ComboFix 08-10-19.04 - Francesco 2008-10-20 10.24.38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.726 [GMT 2:00]
Eseguito da: C:\DOWNLOADS\pincopallino.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Francesco\AppData\Roaming\inst.exe
C:\Windows\etgq.exe
C:\Windows\system32\cBSIbYSL.dll
C:\Windows\system32\ddcCrsss.dll
C:\Windows\System32\dNpsttwa.ini
C:\WINDOWS\System32\dNpsttwa.ini2
C:\Windows\System32\IOXEKTwa.ini
C:\WINDOWS\System32\IOXEKTwa.ini2
C:\Windows\system32\PXxIlUvw.ini
C:\WINDOWS\System32\PXxIlUvw.ini2
C:\WINDOWS\System32\qWwxEfii.ini
C:\WINDOWS\System32\qWwxEfii.ini2
----- BITS: Sites possivelmente infetados -----
hxxp://www.lovelypornovideo.net.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
-------\Service_VMware NAT Service
((((((((((((((((((((((((( Files Creati Da 2008-09-20 al 2008-10-20 )))))))))))))))))))))))))))))))))))
.
2008-10-19 16:05 . 2008-10-19 16:06 120,291,258 --a------ C:\WINDOWS\MEMORY.DMP
2008-10-19 14:01 . 2008-10-19 14:02 131,072 --a------ C:\WINDOWS\SPInstall.etl
2008-10-18 20:05 . 2008-06-20 03:14 105,016 --a------ C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2008-10-18 20:05 . 2008-06-20 03:14 97,800 --a------ C:\WINDOWS\System32\infocardapi.dll
2008-10-18 20:04 . 2008-06-20 03:14 781,344 --a------ C:\WINDOWS\System32\PresentationNative_v0300.dll
2008-10-18 20:04 . 2008-06-20 03:14 622,080 --a------ C:\WINDOWS\System32\icardagt.exe
2008-10-18 20:04 . 2008-06-20 03:14 326,160 --a------ C:\WINDOWS\System32\PresentationHost.exe
2008-10-18 20:04 . 2008-06-20 03:14 43,544 --a------ C:\WINDOWS\System32\PresentationHostProxy.dll
2008-10-18 20:04 . 2008-06-20 03:14 37,384 --a------ C:\WINDOWS\System32\infocardcpl.cpl
2008-10-18 20:04 . 2008-06-20 03:14 11,264 --a------ C:\WINDOWS\System32\icardres.dll
2008-10-18 19:56 . 2008-07-27 20:03 282,112 --a------ C:\WINDOWS\System32\mscoree.dll
2008-10-18 19:56 . 2008-07-27 20:03 158,720 --a------ C:\WINDOWS\System32\mscorier.dll
2008-10-18 19:56 . 2008-07-27 20:03 96,760 --a------ C:\WINDOWS\System32\dfshim.dll
2008-10-18 19:56 . 2008-07-27 20:03 83,968 --a------ C:\WINDOWS\System32\mscories.dll
2008-10-18 19:56 . 2008-07-27 20:03 41,984 --a------ C:\WINDOWS\System32\netfxperf.dll
2008-10-18 00:11 . 2008-10-19 19:35 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-17 23:54 . 2008-10-17 23:54 <DIR> d-------- C:\Users\Francesco\AppData\Roaming\Nero
2008-10-17 23:04 . 2008-10-17 23:04 4,767 --a------ C:\WINDOWS\Irremote.ini
2008-10-17 22:24 . 2008-10-17 23:02 <DIR> d-------- C:\Program Files\Nero
2008-10-17 22:22 . 2008-10-17 23:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-10-17 22:21 . 2008-10-17 22:21 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-10-15 21:16 . 2008-08-05 11:49 428,544 --a------ C:\WINDOWS\System32\EncDec.dll
2008-10-15 21:16 . 2008-08-05 11:49 293,376 --a------ C:\WINDOWS\System32\psisdecd.dll
2008-10-15 21:16 . 2008-08-05 11:48 217,088 --a------ C:\WINDOWS\System32\psisrndr.ax
2008-10-15 21:16 . 2008-08-05 11:48 177,664 --a------ C:\WINDOWS\System32\mpg2splt.ax
2008-10-15 21:16 . 2008-08-05 11:48 80,896 --a------ C:\WINDOWS\System32\MSNP.ax
2008-10-15 17:23 . 2008-10-15 17:23 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-10-15 17:23 . 2008-10-15 17:23 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-10-15 14:00 . 2008-09-18 04:16 2,032,640 --a------ C:\WINDOWS\System32\win32k.sys
2008-10-15 13:55 . 2008-08-27 03:06 288,768 --a------ C:\WINDOWS\System32\drivers\srv.sys
2008-10-15 13:51 . 2008-09-18 07:09 3,601,464 --a------ C:\WINDOWS\System32\ntkrnlpa.exe
2008-10-15 13:51 . 2008-09-18 07:09 3,549,240 --a------ C:\WINDOWS\System32\ntoskrnl.exe
2008-10-14 19:39 . 2008-10-14 19:39 <DIR> d-------- C:\Program Files\Paragon Software
2008-10-14 18:51 . 2008-10-14 18:52 <DIR> d-------- C:\Program Files\Windows Mobile 6 SDK
2008-10-14 18:33 . 2008-10-14 18:33 <DIR> d-------- C:\Users\Francesco\AppData\Roaming\CellularEmulator
