Questo è il nuovo report.
ComboFix 08-08-14.02 - Marco Manni 2008-08-15 9:32:58.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.2117 [GMT 2:00]
Eseguito da: C:\Users\Marco Manni\Documents\ComboFix.exe
Command switches used :: C:\Users\Marco Manni\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino
FILE ::
C:\Users\MARCOM~1\AppData\Local\Temp\xmlB36.tmp
F:\autorun.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-07-15 al 2008-08-15 )))))))))))))))))))))))))))))))))))
.
2008-08-14 12:53 . 2008-08-14 12:53 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-14 12:39 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-08-14 12:26 . 2008-08-14 12:26 <DIR> d-------- C:\PerfLogs
2008-08-14 11:25 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-08-14 11:25 . 2008-01-19 09:33 2,091,520 --a------ C:\Windows\System32\dfsr.exe
2008-08-14 11:25 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-08-14 11:25 . 2008-01-19 09:36 1,107,968 --a------ C:\Windows\System32\pidgenx.dll
2008-08-14 11:25 . 2008-01-19 09:29 705,536 --a------ C:\Windows\System32\imagesp1.dll
2008-08-14 11:25 . 2008-01-19 06:10 681,984 --a------ C:\Windows\System32\drivers\spsys.sys
2008-08-14 11:25 . 2008-01-19 09:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
2008-08-14 11:23 . 2008-01-19 09:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-08-14 11:22 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-08-14 11:21 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-08-14 11:20 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-08-14 11:20 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-08-14 11:20 . 2008-01-05 13:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-08-14 11:20 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-08-14 11:19 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-08-14 11:18 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-08-14 11:18 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-08-14 11:18 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-08-14 11:18 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-08-14 11:15 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-08-14 11:15 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-08-14 11:15 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-08-14 11:15 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-08-14 10:17 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-07 07:56 . 2008-08-08 22:17 <DIR> d-------- C:\Pokemon
2008-08-04 00:54 . 2008-08-04 00:54 <DIR> d-------- C:\Program Files\1st IEAssistant
2008-08-04 00:39 . 2008-08-04 00:41 <DIR> d-------- C:\Users\Marco Manni\.housecall6.6
2008-08-04 00:22 . 2008-08-04 00:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-03 22:06 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-07-29 18:46 . 2008-07-29 20:48 <DIR> d-------- C:\6ffd05d5c28f81d7ba142c0570342cf5
2008-07-29 15:42 . 2008-07-29 15:42 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-29 08:28 . 2008-07-29 08:28 <DIR> d-------- C:\Users\All Users\Glamour Strip Poker
2008-07-29 08:28 . 2008-07-29 08:28 <DIR> d-------- C:\ProgramData\Glamour Strip Poker
2008-07-29 07:13 . 2008-07-29 07:13 <DIR> d-------- C:\Program Files\Tetris
2008-07-28 18:56 . 2008-07-28 18:59 <DIR> d-------- C:\Users\All Users\Avg8
2008-07-28 18:56 . 2008-07-28 18:59 <DIR> d-------- C:\ProgramData\Avg8
2008-07-28 18:42 . 2008-07-28 18:42 <DIR> d-------- C:\Program Files\AVG
2008-07-28 18:42 . 2008-07-28 18:42 10,520 --a------ C:\Windows\System32\avgrsstx.dll.old
2008-07-28 11:08 . 2008-07-28 11:08 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-28 10:59 . 2008-07-28 18:05 <DIR> d-------- C:\Avast
2008-07-28 10:04 . 2008-07-28 10:38 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-28 10:04 . 2008-07-28 10:38 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-28 10:02 . 2008-07-28 10:39 <DIR> d-------- C:\lavasoft
2008-07-25 21:10 . 2008-07-28 21:59 <DIR> d-------- C:\Downloads
2008-07-25 18:14 . 2008-07-25 20:33 <DIR> d-------- C:\Program Files\Pro Evolution Soccer 2008
2008-07-25 09:52 . 2008-07-28 22:05 <DIR> d-------- C:\megaupload Download
2008-07-23 09:21 . 2008-07-24 10:01 <DIR> d-------- C:\aa24f22a0a079090f7e76f
2008-07-23 08:57 . 2008-07-23 08:59 28 --a------ C:\Windows\ODBC.INI
2008-07-23 08:45 . 2006-10-26 19:58 30,512 --a------ C:\Windows\System32\mdimon.dll
2008-07-23 08:44 . 2008-07-23 08:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-23 08:41 . 2008-07-23 08:41 <DIR> dr-h----- C:\MSOCache
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-23 08:37 . 2008-07-23 08:37 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-07-23 08:37 . 2008-07-23 08:37 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-07-23 07:55 . 2008-08-03 22:01 81,984 --a------ C:\Windows\System32\bdod.bin
2008-07-23 07:48 . 2008-08-03 22:02 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-07-22 17:19 . 2008-04-15 17:43 27,683,672 --a------ C:\bitdefender_free_v10.exe
2008-07-22 17:09 . 2008-07-22 19:24 <DIR> d-------- C:\OFFICE_07_DVD (E)
2008-07-22 16:40 . 2008-07-22 16:40 14,848 --a------ C:\Slide Card.doc
2008-07-19 15:36 . 2008-07-19 15:36 <DIR> d-------- C:\Program Files\Sierra Entertainment
