ComboFix 09-02-21.01 - SYSTEM 2009-02-24 0:53:30.3 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.2046.1603 [GMT 1:00]
Eseguito da: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 080523-0] *On-access scanning enabled* (Updated)
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *disabled*
FW: ZoneAlarm Firewall *enabled*
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\windows\system32\fufvnten.ini
c:\windows\system32\miehedle.ini
c:\windows\system32\ncfigtba.ini
c:\windows\system32\pepjceto.ini
c:\windows\system32\tnqhhfaw.ini
.
((((((((((((((((((((((((( Files Creati Da 2009-01-23 al 2009-02-23 )))))))))))))))))))))))))))))))))))
.
2009-02-15 22:07 . 2009-02-15 22:07 8,280 --a------ c:\windows\SETUP.LST
2009-02-15 22:07 . 2009-02-15 22:07 256 --a------ c:\windows\ST6UNST.002
2009-02-15 21:59 . 2009-02-15 22:00 1,090 --a------ c:\windows\ST6UNST.001
2009-02-14 21:40 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-14 21:40 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-14 21:40 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-14 21:40 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-14 21:40 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-14 21:40 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-14 21:40 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-14 21:40 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-14 21:31 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-14 21:31 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-14 21:31 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-14 21:31 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-14 21:31 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-14 16:54 . 2009-02-23 15:09 <DIR> d-------- c:\users\user\Tracing
2009-02-13 01:17 . 2009-02-23 17:06 <DIR> d-------- c:\users\Ale\Tracing
2009-02-13 01:14 . 2009-02-13 01:14 <DIR> d----c--- c:\program files\Microsoft Sync Framework
2009-02-13 01:04 . 2009-02-13 01:04 <DIR> d----c--- c:\program files\Windows Live SkyDrive
2009-02-13 01:04 . 2009-02-13 01:04 <DIR> d----c--- c:\program files\Microsoft
2009-02-12 20:06 . 2009-02-12 20:06 <DIR> d----c--- c:\program files\Common Files\Windows Live
2009-02-08 16:27 . 2009-02-08 16:27 98,304 --a------ c:\windows\system32CmdLineExt.dll
2009-02-08 01:54 . 2009-02-08 11:47 <DIR> d----c--- c:\program files\SpeedBit Video Accelerator
2009-02-08 01:47 . 2009-02-08 11:44 <DIR> d-------- c:\users\All Users\SpeedBit
2009-02-08 01:47 . 2009-02-08 11:44 <DIR> d-------- c:\programdata\SpeedBit
2009-02-08 01:16 . 2009-02-23 17:04 10,056,736 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-02-08 01:16 . 2009-02-24 01:00 1,212,448 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2009-02-08 01:16 . 2009-02-23 17:04 80,696 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-02-08 01:16 . 2009-02-24 01:00 5,224 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2009-02-06 20:01 . 2009-02-06 20:01 308,088 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:58 . 2009-02-06 20:13 <DIR> d-------- c:\windows\Internet Logs
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-06 18:51 . 2009-02-06 18:51 135,168 --a--c--- C:\zip.exe
2009-02-06 18:51 . 2009-02-06 18:51 19,286 --a--c--- C:\cleanup.exe
2009-02-06 18:51 . 2009-02-06 18:51 574 --a--c--- C:\cleanup.bat
2009-02-03 19:45 . 2009-02-03 19:45 <DIR> dr-h-c--- C:\MSOCache
2009-02-03 19:05 . 2009-02-03 19:07 <DIR> d----c--- c:\program files\FreePOPs
2009-02-03 18:51 . 2009-02-03 18:51 <DIR> d-------- c:\users\Ale\AppData\Roaming\Thunderbird
2009-02-01 12:41 . 2009-02-01 12:41 <DIR> d----c--- c:\program files\MagicDVDRipper
2009-01-28 18:07 . 2009-01-28 18:07 <DIR> d----c--- c:\program files\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 00:00 --------- d-----w c:\users\Ale\AppData\Roaming\Skype
2009-02-23 23:59 --------- d-----w c:\users\Ale\AppData\Roaming\soundcrank
2009-02-23 23:59 --------- d-----w c:\users\Ale\AppData\Roaming\skypePM
2009-02-23 23:41 --------- d-----w c:\users\Ale\AppData\Roaming\uTorrent
2009-02-23 21:19 --------- d-----w c:\programdata\Google Updater
2009-02-23 16:06 --------- d-----w c:\programdata\Kaspersky Lab
2009-02-23 14:09 --------- d-----w c:\users\user\AppData\Roaming\soundcrank
2009-02-19 14:51 --------- d-----w c:\users\Ale\AppData\Roaming\HTNetMeter
2009-02-19 14:50 --------- dc----w c:\program files\HooTech
