ComboFix 09-08-04.01 - Enrico 04/08/2009 19.29.17.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.1791.743 [GMT 2:00]
Eseguito da: c:\users\Enrico\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\Enrico\AppData\Local\emaao_nav.dat
c:\users\Enrico\AppData\Local\oeqagak.dat
c:\users\Enrico\AppData\Local\oeqagak_nav.dat
c:\users\Enrico\AppData\Local\oeqagak_navps.dat
c:\users\Enrico\AppData\Roaming\Drivers\11s11ro1s1a2.sys
c:\users\Enrico\AppData\Roaming\drivers\downld
c:\users\Enrico\AppData\Roaming\drivers\downld\128544.exe
c:\users\Enrico\AppData\Roaming\drivers\downld\15120880.exe
c:\users\Enrico\AppData\Roaming\drivers\downld\698775.exe
c:\users\Enrico\AppData\Roaming\drivers\downld\699399.exe
c:\users\Enrico\AppData\Roaming\drivers\downld\699414.exe
c:\users\Enrico\AppData\Roaming\inst.exe
c:\windows\system32\ban_list.txt
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_111111S1RO1S1A
-------\Legacy_111111S1RO1S1A
-------\Legacy_111111S1RO1S1A
-------\Legacy_SK9OU0S
((((((((((((((((((((((((( Files Creati Da 2009-07-04 al 2009-08-04 )))))))))))))))))))))))))))))))))))
.
2009-08-04 17:10 . 2009-08-04 17:10 -------- d-----w- c:\programdata\is-UFTD0
2009-08-04 14:06 . 2009-08-04 14:06 -------- d-----w- c:\programdata\is-D4DIU
2009-08-04 14:06 . 2009-08-04 17:41 1292984352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-04 14:06 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\40742672.sys
2009-08-04 07:19 . 2009-08-04 07:19 1398 ----a-r- c:\users\Enrico\AppData\Roaming\Microsoft\Installer\{6EB0B97D-BCB7-46DA-BFE0-9024E431763F}\_3cdf22e7.exe
2009-08-03 16:34 . 2009-08-03 16:34 -------- d-----w- c:\programdata\Reflexive
2009-08-03 16:33 . 2009-08-03 16:33 -------- dc----w- c:\program files\ReflexiveArcade
2009-08-03 09:50 . 2009-08-04 17:38 -------- d--h--w- c:\users\Enrico\AppData\Roaming\drivers
2009-08-03 08:37 . 2009-08-03 08:37 -------- d-----w- c:\users\Enrico\AppData\Roaming\Canneverbe_Limited
2009-08-03 06:36 . 2009-08-03 06:36 -------- d-----w- c:\users\Enrico\AppData\Local\Copy Handler
2009-08-02 17:04 . 2009-08-02 17:04 -------- d-----w- c:\users\Enrico\AppData\Roaming\WirePilot
2009-08-02 17:00 . 2009-08-02 17:00 -------- dc----w- c:\program files\Two Pilots
2009-08-02 16:33 . 2009-08-02 18:11 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-02 16:33 . 2009-08-02 18:11 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-02 16:33 . 2009-08-02 16:33 -------- dc----w- c:\program files\OpenAL
2009-08-01 19:38 . 2009-08-01 19:38 -------- dc----w- c:\program files\Apple Software Update
2009-08-01 19:38 . 2009-08-01 19:38 -------- d-----w- c:\programdata\Apple
2009-07-24 11:43 . 1998-11-13 12:07 307712 ----a-w- c:\windows\IsUn0410.exe
2009-07-24 07:05 . 2009-08-02 06:48 -------- dc----w- c:\program files\MessengerDiscovery
2009-07-15 07:52 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 07:52 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 07:52 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 07:52 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 07:52 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-12 13:04 . 2009-07-12 13:07 -------- dc-h--w- c:\program files\FX Uninstall Information
2009-07-11 08:26 . 2009-07-11 08:26 -------- d-----w- c:\users\Enrico\AppData\Roaming\Desktopicon
2009-07-11 08:26 . 2009-07-11 13:27 -------- dc----w- c:\program files\Unlocker
2009-07-11 08:11 . 2009-07-11 08:11 -------- dc----w- c:\program files\FileASSASSIN
2009-07-08 18:08 . 2009-07-08 18:08 -------- d-----w- c:\windows\Youda Marina
2009-07-07 17:34 . 2009-07-07 17:34 -------- d-----w- c:\users\Enrico\AppData\Roaming\MessengerDiscovery 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 17:43 . 2009-02-13 19:39 -------- d-----w- c:\users\Enrico\AppData\Roaming\DNA
2009-08-04 17:43 . 2009-02-13 19:39 -------- d-----w- c:\program files\DNA
2009-08-04 17:41 . 2009-08-04 14:06 15156368 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-04 17:14 . 2009-02-13 08:39 -------- d-----w- c:\programdata\avg8
2009-08-04 17:11 . 2009-03-10 15:18 -------- d-----w- c:\users\Enrico\AppData\Roaming\uTorrent
2009-08-04 07:07 . 2006-11-06 01:52 665464 ----a-w- c:\windows\system32\perfh010.dat
2009-08-04 07:07 . 2006-11-06 01:52 121096 ----a-w- c:\windows\system32\perfc010.dat
