network Time;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 4.23.43 21504]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/03/2009 18.14.14 24064]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [16/03/2009 22.36.43 75776]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - MBAMSWISSARMY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zxgioxwv
uuinduizs
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{22960CE3-4805-464B-A5FA-8CB739ADEE93}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.eurosport.yahoo.com/calcio/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=1&o=vp32&d=1208&m=aspire_m3641
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\qa0oqrq6.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.eurosport.yahoo.com/calcio/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-09 23:44
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
c:\windows\TEMP\TMP000000833925FD250C4F292A 524288 bytes
Scansione completata con successo
Files nascosti: 1
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'Explorer.exe'(3508)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Ora fine scansione: 2009-09-09 23.45.55
ComboFix-quarantined-files.txt 2009-09-09 21:45
ComboFix2.txt 2009-09-09 14:52
Pre-Run: 90.247.974.912 byte disponibili
Post-Run: 90.200.559.616 byte disponibili
290 --- E O F --- 2009-09-08 21:18
