Pagina 1 di 1

controllo log combofix

MessaggioInviato: ven set 18, 2009 10:40 pm
da poppiski
chi me lo controlla per favore


ComboFix 09-09-10.03 - Doriana 11/09/2009 21.14.07.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2046.843 [GMT 2:00]
Eseguito da: c:\users\Doriana\AppData\Local\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))Touch Me and you're Dead
.

c:\$recycle.bin\S-1-5-21-1792819267-991371013-589200690-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\install.exe
c:\program files\3wPlayer
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\users\Doriana\AppData\Local\aoeqq.dat
c:\users\Doriana\AppData\Local\aoeqq.exe
c:\users\Doriana\AppData\Local\aoeqq_nav.dat
c:\users\Doriana\AppData\Local\aoeqq_navps.dat
c:\users\Doriana\AppData\Local\rnafhlw.dat
c:\users\Doriana\AppData\Local\rnafhlw_nav.dat
c:\users\Doriana\AppData\Local\rnafhlw_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-08-11 al 2009-09-11 )))))))))))))))))))))))))))))))))))
.

2009-09-09 10:40 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 10:40 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 10:40 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 10:40 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 10:40 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 10:40 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 10:40 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 10:40 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 10:40 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 10:40 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 10:40 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 10:39 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 10:39 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 10:39 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 10:39 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 10:39 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 10:39 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-08 20:13 . 2008-01-10 05:57 360448 ----a-w- c:\windows\system32\nvuninst.exe
2009-09-06 15:54 . 2009-07-14 10:29 4223008 ----a-w- c:\windows\system32\NVStWiz.exe
2009-09-06 15:03 . 2009-09-06 15:03 -------- d-----w- c:\users\Doriana\Office Genuine Advantage
2009-09-06 09:27 . 2008-01-10 05:57 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2009-09-06 09:27 . 2008-01-10 05:57 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2009-09-04 20:23 . 2009-09-04 20:23 -------- d-----w- c:\program files\CCleaner
2009-09-03 06:30 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 06:30 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 17:01 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-21 20:42 . 2009-08-21 20:42 -------- d-----w- c:\users\Doriana\AppData\Roaming\Ashampoo
2009-08-21 20:40 . 2009-08-21 20:40 -------- d-----w- c:\programdata\page
2009-08-21 20:40 . 2009-08-22 16:21 -------- d-----w- c:\program files\Ashampoo
2009-08-21 10:36 . 2009-08-21 10:36 -------- d-----w- c:\windows\system32\ca-ES
2009-08-21 10:36 . 2009-08-21 10:36 -------- d-----w- c:\windows\system32\eu-ES
2009-08-21 10:36 . 2009-08-21 10:36 -------- d-----w- c:\windows\system32\vi-VN
2009-08-21 10:16 . 2009-04-11 06:28 152576 ----a-w- c:\windows\system32\wbem\wmiprov.dll
2009-08-21 10:15 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-08-21 10:15 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-08-21 10:15 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-08-21 10:15 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-08-21 10:15 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-08-21 10:15 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-08-21 10:15 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-08-21 10:15 . 2009-04-11 06:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-08-21 10:15 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-08-21 10:15 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-08-21 10:15 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-08-21 10:13 . 2009-04-11 06:28 250368 ----a-w- c:\windows\system32\wevtapi.dll
2009-08-21 10:12 . 2009-04-11 06:32 265688 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-08-21 10:12 . 2009-04-11 04:43 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-08-21 09:38 . 2009-08-21 09:38 -------- d-----w- c:\windows\system32\EventProviders
2009-08-20 18:41 . 2009-08-20 18:41 -------- d-----w- c:\users\Doriana\AppData\Local\Seven Zip
2009-08-20 11:29 . 2009-08-20 11:29 -------- d-----w- C:\found.001
2009-08-20 11:11 . 2009-07-14 18:54 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-20 11:11 . 2009-07-14 18:54 1983488 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-20 11:11 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-20 11:11 . 2009-07-14 18:54 151552 ----a-w- c:\windows\system32\nvcod157.dll
2009-08-19 18:32 . 2009-08-19 18:39 -------- d-----w- c:\windows\$regcmp$
2009-08-19 12:15 . 2009-08-19 12:15 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-19 11:55 . 2009-08-19 11:55 -------- d-----w- C:\NVIDIA
2009-08-19 11:49 . 2009-08-19 11:49 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-18 11:03 . 2009-08-18 11:03 -------- d-----w- c:\users\Doriana\AppData\Roaming\CleanMyPC Software
2009-08-18 10:00 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-18 10:00 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-18 10:00 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-18 10:00 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-18 10:00 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-18 10:00 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-18 10:00 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-18 10:00 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcod162.dll
2009-08-14 23:39 . 2009-09-11 14:57 -------- d-----w- c:\users\Doriana\AppData\Roaming\vlc
2009-08-13 21:59 . 2009-08-30 06:04 -------- d-----w- c:\users\Doriana\AppData\Roaming\Audacity
2009-08-12 21:53 . 2009-08-12 21:54 -------- d-----w- c:\program files\Common Files\Nikon
2009-08-12 21:53 . 2009-08-12 21:53 -------- d-----w- c:\programdata\Nikon
2009-08-12 21:53 . 2009-08-12 21:53 -------- d-----w- c:\program files\Nikon
2009-08-12 21:52 . 2009-08-12 21:52 -------- d-----w- c:\programdata\Ultima_T15
2009-08-12 21:52 . 2009-08-12 21:52 -------- d-----w- c:\programdata\EnterNHelp
2009-08-12 21:52 . 2009-08-12 21:52 -------- d-----w- c:\programdata\Bass