2009-02-15 21:07 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-02-15 21:07 249,856 ------w c:\windows\Setup1.exe
2009-02-15 12:59 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-14 20:55 --------- d-----w c:\program files\Windows Mail
2009-02-14 15:54 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-13 00:16 --------- d-----w c:\program files\Windows Live
2009-02-13 00:15 --------- d-----w c:\program files\Windows Live Toolbar
2009-02-12 22:38 --------- dc----w c:\program files\FSacars
2009-02-12 21:52 --------- d-----w c:\users\Ale\AppData\Roaming\teamspeak2
2009-02-12 19:04 --------- dc----w c:\program files\Messenger Plus! Live
2009-02-08 10:44 --------- d---a-w c:\programdata\TEMP
2009-02-08 00:50 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-08 00:50 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-08 00:50 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-08 00:14 --------- dc----w c:\program files\Spybot - Search & Destroy
2009-02-05 21:01 --------- dc----w c:\program files\Unlocker
2009-02-03 18:05 --------- d-----w c:\users\Ale\AppData\Roaming\Any Video Converter
2009-01-30 14:29 --------- d-----w c:\programdata\Yahoo! Companion
2009-01-30 12:27 --------- d-----w c:\users\user\AppData\Roaming\Skype
2009-01-28 22:13 --------- dc----w c:\program files\CCleaner
2009-01-28 17:09 --------- d-----w c:\programdata\HP
2009-01-22 14:00 --------- dc----w c:\program files\iTunes
2009-01-22 14:00 --------- dc----w c:\program files\iPod
2009-01-22 14:00 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-22 13:59 --------- dc----w c:\program files\Common Files\Apple
2009-01-22 13:58 --------- dc----w c:\program files\QuickTime
2009-01-22 13:57 --------- d-----w c:\programdata\Apple Computer
2009-01-22 13:53 --------- dc----w c:\program files\Google
2009-01-21 12:29 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-18 09:29 --------- dc----w c:\program files\vasfmc
2009-01-13 18:15 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-01-13 18:14 --------- dc----w c:\program files\TP-LINK
2009-01-13 17:33 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-01-13 17:33 --------- dc----w c:\program files\Logitech
2009-01-13 17:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-13 17:31 --------- dc----w c:\program files\Common Files\LogiShrd
2009-01-13 17:30 --------- d-----w c:\programdata\Logishrd
2009-01-08 23:04 --------- dc----w c:\program files\SpeedFan
2009-01-07 23:35 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-07 23:35 --------- d-----w c:\program files\Realtek
2009-01-07 22:17 --------- dc----w c:\program files\Teamspeak2_RC2
2009-01-07 11:36 --------- dc----w c:\program files\Common Files\Logitech
2009-01-04 23:03 --------- d-----w c:\program files\Microsoft Games
2009-01-04 22:56 --------- d-----w c:\users\Ale\AppData\Roaming\Image Zone Express
2009-01-03 17:48 --------- dc----w c:\program files\DOSBox-0.72
2008-12-30 20:41 --------- dc----w c:\program files\FSC
2008-12-29 10:47 --------- d-----w c:\users\Giampiero\AppData\Roaming\uTorrent
2008-12-29 10:41 --------- d-----w c:\users\Giampiero\AppData\Roaming\soundcrank
2008-12-29 10:40 --------- d-----w c:\users\Giampiero\AppData\Roaming\Skype
2008-12-29 10:40 --------- d-----w c:\users\Giampiero\AppData\Roaming\qliner
2008-12-29 10:39 --------- d-----w c:\users\Giampiero\AppData\Roaming\skypePM
2008-12-29 10:38 --------- d-----w c:\users\Giampiero\AppData\Roaming\Nero
2008-12-28 17:48 --------- dc----w c:\program files\NCH Swift Sound
2008-12-11 15:14 22,328 ----a-w c:\users\Ale\AppData\Roaming\PnkBstrK.sys
2008-12-06 12:52 737,280 ----a-w c:\windows\iun6002.exe
2008-11-26 20:29 283,648 ----a-w c:\windows\sduninstall.exe
2008-08-18 15:49 100 -c--a-w c:\program files\lpsrrs.txt
2008-03-20 17:29 32 ----a-w c:\users\All Users\ezsid.dat
2008-03-20 17:29 32 ----a-w c:\programdata\ezsid.dat
2007-12-11 21:50 174 --sha-w c:\program files\desktop.ini
2002-08-20 12:17 217,088 ----a-r c:\users\Ale\AppData\Roaming\MafiaSetup.exe
2008-07-30 13:27 90 --sh--w c:\windows\cnerolf.bin
2008-07-07 18:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-07 18:09 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-07 18:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-07-17 09:56 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-17 09:56 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-17 09:56 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-08-19 09:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-18 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-05-28 219952]
