Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda klaude4d » gio lug 16, 2009 10:27 am

Ho il risultato di kaspersky, ora devo impartire i comandi in avenger per rimuovere o rinominare i file infetti, ho letto la guida sui 10 comandi e ho alcuni dubbi su come interpretare il file di log di kaspersky.
qualcuno puo aiutarmi?

posto i risultati

File name Threat name Threats count
C:\cleanup.exe Infected: Trojan.Win32.Zapchast.uy 1
C:\PoWeR-Script.0.2.1\mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Program Files\NetworkActiv PIAFCTM 1.5\NetworkActivPIAFCTMv1.5.exe Infected: not-a-virus:NetTool.Win32.Piafctm.152 1
C:\Users\Klaude3d\Downloads\eMule\Incoming\AVS Video Converter 6.2.4.330+crack by SND.rar Infected: Trojan.Win32.VB.kki 2
The selected area was scanned.
Avatar utente
klaude4d
Aficionado
Aficionado
 
Messaggi: 146
Iscritto il: mar lug 14, 2009 11:07 pm

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda klaude4d » gio lug 16, 2009 10:36 am

questo e' ultiko logg gmer

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-16 11:39:26
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8560F1F8
Device \FileSystem\fastfat \Fat 877731F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestione filtri file system Microsoft/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Avatar utente
klaude4d
Aficionado
Aficionado
 
Messaggi: 146
Iscritto il: mar lug 14, 2009 11:07 pm

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda ste_95 » gio lug 16, 2009 11:26 am

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to delete:
C:\cleanup.exe
C:\Users\Klaude3d\Downloads\eMule\Incoming\AVS Video Converter 6.2.4.330+crack by SND.rar


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger riporta un errore, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda klaude4d » gio lug 16, 2009 11:53 am

ok fatto tutto, ma stavolta al riavvio del pc e' arrivato alla scelta degli user e si e' riavviato un altra volta, ora sono dentro ma no si e' aperto il blocco note di avenger con i risultati come di consueto!! di che file hai bisogno per interpretare quale versione del bagle ho? ora gmer mi restituisce questa riga nel rootkit : GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-16 12:56:53
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8580F1F8

---- EOF - GMER 1.0.15 ----

dimmi per favore i file di scan di cui hai bisogno pls. grazie
Avatar utente
klaude4d
Aficionado
Aficionado
 
Messaggi: 146
Iscritto il: mar lug 14, 2009 11:07 pm

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda ste_95 » gio lug 16, 2009 12:00 pm

perché dovresti avere Bagle?

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda klaude4d » gio lug 16, 2009 12:11 pm

ho ridato lo script con avenger con i comandi delle varianti del virus ho ricevuto questo log.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "C:\WINDOWS\system32\drivers\srosa.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


combofix ogni volta che lo uso sia in modalità normale che in provvisoria mi restituisce una bella bsod blue screen con il seguente errore :
stop 0x0000000f4
0x00000003
0x85f83d9o
0x85f83edc
0x82475400

come procedo?
provo a rifare combofix in provvisoria ora che il sistema e' un po piu pulito ?

grazie ste
Avatar utente
klaude4d
Aficionado
Aficionado
 
Messaggi: 146
Iscritto il: mar lug 14, 2009 11:07 pm

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda ste_95 » gio lug 16, 2009 12:23 pm

klaude4d ha scritto:provo a rifare combofix in provvisoria ora che il sistema e' un po piu pulito ?

Prova, anche se secondo me non si tratta di Bagle.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda klaude4d » gio lug 16, 2009 1:07 pm

sono riuscito a lanciare combofix anche se su alcuni percorsi non ha avuto accesso diceva durante la scansione vi posto il log, ancora il mio pc non va bene, windows defender e' disattivato, ancora qualche app. win 32 non valida come messaggio e lìorologio invece di segnare le 14.11 segna le 2.11 vi prego venitemi in aiuto e soccorso,

ComboFix 09-07-14.08 - Klaude3d 16/07/2009 13:40.1.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3070.1930 [GMT 2:00]
Eseguito da: c:\users\Klaude3d\Desktop\bagle removing\Software necessario\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\InfoSat.txt
c:\windows\Installer\ab2ac.msi

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_111111S1RO1S1A
-------\Legacy_SK9OU0S


((((((((((((((((((((((((( Files Creati Da 2009-06-16 al 2009-07-16 )))))))))))))))))))))))))))))))))))
.