2009-08-04 07:02 . 2009-02-13 19:44 -------- d-----w- c:\program files\Google
2009-08-03 10:02 . 2009-02-13 19:32 -------- d-----w- c:\program files\RocketDock
2009-08-03 08:29 . 2009-05-27 15:14 -------- d-----w- c:\users\Enrico\AppData\Roaming\Skype
2009-08-03 06:29 . 2009-05-27 15:15 -------- d-----w- c:\users\Enrico\AppData\Roaming\skypePM
2009-08-02 07:54 . 2009-02-16 17:53 1 ----a-w- c:\users\Enrico\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-02 06:45 . 2009-02-13 08:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-01 20:00 . 2009-02-14 09:45 -------- d-----w- c:\users\Enrico\AppData\Roaming\Any Video Converter
2009-08-01 19:05 . 2009-06-20 07:13 -------- dc----w- c:\program files\Microsoft Silverlight
2009-07-24 11:36 . 2009-03-02 14:35 -------- d-----w- c:\users\Enrico\AppData\Roaming\gtk-2.0
2009-07-21 21:52 . 2009-08-01 14:37 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-01 14:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-01 14:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-01 14:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 12:16 . 2009-07-17 12:16 4096 ----a-w- c:\windows\system32\0DF19.tmp
2009-07-15 14:51 . 2009-02-13 08:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 14:50 . 2009-06-12 08:32 -------- d-----w- c:\programdata\NETg
2009-07-15 08:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-11 13:45 . 2009-02-13 08:04 109648 ----a-w- c:\users\Enrico\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-09 12:00 . 2009-07-09 12:00 4096 ----a-w- c:\windows\system32\0D4DD.tmp
2009-07-08 18:09 . 2009-06-13 17:36 -------- d-----w- c:\users\Enrico\AppData\Roaming\Youdagames
2009-07-05 18:43 . 2009-02-14 15:58 -------- d-----w- c:\users\Enrico\AppData\Roaming\Vso
2009-07-05 11:27 . 2009-03-09 15:49 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-07-05 11:27 . 2009-03-09 15:49 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-07-05 11:27 . 2009-03-09 15:49 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-07-04 10:22 . 2009-02-13 08:39 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-04 10:22 . 2009-07-04 10:26 2054424 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-07-04 10:22 . 2009-07-04 10:26 2167576 ----a-w- c:\programdata\avg8\update\backup\avgresf.dll
2009-07-03 12:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-03 12:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-03 12:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-03 12:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-03 12:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-03 12:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-03 12:42 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-03 11:56 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-30 12:13 . 2009-06-30 12:13 4096 ----a-w- c:\windows\system32\015C2.tmp
2009-06-28 17:39 . 2009-06-28 17:39 4096 ----a-w- c:\windows\system32\02550.tmp
2009-06-28 15:14 . 2009-06-28 15:14 -------- d-----w- c:\programdata\Cobian
2009-06-28 10:26 . 2009-06-20 12:45 91 ----a-w- c:\users\Enrico\AppData\Local\samwqgk.bat
2009-06-26 10:26 . 2009-06-26 10:26 4096 ----a-w- c:\windows\system32\03D6C.tmp
2009-06-25 17:23 . 2009-06-25 17:23 4096 ----a-w- c:\windows\system32\04874.tmp
2009-06-25 12:01 . 2009-06-25 12:01 4096 ----a-w- c:\windows\system32\04F29.tmp
2009-06-24 19:27 . 2009-06-24 19:27 4096 ----a-w- c:\windows\system32\0D605.tmp
2009-06-23 18:08 . 2009-02-13 08:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 18:08 . 2009-02-13 08:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 19:01 . 2009-06-22 19:01 4096 ----a-w- c:\windows\system32\0F09E.tmp
2009-06-21 09:53 . 2009-06-21 09:53 4096 ----a-w- c:\windows\system32\04990.tmp
2009-06-20 20:31 . 2009-06-20 20:31 4096 ----a-w- c:\windows\system32\01B8E.tmp
2009-06-18 19:05 . 2009-06-18 19:05 4096 ----a-w- c:\windows\system32\0ECD7.tmp
2009-06-18 11:37 . 2009-02-13 20:38 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-16 11:11 . 2009-06-16 11:11 4096 ----a-w- c:\windows\system32\021D2.tmp
2009-06-15 17:32 . 2009-06-15 17:32 4096 ----a-w- c:\windows\system32\0C59F.tmp
2009-06-13 07:55 . 2009-06-13 07:55 4096 ----a-w- c:\windows\system32\04C8C.tmp
