ComboFix 09-03-10.01 - Taty 2008 2009-03-10 22.21.58.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.3070.2073 [GMT 1:00]
Eseguito da: c:\users\Taty 2008\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((( Files Creati Da 2009-02-10 al 2009-03-10 )))))))))))))))))))))))))))))))))))
.
2009-03-10 21:53 . 2009-03-10 22:05 <DIR> d-------- c:\program files\FindyKill
2009-03-09 21:36 . 2009-03-09 21:36 <DIR> d-------- c:\program files\Eset
2009-03-09 21:15 . 2009-03-10 14:06 <DIR> d-a------ c:\users\All Users\TEMP
2009-03-09 21:15 . 2009-03-10 14:06 <DIR> d-a------ c:\progra~2\TEMP
2009-03-09 21:14 . 2009-03-09 21:14 <DIR> d-------- c:\users\TATY20~1\AppData\Roaming\Simply Super Software
2009-03-09 21:14 . 2009-03-09 21:14 <DIR> d-------- c:\users\Taty 2008\AppData\Roaming\Simply Super Software
2009-03-09 21:14 . 2009-03-09 21:14 <DIR> d-------- c:\users\All Users\Simply Super Software
2009-03-09 21:14 . 2009-03-09 21:14 <DIR> d-------- c:\program files\Trojan Remover
2009-03-09 21:14 . 2009-03-09 21:14 <DIR> d-------- c:\progra~2\Simply Super Software
2009-03-09 21:14 . 2006-05-25 14:52 162,304 --a------ c:\windows\System32\ztvunrar36.dll
2009-03-09 21:14 . 2003-02-02 19:06 153,088 --a------ c:\windows\System32\UNRAR3.dll
2009-03-09 21:14 . 2005-08-26 00:50 77,312 --a------ c:\windows\System32\ztvunace26.dll
2009-03-09 21:14 . 2002-03-06 00:00 75,264 --a------ c:\windows\System32\unacev2.dll
2009-03-09 21:14 . 2006-06-19 12:01 69,632 --a------ c:\windows\System32\ztvcabinet.dll
2009-03-08 20:03 . 2009-03-08 20:03 69 --a------ c:\windows\NeroDigital.ini
2009-03-07 12:37 . 2009-03-07 12:37 <DIR> d-------- c:\windows\Sun
2009-03-06 19:50 . 2009-03-10 21:01 <DIR> d--h----- c:\users\TATY20~1\AppData\Roaming\drivers
2009-03-06 19:50 . 2009-03-10 21:01 <DIR> d--h----- c:\users\Taty 2008\AppData\Roaming\drivers
2009-02-19 21:24 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\System32\drivers\symndisv.sys
2009-02-19 11:31 . 2009-02-19 11:31 24,112 --a------ c:\windows\System32\drivers\SymIMV.sys
2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\System32\drivers\SymRedir.cat
2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\System32\drivers\SymRedir.inf
2009-02-15 18:56 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 18:56 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 18:56 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 18:56 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 18:56 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 12:54 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 12:54 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 20:50 --------- d-----w c:\program files\KaraFun
2009-03-10 18:37 --------- d-----w c:\program files\Hewlett-Packard
2009-03-09 20:43 --------- d-----w c:\users\TATY20~1\AppData\Roaming\GTek
2009-03-09 20:43 --------- d-----w c:\users\Taty 2008\AppData\Roaming\GTek
2009-03-09 17:58 --------- d-----w c:\program files\Norton 360
2009-03-09 17:58 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-09 17:58 --------- d-----w c:\progra~2\HP Product Assistant
2009-03-06 19:06 --------- d-----w c:\progra~2\NVIDIA
2009-03-06 18:50 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-25 21:02 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-19 20:23 --------- d-----w c:\program files\Windows Live
2009-02-16 19:41 27,715 ----a-w c:\users\TATY20~1\AppData\Roaming\nvModes.dat
2009-02-16 19:41 27,715 ----a-w c:\users\Taty 2008\AppData\Roaming\nvModes.dat
2009-02-12 18:59 --------- d-----w c:\users\TATY20~1\AppData\Roaming\Skype
2009-02-12 18:59 --------- d-----w c:\users\Taty 2008\AppData\Roaming\Skype
2009-02-11 12:14 --------- d-----w c:\program files\Windows Mail
2009-02-08 17:08 --------- d-----w c:\users\TATY20~1\AppData\Roaming\skypePM
2009-02-08 17:08 --------- d-----w c:\users\Taty 2008\AppData\Roaming\skypePM
2009-02-06 19:01 308,088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-01 19:06 --------- d-----w c:\program files\Yontoo Layers Client for Internet Explorer
2009-02-01 19:06 --------- d-----w c:\progra~2\Tarma Installer
2009-01-22 11:52 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-22 11:52 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-22 11:52 --------- d-----w c:\program files\Symantec
