ciao...ti allego il report di combo per sicurezza......
ComboFix 08-09-05.02 - marcomichi 2008-09-07 10.53.35.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1666 [GMT 2:00]
Eseguito da: C:\Users\marcomichi\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
((((((((((((((((((((((((( Files Creati Da 2008-08-07 al 2008-09-07 )))))))))))))))))))))))))))))))))))
.
2008-09-05 18:43 . 2008-09-05 18:43 <DIR> d-------- C:\Users\All Users\InfoMnt
2008-09-05 18:43 . 2008-09-05 18:43 <DIR> d-------- C:\ProgramData\InfoMnt
2008-09-05 17:24 . 2008-09-05 17:24 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-09-05 17:24 . 2008-09-05 17:24 385 --a------ C:\Windows\System32\user_gensett.xml
2008-09-05 16:51 . 2008-09-05 16:51 <DIR> d-------- C:\Program Files\BitDefender
2008-09-05 16:50 . 2008-09-05 18:39 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Malwarebytes
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 13:39 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-05 13:39 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-05 12:04 . 2008-09-05 12:04 <DIR> d-------- C:\Users\marcomichi\DoctorWeb
2008-09-05 07:19 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-05 07:19 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-05 07:19 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-05 07:19 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-05 07:19 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-05 07:19 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-05 07:18 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-05 07:18 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-05 07:18 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-04 18:56 . 2008-09-04 18:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-04 18:56 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-04 12:32 . 2008-09-04 12:32 <DIR> d-------- C:\Users\All Users\AplSh
2008-09-04 12:32 . 2008-09-04 12:32 <DIR> d-------- C:\ProgramData\AplSh
2008-09-04 10:55 . 2008-09-04 10:55 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-04 10:54 . 2008-09-04 10:54 <DIR> d-------- C:\Program Files\iPod
2008-09-04 10:52 . 2008-09-04 10:52 <DIR> d-------- C:\Program Files\Bonjour
2008-09-04 09:58 . 2008-09-04 09:58 <DIR> d-------- C:\Users\All Users\SysChk
2008-09-04 09:58 . 2008-09-04 09:58 <DIR> d-------- C:\ProgramData\SysChk
2008-09-03 15:30 . 2008-09-03 15:32 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-03 15:30 . 2008-09-03 15:32 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-03 14:00 . 2008-09-03 14:00 <DIR> d-------- C:\Program Files\CleanUp!
2008-09-03 09:28 . 2008-09-03 09:28 <DIR> d-------- C:\Users\All Users\MsgWin
2008-09-03 09:28 . 2008-09-03 09:28 <DIR> d-------- C:\ProgramData\MsgWin
2008-09-02 15:37 . 2008-09-02 15:37 <DIR> d-------- C:\Users\All Users\webgen
2008-09-02 15:37 . 2008-09-02 15:37 <DIR> d-------- C:\ProgramData\webgen
2008-09-02 12:00 . 2008-09-05 13:19 1,524 --a------ C:\Windows\wininit.ini
2008-09-02 11:19 . 2008-09-02 15:38 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-02 11:19 . 2008-09-02 15:38 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-02 11:19 . 2008-09-02 15:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-02 10:33 . 2008-09-02 10:33 <DIR> d-------- C:\Users\All Users\hlpstr
2008-09-02 10:33 . 2008-09-02 10:33 <DIR> d-------- C:\ProgramData\hlpstr
2008-09-02 07:18 . 2008-09-02 07:18 <DIR> d-------- C:\Users\All Users\InfoEn
2008-09-02 07:18 . 2008-09-02 07:18 <DIR> d-------- C:\ProgramData\InfoEn
2008-09-01 10:12 . 2008-09-01 10:12 <DIR> d-------- C:\Users\All Users\ActSmart
2008-09-01 10:12 . 2008-09-01 10:12 <DIR> d-------- C:\ProgramData\ActSmart
2008-09-01 07:18 . 2008-09-01 07:18 <DIR> d-------- C:\Users\All Users\SrvApi
2008-09-01 07:18 . 2008-09-01 07:18 <DIR> d-------- C:\ProgramData\SrvApi
2008-08-29 10:56 . 2008-08-29 10:56 <DIR> d-------- C:\Users\All Users\srvappgen
2008-08-29 10:56 . 2008-08-29 10:56 <DIR> d-------- C:\ProgramData\srvappgen
2008-08-28 12:45 . 2008-08-28 14:01 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-08-28 10:26 . 2008-08-28 10:26 <DIR> d-------- C:\Windows\System32\Rinera
2008-08-28 09:09 . 2008-08-28 09:09 <DIR> d-------- C:\Users\All Users\CfgEnMsg
2008-08-28 09:09 . 2008-08-28 09:09 <DIR> d-------- C:\ProgramData\CfgEnMsg
2008-08-28 07:44 . 2008-09-04 09:58 <DIR> d-------- C:\Users\All Users\InfoSrvCom
2008-08-28 07:44 . 2008-08-28 07:44 <DIR> d-------- C:\Users\All Users\endb
2008-08-28 07:44 . 2008-09-04 09:58 <DIR> d-------- C:\ProgramData\InfoSrvCom
2008-08-28 07:44 . 2008-08-28 07:44 <DIR> d-------- C:\ProgramData\endb
2008-08-28 07:43 . 2008-08-28 07:43 <DIR> d-------- C:\Users\All Users\enprocsmart
2008-08-28 07:43 . 2008-08-28 07:43 <DIR> d-------- C:\ProgramData\enprocsmart
2008-08-27 07:49 . 2008-08-27 07:49 0 --a------ C:\Users\marcomichi\AppData\Roaming\wklnhst.dat