2009-07-16 11:47 . 2009-07-16 11:49 -------- d-----w- c:\users\Klaude3d\AppData\Local\temp
2009-07-15 10:23 . 2009-07-15 11:38 -------- d-----w- C:\FindyKill
2009-07-15 06:07 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 06:07 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 06:07 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 06:07 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 13:41 . 2009-07-13 13:41 -------- d-----w- c:\users\Klaude3d\AppData\Local\Apple
2009-07-12 04:36 . 2009-07-12 04:39 -------- d-sh--w- c:\users\Klaude3d\Phone Browser
2009-07-11 00:41 . 2009-07-11 00:41 -------- d-----w- c:\users\Klaude3d\AppData\Local\Autodesk
2009-07-10 22:36 . 2009-07-15 22:31 -------- d-----w- c:\users\Klaude3d\AppData\Local\Adobe
2009-07-10 21:38 . 2009-07-15 22:41 -------- d-----w- c:\users\Klaude3d\AppData\Local\Apple Computer
2009-07-09 12:00 . 2009-07-09 12:00 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Malwarebytes
2009-07-09 12:00 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 12:00 . 2009-07-15 09:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 12:00 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 12:00 . 2009-07-09 12:00 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-09 10:42 . 2009-07-09 11:50 -------- d-----w- c:\windows\Symbols
2009-07-09 09:55 . 2009-07-09 11:35 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-07-08 23:11 . 2009-07-08 23:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-08 22:44 . 2009-07-08 22:44 20914549 ----a-w- c:\users\Klaude3d\AppData\Roaming\Nokia\Nokia Download!\Temp\Nokia_Download_newUI_2.1.19.0_setup.exe
2009-06-28 15:45 . 2009-06-28 15:45 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-06-28 15:41 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-26 22:42 . 2009-06-26 22:42 -------- d-----w- c:\progra~2\Thunder Network
2009-06-26 22:42 . 2009-06-26 23:09 -------- d-----r- C:\TDDOWNLOAD
2009-06-26 22:40 . 2009-06-26 22:40 20 ----a-w- c:\windows\system32\pub_store.dat
2009-06-26 22:40 . 2009-06-26 22:40 -------- d-----w- c:\program files\Common Files\Thunder Network
2009-06-26 22:40 . 2009-06-26 22:40 -------- d-----w- c:\program files\Thunder Network
2009-06-21 12:10 . 2009-06-21 12:10 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\AVS4YOU
2009-06-21 12:10 . 2009-06-21 12:10 -------- d-----w- c:\progra~2\AVS4YOU
2009-06-21 12:08 . 2009-06-21 13:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-21 12:08 . 2009-07-15 10:47 -------- d-----w- c:\program files\AVS4YOU
2009-06-17 22:20 . 2009-07-05 12:11 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\MessengerDiscovery 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 11:42 . 2009-02-05 18:37 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Skype
2009-07-16 09:58 . 2009-02-05 18:40 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\skypePM
2009-07-16 03:15 . 2009-02-07 17:13 -------- d-----w- c:\progra~2\Google Updater
2009-07-15 23:47 . 2009-05-24 16:36 -------- d-----w- c:\progra~2\AQ
2009-07-15 20:42 . 2006-11-06 01:52 670772 ----a-w- c:\windows\system32\perfh010.dat
2009-07-15 20:42 . 2006-11-06 01:52 123414 ----a-w- c:\windows\system32\perfc010.dat
2009-07-15 09:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 09:43 . 2009-02-05 23:05 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-13 21:37 . 2009-03-30 17:51 -------- d-----w- c:\program files\Safari
2009-07-12 21:51 . 2009-04-09 15:54 -------- d-----w- c:\program files\Nokia
2009-07-10 09:11 . 2009-02-06 00:46 -------- d-----w- c:\program files\MSN Messenger
2009-07-10 09:11 . 2009-02-04 09:18 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-09 09:19 . 2009-02-03 22:56 -------- d-----w- c:\program files\Trillian
