ComboFix 09-09-09.04 - Fabio 10/09/2009 0.12.42.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.39.1040.18.1790.917 [GMT 2:00]
Eseguito da: d:\documenti\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090909-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 090909-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1469764311-564015898-746275495-1001
c:\$recycle.bin\S-1-5-21-1469764311-564015898-746275495-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk
c:\windows\Installer\31513.msi
.
((((((((((((((((((((((((( Files Creati Da 2009-08-09 al 2009-09-09 )))))))))))))))))))))))))))))))))))
.
2009-09-09 22:34 . 2009-09-09 22:35 -------- d-----w- c:\users\Fabio\AppData\Local\temp
2009-09-09 22:34 . 2009-09-09 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-08 21:41 . 2009-09-08 21:41 -------- d-----w- c:\program files\Defraggler
2009-09-08 21:33 . 2009-09-08 21:33 -------- d-----w- c:\program files\VS Revo Group
2009-09-08 21:24 . 2009-09-08 21:24 -------- d-----w- c:\program files\CCleaner
2009-09-08 19:38 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-08 19:38 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-08 19:38 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-08 19:38 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-08 19:38 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-08 19:38 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-08 19:38 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-08 19:38 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-08 19:38 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-08 19:38 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-08 19:12 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-08 19:12 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-08 19:12 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-08 19:12 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-08 19:01 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-07 22:53 . 2009-09-07 22:53 -------- d-----w- c:\users\Fabio\AppData\Roaming\Malwarebytes
2009-09-07 22:53 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 22:53 . 2009-09-07 22:53 -------- d-----w- c:\programdata\Malwarebytes
2009-09-07 22:52 . 2009-09-07 22:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 22:52 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 21:13 . 2009-09-07 22:40 -------- d-----w- c:\users\Fabio\AppData\Roaming\Systweak
2009-09-06 21:13 . 2009-09-07 22:40 -------- d-----w- c:\programdata\Systweak
2009-09-06 21:13 . 2009-09-06 21:13 -------- d-----w- c:\program files\Systweak
2009-09-06 14:30 . 2009-09-07 22:39 -------- d-----w- c:\program files\Panda Security
2009-09-06 10:14 . 2009-09-08 21:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-06 10:14 . 2009-09-06 10:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-03 09:55 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 09:55 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 09:55 . 2009-08-27 09:58 -------- d-----w- c:\users\Fabio\AppData\Roaming\Template
2009-08-26 22:04 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-21 11:44 . 2009-08-21 11:44 -------- d-----w- c:\users\Fabio\AppData\Roaming\PC Suite
2009-08-21 11:44 . 2009-08-21 11:44 -------- d-----w- c:\users\Fabio\AppData\Roaming\Samsung
2009-08-20 20:55 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-20 20:55 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-20 20:55 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-20 20:55 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-20 20:55 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-20 20:55 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-20 20:55 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-20 20:55 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-18 14:50 . 2009-08-27 09:59 -------- d-----w- c:\users\Fabio\AppData\Roaming\teamspeak2
2009-08-18 14:49 . 2009-08-18 14:49 -------- d-----w- c:\users\Fabio\AppData\Roaming\Remobo
2009-08-18 14:45 . 2009-08-18 14:45 -------- d-----w- c:\program files\Remobo
2009-08-18 14:44 . 2009-08-18 14:45 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-08-12 09:56 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 09:55 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 09:55 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 09:55 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 09:55 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 09:55 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 09:55 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 09:55 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 11:45 . 2009-08-11 11:45 -------- d-----w- c:\program files\MarkAny
2009-08-11 11:31 . 2009-08-11 11:31 -------- d-----w- c:\programdata\PC Suite
2009-08-11 11:31 . 2007-05-02 14:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-08-11 11:30 . 2009-08-11 11:30 -------- d-----w- c:\program files\DIFX
