OK...
Fatto, ho trascianto il file su ComboFix, questo è il rapporto:
ComboFix 08-08-24.02 - Roby 2008-08-25 19.29.38.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1793 [GMT 2:00]
Eseguito da: C:\Users\Roby\Downloads\ComboFix.exe
Command switches used :: C:\QooBox\CFScript.txt
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\anqzkzmz
C:\ProgramData\anqzkzmz\kjolglab.exe
C:\ProgramData\ComSh
C:\ProgramData\ComSh\ajyhyhsz.exe
C:\ProgramData\wininfomsg
C:\Users\All Users\anqzkzmz\kjolglab.exe
C:\Users\All Users\ComSh\ajyhyhsz.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-07-25 al 2008-08-25 )))))))))))))))))))))))))))))))))))
.
2008-08-25 17:57 . 2008-08-25 19:25 <DIR> d-------- C:\Users\All Users\SysStrMsg
2008-08-25 17:57 . 2008-08-25 17:57 <DIR> d-------- C:\Users\All Users\ComDb
2008-08-25 17:57 . 2008-08-25 19:25 <DIR> d-------- C:\ProgramData\SysStrMsg
2008-08-25 17:57 . 2008-08-25 17:57 <DIR> d-------- C:\ProgramData\ComDb
2008-08-25 11:58 . 2008-08-25 17:42 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-25 11:58 . 2008-08-25 17:42 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-25 11:58 . 2008-08-25 12:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\Users\All Users\DscMnt
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\Users\All Users\admmsg
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\ProgramData\DscMnt
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\ProgramData\admmsg
2008-08-24 20:34 . 2008-08-24 20:34 <DIR> d-------- C:\Program Files\CCleaner
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Users\Roby\AppData\Roaming\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 19:25 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-24 19:25 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-24 14:20 . 2008-08-25 17:24 <DIR> d-------- C:\Program Files\ESET
2008-08-24 14:11 . 2008-08-24 14:32 <DIR> d-a------ C:\Users\All Users\TEMP
2008-08-24 14:11 . 2008-08-24 14:32 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-24 12:05 . 2008-08-24 12:06 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-24 12:05 . 2008-08-24 12:06 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-23 14:45 . 2008-08-25 19:25 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-23 14:22 . 2008-08-23 14:22 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-08-23 14:21 . 2008-08-25 13:48 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\Users\All Users\avg8
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\ProgramData\avg8
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\Program Files\AVG
2008-08-23 14:21 . 2008-08-23 14:21 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-08-22 13:01 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-22 13:01 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-22 13:01 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-22 13:01 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-22 13:01 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-22 13:01 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-22 13:01 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-22 13:01 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-22 13:01 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-13 20:09 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 20:04 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 20:04 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-13 20:03 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 20:03 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 20:03 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-01 12:09 . 2008-08-01 12:09 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Users\Roby\AppData\Roaming\DataCast
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Program Files\Samsung
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Program Files\MarkAny
2008-07-31 17:14 . 2008-08-23 19:14 <DIR> d-------- C:\Program Files\Starcraft
2008-07-25 21:33 . 2008-07-25 21:33 <DIR> d-------- C:\Windows\System32\tdk-screensaver-a03 dir
2008-07-25 21:33 . 2008-07-25 21:33 201,728 --a------ C:\Windows\System32\tdk-screensaver-a03.scr
2008-07-25 21:32 . 2008-07-25 21:32 <DIR> d-------- C:\Windows\System32\tdkScreensaver dir
2008-07-25 21:32 . 2008-07-25 21:32 201,728 --a------ C:\Windows\System32\tdkScreensaver.scr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 15:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 20:39 --------- d-----w C:\Program Files\THQ
2008-08-22 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 17:08 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-22 17:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-22 17:04 --------- d-----w C:\Program Files\Microsoft Works
2008-08-22 16:57 --------- d-----w C:\ProgramData\eMule
2008-08-19 08:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-14 09:44 --------- d-----w C:\Users\Roby\AppData\Roaming\LimeWire
2008-08-13 18:11 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 15:47 --------- d-----w C:\Program Files\Warcraft III
2008-07-22 17:58 --------- d-----w C:\Program Files\DivX
2008-07-21 07:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-18 18:38 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-11 12:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-06-01 19:43 2,829 ----a-w C:\Windows\War3Unin.pif
2008-06-01 19:43 139,264 ----a-w C:\Windows\War3Unin.exe
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-04-17 15:35 174 --sha-w C:\Program Files\desktop.ini
2007-11-20 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-20 13:25 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-20 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-08-25_14.41.06.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-24 18:38:12 860,080 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-25 15:23:29 860,080 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-08-25 07:04:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-25 15:24:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-25 07:04:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-25 15:24:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-25 07:05:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-25 15:26:30 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-25 07:06:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-25 15:28:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-25 15:28:53 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-25 12:24:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-25 15:33:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-25 12:24:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-25 15:33:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-25 12:24:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-25 15:33:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-25 07:06:03 7,122 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3930960926-3077408177-1412927889-1001_UserData.bin
