ComboFix 11-02-20.02 - User 21/02/2011 15:19:02.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.1919.1077 [GMT 1:00]
Eseguito da: d:\utilità\Download\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files (x86)\OfferBox
c:\program files (x86)\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\users\User\AppData\Roaming\OfferBox
c:\users\User\AppData\Roaming\OfferBox\config.dat
c:\users\User\AppData\Roaming\OfferBox\config.xml
c:\windows\system32\log.html
c:\windows\SysWow64\log.html
.
((((((((((((((((((((((((( Files Creati Da 2011-01-21 al 2011-02-21 )))))))))))))))))))))))))))))))))))
.
2011-02-20 22:20 . 2011-02-20 22:20 -------- d-----w- c:\users\User\AppData\Roaming\Fuzzy Bug Interactive
2011-02-20 22:01 . 2011-02-20 22:10 -------- d-----w- c:\program files (x86)\Relics of Fate - A Penny Macey Mystery
2011-02-19 15:44 . 2011-02-19 15:44 -------- d-----w- c:\programdata\BitDefender
2011-02-19 15:44 . 2011-02-19 15:44 -------- d-----w- c:\program files\Common Files\BitDefender
2011-02-19 15:44 . 2011-02-19 16:04 932369 ----a-w- c:\programdata\bdinstall.bin
2011-02-19 15:38 . 2011-02-19 15:38 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan
2011-02-17 15:24 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D70F461-6A3E-4BFF-B9B6-ED29E0FAFDEA}\mpengine.dll
2011-02-16 21:30 . 2011-02-16 21:30 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-02-16 21:30 . 2011-02-16 21:30 -------- d-----w- c:\programdata\Malwarebytes
2011-02-16 21:30 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-16 21:30 . 2011-02-18 22:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-16 21:30 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-16 16:36 . 2011-02-16 16:36 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-16 16:36 . 2011-02-16 16:36 -------- d-----w- c:\program files (x86)\Trend Micro
2011-02-16 15:32 . 2011-02-16 15:32 -------- d-----w- c:\programdata\Avira
2011-02-16 15:32 . 2007-09-07 11:05 62016 ----a-w- c:\windows\SysWow64\drivers\avipbb.sys
2011-02-14 22:10 . 2011-02-14 22:10 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-02-14 21:50 . 2011-02-14 21:50 -------- d-----w- c:\users\AppData
2011-02-14 21:31 . 2011-02-14 21:31 -------- d-----w- c:\users\User\AppData\Roaming\blg
2011-02-14 21:31 . 2011-02-14 21:31 -------- d-----w- c:\programdata\blg
2011-02-14 14:41 . 2011-02-14 14:41 -------- d-----w- c:\program files (x86)\FreeApps
2011-02-14 14:41 . 2011-02-14 14:41 -------- d-----w- c:\programdata\FreeApp
2011-02-14 14:41 . 2010-12-13 16:03 31112 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-02-14 14:41 . 2010-11-26 17:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-02-14 14:41 . 2011-02-14 14:41 -------- d-----w- c:\programdata\IObit
2011-02-14 14:40 . 2011-02-14 15:52 -------- d-----w- c:\users\User\AppData\Roaming\IObit
2011-02-14 14:40 . 2011-02-14 14:41 -------- d-----w- c:\program files (x86)\IObit
2011-02-12 21:15 . 2011-02-12 21:15 -------- d-----w- c:\programdata\Alawar Stargaze
2011-02-12 20:52 . 2011-02-12 20:52 -------- d-----w- c:\users\User\AppData\Roaming\Artifex Mundi
2011-02-10 21:09 . 2011-02-10 21:09 -------- d-----w- c:\programdata\GameHouse
2011-02-10 21:05 . 2011-02-10 21:05 -------- d-----w- c:\users\User\AppData\Roaming\Flood Light Games
2011-02-10 21:05 . 2011-02-10 21:05 -------- d-----w- c:\programdata\Flood Light Games
2011-02-10 20:24 . 2011-02-10 20:24 -------- d-----w- c:\users\User\AppData\Roaming\YoudaGames
2011-02-10 20:06 . 2011-02-10 20:06 -------- d-----w- c:\users\User\AppData\Roaming\SevenSails
2011-02-10 16:16 . 2011-02-10 16:16 -------- d-----w- c:\users\User\AppData\Roaming\Ph03nixNewMedia
2011-02-10 16:14 . 2011-02-10 16:14 -------- d-----w- c:\programdata\HiddenSecretsNightmare
2011-02-07 21:04 . 2011-02-07 21:04 -------- d-----w- c:\users\User\AppData\Roaming\Frogwares
2011-02-07 16:16 . 2011-02-07 16:16 -------- d-----w- c:\windows\Treasure Seekers Visions of Gold
2011-02-07 16:08 . 2011-02-07 16:08 -------- d-----w- c:\users\User\AppData\Roaming\SunRay Games