2009-06-12 14:36 . 2009-06-12 14:36 -------- dc----w- c:\program files\MSECache
2009-06-12 13:19 . 2009-06-12 13:19 -------- d-----w- c:\programdata\QuickTime
2009-06-12 10:04 . 2009-06-12 10:02 -------- d-----w- c:\users\Enrico\AppData\Roaming\InfraRecorder
2009-06-10 10:22 . 2009-06-10 10:22 -------- d-----w- c:\users\Enrico\AppData\Roaming\Netscape
2009-06-10 06:34 . 2009-06-10 06:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-09 06:50 . 2009-06-09 06:50 -------- d-----w- c:\users\Enrico\AppData\Roaming\KeePass
2009-06-03 16:17 . 2009-06-03 16:17 4096 ----a-w- c:\windows\system32\0DCAB.tmp
2009-06-02 18:04 . 2009-06-02 18:04 4096 ----a-w- c:\windows\system32\059B5.tmp
2009-06-01 11:38 . 2009-06-01 11:38 4096 ----a-w- c:\windows\system32\01529.tmp
2009-05-30 18:26 . 2009-05-30 18:26 40960 ----a-r- c:\users\Enrico\AppData\Roaming\Microsoft\Installer\{9527450C-64B3-11D5-9B31-000021116B62}\_BD2ECD14F979_4870_B280_91C063F08E29.exe
2009-05-29 14:01 . 2009-04-11 17:33 89 ----a-w- c:\users\Enrico\AppData\Local\aoaqmos.bat
2009-05-28 13:22 . 2009-05-27 17:41 514 -c-ha-w- C:\os629005.bin
2009-05-27 17:14 . 2009-05-27 17:14 4096 ----a-w- c:\windows\system32\0AD91.tmp
2009-05-27 15:15 . 2009-05-27 15:15 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-26 11:20 . 2009-05-29 19:33 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2009-05-29 19:33 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 15:16 . 2009-05-25 15:16 4096 ----a-w- c:\windows\system32\098C7.tmp
2009-05-14 13:29 . 2009-05-13 17:03 8 ----a-w- c:\windows\system32\sparkleflashendocder_lu.bin
2009-05-13 17:03 . 2009-05-13 17:03 8 ----a-w- c:\windows\system32\sparkleflashendocder_fu.bin
2009-05-09 10:38 . 2009-02-13 09:16 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-17 12:00 . 2009-04-24 14:12 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-16 15:26 . 2009-02-16 14:22 24 --sh--w- c:\windows\SD40354A1.tmp
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-13 342848]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Google Update"="c:\users\Enrico\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-13 133104]
"DAEMON Tools Pro Agent"="d:\daemon tools pro\DTProAgent.exe" [2007-09-06 136136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-06-05 548864]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2009-08-04 319488]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-08-04 15872]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
c:\users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-D4DIU.lnk - j:\programmi\Virus Removal Tool\is-D4DIU\startup.exe [2009-8-4 65536]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-24 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d5,9e,98,7d,29,15,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2232847502-1444760326-1672518796-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6F0C04BD-4880-4A32-808E-688447B7A3A5}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{CE583CB2-5CEB-4AAD-B263-A946C4D37B87}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{F3CEDB05-2C68-46DD-9D5A-7C3C109E01CE}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{D3DCA296-220E-4685-B4F4-C162A46B153E}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"TCP Query User{3B52B331-1D43-4D4D-9845-6A41F83D4E1D}c:\\users\\enrico\\program files\\dna\\btdna.exe"= UDP:c:\users\enrico\program files\dna\btdna.exe:btdna.exe
"UDP Query User{2DD2468F-0420-40C6-97BB-692DCBEDCF60}c:\\users\\enrico\\program files\\dna\\btdna.exe"= TCP:c:\users\enrico\program files\dna\btdna.exe:btdna.exe
"TCP Query User{0763939E-7EA3-4C74-8F33-FDCED709FBFF}c:\\users\\enrico\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\installer-207-15it-shrinkto5-italian.exe"= UDP:c:\users\enrico\appdata\local\opera\opera\profile\cache4\temporary_download\installer-207-15it-shrinkto5-italian.exe:installer-207-15it-shrinkto5-italian.exe
"UDP Query User{423375C5-E331-4150-B6E1-50C49466392D}c:\\users\\enrico\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\installer-207-15it-shrinkto5-italian.exe"= TCP:c:\users\enrico\appdata\local\opera\opera\profile\cache4\temporary_download\installer-207-15it-shrinkto5-italian.exe:installer-207-15it-shrinkto5-italian.exe
