ComboFix 10-10-26.02 - Francesco 02/11/2010 11.44.26.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2045.933 [GMT 1:00]
Eseguito da: c:\users\Francesco\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Francesco\AppData\Roaming\drivers\downld
c:\windows\system32\muzapp.exe
.
((((((((((((((((((((((((( Files Creati Da 2010-10-02 al 2010-11-02 )))))))))))))))))))))))))))))))))))
.
2010-11-02 10:47 . 2010-11-02 10:48 -------- d-----w- c:\users\Francesco\AppData\Local\temp
2010-11-02 10:47 . 2010-11-02 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-02 10:47 . 2010-11-02 10:47 -------- d-----w- c:\users\_ocster_backup_\AppData\Local\temp
2010-11-02 10:36 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0A85B08-BCA1-407C-AED2-F91350963EF2}\mpengine.dll
2010-11-02 10:05 . 2010-11-02 10:06 3887136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{27A6AC6C-0ED7-0E86-E66C-FF6682E2641F}-ComboFix.exe
2010-11-02 10:05 . 2010-11-02 10:06 3887136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{5847C5B4-781A-96C5-7642-3D7A02ED21FD}-ComboFix.exe
2010-11-02 07:57 . 2010-11-02 07:57 -------- d-----w- c:\users\Francesco\AppData\Roaming\Blumentals
2010-11-01 15:07 . 2010-11-01 15:07 -------- d-----w- c:\users\Francesco\AppData\Roaming\AllyNova
2010-11-01 15:06 . 2010-11-01 15:07 -------- d-----w- c:\program files\HTML Password Wizard
2010-11-01 15:00 . 2009-12-09 13:59 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-11-01 08:21 . 2010-11-01 08:21 -------- d-----w- c:\programdata\PC Tools
2010-10-31 08:29 . 2010-10-31 08:29 -------- d-----w- c:\program files\CA VMN Anti-Spyware
2010-10-31 08:29 . 2010-10-31 08:30 -------- d-----w- c:\programdata\EmailNotifier
2010-10-31 08:29 . 2010-10-31 08:30 -------- d-----w- c:\program files\vmntoolbar
2010-10-31 08:29 . 2010-10-31 08:29 -------- d-----w- c:\users\Francesco\AppData\Roaming\Dynamic
2010-10-31 08:29 . 2010-10-31 09:08 -------- d-----w- c:\users\Francesco\AppData\Roaming\Sites
2010-10-31 08:29 . 2010-10-31 08:33 -------- d-----w- c:\users\Francesco\AppData\Roaming\SiteClasses
2010-10-31 08:28 . 2010-10-31 08:28 -------- d-----w- c:\program files\Visicom Media
2010-10-28 07:55 . 2010-10-28 07:55 -------- d-----w- c:\users\Francesco\AppData\Roaming\Panda Security
2010-10-28 07:46 . 2010-10-28 07:46 -------- d-----w- c:\programdata\Panda Security
2010-10-28 07:46 . 2010-10-28 07:46 -------- d-----w- c:\program files\Panda Security
2010-10-27 07:37 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 07:37 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 07:37 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-25 08:10 . 2010-10-25 08:10 -------- d-----w- c:\program files\CSS Tab Designer 2
2010-10-22 14:25 . 2010-10-22 14:25 -------- d-----w- c:\users\Francesco\AppData\Local\Windows Live
2010-10-22 14:22 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-13 20:16 . 2010-10-29 07:40 -------- d-----w- c:\program files\Wondershare
2010-10-13 14:15 . 2009-12-09 14:06 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-10-13 14:14 . 2010-10-13 20:29 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-10-13 14:07 . 2010-10-13 15:01 -------- d-----w- c:\users\Francesco\AppData\Local\Innovative Solutions
2010-10-13 14:06 . 2010-10-13 14:06 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-10-13 14:06 . 2010-10-13 14:07 -------- d-----w- c:\programdata\Innovative Solutions
2010-10-13 14:06 . 2009-11-05 14:36 47984 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
2010-10-13 14:05 . 2010-10-31 08:39 -------- d-----w- c:\program files\Innovative Solutions
2010-10-13 08:22 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 08:22 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 08:22 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 08:22 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 08:20 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 08:20 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 08:20 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 08:20 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-12 21:13 . 2010-10-12 21:13 -------- d-----w- c:\programdata\MAGIX
2010-10-12 21:13 . 2010-10-12 21:13 -------- d-----w- c:\users\Francesco\AppData\Roaming\MAGIX
2010-10-12 21:13 . 2010-10-12 21:13 -------- d-----w- c:\users\Francesco\AppData\Local\Xara
2010-10-12 21:12 . 2010-10-12 21:14 -------- d-----w- c:\program files\Xara
2010-10-12 21:12 . 2010-10-12 21:12 -------- d-----w- c:\programdata\Xara
2010-10-12 20:46 . 2010-10-12 20:52 -------- d-----w- c:\program files\ShopFactory V8
2010-10-12 20:46 . 2010-10-12 20:46 -------- d-----w- c:\programdata\3D3
2010-10-12 10:27 . 2010-10-12 10:27 -------- d-----w- c:\program files\Xirrus
2010-10-12 10:14 . 2010-10-12 10:14 -------- d-----w- c:\program files\MiserWare
2010-10-12 07:42 . 2010-10-12 07:42 -------- d-----w- c:\users\Francesco\AppData\Roaming\AntiBrowserSpy 2009
2010-10-08 07:19 . 2010-10-08 07:19 -------- d-----w- c:\program files\Vectorian Inc
2010-10-07 07:14 . 2009-08-19 22:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-10-07 07:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-10-06 10:59 . 2010-10-06 10:59 -------- d-----w- c:\program files\Zip Password Recovery Magic
2010-10-06 09:12 . 2010-10-06 09:13 -------- d-----w- c:\program files\Vectorian Giotto
2010-10-06 09:08 . 2010-10-06 09:08 -------- d-----w- c:\users\Francesco\AppData\Local\Easy Website Pro
2010-10-06 09:06 . 2010-10-06 09:06 -------- d-----w- c:\program files\PhotonFX
2010-10-06 07:59 . 2010-10-12 19:54 -------- d-----w- c:\program files\Hide Your IP Address
2010-10-06 07:50 . 2010-11-02 06:45 -------- d-----w- c:\users\Francesco\AppData\Roaming\AVG
2010-10-06 06:51 . 2010-10-06 06:51 -------- d-----w- c:\program files\AVG
2010-10-04 13:03 . 2010-10-04 13:03 -------- d-----w- c:\program files\TorrentFetcher
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-11-21 15:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2009-11-26 12:17 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-24 07:31 . 2010-09-24 07:31 34276864 ----a-w- c:\windows\system32\imageres.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-15 03:50 . 2010-05-03 08:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-10-27 07:37 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 07:37 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 07:37 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 07:37 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-16 07:48 128000 ----a-w- c:\windows\system32\spoolsv.exe
