ComboFix 09-05-03.4 - Utente 04/05/2009 16.19.51.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.2046.1108 [GMT 2:00]
Eseguito da: c:\users\Utente\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-04-04 al 2009-05-04 )))))))))))))))))))))))))))))))))))
.
2009-05-01 13:13 . 2009-05-01 13:15 -------- d-----w c:\program files\EasyPHP 3.0
2009-05-01 10:14 . 2009-05-01 10:14 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-30 20:53 . 2009-04-30 20:53 -------- d-----w c:\programdata\Media Center Programs
2009-04-30 20:53 . 2009-04-30 20:53 -------- d-----w c:\users\All Users\Media Center Programs
2009-04-21 13:13 . 2009-04-21 13:13 -------- d-----w c:\users\Utente\Woopra
2009-04-16 14:17 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 14:17 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 14:17 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-14 12:17 . 2009-04-16 16:09 -------- d-----w c:\users\Utente\AppData\Local\Adobe
2009-04-14 12:12 . 2009-04-14 12:12 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-12 18:03 . 2009-04-12 18:03 -------- d-----w c:\programdata\is-QKOVQ
2009-04-12 18:03 . 2009-04-12 18:03 -------- d-----w c:\users\All Users\is-QKOVQ
2009-04-12 18:00 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\10947585.sys
2009-04-12 17:55 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\63692176.sys
2009-04-12 09:53 . 2009-04-12 11:25 -------- d-----w c:\program files\a-squared Free
2009-04-11 15:59 . 2009-04-11 15:59 -------- d-----w c:\program files\IObit
2009-04-10 09:19 . 2009-04-14 12:22 -------- d-----w c:\program files\Lavasoft
2009-04-10 09:19 . 2009-04-14 12:22 -------- d-----w c:\programdata\Lavasoft
2009-04-10 09:19 . 2009-04-14 12:22 -------- d-----w c:\users\All Users\Lavasoft
2009-04-09 14:54 . 2009-04-09 14:54 -------- d-----w c:\users\Utente\AppData\Roaming\live-player
2009-04-09 14:54 . 2009-04-14 06:46 89 ----a-w c:\users\Utente\AppData\Local\mqekm.bat
2009-04-09 11:03 . 2009-04-10 14:24 -------- d-----w c:\program files\MegaLink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 14:32 . 2009-02-26 15:03 259051552 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-04 14:28 . 2009-03-13 15:38 882 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-04 14:28 . 2009-03-24 14:05 1054 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-04 14:28 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-04 14:27 . 2009-02-26 15:03 3034964 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-04 14:26 . 2008-11-26 19:10 12 ----a-w c:\windows\bthservsdp.dat
2009-05-04 14:06 . 2008-10-29 15:42 89246 ----a-w c:\users\All Users\nvModes.dat
2009-05-04 14:06 . 2008-10-29 15:42 89246 ----a-w c:\programdata\nvModes.dat
2009-05-04 12:33 . 2009-03-18 18:20 860 ----a-w c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603610610-2782796317-2799079916-1000.job
2009-05-03 19:20 . 2006-11-06 01:52 662846 ----a-w c:\windows\system32\perfh010.dat
2009-05-03 19:20 . 2006-11-06 01:52 120326 ----a-w c:\windows\system32\perfc010.dat
2009-05-01 10:14 . 2008-09-02 13:40 -------- d-----w c:\program files\DivX
2009-05-01 09:19 . 2009-04-10 09:20 460 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-30 20:36 . 2008-09-09 12:02 -------- d-----w c:\program files\Ubisoft
2009-04-30 20:36 . 2007-07-20 10:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-29 11:53 . 2008-09-01 09:01 8268 ----a-w c:\users\Utente\AppData\Local\d3d9caps.dat
2009-04-23 16:41 . 2008-09-02 08:14 -------- d-----w c:\program files\Spyware Doctor
2009-04-19 12:46 . 2009-04-19 12:46 -------- d-----w c:\program files\EASEUS
2009-04-18 13:40 . 2008-09-04 09:06 -------- d-----w c:\program files\Ashampoo
2009-04-17 11:54 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 11:53 . 2008-09-04 08:27 -------- d-----w c:\program files\McAfee
2009-04-14 12:12 . 2007-07-20 11:35 -------- d-----w c:\program files\Java
2009-04-12 06:23 . 2008-10-31 15:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-07 14:49 . 2008-09-02 13:33 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-06 13:32 . 2008-10-31 15:06 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-10-31 15:06 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 11:52 . 2009-01-31 13:30 -------- d-----w c:\program files\FileZilla FTP Client
2009-04-04 11:34 . 2009-04-04 11:34 -------- d-----w c:\program files\PoivY.com
2009-04-04 11:31 . 2009-04-04 11:29 -------- d-----w c:\program files\AutoLyrix
2009-04-03 13:11 . 2007-07-20 11:18 -------- d-----w c:\program files\Google
2009-04-02 12:49 . 2009-04-02 12:49 -------- d-----w c:\program files\Unity
2009-03-25 19:24 . 2009-03-25 19:24 -------- d-----w c:\program files\SEGA
2009-03-25 17:54 . 2009-03-25 17:54 -------- d-----r c:\program files\Skype
2009-03-25 09:06 . 2008-09-04 08:27 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 09:06 . 2008-09-04 08:27 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 09:06 . 2008-09-04 08:27 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 09:06 . 2008-06-27 04:08 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 09:05 . 2008-09-04 08:26 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-22 10:41 . 2009-03-22 09:36 -------- d-----w c:\program files\Empire Total War
2009-03-21 22:13 . 2009-03-21 14:06 -------- d-----w c:\program files\Common Files\Steam
2009-03-17 03:38 . 2009-04-16 14:16 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 14:16 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 14:16 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-11 14:17 . 2009-02-02 18:15 -------- d-----w c:\program files\Opera
