ComboFix 09-03-23.01 - Kesson 2009-03-24 14.55.32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.3006.1863 [GMT 1:00]
Eseguito da: c:\users\Kesson\Desktop\Beagle\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
c:\users\Kesson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Videos.url
c:\users\Kesson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Kesson\EULA.txt
c:\users\Kesson\FAVORI~1\Videos.url
c:\users\Kesson\Favorites\Videos.url
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((((( Files Creati Da 2009-02-24 al 2009-03-24 )))))))))))))))))))))))))))))))))))
.
2009-03-24 13:45 . 2009-03-24 14:28 <DIR> d-------- c:\program files\FindyKill
2009-03-24 12:51 . 2009-03-24 14:17 <DIR> d-------- c:\users\Kesson\.housecall6.6
2009-03-24 12:17 . 2009-02-05 22:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-03-23 02:54 . 2009-03-23 02:54 <DIR> d-------- C:\30a74c708b885e8d56
2009-03-23 02:48 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-23 02:47 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-23 02:47 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-23 02:47 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-23 02:47 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-22 12:57 . 2009-03-23 07:06 <DIR> d-------- c:\users\All Users\Xfire
2009-03-22 12:57 . 2009-03-23 07:06 <DIR> d-------- c:\progra~2\Xfire
2009-03-22 12:48 . 2009-03-22 12:48 <DIR> d-------- c:\program files\AeriaGames
2009-03-21 18:07 . 2009-03-21 18:07 <DIR> d-------- c:\users\All Users\TVU Networks
2009-03-21 18:07 . 2009-03-21 18:07 <DIR> d-------- c:\progra~2\TVU Networks
2009-03-16 14:58 . 2008-12-09 19:17 21,248 --a------ c:\windows\System32\solidlocalmon.dll
2009-03-16 14:58 . 2008-12-09 19:17 13,568 --a------ c:\windows\System32\solidlocalui.dll
2009-03-16 14:20 . 2009-03-16 14:20 <DIR> d-------- c:\program files\Free PDF to Word Doc Converter
2009-03-11 08:31 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 08:31 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 08:31 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 08:31 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 08:27 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 08:21 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-02-26 19:46 . 2009-02-26 19:46 42,320 --a------ c:\windows\System32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 13:58 --------- d-----w c:\users\Kesson\AppData\Roaming\DNA
2009-03-24 13:42 --------- d-----w c:\users\Kesson\AppData\Roaming\Skype
2009-03-24 12:54 --------- d-----w c:\program files\DNA
2009-03-24 12:51 --------- d-----w c:\program files\Packard Bell Data Secure
2009-03-23 13:28 --------- d-----w c:\progra~2\Google Updater
2009-03-23 11:11 --------- d-----w c:\users\Kesson\AppData\Roaming\BitTorrent
2009-03-23 06:06 --------- d-----w c:\program files\Xfire
2009-03-23 00:18 --------- d-----w c:\users\Kesson\AppData\Roaming\Xfire
2009-03-21 17:11 --------- d-----w c:\program files\TVAnts
2009-03-21 17:06 --------- d-----w c:\program files\TVUPlayer
2009-03-16 17:09 --------- d-----w c:\users\Kesson\AppData\Roaming\SolidDocuments
2009-03-16 13:58 --------- d-----w c:\program files\Soliddocuments
2009-03-16 13:58 --------- d-----w c:\progra~2\SolidDocuments
2009-03-15 19:45 --------- d-----w c:\program files\Zoom Player
2009-03-12 02:06 --------- d-----w c:\program files\Windows Mail
2009-03-12 02:01 --------- d-----w c:\progra~2\Microsoft Help
2009-03-10 23:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-10 23:41 --------- d-----w c:\program files\Travaillons avec le Français !