2009-08-11 11:30 . 2007-09-17 13:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-08-11 11:30 . 2009-08-11 11:30 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-11 11:29 . 2009-03-20 08:01 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2009-08-11 11:29 . 2009-03-20 08:01 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2009-08-11 11:29 . 2009-03-20 08:01 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2009-08-11 11:29 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2009-08-11 11:29 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2009-08-11 11:29 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2009-08-11 11:29 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2009-08-11 11:27 . 2009-08-11 11:30 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-08-11 11:27 . 2009-03-31 07:39 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-08-11 11:27 . 2009-03-31 07:39 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-08-11 11:27 . 2009-03-31 07:39 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-08-11 11:26 . 2009-08-11 11:45 -------- d-----w- c:\program files\PC Connectivity Solution
2009-08-11 11:25 . 2009-08-11 11:44 -------- d-----w- c:\program files\Samsung
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 22:09 . 2008-03-04 20:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-09 22:09 . 2008-03-04 20:22 -------- d-----w- c:\programdata\Symantec
2009-09-09 20:57 . 2009-05-03 13:07 56367 ----a-w- c:\programdata\nvModes.dat
2009-09-09 20:37 . 2008-07-30 14:45 -------- d-----w- c:\users\Fabio\AppData\Roaming\OpenOffice.org2
2009-09-09 20:36 . 2008-07-15 11:45 88176 ----a-w- c:\users\Fabio\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-09 13:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-07 09:42 . 2008-11-30 18:22 6944 ----a-w- c:\users\Fabio\AppData\Local\d3d9caps.dat
2009-09-07 05:35 . 2008-07-15 14:29 -------- d-----w- c:\program files\QuickTime
2009-09-06 09:30 . 2009-04-09 19:53 -------- d-----w- c:\users\Fabio\AppData\Roaming\uTorrent
2009-09-04 09:14 . 2006-11-06 01:45 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-09-04 09:14 . 2006-11-06 01:45 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-08-30 13:13 . 2008-07-30 14:36 -------- d-----w- c:\program files\Java
2009-08-27 09:56 . 2009-08-27 09:53 4 ----a-w- c:\users\Fabio\AppData\Roaming\wklnhst.dat
2009-08-18 14:28 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-08-11 11:55 . 2008-03-04 17:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 03:23 . 2009-05-05 19:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 13:51 . 2008-07-30 14:47 1 ----a-w- c:\users\Fabio\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-21 08:47 . 2009-07-21 08:47 -------- d-----w- c:\program files\Apple Software Update
2009-07-19 09:48 . 2009-07-19 09:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-18 16:06 . 2009-07-29 08:22 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 08:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 08:22 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-15 15:24 . 2009-07-15 06:41 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 06:41 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 06:41 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 06:41 289792 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Google Update"="c:\users\Fabio\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-28 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-04-26 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 768520]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
c:\users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-4 535336]
Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Common\RaUI.exe [2009-4-9 1097728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E002DEB8-BE8C-49C5-A522-0F1D3D9958C7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{403B6A65-8E0C-4E80-A20E-F374CC73A008}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6126868B-18AA-4926-AFB2-B61770FD9A71}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
"{F23712FA-3729-41A0-B61F-72C43042612C}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
"{D196E44F-6304-4BF1-AFF0-49ABF9E34D94}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{A62450A8-B439-435D-8E63-617E0148A67A}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{CA7B4316-71F4-4A0C-98B1-2EB176193E08}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia
"{4361FE81-8A17-4ABE-B5BF-7FBBE09D6EF1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E2FEF788-1F81-4E67-93E5-92E60CDFF788}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{92F5BA52-1896-46A1-AFBF-BE18A8752312}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B5FFB8F9-FD55-4D40-B658-0BB2B8B2B54C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5D03858C-D1B3-4192-BFAC-A767F046E5AE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{66148D43-B6EE-49A6-B635-785CD321D5D3}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{468A697B-F95D-41DD-8967-B52FBDF1947C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{57C3B340-E797-4F78-8FFD-73B591167709}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{24AB99AB-B5DF-44B5-86F8-7546B755F6B0}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{F39F84B4-A8C7-4FB2-AB37-81C1E76E0FC3}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{DC2B5107-A4C1-4D71-9187-1E57870A658F}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{85BE3B41-C6C3-4B6B-BEC8-52552A48273A}c:\\unrealtournament\\system\\unrealtournament.exe"= UDP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{BDA9B0CA-2E41-493E-97F3-0223837B6719}c:\\unrealtournament\\system\\unrealtournament.exe"= TCP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"TCP