2008-08-26 13:54 . 2008-08-26 13:54 <DIR> d-------- C:\Users\All Users\TERMINAL Studio
2008-08-26 13:54 . 2008-08-26 13:54 <DIR> d-------- C:\ProgramData\TERMINAL Studio
2008-08-25 15:35 . 2008-08-25 15:35 <DIR> d-------- C:\Users\All Users\MumboJumbo
2008-08-25 15:35 . 2008-08-25 15:35 <DIR> d-------- C:\ProgramData\MumboJumbo
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\Users\All Users\EarMaster
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\ProgramData\EarMaster
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\Program Files\EarMaster School 5
2008-08-20 11:48 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-19 23:39 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-19 23:39 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-19 23:39 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-19 23:39 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-19 23:39 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-15 14:52 . 2008-08-15 14:52 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Nikon
2008-08-15 14:52 . 2004-09-27 20:49 2,813,952 --a------ C:\Windows\System32\NkNEFPlugin.dll
2008-08-15 14:52 . 2004-06-21 14:08 495,616 -ra------ C:\Windows\System32\DRAGNKL1.dll
2008-08-15 14:52 . 2004-08-03 21:47 180,224 -ra------ C:\Windows\System32\picn1120.dll
2008-08-15 14:52 . 2004-07-20 09:45 176,128 -ra------ C:\Windows\System32\Strato4.dll
2008-08-15 14:52 . 2004-08-03 21:47 155,648 -ra------ C:\Windows\System32\picn1020.dll
2008-08-15 14:52 . 2004-07-12 09:59 110,592 -ra------ C:\Windows\System32\RCSigProc.dll
2008-08-15 14:52 . 2004-06-21 14:27 54,784 -ra------ C:\Windows\System32\RedEye.dll
2008-08-15 14:52 . 2004-08-03 21:47 48,128 -ra------ C:\Windows\System32\picn20.dll
2008-08-15 14:51 . 2008-08-15 14:51 <DIR> d-------- C:\Users\All Users\QuickTime
2008-08-15 14:51 . 2008-08-15 14:51 <DIR> d-------- C:\ProgramData\QuickTime
2008-08-15 14:51 . 2008-08-15 14:52 <DIR> d-------- C:\Program Files\Nikon
2008-08-15 14:50 . 2008-08-15 14:50 <DIR> d-------- C:\Program Files\ArcSoft
2008-08-15 14:50 . 1995-08-01 04:44 212,480 --------- C:\Windows\PCDLIB32.DLL
2008-08-15 14:49 . 2008-08-15 14:52 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-08-09 14:29 . 2008-08-09 14:29 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\PACE Anti-Piracy
2008-08-09 14:29 . 2008-08-09 14:29 <DIR> d-------- C:\Users\All Users\PACE Anti-Piracy
2008-08-09 14:29 . 2008-08-09 14:29 <DIR> d-------- C:\ProgramData\PACE Anti-Piracy
2008-08-08 19:30 . 2008-08-08 19:33 <DIR> d-------- C:\Program Files\Waves
2008-08-08 19:13 . 2008-08-08 19:23 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-08-07 18:27 . 2008-09-01 13:56 <DIR> d-------- C:\Program Files\Zuma Deluxe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 15:20 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-04 08:54 --------- d-----w C:\Program Files\iTunes
2008-09-04 08:53 --------- d-----w C:\ProgramData\Apple Computer
2008-09-04 06:06 --------- d-----w C:\Users\marcomichi\AppData\Roaming\skypePM
2008-09-04 05:51 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Skype
2008-08-31 08:00 --------- d-----w C:\Program Files\McAfee
2008-08-28 09:24 --------- d---a-w C:\ProgramData\TEMP
2008-08-28 09:22 --------- d-----w C:\Program Files\Acer GameZone
2008-08-20 16:56 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Audacity
2008-08-20 11:25 --------- d-----w C:\Program Files\Windows Mail
2008-08-15 15:46 --------- d-----w C:\Users\marcomichi\AppData\Roaming\SiteAdvisor
2008-08-15 12:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 21:55 --------- d-----w C:\Users\marcomichi\AppData\Roaming\LimeWire
2008-08-06 20:19 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Acoustica
2008-08-06 20:19 --------- d-----w C:\Program Files\Acoustica Mixcraft 4
2008-08-06 19:27 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-08-06 19:19 --------- d-----w C:\ProgramData\Acoustica
2008-08-06 17:05 --------- d-----w C:\Program Files\Sony
2008-08-06 14:31 --------- d-----w C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-08-06 09:50 --------- d-----w C:\Program Files\Steinberg
2008-08-06 09:31 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-08-05 17:59 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Sonic Foundry
2008-08-05 17:50 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Sony
2008-08-05 17:50 --------- d-----w C:\ProgramData\Sony
2008-08-05 17:49 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Publish Providers
2008-08-05 17:49 --------- d-----w C:\Users\marcomichi\AppData\Roaming\NetMedia Providers
2008-08-05 16:43 --------- d-----w C:\Program Files\Sonic Foundry
2008-08-04 21:37 --------- d-----w C:\Program Files\Sony Setup
2008-08-04 21:12 --------- d-----w C:\ProgramData\Ref city new
2008-08-04 08:58 --------- d-----w C:\Program Files\directx