2009-03-10 23:40 --------- d-----w c:\program files\MySQL
2009-02-24 03:19 --------- d---a-w c:\progra~2\TEMP
2009-02-22 13:08 --------- d-----w c:\program files\MSN Messenger
2009-02-22 13:08 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-05 16:22 --------- d-----w c:\users\Kesson\AppData\Roaming\MySQL
2009-02-05 15:53 --------- d-----w c:\progra~2\MySQL
2009-02-03 02:58 --------- d-----w c:\progra~2\NVIDIA
2009-02-03 02:27 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-24 12:10 --------- d-----w c:\program files\LucasArts
2008-12-24 10:58 606,848 ----a-w c:\windows\flashax.exe
2008-12-24 10:58 12,288 ----a-w c:\windows\impborl.dll
2008-12-24 01:32 194,560 ----a-w c:\windows\MesaLab_screensaver_Natale_1152.scr
2008-04-25 13:39 174 --sha-w c:\program files\desktop.ini
2008-01-03 17:07 13,413,048 ----a-w c:\users\Kesson\Google_Earth_BZXD.exe
2007-12-03 12:22 22,328 ----a-w c:\users\Kesson\AppData\Roaming\PnkBstrK.sys
2007-07-11 11:17 81,920 ----a-w c:\users\Kesson\AppData\Roaming\ezpinst.exe
2007-07-11 11:17 47,360 ----a-w c:\users\Kesson\AppData\Roaming\pcouffin.sys
2007-03-15 22:06 9,451,515 ----a-w c:\users\Kesson\vlc-0.8.6-win32.exe
2007-02-14 14:26 245,504 ----a-w c:\program files\Everest_Poker.exe
2007-02-11 01:35 4,859,480 ----a-w c:\users\Kesson\MsgPlusLive-411.exe
2007-02-11 01:22 17,938,288 ----a-w c:\users\Kesson\Install_Messenger.exe
2008-04-19 12:52 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-19 12:52 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-19 12:52 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-23 25268776]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"BitTorrent DNA"="c:\users\Kesson\Program Files\DNA\btdna.exe" [2009-03-24 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2009-03-24 319488]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-03-24 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]
c:\users\Kesson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-15 113664]
Avvio veloce di Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
c:\users\Kesson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-934733682-3541227792-4260690281-1002]
"EnableNotificationsRef"=dword:00000003
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2A6A01FC-1440-4CB1-BEA2-D14E0E840A82}c:\\program files\\adunanza\\emule_adnza.exe"= UDP:c:\program files\adunanza\emule_adnza.exe:eMule
"UDP Query User{5A2D1D15-9568-48A2-8F9F-1056E465A80D}c:\\program files\\adunanza\\emule_adnza.exe"= TCP:c:\program files\adunanza\emule_adnza.exe:eMule
"{F87747DC-D19A-4A6E-A7D8-7F17019813D5}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A3FBA134-2A5E-44C7-A97F-C35049E41316}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F68E6DED-DD44-4B70-9F77-6E9DA00C5013}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2B93115B-D3DC-4C12-A4CD-B9C2E6EA9EF8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{61413D88-894C-470C-9F39-03D55A9B33C7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{93A3921D-96B4-4188-A1F8-F819B709D449}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A8E6DDB8-A501-4090-AB1C-B56BCD2A9F4C}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{7B46BAE8-BAE5-41DF-8AAE-B755312C318C}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{FB40E35A-7B74-4808-A1B3-EF576A1F90AA}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{9189F07B-19A8-450C-B8D5-2142CED91CED}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{25949722-EBC9-49ED-8CED-6ABBBC453CCC}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{5E20E50B-1D92-4F29-A324-9CE9F4808A06}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{07D32312-0749-438A-9FB3-0D0046825615}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{FE1A7BC3-6807-4714-AC1B-E324340ADFFB}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{0A913ACF-1D20-46C9-9F3B-B2CC79F31FDF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7CDA054B-67B6-47E3-9CE4-837DE113ADEF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{DC36FFA6-B9FA-49CA-9780-8D20E600D8AC}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{F0365DC3-97D6-4087-9799-16F5DEADE3C9}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{4BB7D4B7-E18A-4115-9694-847D00010755}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{84403CD3-8DE9-4CFF-8397-CACA27B4D3AB}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{2B350808-6840-4592-8FE9-E64164B0EFF9}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{49E849EF-5355-4FD1-9AFB-C07004925E32}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3D88E1F9-54F9-49C3-BA40-375191CFE71D}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{144F9F3B-9713-4E1A-AC54-BC834B8FB4B0}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{BE2AE58E-5501-484F-A6EA-23D5CB6B6896}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{1E5D3B6D-2018-420A-8812-CEF504AFFFFD}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{92329EF3-A9FB-43AA-BB4D-A6B658654EE7}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{C75B3D97-9BD7-426E-9C2D-072A91DF6AD6}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{D2BADB28-4E0F-4694-94B8-FBD8EA343346}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{83188C0A-BB7C-49E0-A1FD-1E52335A2407}