"TCP Query User{B523FE70-F550-4685-B27E-ADFDB91A1E64}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{1E3202DF-70DE-487C-A337-A6EFBDE03E37}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{0F8F38C9-7908-42BB-8725-652A55AEFF19}l:\\programmi\\pyton\\pythonw.exe"= UDP:l:\programmi\pyton\pythonw.exe:pythonw
"UDP Query User{367EC847-816E-4AC7-BD24-7441E8E2B111}l:\\programmi\\pyton\\pythonw.exe"= TCP:l:\programmi\pyton\pythonw.exe:pythonw
"TCP Query User{40973EE5-94CA-4701-96E5-AB876A7DDF57}l:\\programmi\\emule adunanza\\emule_adnza.exe"= UDP:l:\programmi\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{7E3B5341-797E-432A-B167-D5F7921AE304}l:\\programmi\\emule adunanza\\emule_adnza.exe"= TCP:l:\programmi\emule adunanza\emule_adnza.exe:eMule
"{F5BE0340-EC69-4680-A2BB-B2F89BE90E67}"= UDP:l:\programmi\VideoSpin\Programs\RM.exe:Render Manager
"{79EDB377-820D-4B42-A2E6-63832BE5F324}"= TCP:l:\programmi\VideoSpin\Programs\RM.exe:Render Manager
"{CDD10296-3301-422C-B1C7-51E090900EF9}"= UDP:l:\programmi\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{2F1E3B39-03AD-48FC-A58E-4C944697DD38}"= TCP:l:\programmi\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{D35076DF-6F9C-429D-BC12-85FACCD4EE48}"= UDP:l:\programmi\VideoSpin\Programs\umi.exe:umi
"{EEE8DBBF-63F5-47C1-BBE1-03E841564A02}"= TCP:l:\programmi\VideoSpin\Programs\umi.exe:umi
"{C98F65D4-E005-4E5B-9592-20D54C242CEB}"= UDP:l:\programmi\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{C130F40C-886D-41A7-86F2-D3F4815FC71B}"= TCP:l:\programmi\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"TCP Query User{766B2188-63BC-4031-99AA-3EB429005D54}l:\\programmi\\virtualbox\\virtualbox.exe"= UDP:l:\programmi\virtualbox\virtualbox.exe:VirtualBox
"UDP Query User{9302ECC6-84BF-4BFD-B08F-F8C822903D79}l:\\programmi\\virtualbox\\virtualbox.exe"= TCP:l:\programmi\virtualbox\virtualbox.exe:VirtualBox
"TCP Query User{0BBCD41F-9CEF-449F-89EB-90090D6365F5}l:\\download\\emule adunanza\\emule_adnza.exe"= UDP:l:\download\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{D77C09FC-DE82-4A99-917D-FA7F941674BB}l:\\download\\emule adunanza\\emule_adnza.exe"= TCP:l:\download\emule adunanza\emule_adnza.exe:eMule
"TCP Query User{DD2C963C-CF4B-49C0-82A5-CD7F4A51E700}c:\\program files\\sun\\xvm virtualbox\\virtualbox.exe"= UDP:c:\program files\sun\xvm virtualbox\virtualbox.exe:VirtualBox
"UDP Query User{9BCA891F-97FF-4373-9947-349EA06042E6}c:\\program files\\sun\\xvm virtualbox\\virtualbox.exe"= TCP:c:\program files\sun\xvm virtualbox\virtualbox.exe:VirtualBox
"{1E9D8F39-DA33-4997-A70F-1AD230581F8F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{886C79CE-23E8-4016-AB04-2C9D87DD6176}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{B991BC37-C99C-4140-873A-EECC395646F1}l:\\programmi\\starcraft\\starcraft.exe"= UDP:l:\programmi\starcraft\starcraft.exe:Starcraft
"UDP Query User{58593D27-A353-4500-B9B7-48EF66B4AD43}l:\\programmi\\starcraft\\starcraft.exe"= TCP:l:\programmi\starcraft\starcraft.exe:Starcraft
"{E18E5B2F-61A0-44C8-AE4A-612A9D075BB4}"= UDP:c:\users\Enrico\AppData\Local\Opera\Opera\profile\cache4\temporary_download\utorrent.exe:µTorrent (TCP-In)
"{3530337A-9A77-43FD-93DD-F0AC76B589B4}"= TCP:c:\users\Enrico\AppData\Local\Opera\Opera\profile\cache4\temporary_download\utorrent.exe:µTorrent (UDP-In)
"{C70AB7D8-9E2E-4D25-9319-6DA4548DA884}"= UDP:l:\programmi\ZT2\zt.exe:Zoo Tycoon 2 Executable
"{225C7154-4E94-470B-A26E-C577755CD871}"= TCP:l:\programmi\ZT2\zt.exe:Zoo Tycoon 2 Executable
"{06BD736D-7077-45AE-A828-181928A311A6}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{3C1E878E-D642-4B3A-A731-7B99ABE9CE84}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{A749E1B4-02A9-4BBE-A37C-F09CB611A553}l:\\programmi\\msn backup\\msnbackup.exe"= UDP:l:\programmi\msn backup\msnbackup.exe:MSN BackUp
"UDP Query User{25B5B677-21D1-4308-A15F-EBFEB56D82B6}l:\\programmi\\msn backup\\msnbackup.exe"= TCP:l:\programmi\msn backup\msnbackup.exe:MSN BackUp
"TCP Query User{150B9F20-85DA-4942-B25D-3095171E5C88}j:\\programmi\\emule adunanza\\emule_adnza.exe"= UDP:j:\programmi\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{FAE95A33-B194-4B6E-9C29-7135EFBDE589}j:\\programmi\\emule adunanza\\emule_adnza.exe"= TCP:j:\programmi\emule adunanza\emule_adnza.exe:eMule