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 18:56 . 2008-02-23 14:57 -------- d-----w- c:\users\Doriana\AppData\Roaming\Skype
2009-09-11 18:15 . 2008-10-24 16:47 1356 ----a-w- c:\users\Doriana\AppData\Local\d3d9caps.dat
2009-09-11 12:19 . 2008-11-30 13:05 -------- d-----w- c:\programdata\Google Updater
2009-09-11 08:27 . 2009-03-20 21:02 90 ----a-w- c:\users\Doriana\AppData\Local\amuuk.bat
2009-09-11 08:22 . 2007-08-17 18:16 661860 ----a-w- c:\windows\system32\perfh010.dat
2009-09-11 08:22 . 2007-08-17 18:16 119742 ----a-w- c:\windows\system32\perfc010.dat
2009-09-11 08:18 . 2008-05-04 09:56 -------- d-----w- c:\programdata\NVIDIA
2009-09-09 17:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 17:02 . 2008-12-07 12:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 17:02 . 2007-08-17 08:52 -------- d-----w- c:\programdata\Microsoft Help
2009-09-07 21:36 . 2009-09-06 15:58 33069 ----a-w- c:\programdata\nvModes.dat
2009-08-30 06:25 . 2009-08-02 09:15 -------- d-----w- c:\users\Doriana\AppData\Roaming\uTorrent
2009-08-30 05:58 . 2007-08-17 08:58 -------- d-----w- c:\program files\Google
2009-08-29 19:18 . 2008-12-18 19:48 -------- d-----w- c:\program files\Java
2009-08-29 07:49 . 2008-02-23 12:03 108472 ----a-w- c:\users\Doriana\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-29 07:42 . 2007-08-17 08:49 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-08-29 07:42 . 2007-08-17 08:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 07:35 . 2007-08-17 08:47 -------- d-----w- c:\program files\Roxio
2009-08-29 07:34 . 2007-08-17 08:47 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-08-29 07:33 . 2007-08-17 08:47 -------- d-----w- c:\programdata\Roxio
2009-08-29 07:22 . 2009-03-01 20:00 -------- d--h--w- c:\program files\FX Uninstall Information
2009-08-29 06:53 . 2008-02-23 13:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-28 21:04 . 2009-02-27 11:51 -------- d-----w- c:\users\Doriana\AppData\Roaming\dvdcss
2009-08-27 14:31 . 2008-02-26 09:57 921632 ----a-w- C:\SPC500NC.DAT
2009-08-21 10:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-21 10:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-21 10:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-21 10:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-21 10:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-21 10:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-20 19:09 . 2008-02-23 13:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-20 19:09 . 2008-02-23 13:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-20 18:56 . 2008-12-18 19:49 -------- d-----w- c:\program files\OpenOffice.org 3
2009-08-20 18:47 . 2008-08-03 16:31 -------- d-----w- c:\program files\Valve
2009-08-20 18:39 . 2008-08-07 15:35 -------- d-----w- c:\program files\Activision
2009-08-20 18:38 . 2008-02-26 10:25 -------- d-----w- c:\program files\Winamp
2009-08-18 10:13 . 2007-08-17 08:51 -------- d-----w- c:\program files\Microsoft Works
2009-08-17 16:10 . 2008-12-27 12:58 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2008-12-27 12:58 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-12-27 12:58 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2008-12-27 12:58 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2008-12-27 12:58 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-12-27 12:58 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2008-12-27 12:58 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-15 09:23 . 2008-08-22 07:56 -------- d-----w- c:\program files\Ricochet Infinity
2009-08-12 21:52 . 2009-08-12 21:52 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-08-10 08:49 . 2009-03-15 20:44 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 17:01 . 2009-08-07 17:00 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-07 10:45 . 2009-08-04 19:42 -------- d-----w- c:\programdata\Electronic Arts
2009-08-06 10:45 . 2009-01-01 17:20 -------- d-----w- c:\users\Doriana\AppData\Roaming\Datalayer
2009-08-04 19:42 . 2008-08-07 13:20 -------- d-----w- c:\program files\Electronic Arts
2009-08-04 19:41 . 2009-08-04 19:41 1696 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-08-04 12:18 . 2009-08-04 12:18 -------- d-----w- c:\programdata\2DBoy
2009-08-04 12:18 . 2009-08-04 12:17 -------- d-----w- c:\program files\WorldOfGoo
2009-08-04 11:42 . 2009-08-04 11:42 -------- d-----w- c:\program files\WB Games
2009-08-04 10:32 . 2008-08-12 20:04 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-04 10:25 . 2008-08-12 20:04 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-03 16:16 . 2008-08-12 20:04 22328 ----a-w- c:\users\Doriana\AppData\Roaming\PnkBstrK.sys
2009-08-03 15:05 . 2009-08-03 15:05 -------- d-----w- c:\program files\Empire Interactive
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-08-02 19:13 . 2009-08-02 19:12 -------- d-----w- c:\users\Doriana\AppData\Roaming\Yahoo!
2009-08-02 19:12 . 2009-08-02 19:12 262144 ----a-w- C:\ntuser.dat
2009-08-02 19:12 . 2008-02-23 16:59 -------- d-----w- c:\program files\Yahoo!
2009-08-02 19:12 . 2008-02-23 17:05 -------- d-----w- c:\programdata\Yahoo!
2009-08-02 19:12 . 2008-02-23 22:49 -------- d-----w- c:\programdata\Yahoo! Companion
2009-08-02 09:16 . 2009-08-02 09:16 -------- d-----w- c:\program files\AskBarDis