Query User{507875D2-ED3C-4EF5-B0EB-7810C8C72C23}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C3FF3178-FB50-4321-A3A0-5C4331D788C8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C23A80AD-5374-4A26-9CF2-449C8A1FAA77}c:\\unrealtournament\\system\\unrealtournament.exe"= UDP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{7F19EA85-70DC-47DB-A87A-55EA3508A3BB}c:\\unrealtournament\\system\\unrealtournament.exe"= TCP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"{1EEF5C80-E5B0-4F2E-A5A1-C0D6400E987D}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{169869EA-3AC7-46BA-BEDE-065F1C308A54}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{5FF3D81A-7B7F-4930-B2E0-2D5BE66D06C2}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{636BD1AA-414C-48BC-A39D-61D1CE4D9893}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"TCP Query User{1FA838C2-9D88-4FC9-933C-A4489E00531A}c:\\program files\\remobo\\plugins\\remobotorrent\\remobo_client.exe"= UDP:c:\program files\remobo\plugins\remobotorrent\remobo_client.exe:remobo_client
"UDP Query User{658BA6C2-8F57-4EC7-9E8B-4F3340367EEA}c:\\program files\\remobo\\plugins\\remobotorrent\\remobo_client.exe"= TCP:c:\program files\remobo\plugins\remobotorrent\remobo_client.exe:remobo_client
"TCP Query User{A31FD3B0-FA86-46E1-A5F2-84308F6D44D7}c:\\program files\\remobo\\plugins\\remobotorrent\\remobo_tracker.exe"= UDP:c:\program files\remobo\plugins\remobotorrent\remobo_tracker.exe:remobo_tracker
"UDP Query User{AF44EB4C-D079-466E-BFA3-2C6AB7B1A7A0}c:\\program files\\remobo\\plugins\\remobotorrent\\remobo_tracker.exe"= TCP:c:\program files\remobo\plugins\remobotorrent\remobo_tracker.exe:remobo_tracker
"TCP Query User{033C8BDD-1954-4D3F-AE32-C3D1AB41F0E8}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{3705B6DB-0BAE-44BB-8CB6-43AE9877F9B9}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"TCP Query User{66437465-F3CD-47CF-8033-36FC2907A091}c:\\program files\\remobo\\remobo.exe"= UDP:c:\program files\remobo\remobo.exe:Remobo
"UDP Query User{8814C37E-CC8E-4D14-91F8-E2AC5C939E78}c:\\program files\\remobo\\remobo.exe"= TCP:c:\program files\remobo\remobo.exe:Remobo
"TCP Query User{D759F576-763D-4BB1-A908-C99E8B06C969}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Helper Microsoft DirectPlay
"UDP Query User{FC3A4FBA-82DE-474D-A66E-E4B7EB6D1E2C}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Helper Microsoft DirectPlay
"TCP Query User{D6B6EA92-5DA4-4DF5-B314-2948855BB01D}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{90DBAB9D-AACE-4816-97F8-8E24FF0EF770}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"TCP Query User{B4CEA27A-2696-4682-8912-4E2392AF6A5F}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Helper Microsoft DirectPlay
"UDP Query User{F4E89E38-BA04-41DC-A8C1-79925F89D5CB}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Helper Microsoft DirectPlay
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/09/2008 20.04.33 78416]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [04/03/2008 22.31.33 51200]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/09/2008 20.04.33 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/09/2008 20.04.11 51280]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [11/08/2009 13.27.13 233472]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [05/03/2008 3.13.06 32256]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [11/08/2009 13.27.13 36608]
R3 hipeer20;Remobo Instant Private Network;c:\windows\System32\drivers\remobo32.sys [22/04/2009 16.21.52 26112]
S3 DVC;USB DVC Svc;c:\windows\System32\drivers\DVC.sys [29/10/2008 19.56.23 38604]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [09/04/2009 16.53.45 599040]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [11/08/2009 13.29.42 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [11/08/2009 13.29.42 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [11/08/2009 13.29.42 121856]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - FSUSBEXDISK
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SRTSPX
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contenuto della cartella 'Scheduled Tasks'
2009-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1469764311-564015898-746275495-1000Core.job
- c:\users\Fabio\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-28 11:04]
2009-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1469764311-564015898-746275495-1000UA.job
- c:\users\Fabio\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-28 11:04]
2009-09-08 c:\windows\Tasks\User_Feed_Synchronization-{FA4E6EEC-465D-4E65-9209-BEB887F124BB}.job
- c:\windows\system32\msfeedssync.exe [2008-09-29 07:33]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page =
hxxp://it.intl.acer.yahoo.comuInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.comIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NPSStartup - (no file)
HKLM-RunOnce-isDeleteMe - c:\users\Fabio\AppData\Local\Temp\isDel.bat
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-10 00:34
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-09-09 0.38.37
ComboFix-quarantined-files.txt 2009-09-09 22:38
Pre-Run: 17.827.696.640 byte disponibili
Post-Run: 17.903.181.824 byte disponibili
301 --- E O F --- 2009-09-09 13:07