"TCP Query User{450F5341-8193-4DB7-AFD2-6AB11DEB5C82}j:\\programmi\\starcraft\\starcraft.exe"= UDP:j:\programmi\starcraft\starcraft.exe:StarCraft
"UDP Query User{78FFCBBA-7B78-492D-9887-3D71C13A3FA9}j:\\programmi\\starcraft\\starcraft.exe"= TCP:j:\programmi\starcraft\starcraft.exe:StarCraft
"{EDFB14F6-19D7-4B92-887E-C6BC1356FB85}"= UDP:j:\programmi\µTorrent\uTorrent.exe:µTorrent (TCP-In)
"{99F56069-D29F-4B2A-BE74-9FFD23F73E81}"= TCP:j:\programmi\µTorrent\uTorrent.exe:µTorrent (UDP-In)
"{0751C4BA-B9DC-4FB4-AE94-C787806F2D19}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{109AC256-9B8F-4821-8344-CC13D3DB61AB}"= UDP:d:\atomic newsgroup explorer\AtomicNewsgroupExplorer.exe:Atomic Newsgroup Explorer
"{80882923-9409-4D26-A9D2-A59A50320FC9}"= TCP:d:\atomic newsgroup explorer\AtomicNewsgroupExplorer.exe:Atomic Newsgroup Explorer
"TCP Query User{632FF7C8-393C-4ED0-83B8-50679B407E50}j:\\programmi\\µtorrent\\utorrent.exe"= UDP:j:\programmi\µtorrent\utorrent.exe:µTorrent
"UDP Query User{A6D1E39A-51C0-4BC1-BAE0-C2249A5DEADE}j:\\programmi\\µtorrent\\utorrent.exe"= TCP:j:\programmi\µtorrent\utorrent.exe:µTorrent
"{D0984255-1C28-4687-8B9F-2BBDF719F23A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CA23249D-7767-4560-BD3A-1440D4AA36BB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{45025C58-356F-497D-B14F-567053C5F38C}j:\\programmi\\emule adunanza\\emule_adnza.exe"= UDP:j:\programmi\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{4273084C-F9F7-4FFB-90EA-28A93C5C1A0D}j:\\programmi\\emule adunanza\\emule_adnza.exe"= TCP:j:\programmi\emule adunanza\emule_adnza.exe:eMule
"{34B6C8CF-0B6E-4ED1-8CFD-54D2A02503EA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3787A042-5C16-4B8E-8BD0-C382D608876F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{32FF4D1F-17AF-46CC-ABCF-0D744E1B294E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E8D629EE-37CF-45CB-95C6-1EF2B0E6C581}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8CF9F5FF-16D2-4506-B168-C0A9E8480F02}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EF2FFD3E-48B3-4A75-908E-4DF97D38D782}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2D509D71-A161-4C5C-9422-B112DBB13E9D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6C2ABFB9-0A17-479E-A3E2-7C6B61E11399}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BA084DA3-B285-4981-985E-62ADC236AF12}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A2923DF9-E74C-4907-AF77-B683DD8D8DF5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{23DE3BB6-F151-42F4-8DF5-439AE2098C8D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D718EB1D-BB45-4F87-9DD9-B6241C7EB998}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DF18D1F6-1A4E-4CB3-A454-316A966715CB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5CCBCC13-5FBC-4479-A3C5-CBD624911EB8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6BAE68E3-92BE-4C2F-B2F3-D337E30A6F3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{37562735-63A0-4C5E-8CFA-1204EFDE269D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CFE96BDB-8D6C-48E7-83C1-7005DB19C926}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{376DE4FF-1930-40EF-A0B6-D2B6048B70CF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2BF9087A-7328-4841-9568-DDB3CBCA67B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{61E49468-5F65-41FE-B48D-7A8242B35885}j:\\programmi\\msn backup\\msnbackup.exe"= UDP:j:\programmi\msn backup\msnbackup.exe:MSN BackUp
"UDP Query User{FD13B5A0-419F-418A-A8A4-6ECA1CBDA171}j:\\programmi\\msn backup\\msnbackup.exe"= TCP:j:\programmi\msn backup\msnbackup.exe:MSN BackUp
"{2A814D3A-E762-4615-94EC-8CD359D8EAAD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E2D44A4B-D478-423A-B4A3-9EEF2D6AF108}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C3DE2F96-2E46-4476-97DD-56A5FB90BE4E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{145993E8-A966-40E3-9089-FD29D173DD34}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6207927B-E41D-498E-B8E1-E927E1E43FCE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{23AE494B-1576-4E18-9C81-32FB29D6B02E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{16E8065A-D795-44A4-95C0-CD115F135F25}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{190921C4-8007-4178-B99F-C83E