2008-08-03 16:07 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Steinberg
2008-08-03 16:01 --------- d-----w C:\Program Files\Syncrosoft
2008-08-01 06:10 --------- d-----w C:\Program Files\Real
2008-08-01 06:10 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-01 06:10 --------- d-----w C:\Program Files\Common Files\Real
2008-07-31 10:01 --------- d-----w C:\ProgramData\Arcade Lab
2008-07-31 09:52 --------- d-----w C:\ProgramData\Sandlot Games
2008-07-31 08:52 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Big Fish Games
2008-07-31 08:13 --------- d-----w C:\ProgramData\JollyBear
2008-07-30 14:59 --------- d-----w C:\Users\marcomichi\AppData\Roaming\PlayFirst
2008-07-30 14:59 --------- d-----w C:\ProgramData\PlayFirst
2008-07-30 14:11 --------- d-----w C:\ProgramData\Oberon Games
2008-07-30 14:05 --------- d-----w C:\ProgramData\SpinTop Games
2008-07-30 12:05 --------- d-----w C:\Users\marcomichi\AppData\Roaming\iWin
2008-07-30 11:57 --------- d-----w C:\ProgramData\InterAction studios
2008-07-30 08:57 --------- d-----w C:\Users\marcomichi\AppData\Roaming\FloodLightGames
2008-07-30 08:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-29 15:50 --------- d-----w C:\ProgramData\Bags loud rect corn
2008-07-28 10:27 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-07-25 09:22 --------- d-----w C:\Program Files\Sun
2008-07-25 09:22 --------- d-----w C:\Program Files\Java
2008-07-21 13:38 --------- d-----w C:\Program Files\Common Files\Java
2008-07-21 05:39 --------- d-----w C:\ProgramData\eSobi
2008-07-19 10:26 --------- d-----w C:\Program Files\Ubisoft
2008-07-19 09:55 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-07-19 09:55 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-19 09:52 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-07-18 18:38 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-14 17:31 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Image Zone Express
2008-07-13 09:45 --------- d-----w C:\Program Files\Cakewalk
2008-07-13 09:18 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Cakewalk
2008-07-13 09:16 118,784 ----a-w C:\Windows\dsdxirmv.exe
2008-07-13 09:15 --------- d-----w C:\Users\marcomichi\AppData\Roaming\DivX
2008-07-12 14:55 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-12 13:42 --------- d-----w C:\Users\marcomichi\AppData\Roaming\DAEMON Tools
2008-06-27 10:06 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-06-27 10:06 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-06-11 00:07 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot_2008-09-05_20.55.19.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-07 08:39:58 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-07 08:39:58 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-05 18:50:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-07 08:41:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-09-05 18:50:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-07 08:41:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-07 08:41:14 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-05 18:50:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-07 08:47:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-05 18:50:36 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-07 08:47:23 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-05 18:50:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-07 08:47:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-05 13:07:45 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-07 08:52:58 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-09-05 16:47:33 112,762 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-07 08:44:50 112,762 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-05 16:47:34 132,852 ----a-w C:\Windows\System32\perfc010.dat
+ 2008-09-07 08:44:50 132,852 ----a-w C:\Windows\System32\perfc010.dat
- 2008-09-05 16:47:34 613,578 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-07 08:44:50 613,578 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-05 16:47:34 690,662 ----a-w C:\Windows\System32\perfh010.dat
+ 2008-09-07 08:44:50 690,662 ----a-w C:\Windows\System32\perfh010.dat
- 2008-09-05 16:43:52 7,628 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2066312072-2244485012-556477551-1000_UserData.bin
+ 2008-09-07 08:41:57 7,850 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2066312072-2244485012-556477551-1000_UserData.bin