2008-07-19 15:32 . 2008-07-19 15:32 <DIR> d-------- C:\Users\Marco Manni\AppData\Roaming\InstallShield
2008-07-19 00:28 . 2008-07-19 00:28 237 --a------ C:\Windows\RomeTW.ini
2008-07-19 00:20 . 2008-07-19 00:20 <DIR> d-------- C:\Program Files\Activision
2008-07-18 10:14 . 2008-07-20 11:54 <DIR> d-------- C:\Empire.Earth.III.CLONEDVD-AVENGED
2008-07-18 10:12 . 2008-07-20 10:21 <DIR> d-------- C:\[games] Rome - Total War [ITA]
2008-07-17 17:04 . 2008-07-17 17:04 <DIR> d-------- C:\Users\Marco Manni\AppData\Roaming\Sierra Entertainment
2008-07-17 16:15 . 2008-07-17 16:15 <DIR> dr-h----- C:\Users\Marco Manni\AppData\Roaming\SecuROM
2008-07-17 16:09 . 2008-07-17 16:09 <DIR> d-------- C:\Windows\System32\AGEIA
2008-07-17 16:09 . 2008-08-14 10:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 16:09 . 2008-07-17 16:09 <DIR> d-------- C:\Program Files\AGEIA Technologies
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 07:32 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\DNA
2008-08-14 10:35 174 --sha-w C:\Program Files\desktop.ini
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Journal
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Defender
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Calendar
2008-08-14 10:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-14 10:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-08-14 08:38 --------- d---a-w C:\ProgramData\TEMP
2008-08-14 08:19 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-08 17:52 78,369 ----a-w C:\Users\Marco Manni\AppData\Roaming\nvModes.dat
2008-07-29 15:34 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\BitTorrent
2008-07-25 05:12 --------- d-----w C:\Program Files\Java
2008-07-24 14:26 --------- d-----w C:\ProgramData\CyberLink
2008-07-24 08:01 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\DAEMON Tools
2008-07-23 07:39 --------- d-----w C:\ProgramData\NVIDIA
2008-07-23 06:44 --------- d-----w C:\Program Files\Microsoft Works
2008-07-23 05:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-23 05:43 --------- d-----w C:\ProgramData\Symantec
2008-07-19 13:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 17:05 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\CyberLink
2008-07-13 22:45 --------- d-----w C:\Program Files\Yahoo!
2008-07-13 14:57 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\Eltima Software
2008-07-13 14:52 --------- d-----w C:\Program Files\HeroesOfAE
2008-07-12 13:36 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\WildTangent
2008-07-12 13:36 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\PlayFirst
2008-07-12 13:36 --------- d-----w C:\ProgramData\WildTangent
2008-07-06 10:47 --------- d-----w C:\Program Files\7-Zip
2008-07-05 16:42 --------- d-----w C:\Program Files\Free Video Converter
2008-07-05 16:22 --------- d-----w C:\Program Files\AVS4YOU
2008-07-05 16:15 --------- d-----w C:\Program Files\XviD
2008-07-05 16:15 --------- d-----w C:\Program Files\A-Z
2008-07-05 15:58 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-07-05 15:56 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\AVS4YOU
2008-07-05 15:56 --------- d-----w C:\ProgramData\AVS4YOU
2008-07-05 15:52 --------- d-----w C:\Program Files\MP4 to MP3 Converter
2008-07-05 15:47 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\Download Manager
2008-07-05 15:41 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\zweitgeist
2008-07-04 00:02 --------- d-----w C:\Program Files\AC3Filter
2008-06-30 21:09 --------- d-----w C:\Program Files\Real
2008-06-30 21:09 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-30 21:09 --------- d-----w C:\Program Files\Common Files\Real
2008-06-29 09:49 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\Megaupload
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-17 10:23 --------- d-----w C:\Program Files\GPLGS
2008-06-17 10:19 --------- d-----w C:\Program Files\Acro Software
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-24 21:43 988,216 ----a-w C:\Windows\System32\winload.exe
2008-05-24 21:43 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-05-24 21:43 615,992 ----a-w C:\Windows\System32\ci.dll
2008-05-24 21:43 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-24 21:43 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-05-24 21:43 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-24 21:43 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-05-24 21:43 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-05-24 21:43 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-24 21:43 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-24 21:42 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-05-24 21:41 295,936 ----a-w C:\Windows\System32\gdi32.dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-14_13.39.48.91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-14 11:31:06 19,312 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-14 23:04:07 19,712 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-15 07:21:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-15 07:21:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-14 11:32:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-15 07:23:14 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-15 