1222822F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5B909875-20AC-46AF-8A59-11A026D14616}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C5186F91-D744-4CE2-AFB6-3C1D1F0F15CF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7C4DC08C-11FD-499D-A582-5FEF5F001C94}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{44CBBA6D-F54B-4F69-BDD2-217C8019F60B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A7480017-E8D0-41B7-87E1-319F90892244}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6454D569-2EC6-4333-B5BF-32D94189363C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{77D8A9A3-C8D1-480F-ADA8-D4B0B0DCA55C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{88085BC9-0A73-4023-A2C8-BDD3FABD1D84}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3F861A0C-3477-4EF3-8657-A701014C2C83}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0FB41F94-7DF7-4BEC-B8CB-FFD2EE06C584}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A47FDB69-7A72-48DB-A110-08040F9692CE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{3DA56E52-BC55-4E02-8AFD-3604884121A1}j:\\programmi\\american conquest - edizione oro\\fight back\\dmcr.exe"= UDP:j:\programmi\american conquest - edizione oro\fight back\dmcr.exe:dmcr
"UDP Query User{B14C56D0-F87B-41DE-B997-10CAD42CB69A}j:\\programmi\\american conquest - edizione oro\\fight back\\dmcr.exe"= TCP:j:\programmi\american conquest - edizione oro\fight back\dmcr.exe:dmcr
"{9FF3811B-8B4D-4315-A836-AC3050319EBD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A01FD5CA-B31A-4104-B33D-E025E01A04B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{530F4E80-BEA2-488C-B550-206281616903}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B7E2688C-F99F-440D-855E-60AF31371201}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{8F333A64-F5AB-4596-A06A-B02E7919C6A1}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{343F2BA6-FD7D-496F-B1BF-DA28863C6D4E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{58F0A592-FA75-421A-8C14-1974A18B5E8D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C7847FCB-1401-4F33-812D-652D18B2D9FF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0D859DA4-F8B5-49A3-9ED8-769970FAAC63}"= UDP:7036:gfkbtuzv
"{5B5A9BF8-9ACC-4DBA-9507-8F5F24E9667A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3B4B72A4-73F6-4CB0-A6C0-3AF9A74A3648}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9BA9269C-83CB-40DB-9450-47C3A495A8FF}j:\\programmi\\empire earth\\empire earth.exe"= UDP:j:\programmi\empire earth\empire earth.exe:Empire Earth
"UDP Query User{A67D373B-29B5-41E4-BB15-48623CB9CC9D}j:\\programmi\\empire earth\\empire earth.exe"= TCP:j:\programmi\empire earth\empire earth.exe:Empire Earth
"{056FB9E8-83A7-4766-90D3-D8E5A740B02D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2D4C068A-7D71-411E-B0C4-1EBD6C7BBA6C}j:\\programmi\\age of empires\\empires2.icd"= UDP:j:\programmi\age of empires\empires2.icd:Age of Empires II
"UDP Query User{8BF3195D-6FC4-4B26-A64C-09C0DC378597}j:\\programmi\\age of empires\\empires2.icd"= TCP:j:\programmi\age of empires\empires2.icd:Age of Empires II
"TCP Query User{CBE45685-0C8A-429C-900C-7D7EF42E9838}j:\\programmi\\empires2.icd"= UDP:j:\programmi\empires2.icd:Age of Empires II
"UDP Query User{53133E82-23FF-4107-B0B3-6F7258D212B6}j:\\programmi\\empires2.icd"= TCP:j:\programmi\empires2.icd:Age of Empires II
"TCP Query User{79181BDA-3BF4-40A8-A915-3D28178EA149}j:\\programmi\\age2_x1\\age2_x1.icd"= UDP:j:\programmi\age2_x1\age2_x1.icd:Age of Empires II Expansion
"UDP Query User{4352B040-BBDF-49AA-9D50-6BFEF0CE1640}j:\\programmi\\age2_x1\\age2_x1.icd"= TCP:j:\programmi\age2_x1\age2_x1.icd:Age of Empires II Expansion
"TCP Query User{0AC0F719-D2B6-4EF8-8356-B3B02CDA83EE}j:\\programmi\\age2_x1.exe"= UDP:j:\programmi\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{632CD135-E0B3-4F61-A984-F09F6655C2A1}j:\\programmi\\age2_x1.exe"= TCP:j:\programmi\age2_x1.exe:Age of Empires II Expansion
"{7AAE5DC7-5EAF-400C-8AC9-3C9089987459}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B5F5D29B-700F-496C-88DB-D21664320F55}j:\\programmi\\age of empires 2\\age2_x1\\age2_x1.icd"= UDP:j:\programmi\age of empires 2\age2_x1\age2_x1.icd:Age of Empires II Expansion