2009-07-21 21:52 . 2009-07-29 10:19 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 10:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 10:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 10:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 09:22 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 09:22 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 09:22 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 09:22 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 09:22 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 18:54 . 2009-08-20 11:11 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-07-14 11:29 . 2009-07-14 11:29 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 11:29 . 2009-07-14 11:29 1346080 ----a-w- c:\windows\system32\nvsvs.dll
2009-07-14 11:29 . 2009-07-14 11:29 215584 ----a-w- c:\windows\system32\nvvsvc.exe
2009-07-14 11:29 . 2009-07-14 11:29 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-06-15 14:53 . 2009-07-15 07:14 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 07:14 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 07:14 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 07:14 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 07:14 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-02-23 16:55 . 2008-02-23 16:55 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-30 39408]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-03-03 2652056]
"SPC500NC_Monitor"="c:\windows\Philips\SPC500NC\Monitor.exe" [2006-11-03 319488]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"UPSMON"="c:\program files\UPSMON\UPSMON.exe" [2005-03-30 429568]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
SIDA.Connect.lnk - c:\aq\supdate.exe [2008-12-10 2151936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):25,2a,cf,d2,4b,22,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2454736819-3289563835-3394363869-1001]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BEC8519F-F5DD-4705-A534-DA3E209473E8}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{524E28A9-F495-4C08-A17F-71140ED92473}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{693A4622-0179-407B-A513-4CB0C8753658}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{4FE39775-46F3-4497-B4B4-AA7D767FD67A}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{DC6D4A25-B59E-4331-8E29-31625DA7E94F}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{EE2005DE-A273-4C8C-BB25-D346D56FF83D}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{BA5B3866-8A9D-49AE-ADFF-2C3BBE662C5C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{051C2CEB-E461-4412-ABB8-E12C7643947B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{60E6BECB-5B5A-4ACC-B4E0-0B9F360D8C48}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D129C61B-1344-4AC8-9FC4-61E9728D75B9}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{48451BD3-DAC3-437F-8864-690420F5B711}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{CBFEE626-16CA-47C5-AE77-B6E6D7B73894}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{13509657-B5B6-44D6-ABDC-B6E63354C026}"= Disabled:UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{63524DCB-71EB-4241-92B2-ED502751DED9}"= Disabled:TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{96188E41-C875-481A-BC56-5FE7BF81DF3B}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{23D5EDA2-A5B6-4CDF-8EF1-816CB6182CE6}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{7D5A67D3-2AA4-4813-92CC-D50FECAFDC77}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{1C371D84-954B-42B3-9F10-9D1EC803CDD8}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{39BE3CAA-D646-421C-B86D-EE378E153063}"= Disabled:UDP:c:\program files\DNA\btdna.exe:DNA
"{F3EB7097-AE4E-46A5-B13A-E01407CC88D3}"= Disabled:TCP:c:\program files\DNA\btdna.exe:DNA
"{5088C533-2775-4250-A732-7D8E8F254AC9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FDC15611-D5BC-4CBA-A108-EC30734B8C56}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA67551C-375B-43A7-9B38-079EBFE73954}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E6F717A1-EC61-4478-9F76-50A224873FF4}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{483E9BDA-13BF-4022-91B8-A68EED79448B}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{60BE466B-DCB9-4B20-835C-DA153AE3D293}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{B80DB491-5197-43B0-96C9-5786E944741D}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{AE9E37DB-36D9-4E29-9EF5-332FEC3EC77B}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{6E46BDD7-45A2-47A1-9A90-868D28ED535B}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{512B92B9-78C6-4242-89CE-44217A96CC78}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{56E8EF83-6F38-4A2B-860A-B873BA46AB2A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{804AA525-9DE7-47EC-A06E-E1873804DFAD}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D8DE034A-0EFC-4EB7-ABA8-F5F172FB5CE2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{394516F1-96EB-40E6-B4E0-CD97FA44AD5F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F155FDA7-9877-4165-8927-DE61CADF8CAE}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/12/2008 14.58.52 114768]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [29/01/2009 20.31.10 159600]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/12/2008 14.58.52 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/12/2008 14.58.37 53328]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03/09/2006 10.32.28 208896]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [29/01/2009 20.31.11 73840]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14/07/2009 12.28.00 239648]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [29/01/2009 20.30.39 95640]
R3 SPC500NC;Philips SPC500NC Webcam;c:\windows\System32\drivers\SPC500NC.SYS [21/06/2007 7.42.32 409600]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [02/08/2009 11.16.49 234888]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 9.13.52 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-23 20:42]

