ComboFix 08-12-07.01 - Ferruccio 2008-12-08 17:00:55.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1040.18.1268 [GMT 1:00]
Eseguito da: c:\users\Ferruccio\Desktop\abc.exe
Interruttori di comando utilizzati :: /killall
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\igfxres.dll
.
---- Previous Run -------
.
c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
c:\windows\svchost.exe
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\igfxres.dll
c:\windows\system32\x64
.
((((((((((((((((((((((((( Files Creati Da 2008-11-08 al 2008-12-08 )))))))))))))))))))))))))))))))))))
.
2008-12-08 17:05 . 2008-12-08 17:06 188,416 --a------ c:\windows\System32\igfxres.dll
2008-12-07 11:09 . 2008-12-07 11:09 <DIR> d-------- c:\users\Ferruccio\AppData\Roaming\Malwarebytes
2008-12-07 11:09 . 2008-12-07 11:09 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-07 11:09 . 2008-12-07 11:09 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-07 11:09 . 2008-12-07 11:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 11:09 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-07 11:09 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-07 11:00 . 2008-12-07 11:04 <DIR> d-------- c:\program files\FindyKill
2008-12-07 02:53 . 2008-12-07 02:53 512,096 --a------ c:\windows\System32\drivers\amon.sys
2008-12-07 02:53 . 2008-12-07 02:53 299,392 --a------ c:\windows\System32\imon.dll
2008-12-07 02:53 . 2008-12-07 02:53 15,424 --a------ c:\windows\System32\drivers\nod32drv.sys
2008-12-04 20:48 . 2008-12-04 20:49 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-04 20:48 . 2008-12-04 20:49 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-04 20:48 . 2008-12-04 20:49 <DIR> d-------- c:\program files\iTunes
2008-12-04 20:48 . 2008-12-04 20:48 <DIR> d-------- c:\program files\iPod
2008-12-04 20:44 . 2008-12-04 20:45 <DIR> d-------- c:\program files\QuickTime
2008-12-04 02:15 . 2008-12-04 11:35 <DIR> d-------- c:\program files\Invisible IP Map
2008-11-29 22:05 . 2008-11-29 22:05 <DIR> d-------- c:\program files\Illustrate
2008-11-29 22:05 . 2008-11-29 22:05 131,072 --a------ c:\windows\System32\SpoonUninstall.exe
2008-11-29 22:05 . 2008-11-29 22:05 36,604 --a------ c:\windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-11-29 22:05 . 2008-11-29 22:05 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-11-26 04:40 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 04:40 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 04:40 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 04:40 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 04:40 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 04:40 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 04:40 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-25 18:36 . 2008-11-25 18:36 <DIR> d-------- c:\program files\Pegasys Inc
2008-11-25 18:30 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll
2008-11-21 15:51 . 2008-11-21 15:51 <DIR> d-------- c:\program files\TeamViewer3
2008-11-21 15:47 . 2008-11-21 15:47 <DIR> d-------- c:\users\Ferruccio\temp
2008-11-21 15:47 . 2008-11-21 15:47 <DIR> d-------- c:\users\Ferruccio\AppData\Roaming\TeamViewer
2008-11-16 22:21 . 2008-11-16 22:21 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-16 22:12 . 2008-11-16 22:12 <DIR> d-------- C:\My Music
2008-11-15 18:12 . 2008-12-06 13:28 <DIR> d-------- C:\Downloads
2008-11-15 18:07 . 2008-12-06 22:43 <DIR> d-------- c:\users\Ferruccio\AppData\Roaming\Free Download Manager
2008-11-15 18:07 . 2008-11-15 18:07 <DIR> d-------- c:\users\All Users\FreeDownloadManager.ORG
2008-11-15 18:07 . 2008-11-15 18:07 <DIR> d-------- c:\programdata\FreeDownloadManager.ORG
2008-11-15 18:07 . 2008-11-15 18:07 <DIR> d-------- c:\program files\Free Download Manager
2008-11-15 10:16 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-15 10:16 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-15 10:16 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-15 10:16 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-15 10:15 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-15 10:15 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-15 10:15 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-15 10:15 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-15 10:15 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-14 03:06 . 2008-11-14 03:06 <DIR> d-------- c:\program files\Drive Rescue
2008-11-12 05:23 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-12 05:23 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 05:23 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-12 05:20 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-12 05:20 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 16:05 --------- d---a-w c:\programdata\TEMP
2008-12-07 01:57 --------- d-----w c:\program files\ESET
2008-12-06 21:38 --------- d-----w c:\users\Ferruccio\AppData\Roaming\Skype
2008-12-06 21:37 --------- d-----w c:\users\Ferruccio\AppData\Roaming\skypePM
2008-12-04 20:27 --------- d-----w c:\users\Ferruccio\AppData\Roaming\mIRC
2008-12-04 19:48 --------- d-----w c:\program files\Common Files\Apple
2008-12-03 08:55 --------- d-----w c:\program files\Java
2008-11-29 21:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 21:08 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-29 17:35 --------- d-----w c:\users\Ferruccio\AppData\Roaming\uTorrent
2008-11-19 08:55 --------- d-----w c:\programdata\Microsoft Help
2008-11-16 21:21 --------- d-----w c:\program files\Common Files\Real
2008-11-16 21:12 --------- d-----w c:\program files\Real
2008-11-13 00:30 --------- d-----w c:\program files\PokerStars.IT