"UDP Query User{E5B7B34F-E0E0-4C15-B1B5-53C0050AC78E}j:\\programmi\\age of empires 2\\age2_x1\\age2_x1.icd"= TCP:j:\programmi\age of empires 2\age2_x1\age2_x1.icd:Age of Empires II Expansion
"TCP Query User{D8AE0FDC-D331-4D26-8540-68D42C3CBFB3}j:\\programmi\\age of empires 2\\empires2.icd"= UDP:j:\programmi\age of empires 2\empires2.icd:Age of Empires II
"UDP Query User{35B8AD69-5771-49CA-845D-828DFF8361DD}j:\\programmi\\age of empires 2\\empires2.icd"= TCP:j:\programmi\age of empires 2\empires2.icd:Age of Empires II
"{DE100E95-D856-45DA-9BB5-0172165BB596}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4C888D03-FE8C-440F-A31E-648FD1052783}j:\\download\\emule adunanza\\emule_adnza.exe"= UDP:j:\download\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{47182736-9308-46E0-B539-59FB35576D74}j:\\download\\emule adunanza\\emule_adnza.exe"= TCP:j:\download\emule adunanza\emule_adnza.exe:eMule
"{18A1C735-AAE5-4CA4-A792-200135B6D832}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{438C86F9-A3C1-4B99-B773-3B4314A57D7F}j:\\programmi\\age of empires 2\\age2_x1.exe"= UDP:j:\programmi\age of empires 2\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{A88E7276-7F3C-417D-AE9A-02F92023F454}j:\\programmi\\age of empires 2\\age2_x1.exe"= TCP:j:\programmi\age of empires 2\age2_x1.exe:Age of Empires II Expansion
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [13/02/2009 10.39.24 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [13/02/2009 11.16.42 108552]
R1 is-D4DIUdrv;is-D4DIUdrv;c:\windows\System32\drivers\40742672.sys [04/08/2009 16.06.24 148496]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [13/05/2009 19.05.34 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [13/05/2009 19.02.54 41424]
R3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/12/2006 11.34.42 507136]
R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [13/02/2009 10.19.35 454520]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [13/02/2009 10.06.11 46592]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [27/04/2009 20.39.08 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [27/04/2009 20.39.08 87696]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe
c:\progra~1\AVG\AVG8\avgemc.exe
![[?]](http://www.megalab.it/forum/images/smilies/confused.gif "Confuso")
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
S2 bubbo;Boot Security;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 eyejmoikz;Manager Installer;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 gajwxpy;Manager Image;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 gupdate1c9eac81fe1de63;Servizio di Google Update (gupdate1c9eac81fe1de63);c:\program files\Google\Update\GoogleUpdate.exe [11/06/2009 21.09.19 133104]
S2 jufqmhrv;Universal Network;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 lorbcuh;Update Installer;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 mckeeo;Microsoft Driver;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 mmuxmgtci;Security System;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 mxpwzk;Time Monitor;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 orhuy;Shell Helper;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 pbinpv;Task Manager;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 rdsdqccj;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 rqmkz;Server Driver;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 tduqq;System Universal;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 ticwlhim;Time Update;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 uygtpuh;Driver Manager;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 vdqkricyr;Image Center;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 vfekc;Shell Security;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 wmurn;Monitor Update;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 xhidlzbmy;Microsoft Image;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S2 zytggij;Driver Time;c:\windows\system32\svchost.exe -k netsvcs [13/02/2009 13.39.01 21504]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [29/05/2009 21.33.16 40160]
S3 VBoxUSB;VirtualBox USB;c:\windows\System32\drivers\VBoxUSB.sys [16/02/2009 18.47.00 31824]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jufqmhrv
rdsdqccj