2009-07-08 23:24 . 2009-04-09 16:01 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-08 23:24 . 2009-04-09 15:59 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-08 23:23 . 2009-04-09 16:04 -------- d-----w- c:\progra~2\Installations
2009-07-08 12:25 . 2009-04-14 00:03 -------- d-----w- c:\progra~2\Nokia
2009-07-08 12:10 . 2009-04-09 16:09 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Nokia
2009-07-08 08:48 . 2009-04-10 01:55 -------- d-----w- c:\program files\WebcamMax
2009-06-28 17:10 . 2009-02-04 12:58 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\USBSafelyRemove
2009-06-28 16:06 . 2009-06-28 16:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-06-28 16:06 . 2009-02-03 15:23 143152 ----a-w- c:\users\Klaude3d\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 15:41 . 2009-04-09 15:59 -------- d-----w- c:\program files\DIFX
2009-06-28 15:27 . 2009-06-28 15:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-06-21 21:56 . 2009-05-31 12:23 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\NCH Software
2009-06-21 21:55 . 2009-05-31 12:23 -------- d-----w- c:\progra~2\NCH Software
2009-06-21 12:30 . 2009-05-24 16:52 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Juce VST Host
2009-06-21 12:28 . 2009-02-04 09:19 -------- d-----w- c:\program files\MessengerDiscovery
2009-06-21 12:23 . 2009-02-03 23:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 11:54 . 2009-06-21 11:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-21 11:53 . 2009-02-16 23:40 -------- d-----w- c:\program files\DirectVobSub
2009-06-21 11:53 . 2009-02-16 23:45 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2009-06-21 11:52 . 2009-02-16 23:45 -------- d-----w- c:\program files\CD Audio Reader Filter
2009-06-21 11:52 . 2009-02-16 23:43 -------- d-----w- c:\program files\SHOUTcast Source
2009-06-21 11:52 . 2009-02-16 23:42 -------- d-----w- c:\program files\DSP-worx
2009-06-21 11:52 . 2009-06-08 11:06 -------- d-----w- c:\program files\DivX
2009-06-21 11:52 . 2009-02-16 23:45 -------- d-----w- c:\program files\RealMedia
2009-06-21 11:51 . 2009-06-08 11:07 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\DivX
2009-06-11 03:39 . 2009-06-08 16:30 -------- d-----w- c:\program files\iTunes
2009-06-11 03:39 . 2009-06-11 03:39 -------- d-----w- c:\program files\iPod
2009-06-11 03:39 . 2009-04-06 16:54 -------- d-----w- c:\program files\Common Files\Apple
2009-06-11 03:38 . 2009-02-06 11:18 -------- d-----w- c:\program files\QuickTime
2009-06-10 23:14 . 2009-02-06 11:24 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Apple Computer
2009-06-08 16:30 . 2009-02-06 11:18 -------- d-----w- c:\progra~2\Apple Computer
2009-06-08 11:06 . 2009-02-05 19:50 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-08 11:06 . 2009-06-08 11:06 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-07 09:52 . 2009-06-07 09:52 -------- d-----w- c:\program files\NetworkActiv PIAFCTM 1.5
2009-06-02 16:11 . 2009-06-21 11:54 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-31 18:20 . 2009-05-31 18:19 -------- d-----w- c:\program files\Total Video Converter
2009-05-31 12:23 . 2009-05-31 12:23 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\NCH Swift Sound
2009-05-31 12:21 . 2009-05-31 12:21 58949 ----a-w- c:\users\Klaude3d\ia_remove.sh0254.tmp
2009-05-31 11:26 . 2009-05-31 11:26 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-30 16:48 . 2009-05-18 21:43 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Nseries
2009-05-30 16:00 . 2009-05-30 16:00 297984 ----a-w- c:\windows\system32\LTKRN10N.DLL
2009-05-29 22:41 . 2009-02-05 18:10 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Autodesk
2009-05-29 22:41 . 2009-02-05 18:03 -------- d-----w- c:\progra~2\Autodesk
2009-05-29 21:59 . 2009-02-24 01:54 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Camfrog
