ComboFix 10-11-28.05 - user 29/11/2010 17:05:04.12.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3067.2312 [GMT 1:00]
Eseguito da: c:\users\user\Desktop\ppp.exe.exe
Opzioni usate :: c:\users\user\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((( Files Creati Da 2010-10-28 al 2010-11-29 )))))))))))))))))))))))))))))))))))
.
2010-11-29 16:10 . 2010-11-29 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-28 11:21 . 2010-08-16 06:14 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-28 11:21 . 2010-08-16 06:15 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-11-28 11:21 . 2010-08-16 06:14 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-11-28 11:21 . 2010-08-16 06:14 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-11-28 11:21 . 2010-08-16 06:14 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-28 11:20 . 2010-05-09 09:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-28 11:20 . 2010-05-09 09:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-28 11:20 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-11-28 11:19 . 2010-11-28 11:19 -------- d-----w- c:\program files\Feedback Tool
2010-11-28 10:53 . 2010-11-28 10:53 -------- d-----w- c:\program files\p-nand-q.com
2010-11-28 10:17 . 2010-11-28 10:17 -------- d-----w- c:\users\user\AppData\Local\SvchostViewer
2010-11-26 18:34 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9755FC23-CB8A-48FF-BBD1-1D3ACFBF5411}\mpengine.dll
2010-11-24 10:16 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-20 14:32 . 2010-11-20 14:32 -------- d-----w- c:\program files\Electronic Arts
2010-11-20 14:26 . 2010-11-20 14:26 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-11-20 14:25 . 2010-11-20 14:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-20 14:24 . 2010-11-20 14:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-11-13 07:53 . 2010-11-13 07:53 -------- d-----w- c:\users\user\AppData\Roaming\Avira
2010-11-13 07:48 . 2010-09-01 13:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 07:48 . 2010-09-01 13:30 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-13 07:48 . 2010-11-13 07:48 -------- d-----w- c:\program files\Avira
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-12 16:53 . 2010-11-12 16:55 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-11-12 16:51 . 2010-11-12 16:53 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-01 10:23 . 2010-11-22 15:46 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-30 18:30 . 2010-11-29 16:10 -------- d-----w- c:\users\user\AppData\Local\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 20:08 . 2010-07-26 15:26 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-28 10:06 . 2010-09-24 11:33 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-10-19 09:41 . 2010-04-02 08:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-24 15:58 . 2010-09-24 11:33 88 --sh--r- c:\programdata\649ADD1AA6.sys
2010-09-10 21:41 . 2010-09-10 21:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 21:40 . 2010-09-10 21:40 78504 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 21:40 . 2010-09-10 21:40 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 21:40 . 2010-09-10 21:40 236088 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 21:40 . 2010-09-10 21:40 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-08 04:30 . 2010-10-13 08:28 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 08:28 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 08:28 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 08:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-13 08:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 08:19 2327552 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-11-28_18.50.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-02 08:52 . 2010-11-29 12:39 48492 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2010-11-28 15:11 56130 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-11-29 15:51 56130 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-02 08:15 . 2010-11-29 15:51 18696 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-633374088-4001182803-702579871-1000_UserData.bin
- 2010-04-02 07:47 . 2010-11-28 17:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-02 07:47 . 2010-11-29 15:48 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-02 07:47 . 2010-11-29 15:48 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-02 07:47 . 2010-11-28 17:08 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-11-28 17:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-11-29 15:48 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 16:59 . 2010-11-29 15:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-02 16:59 . 2010-11-28 15:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-02 16:59 . 2010-11-28 15:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-02 16:59 . 2010-11-29 15:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-02 16:59 . 2010-11-28 15:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 16:59 . 2010-11-29 15:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-02 11:14 . 2010-11-28 15:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-02 11:14 . 2010-11-29 15:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-02 11:14 . 2010-11-28 15:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 11:14 . 2010-11-29 15:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-28 18:40 . 2010-11-28 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-11-29 12:37 . 2010-11-29 16:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-11-28 18:40 . 2010-11-28 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-11-29 12:37 . 2010-11-29 16:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-20 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-09-10 236088]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-09-01 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-09-01 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-09-01 403624]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-09-10 30112]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-04-25 95024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 k57nd60x;Gigabit Ethernet Broadcom NetXtreme - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
Contenuto della cartella 'Scheduled Tasks'
2010-11-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-10-03 20:55]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {BD13099B-9730-4B39-B747-8726F1F187B3} = 8.8.8.8,8.8.4.4
TCP: 0716E646F627F6 = 8.8.8.8,4.4.4.4
TCP: 4505D2C494E4B4F5346464438303 = 8.8.8.8,4.4.4.4
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.itFF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\user\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Kaspersky Anti-Banner:
KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Extension: Kaspersky URL Advisor:
linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2010-11-29 17:12:40
ComboFix-quarantined-files.txt 2010-11-29 16:12
ComboFix2.txt 2010-11-28 18:52
ComboFix3.txt 2010-11-20 19:42
ComboFix4.txt 2010-11-12 17:08
ComboFix5.txt 2010-11-29 15:42
Pre-Run: 156.262.641.664 byte disponibili
Post-Run: 156.011.773.952 byte disponibili
- - End Of File - - 0FE9D87B064524F4D4C3F027F5085C8B