[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"F.lux"="c:\users\Augusto\Local Settings\Apps\F.lux\flux.exe" [2009-02-25 962560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\IEXPLORE.EXE" [2009-03-08 638816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 151552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2009-06-02 2336112]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-31 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-10-11 1826816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
c:\users\Augusto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wise-FTP Scheduler
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F1912712-ADC6-488E-9CC9-E06DF1A6E0F7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C3A99D7E-159C-48AB-ADEC-C2DF54DFF214}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0625CBA-A266-45E4-8F57-1508068603BD}"= UDP:c:\program files\Common Files\Sogou PXP\p2psvr.exe:Sogou P4P Service
"{549113BC-91BB-4C54-BFBF-467B3A90A1A6}"= TCP:c:\program files\Common Files\Sogou PXP\p2psvr.exe:Sogou P4P Service
"{19F10012-374B-44E3-85AC-F6A64C62B35D}"= UDP:7569:Emule_TCP
"{CB5E53AA-6F8C-4D4D-9C52-762760173966}"= TCP:49089:Emule_UDP
"TCP Query User{B34B6962-8081-4CB9-9830-76ED628105E3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{DB8CD2F9-DD9C-4291-80B2-2FE60D694389}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1E93DBA5-A29A-42F7-BC67-EDABD2CFF86B}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{D7F48C81-EC61-4A7B-A15A-13D4A7F787E6}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{196DAD1D-F9AE-44F6-85D6-38DC8AFC994F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C48E4462-4355-46A8-911F-F95EC2B7842F}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{E02ECBA6-7800-4214-9B1E-5A5049049C06}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{DAFB6357-5DEB-4219-9A8C-75A4A0A428AD}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{6DF44DE5-A255-42F6-8B2B-5E8B375E1BED}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{49BF8873-9DF5-4C84-AD0B-6A95409FB30B}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{26DCD2C3-831C-41E9-A026-BA6D706C1BE2}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{6D2F0367-A6FC-4007-AADD-57C046756DDC}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{2DBFE5D4-3592-4E77-A7DD-6576B3D06F0F}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{4727B4A5-F731-4046-8A8B-B43F7369D608}c:\\users\\augusto\\desktop\\emule+\\emule0.49b\\emule.exe"= UDP:c:\users\augusto\desktop\emule+\emule0.49b\emule.exe:emule.exe
"UDP Query User{1AD3B567-C29F-458F-93E1-876877621C89}c:\\users\\augusto\\desktop\\emule+\\emule0.49b\\emule.exe"= TCP:c:\users\augusto\desktop\emule+\emule0.49b\emule.exe:emule.exe
"TCP Query User{75AAA0B0-6088-4281-BAFF-1923C0077DB4}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"UDP Query User{CB689D59-FF94-4AD3-BFD6-8E1FE358AD8E}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"TCP Query User{2106236D-4997-4680-8F6A-B9243FF6BBAE}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{D5B055A4-E37C-41A0-9A70-2638CC4117EA}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{443DA4B8-A974-40EB-980F-75223766DA2F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4D2E5EC4-FBD1-4277-BB34-E05ED2BD9065}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\PPMate\\ppmate.exe"= c:\program files\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\PPMate\\ppamnet.exe"= c:\program files\PPMate\ppamnet.exe:*:Enabled:PPMate
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Users\\Augusto\\Desktop\\BitTorrent\\bittorrent.exe"= c:\users\Augusto\Desktop\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [02.06.2009 11:40 116080]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\System32\drivers\l260x86.sys [16.10.2008 16:17 29184]
S2 gupdate1c991bb98f96e2f;Servizio di Google Update (gupdate1c991bb98f96e2f);c:\program files\Google\Update\GoogleUpdate.exe [18.02.2009 13:25 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-06-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-18 10:28]
2009-06-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 11:25]
2009-06-15 c:\windows\Tasks\User_Feed_Synchronization-{A439724A-D80C-4E9F-8F57-B26F073CC29F}.job
- c:\windows\system32\msfeedssync.exe [2009-05-22 11:31]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-DesktopMechanic - (no file)
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://google.it/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-15 17:53
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
? [14692]
? [24136]
? [24160]
? [40324]
? [42656]
? [42784]
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-06-15 17:54
ComboFix-quarantined-files.txt 2009-06-15 15:54
Pre-Run: 160'505'016'320 byte disponibili
Post-Run: 159'966'986'240 byte disponibili
209 --- E O F --- 2009-06-14 09:50