2007-12-17 17:23 . 2010-03-17 14:11 1136640 ----a-w- c:\program files\Common Files\ewutils2.dll
2007-11-06 23:19 . 2010-09-02 06:38 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-06 23:19 . 2010-09-02 06:38 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-09-24 14:26 1966080 ----a-w- c:\progra~1\vmntoolbar\vmntoolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\progra~1\vmntoolbar\vmntoolbar.dll" [2007-09-24 1966080]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\progra~1\vmntoolbar\vmntoolbar.dll" [2007-09-24 1966080]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware Application"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"G DATA AntiVirus Trayapplication"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2010-01-06 951880]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2009-10-21 1124424]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
c:\users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-6 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceRV_McciTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpyWare2Guard
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo AntiSpyWare 2 Guard
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2006-12-11 16:27 530552 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 16:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-07 15:49 55416 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2006-12-14 18:09 493688 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-10 16:20 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-08-17 11:14 1549608 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2009-03-16 18:54 6158240 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Online Product Information]
2009-03-16 18:54 6158240 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO]
2010-08-27 11:14 1050072 ----a-w- c:\program files\Toshiba TEMPRO\TemproTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-26 07:43 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2010-05-20 22:39 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Google Update"="c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"EPSON S21 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE /FU "c:\windows\TEMP\E_S6DA1.tmp" /EF "HKCU"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NDSTray.exe"=NDSTray.exe
"DBHAgent"=c:\program files\Paragon Software\System Backup 9.5\program\dbhagent.exe
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-179793737-3557242359-2971821377-1000]
"EnableNotificationsRef"=dword:00000001
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 133104]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 8456]
R3 Paragon System Backup Service;Paragon System Backup Service;c:\program files\Paragon Software\System Backup 9.5\program\dbhservice.exe [2010-05-06 150096]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-02 94992]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-22 691696]
S0 84280882;84280882 Boot Guard Driver;c:\windows\system32\DRIVERS\84280882.sys [2009-10-22 37392]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-02-26 28616]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-06 40624]
S1 84280881;84280881;c:\windows\system32\DRIVERS\84280881.sys [2009-09-25 128016]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-02-19 127744]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2010-02-26 40904]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-02-27 29992]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 125960]
S1 setup_9.0.0.722_02.02.2010_11-10drv;setup_9.0.0.722_02.02.2010_11-10drv;c:\windows\system32\DRIVERS\8428088.sys [2009-10-09 311312]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-10-02 115856]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-10-02 41424]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2009-12-15 1054792]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2009-09-07 397896]
S2 AVKWCtl;G Data Guardiano del file system;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2009-11-25 1251488]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
S2 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe [2010-08-12 18200]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 99336]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 111176]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-08-27 124368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [2010-05-06 242000]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-05-20 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2009-11-25 1547104]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-02-26 55624]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2010-02-26 47560]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G DATA\GDScan\GDScan.exe [2009-11-26 302152]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-02-26 35272]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 NETw5v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-05 6000640]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-10-02 103568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efc7fc58-56bd-11df-9619-005056c00008}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 09:26]
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 09:26]
2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-179793737-3557242359-2971821377-1000Core.job
- c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-22 18:11]
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-179793737-3557242359-2971821377-1000UA.job
- c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-22 18:11]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/IE: Aggiungi a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Francesco\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017}
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\9vy4ccet.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://it.start3.mozilla.com/firefox?cl ... t:officialFF - prefs.js: keyword.URL -
hxxp://www.crawler.com/search/dispatche ... 60341&qkw=FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Francesco\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-11-02 11:48
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Ora fine scansione: 2010-11-02 11:54:01
ComboFix-quarantined-files.txt 2010-11-02 10:53
Pre-Run: 37.090.004.992 byte disponibili
Post-Run: 36.823.408.640 byte disponibili
- - End Of File - - 70EC709AEE68D4459BC3D13FC2968C2C