"Google Update"="c:\users\Ale\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"NetMeter"="c:\program files\HooTech\NetMeter\HooNetMeter.exe" [2009-02-19 458752]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"KMCONFIG"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-09 144792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"AliceRV_McciTrayApp"="c:\program files\Alice ti aiuta\McciTrayApp.exe" [2007-01-23 1001472]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-16 185872]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"00Hotkeys"="c:\program files\Qliner Hotkeys\HotKeys.exe" [2006-12-02 45056]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-08 206088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-25 218496]
c:\users\Ale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Alice ADSL.lnk - c:\windows\System32\rasphone.exe [2008-06-06 39424]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-01-13 66864]
SoundcrankLoader.lnk - c:\program files\Soundcrank\SoundcrankLoader.exe [2008-06-14 97280]
TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe [2009-01-13 622592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_Dlls"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.IV41"= IR41_32.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000004
"UpdatesDisableNotify"=dword:00000004
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-654735759-1580040636-1870263581-1001]
"EnableNotificationsRef"=dword:00000009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F53BF8E9-868D-472D-9B19-F862D72D5F5A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6255F4C3-FED8-4498-B8CB-31F181FBA8F8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{951258A4-86D2-46D0-BB24-95393399E9F4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4DF24077-AF71-4E81-A40A-5E380C04CE96}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{0813CB8B-E2AF-42D6-81DE-FDC02A8A63AF}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{9291E9FA-3A40-42C1-96B4-DD93DA03B617}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{13BA4036-7309-4D8A-AA4B-6D9731143153}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DBEAB16F-4BDE-4159-BBEB-5AAB1884863C}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{8F08D1EC-CF1A-4497-80F8-71CC687508EB}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{3294867D-822F-436E-A5E8-7FCCA59BA1C8}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{24F6CD2A-DF95-4DA1-A1F8-3DB566FA4AE2}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{0412EC3D-D865-4CB2-B670-5A8A18A3568F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{281306B9-08D5-4897-9D92-64D0F785EC3B}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{94A3F6DA-3593-4DA3-B05F-D9AED95463AF}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{CB1B0CFC-9FAE-426E-872F-CCB909A79CB3}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{A646F472-459D-49E7-BD7E-46F035002031}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{223461B5-5783-4529-96A5-116AF3F89492}c:\\users\\ale\\program files\\dna\\btdna.exe"= UDP:c:\users\ale\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CE3CA3D5-5C9A-4C4C-9CD7-19345B0A07E0}c:\\users\\ale\\program files\\dna\\btdna.exe"= TCP:c:\users\ale\program files\dna\btdna.exe:btdna.exe
"TCP Query User{B51FDD98-65E2-4C22-8101-DF14F2EF4D35}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{12C0663F-7480-4027-BF37-44BF8B3B2AEC}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{D05A000A-3FF0-4957-99FA-B7B8EDE87BEE}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3638D3CD-1F82-45D6-8C13-7BFC8130E05F}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0134BA45-59B8-47E0-8159-EA68E699A784}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{40AC4A1B-B488-42B9-BB34-3B347CA5F547}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{7AE08522-637D-40B7-9595-085B9508F70A}c:\\team17\\worms2\\frontend.exe"= UDP:c:\team17\worms2\frontend.exe:Worms 2 Frontend
"UDP Query User{4B5A5DE4-65E9-4BD0-9E9B-BC1A0ECC6AA3}c:\\team17\\worms2\\frontend.exe"= TCP:c:\team17\worms2\frontend.exe:Worms 2 Frontend
"TCP Query User{8A9A0F31-81E0-44DF-8C24-58E208A3F0DB}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Helper Microsoft DirectPlay