2009-01-18 22:12 --------- d-----w c:\progra~2\Symantec
2008-12-31 16:04 528,744 ----a-w c:\windows\System32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\System32\OGAAddin.dll
2008-12-24 11:59 372,783 ----a-w c:\windows\Screen Ugly54.scr
2008-11-12 12:02 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-11-12 12:02 56 ---ha-w c:\progra~2\ezsidmv.dat
2008-09-22 17:48 174 --sha-w c:\program files\desktop.ini
2008-06-18 18:33 13,012 ----a-w c:\users\Taty 2008\Bubblets.dat
2008-05-11 10:08 22,644 ----a-w c:\program files\filelist.txt
2008-03-27 12:40 32 ----a-w c:\users\All Users\ezsid.dat
2008-03-27 12:40 32 ----a-w c:\progra~2\ezsid.dat
2008-03-26 20:43 2,402,320 ----a-w c:\users\Taty 2008\Messenger.exe
2003-04-11 05:35 274,432 ----a-w c:\program files\eauninstall.exe
2003-04-11 05:16 364,544 ----a-w c:\program files\SC4_UNINST.EXE
2003-03-28 01:35 70,878,429 ----a-w c:\program files\SimCity_1.dat
2003-03-28 01:35 129,061,232 ----a-w c:\program files\SimCity_2.dat
2003-03-28 01:35 110,195,371 ----a-w c:\program files\SimCity_3.dat
2003-03-28 01:35 103,486,981 ----a-w c:\program files\SimCity_4.dat
2003-03-28 01:35 103,004,482 ----a-w c:\program files\SimCity_5.dat
2003-03-28 01:35 102,921,266 ----a-w c:\program files\Sound.dat
2003-03-28 00:31 9,444 ----a-w c:\program files\Video Cards.sgr
2003-03-28 00:24 19,116 ----a-w c:\program files\Graphics Rules.sgr
2003-03-28 00:20 10,134 ----a-w c:\program files\eauninstall.ico
2008-10-13 16:57 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-13 16:57 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-13 16:57 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-10_21.12.15.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-10 20:04:06 7,352 ----a-w c:\windows\bthservsdp.dat
+ 2009-03-10 20:58:13 6,604 ----a-w c:\windows\bthservsdp.dat
- 2009-03-10 20:05:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-10 20:59:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-10 20:05:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-10 20:59:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-10 20:06:08 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-10 21:00:14 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-10 21:00:14 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-10 20:06:08 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-10 21:00:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-03-10 20:06:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-10 20:59:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-10 20:06:01 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-10 20:59:50 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-10 20:06:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-10 20:59:50 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-10 19:58:40 101,556 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-10 21:06:56 101,556 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-10 19:58:41 120,666 ----a-w c:\windows\System32\perfc010.dat
+ 2009-03-10 21:06:56 120,666 ----a-w c:\windows\System32\perfc010.dat
- 2009-03-10 19:58:41 587,484 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-10 21:06:56 587,484 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-10 19:58:41 663,170 ----a-w c:\windows\System32\perfh010.dat
+ 2009-03-10 21:06:56 663,170 ----a-w c:\windows\System32\perfh010.dat
- 2009-03-10 20:07:51 12,410 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-531358516-4118287844-1083438711-1000_UserData.bin
+ 2009-03-10 21:01:27 12,560 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-531358516-4118287844-1083438711-1000_UserData.bin
- 2009-03-10 20:07:51 84,962 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-10 21:01:27 84,978 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-10 19:55:32 56,520 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-10 21:01:23 56,520 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 08:40 192960 --------- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-02-06 1036640]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-09 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2009-03-09 988512]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-03-09 1303432]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-04-30 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tbjqft.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-531358516-4118287844-1083438711-1000]