tduqq
orhuy
eyejmoikz
uygtpuh
vdqkricyr
rqmkz
mckeeo
mxpwzk
pbinpv
zytggij
gajwxpy
ticwlhim
vfekc
xhidlzbmy
mmuxmgtci
wmurn
bubbo
lorbcuh
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 19:09]
2009-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 19:09]
2009-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2232847502-1444760326-1672518796-1000Core.job
- c:\users\Enrico\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-13 19:41]
2009-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2232847502-1444760326-1672518796-1000UA.job
- c:\users\Enrico\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-13 19:41]
2009-07-11 c:\windows\Tasks\Schedule Task Weekly.job
- j:\programmi\Registry Easy\RE.exe [2009-06-27 14:08]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Copy Handler - j:\programmi\Copy Handler\ch.exe
HKCU-Run-CubeDesktop - (no file)
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-Copy Handler - (no file)
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uDefault_Search_URL =
hxxp://www.google.com/ieuInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - d:\office\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Enrico\AppData\Roaming\Mozilla\Firefox\Profiles\xmc30l97.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.fastbrowsersearch.com/result ... EF&v=18&q=FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmaud.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmprog.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmvid.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmzip.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Enrico\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-04 19:42
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\bubbo]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\eyejmoikz]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gajwxpy]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\jufqmhrv]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lorbcuh]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mckeeo]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mmuxmgtci]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mxpwzk]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\orhuy]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pbinpv]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rdsdqccj]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rqmkz]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tduqq]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ticwlhim]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\uygtpuh]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vdqkricyr]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vfekc]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wmurn]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xhidlzbmy]
"ServiceDll"="c:\program files\Internet Explorer\gfsbzgt.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\zytggij]
"ServiceDll"="c:\windows\system32\gfsbzgt.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-2232847502-1444760326-1672518796-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E3DD3687-B37C-9CFC-D317-0AE861EC55FF}*]
"jaijaklplpoeikonihlo"=hex:66,61,70,6c,6f,6b,6b,61,70,66,66,65,00,aa
"paakhmcmjmcbjbandncobldilebchnna"=hex:65,61,70,6c,70,6b,61,62,63,64,00,65
"haijaklplpoeikon"=hex:6e,62,70,6c,6d,6b,66,69,6f,70,6f,6a,67,68,6a,6a,64,6a,
6b,64,62,66,63,6a,6d,69,70,61,66,6d,6a,64,63,62,6e,66,64,6a,66,70,68,65,65,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'Explorer.exe'(2276)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\System32\conime.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
j:\programmi\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-04 19.50.28 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-04 17:49
Pre-Run: 27.453.784.064 byte disponibili
Post-Run: 29.482.102.784 byte disponibili
804 --- E O F --- 2009-08-01 16:59
Inviato: mar ago 04, 2009 2:02 pm![[boh]](http://www.megalab.it/forum/images/smilies/dntknw.gif "Boh")
Però mi sta venendo il dubbio che potrebbe essere anche la colpa di RocketDock di tutte queste disgrazie con la barra dgli strumenti ![[uhm]](http://www.megalab.it/forum/images/smilies/Dubbio.gif "Uhm...")