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{3BC9C88F-AA81-4660-8B1B-9FB36B3674B5}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{B5E162C8-EE2F-44EF-86CC-7A13AF58F34C}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{C2583732-D2A5-43D4-9176-5511C8975239}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{EDC1B382-E4DF-4079-8A02-3BC082EFC00F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{A33132F5-E0A8-45B9-942F-5F46827CCA3A}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{CBD152B2-4D8B-4136-8821-2935F5314F39}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{C6580066-803D-4AAB-BB4D-BCA30A0DC16D}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{AF376828-CBAD-4D8A-85DE-085366FD9A08}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{74795389-D9D4-4239-9407-BBDC5FBFCFF5}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{C9638B36-F044-4AC3-9410-D3D6F4BC8729}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9B7C2D0E-0110-4FA5-9F26-BAD74F1D668E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{28A7187F-3598-41B7-AD3D-B9708278880B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{03A52D85-32A7-443E-BECF-49E745F1741F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{FCF098C3-30F3-4593-B673-C2F08D8D67E9}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D7933769-F93A-4807-B3D8-093E301902A2}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F7C83A3E-A5E4-4A4E-A155-1976932D771B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{07B17AC6-E11A-45DF-AC31-23B714C108DC}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AA2B715E-52D1-444A-AA2D-D2E09A037CD7}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{01406B19-EEBE-426A-851B-0283FE66E5D6}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{7CB33D85-E855-4523-B349-CEAB5024ECAB}"= UDP:c:\users\Kesson\AppData\Local\Temp\pes2009.exe:Pro Evolution Soccer 2009
"{29BDB2BA-2E5A-449A-9C11-F1E750222FBC}"= TCP:c:\users\Kesson\AppData\Local\Temp\pes2009.exe:Pro Evolution Soccer 2009
"{50DC3525-86DE-4960-A170-033AB1A5D09F}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{70487ECB-18AE-442B-AAEC-BC7DE1FB1682}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{CEBB17FC-9F00-4E87-AA45-BED81AF9B5EC}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F37E1327-52BE-44E5-91E9-80C683FF0EDD}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{50370449-7816-44C7-B45F-5988534A61DB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{624C2391-4825-4BE8-A70B-BAEBCD7A8093}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{17FC96A6-9723-40B8-896C-4D8976366FC3}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{CBA2E2FB-312A-45FD-B604-30CB8A31989E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{9D169E49-B750-46BA-BB60-37F9EB2153FC}c:\\program files\\emule adunanza\\emule_adnza.exe"= UDP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{7E200040-7A05-481B-82F1-03A8A2B4156E}c:\\program files\\emule adunanza\\emule_adnza.exe"= TCP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"{CAC1D4D8-0CA9-4340-A0F8-A793BE0E88F2}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4B3F038A-8E5D-4266-92C9-8D426CF0AD55}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\uusee\\UUSeePlayer.exe"= c:\program files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-24 51792]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI439E.tmp [2009-03-16 189696]
S3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\System32\drivers\PFC027.SYS [2007-05-14 508288]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a359f96-f2ed-11dc-8bd2-0019db403de1}]
\shell\auto\command - Knight.exe open
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\shell\explore\command - Knight.exe open
\shell\find\command - Knight.exe open
\shell\install\command - Knight.exe open
\shell\open\command - Knight.exe open
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a359f9b-f2ed-11dc-8bd2-0019db403de1}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b71f2fe5-ba46-11db-8ef4-0019db403de1}]
\shell\AutoRun\command - E:\Autorun.exe
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-SmpcSys - c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
HKLM-Run-Google IME Autoupdater - c:\program files\Google\Google Pinyin\GooglePinyinDaemon.exe
HKLM-Run-TkBellExe - realsched.exe
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Winamp Toolbar Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\program files\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\Kesson\AppData\Roaming\Mozilla\Firefox\Profiles\
0ije2fa4.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\users\Kesson\AppData\Roaming\Mozilla\Firefox\Profiles\
0ije2fa4.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Kesson\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-24 15:01:13
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
c:\windows\TEMP\TMP0000002C81707D1F4AFCE572 524288 bytes executable
Scansione completata con successo
Files nascosti: 1
**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-24 15:07:19 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-24 14:07:03
Pre-Run: 6.168.592.384 byte disponibili
Post-Run: 6,037,872,640 byte disponibili
316 --- E O F --- 2009-03-23 20:34:23