2008-11-07 12:10 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-11-07 12:10 56 ---ha-w c:\programdata\ezsidmv.dat
2008-11-07 12:10 --------- d-----w c:\program files\Common Files\Skype
2008-10-30 12:04 --------- d-----w c:\users\Ferruccio\AppData\Roaming\Apple Computer
2008-10-29 17:16 --------- d-----w c:\program files\Apple Software Update
2008-10-29 17:12 --------- d-----w c:\program files\Bonjour
2008-10-28 09:18 --------- d-----w c:\program files\Winamp
2008-10-27 17:20 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-27 17:03 --------- d-----w c:\program files\VirtualDJ
2008-10-27 16:39 --------- d-----w c:\program files\AtomixMP3
2008-10-24 12:32 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-22 07:17 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 11:47 --------- d-----w c:\program files\Common Files\SWF Studio
2008-10-20 16:46 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-20 13:18 --------- d-----w c:\program files\PokerStars.NET
2008-10-18 16:21 --------- d-----w c:\program files\Garmin GPS Plugin
2008-10-18 11:29 --------- d-----w c:\program files\Easy CD-DA Extractor 12
2008-10-15 08:08 --------- d-----w c:\program files\Windows Mail
2008-10-13 15:01 --------- d-----w c:\users\Ferruccio\AppData\Roaming\GetRight
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-07-09 20:45 174 --sha-w c:\program files\desktop.ini
2007-12-12 15:05 32 ----a-w c:\users\All Users\ezsid.dat
2007-12-12 15:05 32 ----a-w c:\programdata\ezsid.dat
2007-12-02 18:36 111,258 ----a-w c:\users\All Users\firstlsp.reg.dat
2007-12-02 18:36 111,258 ----a-w c:\programdata\firstlsp.reg.dat
2007-12-02 20:17 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-02 20:17 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-02 20:17 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-08_15.53.36.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-08 14:48:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-08 16:05:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-08 16:05:51 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-08 14:48:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-08 16:05:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-08 16:05:51 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-08 14:36:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-08 15:59:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-08 14:36:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-08 15:59:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-08 14:36:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-08 15:59:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-08 14:38:29 13,000 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1927192671-3056111476-2040781451-1000_UserData.bin
+ 2008-12-08 16:00:46 13,662 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1927192671-3056111476-2040781451-1000_UserData.bin
- 2008-12-08 14:38:29 88,582 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-08 16:00:45 88,776 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-08 14:38:28 53,788 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-08 16:00:37 54,184 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [BU]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [BU]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"Google Update"="c:\users\Ferruccio\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-14 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"recinfo973"="c:\recinfo\RecInfo.exe" [2007-06-06 2768896]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-12-07 517768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-07 950664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"RevHDD"="c:\windows\SYSTEM\RevHDD.exe" [BU]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-03-27 3057152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-16 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-13 c:\windows\RtHDVCpl.exe]
"recinfo"="RecInfo.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-11-17 12:53 171464 c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
c:\program files\Pando Networks\Pando\Pando.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1927192671-3056111476-2040781451-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71355172-E366-47DC-847F-FA400EF81614}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{99068DA5-6557-45A5-84C2-38D7FA0EE608}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5B579BBC-C824-4283-8492-1992958F28FD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{074E6B64-BAC6-4FBF-AD4A-8A6273EC3ED9}c:\\program files\\adunanza\\emule_adnza.exe"= UDP:c:\program files\adunanza\emule_adnza.exe:eMule
"UDP Query User{1AA69B7C-9C43-4069-A2C2-4CDF3ED3AE0C}c:\\program files\\adunanza\\emule_adnza.exe"= TCP:c:\program files\adunanza\emule_adnza.exe:eMule
"TCP Query User{77F86060-1819-416B-8332-C8C0B6A7FA23}c:\\program files\\common files\\system\\dns.exe"= UDP:c:\program files\common files\system\dns.exe:dns
"UDP Query User{0886D0AA-84E7-47D1-B595-1F840CFBEB3B}c:\\program files\\common files\\system\\dns.exe"= TCP:c:\program files\common files\system\dns.exe:dns
"TCP Query User{9E211808-1A4A-4C57-AE56-956F839AAB7E}c:\\program files\\common files\\system\\dns.exe"= UDP:c:\program files\common files\system\dns.exe:dns
"UDP Query User{D2848065-1F2A-4A79-8B04-BF2E35204599}c:\\program files\\common files\\system\\dns.exe"= TCP:c:\program files\common files\system\dns.exe:dns