2009-03-29 c:\windows\Tasks\HPCeeScheduleForDoriana.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-08-17 09:56]

2009-09-11 c:\windows\Tasks\User_Feed_Synchronization-{E9D02AF8-B497-41B8-9671-0111B9244A30}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

2009-09-11 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-21 14:35]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.plusnetwork.com
mStart Page = hxxp://it.yahoo.com
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
FF - ProfilePath - c:\users\Doriana\AppData\Roaming\Mozilla\Firefox\Profiles\gg4kx1a7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://it.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-aoeqq - c:\users\doriana\appdata\local\aoeqq.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 21:22
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...
Touch Me and you're Dead
Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2454736819-3289563835-3394363869-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:24,0b,75,8b,71,bf,2d,8d,55,2e,c8,e5,43,81,c2,25,99,2f,83,de,b4,15,cb,
74,01,1e,49,53,ef,b0,40,ae,36,83,7b,1f,57,e5,2b,b2,9d,0c,66,e7,d7,20,45,f6,\
"??"=hex:92,b2,23,d0,7d,4c,8c,36,ad,d4,e6,8e,ab,06,10,11

[HKEY_USERS\S-1-5-21-2454736819-3289563835-3394363869-1001\Software\SecuROM\License information*]
"datasecu"=hex:45,8b,33,95,f9,f3,3a,b3,e6,62,46,41,10,91,ac,ad,11,f6,31,74,a9,
27,30,26,80,bf,98,c8,6c,84,ec,ba,fc,ba,96,07,eb,45,50,cb,4a,da,71,73,17,86,\
"rkeysecu"=hex:17,d6,d4,d3,de,d8,06,dc,2a,fa,cf,32,55,3d,fe,fd

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-09-11 21.24.45
ComboFix-quarantined-files.txt 2009-09-11 19:24
Touch Me and you're DeadTouch Me and you're DeadTouch Me and you're Dead
Pre-Run: 119.650.160.640 byte disponibiliTouch Me and you're Dead
Post-Run: 119.572.586.496 byte disponibili

400 --- E O F --- 2009-09-09 17:05



che cos'è ***********Touch Me and you're Dead************** ????????????

Re: controllo log combofix

MessaggioInviato: sab set 19, 2009 8:01 am
da crazy.cat
Mai visto...da dove hai scaricato combofix?

Re: controllo log combofix

MessaggioInviato: sab set 19, 2009 10:06 am
da poppiski
non l'ho scaricato io.
Il log mi è stato mandato, quindi non so da dove è stato scaricato.