2008-10-13 22:19 . 2008-10-13 22:19 <DIR> d-------- C:\Program Files\GNU Emu48CE for PocketPC
2008-10-12 18:23 . 2008-10-17 22:45 <DIR> d-------- C:\Users\All Users\Nero
2008-10-12 18:23 . 2008-10-17 22:45 <DIR> d-------- C:\ProgramData\Nero
2008-10-12 18:03 . 2008-10-12 23:29 <DIR> d-------- C:\Program Files\Common Files\LightScribe(0)
2008-10-10 14:46 . 2008-10-10 14:46 <DIR> d-------- C:\Program Files\VITO
2008-10-03 14:45 . 2008-10-08 23:31 <DIR> d-------- C:\Program Files\SKTools
2008-09-29 15:50 . 2008-09-29 15:50 <DIR> d-------- C:\Program Files\SiSoftware
2008-09-29 15:45 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\System32\D3DX9_37.dll
2008-09-29 15:44 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\System32\d3dx9_31.dll
2008-09-29 15:19 . 2008-09-29 22:30 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-09-28 12:00 . 2008-10-20 09:48 <DIR> d-------- C:\USD1.34.9_BlackManos_Pack_13.51
2008-09-28 00:17 . 2008-09-28 00:17 <DIR> d-------- C:\Users\All Users\SonicStage
2008-09-28 00:17 . 2008-09-28 00:17 <DIR> d-------- C:\ProgramData\SonicStage
2008-09-27 23:50 . 2008-09-27 23:50 <DIR> d-------- C:\Program Files\Sony
2008-09-27 23:48 . 2008-09-28 00:17 <DIR> d-------- C:\Users\Francesco\AppData\Roaming\Sony Corporation
2008-09-27 23:20 . 2008-09-29 22:22 <DIR> d-------- C:\Users\Francesco\AppData\Roaming\Roxio
2008-09-27 23:06 . 2008-09-27 23:07 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-09-27 23:00 . 2008-09-27 23:00 <DIR> d-------- C:\Program Files\DivX
2008-09-27 22:29 . 2008-10-19 10:19 <DIR> d-------- C:\Users\All Users\Roxio
2008-09-27 22:29 . 2008-10-19 10:19 <DIR> d-------- C:\ProgramData\Roxio
2008-09-27 22:23 . 2008-09-27 22:23 <DIR> d-------- C:\Users\All Users\Sonic
2008-09-27 22:23 . 2008-09-27 22:23 <DIR> d-------- C:\ProgramData\Sonic
2008-09-27 22:23 . 2008-09-28 00:52 <DIR> d-------- C:\Program Files\Roxio
2008-09-27 18:38 . 2008-09-27 23:51 <DIR> d-------- C:\Users\All Users\Sony Corporation
2008-09-27 18:38 . 2008-09-27 23:51 <DIR> d-------- C:\ProgramData\Sony Corporation
2008-09-27 14:55 . 2008-10-12 23:27 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-09-27 14:55 . 2008-10-12 23:27 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-09-27 14:53 . 2008-10-12 23:27 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-20 19:35 . 2008-09-20 19:35 <DIR> d-------- C:\Program Files\NavNGo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-20 08:04 --------- d-----w C:\ProgramData\VMware
2008-10-19 20:55 --------- d-----w C:\ProgramData\SiteAdvisor
2008-10-19 20:51 --------- d-----w C:\Program Files\McAfee
2008-10-19 20:07 --------- d-----w C:\ProgramData\McAfee
2008-10-19 16:52 --------- d-----w C:\Users\Francesco\AppData\Roaming\VMware
2008-10-18 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-18 17:16 --------- d-----w C:\Program Files\MediaMonkey
2008-10-17 10:53 --------- d-----w C:\Program Files\Rar Repair Tool
2008-10-16 15:10 --------- d-----w C:\Program Files\Dimensions
2008-10-16 14:58 --------- d-----w C:\Users\Francesco\AppData\Roaming\SoftMaker
2008-10-16 14:57 --------- d-----w C:\Program Files\PD3A Development
2008-10-15 21:26 --------- d-----w C:\Users\Francesco\AppData\Roaming\Microsoft Office Mobile
2008-10-15 18:57 --------- d-----w C:\Program Files\Windows Mail
2008-10-14 16:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-10-10 12:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-10 08:28 --------- d-----w C:\Program Files\Easy GIF Animator
2008-10-08 17:57 --------- d-----w C:\Program Files\eMule
2008-09-29 20:25 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-09-27 22:51 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-09-27 14:41 --------- d-----w C:\ProgramData\ABBYY
2008-09-27 14:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-23 12:36 --------- d-----w C:\Users\Francesco\AppData\Roaming\Vso
