Registrazione
Moderatori: m.paolo, antoo69, -> EleKtrA <-
di carbo » 27/03/10 06:09
di gahan » 27/03/10 09:43
di carbo » 27/03/10 09:46
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.45.25, on 27/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Intelligent\Common\RaUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\System32\drivers\cmstp.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\Users\Administrator\LOCALS~1\APPLIC~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Users\ADMINI~1\AppData\Local\Temp\mstsc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37200731-1D04-445A-BCF2-7B5287EFA349}: NameServer = 192.168.0.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MySQL - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 7745 bytesdi antoo69 » 27/03/10 10:23
di carbo » 27/03/10 11:20
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.20.15, on 27/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Intelligent\Common\RaUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\System32\drivers\cmstp.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37200731-1D04-445A-BCF2-7B5287EFA349}: NameServer = 192.168.0.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MySQL - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 6978 bytesdi gahan » 27/03/10 11:29
di -> EleKtrA <- » 27/03/10 11:50
F3 - REG:win.ini: load=C:\Windows\System32\drivers\cmstp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
di carbo » 27/03/10 14:24
mi sa che devo formattare.di -> EleKtrA <- » 27/03/10 14:59
di carbo » 27/03/10 19:40
ComboFix 10-03-26.02 - Administrator 27/03/2010 19.02.07.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.39.1040.18.3573.2036 [GMT 1:00]
Eseguito da: c:\users\Administrator\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\recycler\S-1-5-21-1214440339-299502267-725345543-1003
c:\users\Administrator\AppData\Roaming\Desktopicon
c:\users\Administrator\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Administrator\AppData\Roaming\Desktopicon\uninst.exe
c:\users\Administrator\AppData\Roaming\inst.exe
c:\users\Administrator\AppData\Roaming\Microsoft\cisvc.exe
c:\users\Administrator\AppData\Roaming\Microsoft\cmstp.exe
c:\users\Administrator\AppData\Roaming\mqtgsvc.exe
c:\users\Administrator\AppData\Roaming\rsvp.exe
c:\windows\chkdsk.exe
c:\windows\ieudinit.exe
c:\windows\sessmgr.exe
c:\windows\system\clipsrv.exe
c:\windows\system\dllhst3g.exe
c:\windows\system\sessmgr.exe
c:\windows\system32\systeminfo.dll
.
((((((((((((((((((((((((( Files Creati Da 2010-02-27 al 2010-03-27 )))))))))))))))))))))))))))))))))))
.
2010-03-27 18:11 . 2010-03-27 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-27 04:49 . 2010-03-27 04:49 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-03-27 04:49 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-27 04:49 . 2010-03-27 04:49 -------- d-----w- c:\programdata\Malwarebytes
2010-03-27 04:49 . 2010-03-27 07:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-27 04:49 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 04:43 . 2010-03-27 04:43 -------- d-----w- c:\program files\Trend Micro
2010-03-20 19:39 . 2010-03-20 19:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\SynthMaker
2010-03-20 01:51 . 2009-04-11 06:28 247296 ----a-w- c:\windows\shsvcs.dll
2010-03-20 01:51 . 2009-04-11 06:28 11584000 ----a-w- c:\windows\shell32.dll
2010-03-20 01:51 . 2009-04-11 06:28 31744 ----a-w- c:\windows\perfdisk.dll
2010-03-20 01:51 . 2009-04-11 06:27 43520 ----a-w- c:\windows\rekeywiz.exe
2010-03-20 01:51 . 2009-04-11 06:27 26624 ----a-w- c:\windows\ipconfig.exe
2010-03-20 01:51 . 2009-04-11 06:27 119808 ----a-w- c:\windows\diskpart.exe
2010-03-20 01:51 . 2006-11-02 09:45 15360 ----a-w- c:\windows\doskey.exe
2010-03-15 18:28 . 2010-03-25 17:20 -------- d-----w- c:\program files\Metin2_Italiano
2010-03-12 23:23 . 2010-03-12 23:23 -------- d-----w- c:\program files\PremiumSoft
2010-03-10 22:08 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 22:08 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 22:08 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 00:02 . 2010-03-10 00:02 -------- d-----w- c:\program files\Common Files\Java
2010-03-10 00:01 . 2010-03-10 00:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-10 00:01 . 2010-03-10 00:01 -------- d-----w- c:\program files\Java
2010-03-07 12:51 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-01 15:56 . 2010-03-01 15:56 -------- d-----w- c:\programdata\Plugins
2010-03-01 15:47 . 2010-03-20 01:56 -------- d-----w- c:\programdata\BlazeVideo
2010-03-01 15:20 . 2006-03-02 16:24 133504 ----a-w- c:\windows\system32\drivers\AF05BDA.sys
2010-03-01 15:20 . 2005-12-21 13:36 24576 ----a-w- c:\windows\system32\AF05BDAEX.dll
2010-03-01 15:20 . 2010-03-01 15:47 -------- d-----w- c:\program files\BlazeVideo
2010-02-28 14:32 . 2010-02-28 14:32 -------- d-----w- c:\users\Administrator\AppData\Roaming\mIRC
2010-02-28 11:45 . 2010-02-28 11:45 -------- d-----w- c:\programdata\vsosdk
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 13:13 . 2009-12-04 04:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-27 12:13 . 2009-12-05 05:22 164880 ---ha-w- c:\users\Administrator\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-03-21 17:00 . 2010-01-03 18:08 -------- d-----w- c:\program files\VstPlugins
2010-03-21 15:57 . 2010-01-03 18:04 -------- d-----w- c:\program files\Image-Line
2010-03-20 01:44 . 2006-11-06 01:51 664284 ----a-w- c:\windows\system32\perfh010.dat
2010-03-20 01:44 . 2006-11-06 01:51 120836 ----a-w- c:\windows\system32\perfc010.dat
2010-03-19 02:30 . 2010-02-01 02:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\XnView
2010-03-17 18:40 . 2009-12-03 20:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 02:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-07 17:04 . 2010-01-25 13:25 -------- d-----w- c:\program files\HeidiSQL
2010-03-07 16:07 . 2009-12-03 20:28 54624 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-01 09:34 . 2009-12-27 17:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Vso
2010-02-24 09:16 . 2009-12-04 00:30 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 07:15 . 2010-02-22 07:15 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-21 04:27 . 2010-02-21 04:27 407304 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-20 06:07 . 2010-02-20 06:07 -------- d-----w- c:\program files\HyperCam Toolbar
2010-02-20 06:07 . 2010-02-20 06:06 -------- d-----w- c:\program files\HyCam2