07:23:14 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-14 11:32:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-15 07:23:09 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-15 07:23:09 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-14 11:34:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-15 07:29:05 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-14 11:34:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-15 07:29:05 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-14 11:34:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-15 07:29:05 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-14 11:27:17 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-15 07:32:46 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-15 07:32:46 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-08-14 11:04:22 101,250 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-15 07:26:57 101,250 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-14 11:04:22 120,326 ----a-w C:\Windows\System32\perfc010.dat
+ 2008-08-15 07:26:57 120,326 ----a-w C:\Windows\System32\perfc010.dat
- 2008-08-14 11:04:22 587,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-15 07:26:57 587,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-14 11:04:22 662,846 ----a-w C:\Windows\System32\perfh010.dat
+ 2008-08-15 07:26:57 662,846 ----a-w C:\Windows\System32\perfh010.dat
- 2008-08-14 11:34:28 11,518 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-541633127-1332290719-2124996763-1000_UserData.bin
+ 2008-08-15 07:23:36 11,950 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-541633127-1332290719-2124996763-1000_UserData.bin
- 2008-08-14 11:34:28 81,908 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-15 07:23:36 82,728 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-14 11:34:20 52,714 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-15 07:23:35 52,906 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-14 16:53:47 67,018 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 17:10 1783136]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"BitTorrent DNA"="C:\Users\Marco Manni\Program Files\DNA\btdna.exe" [2008-06-13 09:02 289088]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 14:20 490952]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 10:29 102400]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 15:34 634880]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 08:02 174616]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 19:34 181544]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 23:13 218408]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 09:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 16:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-30 23:09 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 22:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 22:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 22:05 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 02:05 1045800]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 15:27 4702208 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C66DE1F0-5480-4585-AF68-C3F8C4CADAEA}C:\\users\\marco manni\\program files\\dna\\btdna.exe"= UDP:C:\users\marco manni\program files\dna\btdna.exe:btdna.exe
"UDP Query User{369DCB35-F3A8-418E-AC68-5993A4816D65}C:\\users\\marco manni\\program files\\dna\\btdna.exe"= TCP:C:\users\marco manni\program files\dna\btdna.exe:btdna.exe
"TCP Query User{56EBAC93-DFF9-4BBC-B26C-FF6DCA17C7C7}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{56337971-6F4B-470A-8719-99919C74F2E3}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{16570AA8-5116-46FC-BA6C-C64CA4D374B2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3EE1B1ED-658A-4442-AD13-89B36B199B52}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F5EA7A24-AAD6-4375-B242-7E4C843FE04B}C:\\age of empire 2\\empires2.exe"= UDP:C:\age of empire 2\empires2.exe:Age of Empires II
"UDP Query User{89B8DBA4-B025-402C-909A-662BBB12E576}C:\\age of empire 2\\empires2.exe"= TCP:C:\age of empire 2\empires2.exe:Age of Empires II
"{BDFE8587-FE89-4692-ADC9-F2C91F4EDA19}"= UDP:990:LocalSubnet:LocalSubnet|IF={0B12428F-5277-45D5-A7C8-B12DAC2E9AD4}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{7544316F-CE47-44BE-953E-CD81EF1982C8}"= UDP:990:LocalSubnet:LocalSubnet|IF={0B12428F-5277-45D5-A7C8-B12DAC2E9AD4}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 19:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 19:34]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 01:33]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72ef1970-2afa-11dd-8ce8-001e68515335}]
\shell\AutoRun\command - G:\EE3AutoRun.exe
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'
2008-08-14 C:\Windows\Tasks\User_Feed_Synchronization-{967D5AAF-EC62-4811-83AB-F7219A28DE38}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-15 09:35:56
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-08-15 9:37:51
ComboFix-quarantined-files.txt 2008-08-15 07:37:37
ComboFix2.txt 2008-08-14 11:41:25
Pre-Run: 152,581,443,584 byte disponibili
Post-Run: 152,544,825,344 byte disponibili
301 --- E O F --- 2008-08-14 10:53:11