2011-02-07 16:07 . 2011-02-07 16:07 -------- d-----w- c:\windows\Mystic Diary - Lost Brother
2011-02-06 20:20 . 2011-02-06 20:20 -------- d-----w- c:\users\User\AppData\Roaming\EleFun Games
2011-02-06 16:48 . 2011-02-06 16:48 -------- d-----w- c:\users\User\AppData\Roaming\Elephant Games
2011-02-06 16:48 . 2011-02-06 16:48 -------- d-----w- c:\programdata\Elephant Games
2011-02-06 16:42 . 2011-02-06 16:42 -------- d-----w- c:\users\User\AppData\Roaming\GameMill Entertainment
2011-02-06 16:34 . 2011-02-06 16:34 -------- d-----w- c:\programdata\Fugazo
2011-02-05 21:55 . 2011-02-05 21:55 -------- d-----w- c:\users\User\AppData\Roaming\ERS G-Studio
2011-02-05 21:54 . 2011-02-05 21:54 -------- d-----w- c:\windows\PuppetShow - Mystery of Joyville
2011-02-04 22:19 . 2011-02-04 22:19 -------- d-----w- c:\users\User\AppData\Roaming\Friday's games
2011-02-02 21:31 . 2011-02-02 21:31 -------- d-----w- c:\users\User\AppData\Roaming\GameInvest
2011-02-02 21:31 . 2011-02-02 21:31 -------- d-----w- c:\programdata\Trymedia
2011-02-02 21:28 . 2011-02-02 21:28 -------- d-----w- c:\windows\Dream Mysteries - Case of the Red Fox
2011-02-02 17:10 . 2011-02-02 17:13 -------- d-----w- c:\users\User\AppData\Local\Halite
2011-01-30 20:18 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-27 21:09 . 2011-01-27 21:09 -------- d-----w- c:\users\User\AppData\Roaming\Namco
2011-01-27 21:09 . 2011-01-27 21:09 -------- d-----w- c:\programdata\Namco
2011-01-27 21:08 . 2011-01-27 21:08 -------- d-----w- c:\windows\The Stroke of Midnight and Guide
2011-01-24 22:15 . 2011-01-24 22:15 -------- d-----w- c:\program files (x86)\bfgclient
2011-01-24 22:01 . 2011-02-07 15:18 -------- d-----w- C:\BigFishGamesCache
2011-01-23 20:32 . 2011-02-07 16:17 -------- d-----w- c:\users\User\AppData\Roaming\Artogon
2011-01-23 20:23 . 2011-01-23 20:23 -------- d-----w- c:\windows\Treasure Seekers - The Time Has Come CE [Updated]
2011-01-22 14:56 . 2011-01-22 14:56 -------- d-----w- c:\programdata\TikisLab
2011-01-22 14:55 . 2011-01-22 14:55 -------- d-----w- c:\windows\Spirit Seasons
2011-01-22 14:24 . 2011-01-22 14:24 -------- d-----w- c:\users\User\AppData\Roaming\2monkeys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2010-01-05 11:06 270720 ------w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-31 5106808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
R2 AntiVirUpgradeService;Avira Upgrade Service;c:\windows\TEMP\AVSETUP_4d5bf8de\avupgsvc.exe [x]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 136176]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-07 834544]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-01-09 1477728]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-09 2480048]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-01-09 251488]
.
Contenuto della cartella 'Scheduled Tasks'
2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 13:07]
2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 13:07]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-10-31 361568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
hxxp://yahoo.it/IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h4233z7m.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.itFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: DevalVR 3D plugin:
npdevalvr@devalvr.com - %profile%\extensions\npdevalvr@devalvr.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
URLSearchHooks-{3a750e59-9048-456b-a7f9-4d22dcb583f3} - (no file)
BHO-{D496B221-52BB-4DA7-B5E7-4442022F207D} - (no file)
Toolbar-{648ADDE1-369B-4868-A419-0B67EBFD8F73} - (no file)
Wow6432Node-HKLM-Run-avgnt - c:\program files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
AddRemove-AntiVir PersonalEdition Classic - c:\program files (x86)\Avira\AntiVir PersonalEdition Classic\setup.exe
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Ora fine scansione: 2011-02-21 15:26:42 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-02-21 14:26
Pre-Run: 21.513.158.656 byte disponibili
Post-Run: 25.091.223.552 byte disponibili
- - End Of File - - FC756A53B227D9CB2A64909C005A58CA