"UDP Query User{33B055B4-60A4-4EB1-85D8-4EA15623BE83}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Helper Microsoft DirectPlay
"{E1E013FE-6A11-467D-9A33-867502A6D51E}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{8E0F01FF-4C1A-488F-B649-EC86A741E407}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{2389B8E6-1755-458F-BBEF-D8983DB5C6E3}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"TCP Query User{65D7FC00-86D6-4A4E-9088-19B6438B86CC}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{111B2485-93E7-4658-8B4C-8424CFA0DE41}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{012C312B-75B2-42E4-AFC7-62030B6FAD58}c:\\program files\\ubisoft\\il-2 sturmovik 1946\\il2fb.exe"= Disabled:UDP:c:\program files\ubisoft\il-2 sturmovik 1946\il2fb.exe:il2fb
"UDP Query User{95F44684-4854-413D-AE52-C3DABB5E5DA8}c:\\program files\\ubisoft\\il-2 sturmovik 1946\\il2fb.exe"= Disabled:TCP:c:\program files\ubisoft\il-2 sturmovik 1946\il2fb.exe:il2fb
"TCP Query User{E341DEA7-04A8-473B-904B-61FBF7C5D39A}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= Disabled:UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{0D80DFFA-B318-410C-98BE-587DC878A1DA}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= Disabled:TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{CC201CB5-3406-46B7-9053-A1A1607A7F85}c:\\kav\\kav7.0\\english\\setup.exe"= UDP:c:\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{3C2EB320-BE74-48DB-88B5-711397C00FFD}c:\\kav\\kav7.0\\english\\setup.exe"= TCP:c:\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{C63290AC-866A-4BEC-B704-C03EA98A880A}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{7B6B7DEF-8891-4909-8778-E209C3834EE3}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"{B48AA4E9-F51E-489E-A54D-7B99B67C8ABF}"= UDP:c:\program files\uTorrent\uTorrent.exe:uTorrent
"{339BF3E7-01F2-48A1-99A1-BFCB45A651E3}"= TCP:c:\program files\uTorrent\uTorrent.exe:uTorrent
"TCP Query User{75FB8904-9187-4DF2-BD25-3F3DE1DF8FE5}c:\\users\\ale\\desktop\\cacca\\utorrent_1.7.7.exe"= UDP:c:\users\ale\desktop\cacca\utorrent_1.7.7.exe:utorrent_1.7.7.exe
"UDP Query User{85C3A2F5-C367-47AB-B0E1-0DFC7A934F15}c:\\users\\ale\\desktop\\cacca\\utorrent_1.7.7.exe"= TCP:c:\users\ale\desktop\cacca\utorrent_1.7.7.exe:utorrent_1.7.7.exe
"{2839A547-105A-474A-93FC-0828CCFBCB2C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5CFA8F96-264D-4E80-ABD6-1967F4026266}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7D99BFFE-8F70-441F-8E94-7CFB2568422A}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{A7574008-B0FE-4800-8688-B7E834E6E8E0}"= UDP:c:\program files\Microsoft Games\Flight Simulator\FLTSIM98.EXE:Flight Simulator 98
"{EE774F48-0261-4CA2-BF4B-3BF5420DA927}"= TCP:c:\program files\Microsoft Games\Flight Simulator\FLTSIM98.EXE:Flight Simulator 98
"TCP Query User{2B207A12-46C3-4D65-B825-8582677AED26}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\italian\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\italian\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{F59E8432-FFBB-4313-B1E5-EF0C20D79F47}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\italian\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\italian\setup.exe:Kaspersky Internet Security 2009 Setup
"{A5F19E0A-77F9-4C32-9261-114592CEAA11}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{67017158-3744-4529-A07E-3BB78294A142}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{88EC1F5B-2E11-4BAE-8336-37680BF3A7C2}"= UDP:C:\winvnc.exe:mqdsmode=enablescope=all
"{E3EE27CE-3748-471A-ACFA-5E8F4C602BC7}"= TCP:C:\winvnc.exe:mqdsmode=enablescope=all
"{1643B963-B44C-485E-B1FA-CEC5347A8BD6}"= UDP:C:\winvnc.exe:mqdsmode=enablescope=all
"{CBD89356-F521-445F-9295-6BF7A78F19FD}"= TCP:C:\winvnc.exe:mqdsmode=enablescope=all
"TCP Query User{3CE30692-F254-4051-A415-74232A02D285}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C13157F7-3E54-46BA-B371-A3D2E145CA2B}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{71373EE6-0B1E-46F7-8701-0C28F79BE2EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3F7A91F4-635E-4CCF-8746-E287151498B2}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{33E6D7BD-7D88-4553-95B3-07377A200BEB}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{4606D10E-B2DE-49EE-A658-B09ED16B0504}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{67E080A8-A268-4009-BE66-7155B93B4F7A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{8046D2E0-E147-4233-AF6A-DA111F81