2009-03-09 12:53 . 2008-09-01 09:10 88280 ----a-w c:\users\Utente\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-03 04:46 . 2009-04-16 14:16 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 14:16 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 14:16 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 14:16 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 14:16 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 14:16 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 14:16 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 14:16 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 14:16 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-16 14:16 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-16 14:16 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 14:16 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 14:16 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 14:16 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 14:16 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 13:37 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 19:01 . 2009-02-06 19:01 308088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 17:08 . 2009-02-22 15:15 55280 ----a-w c:\windows\system32\drivers\fssfltr.sys
2008-09-06 12:33 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\opera\program\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-18 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"PoivY"="c:\program files\PoivY.com\PoivY\PoivY.exe" [2008-09-26 9102112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-14 148888]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^Users^Utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AutoLyrix.lnk]
path=c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoLyrix.lnk
backup=c:\windows\pss\AutoLyrix.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9BA697B1-915C-4D61-A4FD-4A685A2B695F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{45E9392E-1E22-424B-A50C-E49D9433C510}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{AF8CF5BE-8FC3-47B4-A050-F0A54D8DE1D1}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{8DECF182-E4F8-4A7F-91A5-872FFFE6A6C4}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{CB53E6C5-95DE-4EBE-81C7-D8022B21E053}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{018A8A45-657B-43C2-BD0F-AA78AB1ED596}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{ADDDF97D-1BB8-43AA-9A19-08C2C1AF7DD5}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{CB8CF604-16C7-47BC-A3B7-794083351E29}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{5A349D5F-7813-49B5-BBB9-F0F23A6E31D5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{64CBA301-5FDA-4850-A29F-ED26F4FF4964}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BAFB88BA-5BFB-49BD-AE71-793AB59CC9D1}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{66B929BD-8124-44E9-8A5C-3E3752952FA0}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{A24CF1F3-9446-4041-88D0-5E8F23690881}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{D3863EFA-D539-4E33-A727-22399C01D96E}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{23412EA0-E5CC-492B-8B7E-C501076F464A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{6A423948-CFF2-412C-A96F-10ED6F17EB81}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{EA44934B-1F47-4CC3-9FE1-FCBDCF3E0C50}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{813C92B2-705B-4000-868A-32CF2EB9F219}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6D872ACC-E90F-4DA4-A7CE-CD9466A03960}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{125AEC90-117F-462D-8545-D70D55144697}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{538E6507-533C-4E01-ACCD-B086623C956F}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{470D2922-CA8C-4095-A3F2-CE01712C155C}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{0EC91057-2450-440A-BD2B-95A2FCB4CA3E}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\xchat\\xchat.exe"= c:\program files\xchat\xchat.exe:*:Enabled:XChat IRC Client
R0 Lbd;Lbd; [x]
R2 gupdate1c9a3f1bdcd0f3e;Servizio di Google Update (gupdate1c9a3f1bdcd0f3e);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-11-25 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-11-25 3072]
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S1 is-8LH1Gdrv;is-8LH1Gdrv;c:\windows\system32\DRIVERS\63692176.sys [2008-07-08 148496]
S1 is-PDJFDdrv;is-PDJFDdrv;c:\windows\system32\DRIVERS\10947585.sys [2008-07-08 148496]
S2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-02 482176]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
.
Contenuto della cartella 'Scheduled Tasks'
2009-05-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-02 14:05]
2009-05-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 15:37]
2009-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603610610-2782796317-2799079916-1000.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-18 18:20]
2008-09-04 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-25 09:53]
2008-09-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-25 09:53]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-Woopra - c:\program files\Woopra\Woopra.exe
.
------- Scansione supplementare -------
.
uStart Page =
www.google.it/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopFF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\danhltyj.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Utente\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-04 16:32
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-603610610-2782796317-2799079916-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,64,30,fe,f1,06,01,11,21,97,24,99,60,47,25,c2,5b,7f,56,3f,a4,
6c,22,25,93,2c,4f,56,13,31,1c,e2,9d,df,6d,13,63,87,68,e4,41,2d,02,ad,7c,e1,\
"rkeysecu"=hex:7d,9a,36,f9,97,f7,5a,18,dd,82,e4,3e,61,55,92,01
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'lsass.exe'(704)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(4792)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\windows\System32\rundll32.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-04 16.37.46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-05-04 14:37
Pre-Run: 22.093.041.664 byte disponibili
Post-Run: 21.869.854.720 byte disponibili
308 --- E O F --- 2009-05-04 14:15