+ 2008-08-25 15:26:20 7,464 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3930960926-3077408177-1412927889-1001_UserData.bin
- 2008-08-25 07:06:03 61,194 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-25 15:26:20 61,536 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-25 07:06:02 41,984 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-25 15:26:19 43,760 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 13:40 1783400]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 19:57 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 19:57 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 19:57 88608]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 17:19 132624]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-23 14:21 1232152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CBCBEF4E-D83C-40F9-BAC4-4E0AF20765CE}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{CC0B2816-BDB4-4734-B50B-4C4A687B04F8}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{362A35EB-F954-4B64-AD2C-8174BEB44C19}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5AA7D646-4ACC-477B-B770-E8FA4E0C7624}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{FA1A071D-29A5-4BC3-AC26-C4B8EBF6CFC6}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{C7556F01-EA18-4732-A7A5-30AAF6274D7A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5F631893-1EE6-4F23-9358-91314473724F}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{6EF99F4D-C8C9-477A-85A0-78B735433EF6}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{CCF7794F-2732-4964-9C9D-82D51A763E45}"= UDP:C:\Users\Roby\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{D772A8C6-B37B-4865-852C-5D3EC31FD04A}"= TCP:C:\Users\Roby\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{13D92EDA-8250-49EF-8392-417185772C31}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{46B2F534-9D18-4D8A-B03D-DFF31DDD449A}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{AF9AE7D2-F79F-4CF2-AA21-706497A68A38}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{03DCA60E-5742-4C83-A346-032BB9B6D416}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{218356BE-08FD-47BF-8B5E-337AAC0125E4}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{2B576221-D16C-4299-B947-A2D0B62F3580}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{54F50414-B270-40E0-AADA-2EDA72422BF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{EDE31453-2E0C-49B6-8133-9C01A16A0AE6}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{9E2174C1-EC67-416C-B57E-74BDFBBE0498}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DC4070CC-7F0C-481E-934C-14FDB0004331}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{AC28FA20-1CD1-471B-AE82-E894549EB722}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{6AEFB000-CC3C-48F5-BE6C-A65EA4901A5B}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{A64FB259-41E6-4130-B2C7-843C94693C04}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{6F53A293-FD00-4326-AA7A-5423FA9E8256}C:\\program files\\thq\\dawn of war - soulstorm demo\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm demo\soulstorm.exe:Soulstorm
"UDP Query User{7793BED4-8A2F-4CD0-90F4-CE4CFD121994}C:\\program files\\thq\\dawn of war - soulstorm demo\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm demo\soulstorm.exe:Soulstorm
"{C58FDCE5-7C30-4AA3-977C-5CD17814FF65}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{A69BE9AA-0636-4B6A-AC36-774973DF1BF5}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"TCP Query User{E1808766-DFCB-4C7E-9489-285CB2F48696}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B797C6B4-03EA-4442-A7E6-9B1F245EB1A1}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{74DF18AD-B578-4BFD-8954-C55588CA557C}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{ACC56A1A-DBAE-4B5D-9EFB-7FBAF53BCF4E}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{F1CD67B4-07ED-49BB-8C29-DB2E4F8048CC}C:\\users\\roby\\desktop\\zerg_reveal_final_englishus_xvid.avi-downloader.exe"= UDP:C:\users\roby\desktop\zerg_reveal_final_englishus_xvid.avi-downloader.exe:zerg_reveal_final_englishus_xvid.avi-downloader.exe
"UDP Query User{EA4FE1D6-557B-4D5A-8E16-2C8A1DF9BB07}C:\\users\\roby\\desktop\\zerg_reveal_final_englishus_xvid.avi-downloader.exe"= TCP:C:\users\roby\desktop\zerg_reveal_final_englishus_xvid.avi-downloader.exe:zerg_reveal_final_englishus_xvid.avi-downloader.exe
"{935CEABA-32C2-4030-A024-EEDEFEBC30B7}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{0545B7FF-2348-4007-B1AF-5A0EB89AA42D}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{B4C41D7C-7328-41AE-A0F0-DA2C9F9602A6}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-23 14:21]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-23 14:21]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 10:32]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-08-31 14:54]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 09:13]
S3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [2007-11-19 16:08]
S3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [2007-11-19 16:08]
S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [2007-11-19 16:08]
.
Contenuto della cartella 'Scheduled Tasks'
2008-08-25 C:\Windows\Tasks\User_Feed_Synchronization-{A85B6C8C-972C-49F7-A517-B1D04EB9464C}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2007-11-20 C:\Windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-25 19:31:01
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-08-25 19:32:06
ComboFix-quarantined-files.txt 2008-08-25 17:32:03
ComboFix2.txt 2008-08-25 15:37:27
ComboFix3.txt 2008-08-25 13:14:37
ComboFix4.txt 2008-08-25 12:41:58
Pre-Run: 320,372,641,792 byte disponibili
Post-Run: 320,342,433,792 byte disponibili
260 --- E O F --- 2008-08-21 13:12:35