2008-09-22 12:31 --------- d-----w C:\Program Files\Hewlett-Packard
2008-09-20 15:12 --------- d-----w C:\Program Files\Xilisoft
2008-09-16 12:08 --------- d-----w C:\Program Files\IVT Corporation
2008-09-14 13:57 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-09-14 13:56 --------- d-----w C:\Program Files\MSECACHE
2008-09-12 08:48 --------- d-----w C:\Program Files\FDN
2008-09-12 07:41 --------- d-----w C:\Program Files\TomTom HOME 2
2008-09-10 19:07 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 11:41 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 17:26 --------- d-----w C:\Program Files\Allok Video Joiner
2008-09-07 15:24 --------- d-----w C:\Users\Francesco\AppData\Roaming\Hewlett-Packard
2008-09-06 12:09 --------- d-----w C:\Program Files\ParaGraph
2008-09-03 21:55 2,231,606 ----a-w C:\Users\All Users\Games.exe
2008-09-03 21:55 2,231,606 ----a-w C:\ProgramData\Games.exe
2008-09-03 21:54 2,989,660 ----a-w C:\Users\All Users\DVD.exe
2008-09-03 21:54 2,989,660 ----a-w C:\ProgramData\DVD.exe
2008-09-03 21:54 2,864,396 ----a-w C:\Users\All Users\MPV.exe
2008-09-03 21:54 2,864,396 ----a-w C:\ProgramData\MPV.exe
2008-09-03 21:53 3,063,561 ----a-w C:\Users\All Users\MobileTV.exe
2008-09-03 21:53 3,063,561 ----a-w C:\ProgramData\MobileTV.exe
2008-09-03 21:53 2,331,174 ----a-w C:\Users\All Users\Karaoke.exe
2008-09-03 21:53 2,331,174 ----a-w C:\ProgramData\Karaoke.exe
2008-09-03 21:53 --------- d-----w C:\ProgramData\ITA
2008-09-03 21:51 --------- d-----w C:\Program Files\HP
2008-09-03 20:39 --------- d-----w C:\Program Files\ZipGenius 6
2008-09-03 20:39 --------- d-----w C:\Program Files\Cutter 4
2008-09-03 14:44 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-08-30 15:11 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-08-29 10:56 --------- d-----w C:\Users\Francesco\AppData\Roaming\Babylon
2008-08-29 10:55 --------- d-----w C:\ProgramData\Babylon
2008-08-27 11:38 --------- d-----w C:\Program Files\LeaderGL_FlexEditor
2008-08-26 16:22 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-08-26 16:17 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-08-26 14:56 --------- d-----w C:\Program Files\Avanquest update
2008-08-25 11:50 --------- d-----w C:\Program Files\MSDN
2008-08-25 11:11 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-08-25 11:11 --------- d-----w C:\Program Files\Business Objects
2008-08-25 11:07 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-25 11:05 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-08-25 11:02 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-08-25 11:02 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-25 10:52 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-08-25 10:51 --------- d-----w C:\ProgramData\PreEmptive Solutions
2008-08-25 10:46 --------- d-----w C:\Program Files\MSBuild
2008-08-25 10:46 --------- d-----w C:\Program Files\HTML Help Workshop
2008-08-25 10:42 --------- d-----w C:\Program Files\Microsoft SDKs
2008-08-25 10:42 --------- d-----w C:\Program Files\CE Remote Tools
2008-08-25 10:40 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-08-25 10:40 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-23 22:36 --------- d-----w C:\Users\Francesco\AppData\Roaming\Download Manager
2008-08-22 12:13 --------- d-----w C:\Program Files\Microsoft
2008-08-22 03:38 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-08-22 03:38 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-08-22 03:38 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-08-22 03:38 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-08-21 07:02 --------- d-----w C:\Program Files\CCleaner
2008-08-20 18:53 --------- d-----w C:\Program Files\Garmin
2008-08-20 17:59 --------- d-----w C:\Program Files\Garmin GPS Plugin
2008-08-20 17:53 --------- d-----w C:\Users\Francesco\AppData\Roaming\GARMIN