A89A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{385D74C8-C890-4595-B85E-1F9BB391823E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CD3B3CAA-B031-4DF5-9CA7-EC60FEB9C924}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{0C5F9C65-409E-47E7-A12B-3E9B12F360B9}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{E73C92EA-7733-4CA8-96DB-DE9B8385907B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BBCDD317-E717-4D26-8F00-D1F5F369C255}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9EE70C06-804D-4C89-9EF6-33407C3439C9}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{89131462-2922-4017-B4D4-3791654EFE13}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{921F8021-CEBD-4048-8E4E-C08BE7ADD576}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3C512C21-984F-41D0-BFDF-737A3BB1A244}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{12AC90E6-A60E-433E-AB17-68EAB20F1D5F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2008-08-17 28544]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\System32\drivers\StarPortLite.sys [2008-04-23 85760]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe [2007-05-10 208896]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [2008-11-12 46592]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2007-05-11 329728]
S3 RkPavproc2;RkPavproc2;c:\windows\System32\drivers\RkPavproc2.sys [2008-08-17 16952]
S3 sdAuxService;PC Tools Auxiliary Service; [x]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70b33549-1cee-11dd-adf9-001d6088553e}]
\shell\AutoRun\command - e:\setup\rsrc\autorun.exe
\shell\dinstall\command - e:\directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b482af38-ec47-11dc-8651-001d6088553e}]
\shell\AutoRun\command - g:\setup\rsrc\autorun.exe
\shell\dinstall\command - g:\directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9038d3e-c75f-11dd-bb18-001d6088553e}]
\shell\AutoRun\command - F:\MafiaLauncher.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdd54e11-2f1c-11dd-95e4-001d6088553e}]
\shell\AutoRun\command - g:\setup\rsrc\autorun.exe
\shell\dinstall\command - g:\directx\dxsetup.exe
.
Contenuto della cartella 'Scheduled Tasks'
2009-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-654735759-1580040636-1870263581-1001.job
- c:\users\Ale\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 11:34]
2009-02-23 c:\windows\Tasks\User_Feed_Synchronization-{D2F2E3AE-B412-4662-AE8D-EFA8A45FE823}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
ShellExecuteHooks-{508E980C-F09F-4908-BCC6-F4C533A15EA6} - (no file)
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://mystart.incredimail.com/IE: c:\users\Ale\Desktop\Rapidown\Nuova cartella\rapidownGetAll.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: Aggiungi a PDF esistente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi al banner Blocco pubblicità - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Converti destinazione link in Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
TCP: {28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E} = 85.37.17.8 85.38.28.73
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Ale\AppData\Roaming\Mozilla\Firefox\Profiles\42jyl095.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.live.com/results.aspx?FORM=IEFM1&q=FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - prefs.js: keyword.URL -
hxxp://search.live.com/results.aspx?FORM=IEFM1&q=FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ale\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-24 01:00:44
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti:
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'Explorer.exe'(11020)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\conime.exe
c:\program files\Trust\R-Series Mouse And Keyboard\KMCONFIG.exe
c:\windows\System32\rundll32.exe
c:\program files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Musicmatch\Musicmatch Jukebox\mim.exe
c:\program files\Trust\R-Series Mouse And Keyboard\KMProcess.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\iashost.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-24 1:09:24 - Il pc è stato riavviato [Ale]
ComboFix-quarantined-files.txt 2009-02-24 00:08:44
ComboFix2.txt 2008-09-05 18:06:55
ComboFix3.txt 2008-08-20 11:58:07
Pre-Run: Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
Post-Run: 180,640,247,808 byte disponibili
430 --- E O F --- 2009-02-14 20:53:48