"EnableNotificationsRef"=dword:00000003
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BEFF7975-0F8C-43B2-8C00-47FE8F0F2C60}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{9850EA47-725B-484D-B8B3-1A8770AFE626}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{19EA3698-B235-47D9-AFC2-1A2DB2B6E424}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{939C8CCD-EBE8-4E77-9A2E-191285F5973F}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{BFA311FB-BE3B-49E1-933C-5DE005643B40}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{4350B14F-29E4-45F0-B943-B0F889769464}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{9EABB65A-B754-4FED-9B6F-BC3C8AE84CB8}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{DD336CC8-B87A-4BB2-8D51-017BEBA2B4DE}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{C1208205-23BB-4364-AE1D-E678724DB461}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{11140054-4470-49E1-98C3-4B925D16DB07}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{2B1E5DF3-CE84-4B9D-B543-B48ACB4D91D8}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{B07AE44C-5789-4661-8FE8-04A8E4406B51}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{59F1694F-FCBF-44A7-99D1-3133BBEFA857}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{5C1FEB21-A716-4019-9FC0-514FF607B0A8}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{1A4C8B22-D173-4E61-B374-795A843E3F91}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{A9F7D2B1-A21B-4446-96D8-CEBFF01EA7C5}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{188FA873-AE1B-4D76-AE8F-942530873000}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{37727A45-0C9A-4132-9202-4BC096C86740}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{CCBBF607-0A78-4798-8A52-9D796A0446EE}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{0323AC17-C858-4DAA-BCD2-08366D2ADCB1}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{A67CAC04-DEAF-4BE4-83E1-FF02E5E32E65}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{BEA709CC-9351-4319-97E1-28DF81724264}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{5BAE0B9A-405F-419F-8126-630DB9C562F4}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{47899C76-9CC9-4FDC-B867-321D6BC64184}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"TCP Query User{A41FB04E-7B0C-41DE-A46B-CECBC3A5C12B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{40255A77-44D7-4375-81FB-4A783E3E3B6B}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{8EE5DCDC-B52C-406D-8B13-50FFA99B3421}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{093AAA80-A0AE-4958-A724-86F22C38DA06}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{EFA2CE8F-38EF-43F8-BE17-77DA0C54C8AA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{394FB335-464A-4785-ABC2-14B58014CA79}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090303.001\IDSvix86.sys [2009-03-05 270384]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-19 55280]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f898278-4877-11dd-91be-001e37a7111b}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7588e14a-9946-11dd-9427-001e37a7111b}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7588e150-9946-11dd-9427-001e37a7111b}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4fab8de-af52-11dd-8cc6-001e37a7111b}]
\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.facebook.com/home.php?ref=homemStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopIE: &Search -
http://edits.mywebsearch.com/toolbaredi ... xdm177YYITIE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-10 22:24:38
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'Explorer.exe'(3632)
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\Adobe\Adobe Acrobat 7.0\ActiveX\PDFShell.dll
.
Ora fine scansione: 2009-03-10 22.27.32
ComboFix-quarantined-files.txt 2009-03-10 21:27:28
ComboFix2.txt 2009-03-10 20:24:18
ComboFix3.txt 2009-03-10 20:13:51
Pre-Run: 115.523.616.768 byte disponibili
Post-Run: 115,490,406,400 byte disponibili
287 --- E O F --- 2009-02-25 19:43:59