2008-08-02 11:41 28,219 ----a-w C:\Users\Francesco\AppData\Roaming\nvModes.dat
2008-04-28 13:53 174 --sha-w C:\Program Files\desktop.ini
2008-03-25 14:21 0 ----a-w C:\Users\Francesco\AppData\Roaming\wklnhst.dat
2007-11-06 11:32 92,064 ----a-w C:\Users\Francesco\mqdmmdm.sys
2007-11-06 11:32 9,232 ----a-w C:\Users\Francesco\mqdmmdfl.sys
2007-11-06 11:32 79,328 ----a-w C:\Users\Francesco\mqdmserd.sys
2007-11-06 11:32 66,656 ----a-w C:\Users\Francesco\mqdmbus.sys
2007-11-06 11:32 6,208 ----a-w C:\Users\Francesco\mqdmcmnt.sys
2007-11-06 11:32 5,936 ----a-w C:\Users\Francesco\mqdmwhnt.sys
2007-11-06 11:32 4,048 ----a-w C:\Users\Francesco\mqdmcr.sys
2007-11-06 11:32 25,600 ----a-w C:\Users\Francesco\usbsermptxp.sys
2007-11-06 11:32 22,768 ----a-w C:\Users\Francesco\usbsermpt.sys
2007-10-26 20:01 94,208 ----a-w C:\Users\Francesco\AppData\Roaming\ezplay.sys
2007-10-26 20:01 47,360 ----a-w C:\Users\Francesco\AppData\Roaming\pcouffin.sys
2008-07-15 12:05 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-15 12:05 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-15 12:05 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-12-26 20:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
2007-11-30 14:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007113020071201\index.dat
.
- Codice: Seleziona tutto
<pre>
----a-w 3,985,078 2008-03-21 11:04:10 C:\Program Files\eMule\incoming\emule pro ultra 3 download\eMule0.48a-Installer .exe
</pre>
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-08-05 02:13 1610264 --a------ C:\Program Files\myBabylon\tbmyBa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-07-23 468264]
"MSServer"="C:\Windows\system32\ddcCrsss.dll" [N/A]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"CnxDslTaskBar"="C:\Program Files\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= CSvidcap.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D6E4ED48-D370-4761-A3DE-4D8B0F5F1144}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{55D3D4B8-8A51-4126-99E4-962636A7D2FD}C:\\program files\\mcafee\\mbk\\mcafeedatabackup.exe"= UDP:C:\program files\mcafee\mbk\mcafeedatabackup.exe:McAfee Data Backup
"UDP Query User{337D9464-E256-46F6-B699-20404928CEA3}C:\\program files\\mcafee\\mbk\\mcafeedatabackup.exe"= TCP:C:\program files\mcafee\mbk\mcafeedatabackup.exe:McAfee Data Backup
"{D8D942B2-7C9D-4031-A8AF-8D30B569FEAE}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{AB2C9783-C647-4959-8D4D-2ADBF639F1C5}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{4CCE390A-8165-46BD-9A2E-D190F695927D}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{77519FA1-1FCF-4D1C-8648-B598070C8F81}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{A5DD8567-B1A1-409C-B558-D3BE5102487E}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{3AE832BF-D8D9-450B-AA72-058A454FFC85}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{52866681-39E9-4E72-BDDA-DB67841ADD31}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{063D0AF1-336A-4814-A63C-37C5D012FA9E}"= UDP:9420:Red Swoosh
"{C9BD1A2C-9498-4E42-BEF4-24922E334A9C}"= TCP:5000:Red Swoosh
"{D511265A-9F77-48C3-A054-DF4B5ADC2E3D}"= UDP:9420:Red Swoosh
"{F5B82FCD-42B5-48E4-93EF-6E0D33554418}"= TCP:5000:Red Swoosh
"{DE8A5B6C-E4F9-4E40-9C94-989BED64D979}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{1677BAE1-C77A-4D49-AD33-66F42F25D057}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{399F930C-C8EF-4026-A927-43245AAA145B}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{9614DC0E-3BC1-4EA6-A2D9-C5F16706A9A5}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{A9B354E2-0E21-4EC4-8A23-5A15A9C6D0F4}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5BC0DA75-7C04-4736-9FB3-C5CB90587018}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{E0C532FE-13F7-4FD3-A3B6-CFB633D41061}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{23342D2D-FD40-4431-B71A-23C86E105B12}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C05603AA-B7E6-4EAE-BB2A-5511301FB8FA}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{123C827E-60EB-45BC-A910-D6358182D463}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{65A3480B-3406-4961-B212-7193D0AF372E}"= UDP:C:\Program Files\eMule\emule.exe:eMuleMorphXT