2010-02-17 02:46 . 2010-01-28 05:48 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2010-02-17 02:45 . 2010-01-28 05:54 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2010-02-14 18:28 . 2009-12-11 18:32 -------- d-----w- c:\program files\Nokia
2010-02-14 18:26 . 2009-12-11 18:46 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-14 18:24 . 2010-02-14 18:24 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-14 18:21 . 2010-02-14 18:21 77824 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-02-14 18:21 . 2010-02-14 18:21 50000 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2010-02-14 18:21 . 2009-12-11 18:32 -------- d-----w- c:\programdata\OviInstallerCache
2010-02-12 07:13 . 2010-01-11 18:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\Nero
2010-02-07 06:40 . 2010-02-07 06:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-07 06:40 . 2010-02-07 06:36 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-02-07 06:40 . 2010-02-07 06:40 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-02-07 06:40 . 2010-02-07 06:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-07 06:40 . 2010-02-07 06:36 -------- d-----w- c:\programdata\Microsoft Help
2010-02-07 06:39 . 2010-02-07 06:39 187808 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2010-02-07 06:39 . 2010-02-07 06:39 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-02-07 06:36 . 2010-02-07 06:36 -------- d-----w- c:\program files\Microsoft.NET
2010-02-07 06:35 . 2010-02-07 06:35 -------- d-----w- c:\program files\Microsoft SDKs
2010-02-04 15:53 . 2010-02-22 07:15 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2010-02-22 07:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-01 02:02 . 2010-02-01 02:02 -------- d-----w- c:\program files\XnView
2010-01-28 05:54 . 2010-01-28 05:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-28 05:48 . 2010-01-28 05:48 -------- d-----r- c:\program files\Skype
2010-01-28 05:48 . 2010-01-28 05:48 -------- d-----w- c:\program files\Common Files\Skype
2010-01-28 05:48 . 2010-01-28 05:48 -------- d-----w- c:\programdata\Skype
2010-01-27 13:07 . 2009-12-04 00:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\Yahoo!
2010-01-25 12:00 . 2010-02-24 07:42 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 07:42 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 07:42 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 07:42 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 07:42 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 07:42 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 07:42 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 07:42 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 07:42 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 07:42 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39 . 2010-02-24 07:42 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 07:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 07:42 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 07:42 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 07:42 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 07:42 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 07:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-03 18:08 . 2010-01-03 18:08 264106 ----a-w- c:\users\Administrator\AppData\Roaming\OpenCandy\DlMgrWrapper.exe
2010-01-02 06:38 . 2010-01-22 01:50 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 01:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 01:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 01:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-05-21 09:09 . 2008-05-21 08:36 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-05-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-05-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intelligent Wireless Utility.lnk - c:\program files\Intelligent\Common\RaUI.exe [2009-12-3 626688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7f,e0,8c,01,5d,75,ca,01
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-22 1229232]
R3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [2006-03-02 133504]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-04-06 2743325]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 aswSP;avast! Self Protection; [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-08-05 24640]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 07:16]
2010-03-07 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-03-07 10:32]
2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{E19738FD-E907-4B51-A150-FBE206E5EFDE}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: {37200731-1D04-445A-BCF2-7B5287EFA349} = 192.168.0.3
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-TrustInstaller - E:\Setup.EXE
AddRemove-eBay Icon - c:\users\Administrator\AppData\Roaming\Desktopicon\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 19:11
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,ed,9e,89,85,8d,62,4e,90,32,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,ed,9e,89,85,8d,62,4e,90,32,72,\
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WMPlayer.exe"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BUP\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\xnview.exe"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mp3_auto_file"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.resx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.script\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.settings\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\xnview.exe"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vhd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Virtual PC.exe"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vmc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WMPlayer.exe"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-03-27 19:17:56
ComboFix-quarantined-files.txt 2010-03-27 18:17
Pre-Run: 22.244.622.336 byte disponibili
Post-Run: 22.187.425.792 byte disponibili
- - End Of File - - 4F1A11FE20D4EA7EDB744C6444547B71di -> EleKtrA <- » 27/03/10 22:14
di carbo » 29/03/10 07:09
di gahan » 29/03/10 08:40
carbo ha scritto:Scusa,ma ho il pc che si blocca a volte,e la scansione devo sempre rifarla,appena finisce avviso.
File::
c:\windows\system32\GameMon.des
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\npggsvc]
Driver::
npggsvcTorna a Sistemi Operativi Windows
Visitano il forum: Nessuno e 93 ospiti