"{41B81DB3-3D4D-474B-81F8-4FD8D8AE314A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F3D2F554-91CE-4C4A-B028-67E2EC6E3290}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2CFE4ED8-7F4E-483B-B1DE-C8D2B2747B54}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{62D80731-7D6F-40C1-B02B-C41ECB8C0912}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{28D02A40-22F0-4D28-856E-24E62CDF0B8D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FDABE022-97EF-408B-B107-AB35B1A7CF16}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C591E2FD-5280-46EA-9C6D-335E48D9E3E6}"= UDP:57243:Pando P2P TCP Listening Port
"{521E3F18-1DF7-429A-91D6-EE3365CDB137}"= TCP:57243:Pando P2P UDP Listening Port
"{F2E27B26-EEBE-4488-8D3A-A9585E77B996}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{00CD4F65-266D-4232-9425-AC35215BE15D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{F66C2322-3F00-4334-8987-FF5D744F0FD0}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{4D00DE10-EE34-44BF-AF1C-DD330FA75DC6}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{3344D3FD-F522-4789-95DC-194D78A8DB06}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{C91083B9-C096-42F9-963A-B78E2B0131BB}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{D29574ED-4E0C-4314-9F30-B83EAC4D6AF9}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{9875F1B6-8EF3-489A-9AF2-13DEE2E07221}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{EC7F43D3-B56A-47F4-9F62-7C87700F5CE4}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{CB68C4BB-5330-4136-A334-B4C264F4134B}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{94AD8E8B-CC76-473C-8104-B2B569EFDECB}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{FA1D2483-5715-439E-9B81-9019F8F1BC5F}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{3EB8459C-A408-4873-814C-34801BF2E1BD}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{AEB4AB74-E944-4C55-A1CE-562C2DC73D10}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{874DB4F1-DD39-4AB9-91BD-7F2608AF513B}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{069CFB6C-7E45-4D7D-8FCA-CCE615E12B2B}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{7635FD46-39BA-4FFF-A62C-B153DBC713CA}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6DBBB84D-654A-458D-A34E-5F7C8985BD73}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{34F4601D-287C-48C1-8CB3-6860210E48EF}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{01E5EA2D-96F9-42D1-A7F0-896A669E43C8}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D3304442-9E74-41F0-B11D-32305FF38644}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{71D26DDF-7963-4B9A-B630-FA0C7D63D19D}"= UDP:c:\users\Ferruccio\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2A323B4D-C2F5-4642-AF74-E461119779A7}"= TCP:c:\users\Ferruccio\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{AF68B32E-97BB-40B7-8DE4-BB264C9FB9A6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{93E7BDF5-45BD-4913-9673-7B123595BB84}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{46439698-A76A-4FA3-B0A7-E224F05F1383}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3E4C8326-318E-4710-8746-C462DD2AB901}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D99DF33D-EDF1-4FC5-AD36-155D4F0A0A31}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\System\\dns.exe"= c:\program files\Common Files\System\dns.exe:*:Enabled:Windows Update
"c:\\Program Files\\PPStream\\PPStream.exe"= c:\program files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ
"c:\\Program Files\\PPStream\\PPSAP.exe"= c:\program files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-07 15424]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2008-01-19 178913]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{691af320-a340-11dc-ae29-00030d784965}]
\shell\AutoRun\command - F:\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'
2008-11-19 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Ferruccio\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-14 20:19]
2008-12-08 c:\windows\Tasks\User_Feed_Synchronization-{D876D74D-FD24-4067-87D0-D57B29A0A660}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
2007-12-03 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementare di scansione -------
.
uStart Page =
hxxp://www.google.it/uInternet Settings,ProxyServer = 68.50.199.210:2301
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Salva oggetto con NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Salva tutti gli oggetti con NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Scarica con Free Download Manager -
file://c:\program files\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager -
file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager -
file://c:\program files\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager -
file://c:\program files\Free Download Manager\dlall.htm
IE: {C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
IE: {C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe -
LSP: c:\windows\system32\imon.dll
TCP: {2A27B14C-5A07-4A95-9A56-84CC3621B862} = 192.168.0.1
FireFox -: Profile - c:\users\Ferruccio\AppData\Roaming\Mozilla\Firefox\Profiles\kz6jnikp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://www.google.it/FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\users\Ferruccio\AppData\Local\Google\Update\1.2.131.27\npGoogleOneClick6.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-08 17:06:01
Windows 6.0.6000 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\TeamViewer3\TeamViewer_Service.exe
c:\program files\Fujitsu Siemens Computers\FirstSteps Diagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-08 17:12:07 - macchina è stato riavviato [Ferruccio]
ComboFix-quarantined-files.txt 2008-12-08 16:11:39
Pre-Run: 12,673,126,400 byte disponibili
Post-Run: 12,627,013,632 byte disponibili
349 --- E O F --- 2008-12-04 23:03:52