"{1A20FF13-0ACF-4C36-B0A6-63804DD3927A}"= TCP:C:\Program Files\eMule\emule.exe:eMuleMorphXT
"{A00AAF33-95FE-4221-A355-350146A85ECF}"= UDP:C:\Program Files\Lphant\eLePhantClient.exe:Lphant
"{0B527D2E-064D-4986-9856-869A8306A145}"= TCP:C:\Program Files\Lphant\eLePhantClient.exe:Lphant
"{AD75C521-E908-4596-ADA2-4EACFEB89EEE}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{842A8CE9-F5A2-42A3-BFE8-271610F9FCC2}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{3D6EC9EC-9F21-4C7E-88EF-61A1D5AD73D7}"= UDP:C:\Program Files\Lphant\eLePhantClient.exe:Lphant
"{7263BF09-BB4F-49D8-A931-E3EF7AA3A95A}"= TCP:C:\Program Files\Lphant\eLePhantClient.exe:Lphant
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 c2scsi;c2scsi;C:\Windows\system32\DRIVERS\c2scsi.sys [2006-08-09 248568]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
S3 CH341SER;CH341SER;C:\Windows\system32\Drivers\CH341SER.SYS [2007-09-24 37488]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\Windows\system32\DRIVERS\CnxEtP.sys [2003-09-12 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\Windows\system32\DRIVERS\CnxEtU.sys [2003-09-12 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\Windows\system32\DRIVERS\CnxTgN.sys [2003-10-29 108675]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 qcusbmdm6k;MD-1 Proprietary USB Driver;C:\Windows\system32\DRIVERS\qcusbmdm6k.sys [2006-09-21 64640]
S3 qcusbnmea;MD-1 NMEA Port;C:\Windows\system32\DRIVERS\qcusbnmea.sys [2006-09-21 64640]
S3 qcusbser6k;MD-1 Diagnostic Port;C:\Windows\system32\DRIVERS\qcusbser6k.sys [2006-09-21 64640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'
2008-06-14 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-10-19 C:\Windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]
2008-10-19 C:\Windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- C:\Users\Francesco\Desktop\DOWNLOAD ACER [2008-10-05 17:36]
2008-10-19 C:\Windows\Tasks\User_Feed_Synchronization-{EC41EB85-BC6D-4C3C-91D5-384977B2A2EC}.job
- C:\Windows\system32\msfeedssync.exe [2008-08-22 12:05]
.
- - - - ORFÃOS REMOVIDOS - - - -
BHO-{3D216277-99F5-4E39-B606-688998118EE2} - C:\Windows\system32\wvUlIxXP.dll
BHO-{FBC94C72-6CDB-47C1-940B-353ADBC05131} - C:\Windows\system32\iifExwWq.dll
ShellExecuteHooks-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\Windows\system32\ddcCrsss.dll
.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\de6zxaye.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://www.google.it/firefox?client=fir ... t:officialFF -: plugin - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava11.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava12.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava131_13.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npoji600.dll
FF -: plugin - C:\Program Files\Virtual Earth 3D\npVE3D.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-20 10:40:31
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
C:\Users\FRANCE~1\AppData\Local\Temp\ehmsas.txt 2 bytes
C:\Users\FRANCE~1\AppData\Local\Temp\CabD586.tmp 27617 bytes
Scansione completata con successo
Files nascosti: 2
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
PROCESSO: C:\Windows\Explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\WINDOWS\System32\wlanext.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\Total Uninstall 4\Tu.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-20 11:00:34 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-10-20 08:59:26
Pre-Run: 12.921.188.352 byte disponibili
Post-Run: 14,369,542,144 byte disponibili
427 --- E O F --- 2008-10-15 19:18:34