- 2008-09-05 16:43:50 77,808 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 08:41:55 78,286 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-04 06:09:23 4,214 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-09-06 06:57:23 4,214 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-05 18:51:41 65,556 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 08:41:44 65,906 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-03 11:27:31 267,676 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-09-06 06:56:40 272,610 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-09-07 08:42:24 61,187,709 ----a-w C:\Windows\Temp\a2cache_2EC5E7CC.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-27 01:26 39472 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FiveThat"="C:\ProgramData\messmpegmpeg.ivbyf" [X]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-27 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"InfoSrvCom"="C:\ProgramData\InfoSrvCom\tefkhwhi.exe" [BU]
"InfoMnt"="C:\ProgramData\InfoMnt\uzqpcbyz.exe" [2008-09-05 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-02-14 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-02-14 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-27 523312]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"AliceRV_McciTrayApp"="C:\Program Files\Alice ti aiuta\McciTrayApp.exe" [2007-01-23 1001472]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 C:\Windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-08-15 118784]
StupAssist.lnk - C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe [2008-08-15 31744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rect corn size style]
C:\ProgramData\bleh rect seek.oy63o [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
--a------ 2008-02-25 18:57 34040 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-17 14:20 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2005-05-11 02:46 200069 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-01 08:10 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{35231020-9A84-4A5B-A38F-A08085E74F0A}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8ECF1DFD-54F0-47C8-A63D-2BAF3DBF2C04}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{91AA76E2-621F-4FAD-B445-875BB571F627}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{A0045052-62F3-4D2F-A4A1-C91893026072}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{5693E81E-B138-4A7A-8000-AC9E7A5A73DC}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{4468DF18-54C1-4F98-A685-A1F57BD1D1B6}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{D4AC761A-5E28-4C06-BD84-A06D0E6F585C}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{4CBFA36D-4833-473A-B932-04073C5DF553}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{0E76ADA1-7092-43D0-8B04-758576C5AB4B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{87B44FEB-AB15-4BF9-93FD-75FF9B1C9C06}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{34BC6C0B-8563-482F-9A3D-20AF105FDD44}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B9121E19-FEC6-47EF-8AB3-4EBBC45299F0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FED3614C-EFF0-482E-97A9-C29FADDFEAA9}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{AB8ED860-E1B5-420C-8941-E2178F89636A}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{9C041D29-2098-47EF-A01C-608D26B80808}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{0CB7B0FE-0640-4152-AF87-839A3CE6C933}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{F06DED21-C4BF-4C3A-88EF-D7E77A128A76}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{D0BB0099-9E12-48F7-B30D-678AEB325EF4}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{AABCD62C-EEC9-4114-8C90-40A1829DA5C2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E413CB1-3963-422F-863B-9FD090D12068}"= C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{2BE86962-1FC0-4359-8684-8AD725CB75E2}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{7CECEE54-0CA1-4349-9C1D-A8EB12175E49}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{807649C2-F48D-4109-9E8E-6B2869E3B109}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{31D18DF4-9882-4611-A562-FC805521B284}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F186FE74-903A-4677-9039-B42E33093A39}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{593298C8-BF53-46AD-9693-EE2950344602}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{99D7AF1E-1895-479A-9E75-6B4C54460742}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-02-14 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S4 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.it/R0 -: HKLM-Main,Start Page =
hxxp://it.intl.acer.yahoo.comR1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: {4819DFDF-ABC4-488C-A323-919848C51175} - C:\Windows\Downloaded Program Files\rineraproxy.inf
-
hxxp://portal3.rinera.com/download/RineraProxy-1.4.cab.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-07 11:02:55
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
Ora fine scansione: 2008-09-07 11:08:23
ComboFix-quarantined-files.txt 2008-09-07 09:08:07
ComboFix2.txt 2008-09-05 18:58:31
ComboFix3.txt 2008-09-05 13:28:47
Pre-Run: 64,947,294,208 byte disponibili
Post-Run: 64,072,384,512 byte disponibili
376 --- E O F --- 2008-09-06 06:49:59