2009-05-29 21:37 . 2009-06-21 11:54 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-06-21 11:54 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-29 11:36 . 2009-05-29 11:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 11:36 . 2009-05-29 11:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-28 18:29 . 2009-02-05 22:34 -------- d-----w- c:\progra~2\FLEXnet
2009-05-28 18:22 . 2009-02-05 18:03 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-05-28 18:18 . 2009-02-05 18:02 -------- d-----w- c:\program files\Autodesk
2009-05-27 21:46 . 2009-05-27 21:40 -------- d-----w- c:\program files\AutoCAD 2009
2009-05-26 01:56 . 2009-02-07 17:13 -------- d-----w- c:\program files\Google
2009-05-25 23:12 . 2009-05-25 23:12 -------- d-----w- c:\program files\Avira
2009-05-25 23:12 . 2009-05-25 23:12 -------- d-----w- c:\progra~2\Avira
2009-05-24 17:19 . 2009-03-19 18:31 -------- d-----w- c:\program files\Opera
2009-05-24 01:10 . 2009-05-24 01:10 -------- d-----w- c:\progra~2\TechSmith
2009-05-24 01:10 . 2009-05-24 01:10 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-05-24 01:10 . 2009-05-24 01:10 -------- d-----w- c:\program files\TechSmith
2009-05-23 23:21 . 2009-05-23 23:21 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\muvee Technologies
2009-05-23 23:21 . 2009-05-23 23:21 -------- d-----w- c:\progra~2\muvee Technologies
2009-05-22 23:11 . 2009-05-22 23:11 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Babylon
2009-05-22 23:11 . 2009-05-22 23:11 -------- d-----w- c:\progra~2\Babylon
2009-05-21 22:29 . 2009-04-30 00:02 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\OpenWith.org Cache
2009-05-18 22:49 . 2009-05-18 22:47 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\dvdcss
2009-05-18 01:35 . 2009-05-03 02:01 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\DC++
2009-05-11 10:47 . 2009-05-11 10:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-05 18:37 . 2009-02-03 23:59 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-03 13:40 . 2009-05-03 13:05 5 ----a-w- c:\windows\sbacknt.bin
2009-05-03 13:27 . 2009-05-03 13:27 152904 ----a-w- c:\windows\system32\vghd.scr
2009-05-01 21:02 . 2009-06-21 11:54 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-06-21 11:54 685056 ----a-w- c:\windows\system32\divx.dll
2009-04-30 12:37 . 2009-06-11 01:24 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-11 01:24 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-24 16:05 . 2009-06-10 02:56 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 02:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 02:55 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-10 02:56 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 02:55 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 02:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-20 15:14 . 2009-04-20 15:14 368640 ----a-w- c:\windows\system32\ReWire.dll
2009-06-24 16:22 . 2009-02-03 16:06 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2009-01-04 743936]
"SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2006-09-09 990208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Camtasia Recorder"="c:\program files\TechSmith\Camtasia Studio 6\CamRecorder.exe" [2008-10-10 2678104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"Camfrog"="c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 36352]
"Google Update"="c:\users\Klaude3d\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-03 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-02-25 37888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-07-09 15872]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\users\Klaude3d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CamRecorder.exe [2004-3-29 1208320]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
SIDA.Connect.lnk - c:\aq\supdate.exe [2008-12-10 2151936]

c:\users\Klaude3d\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
CamRecorder.exe [2004-3-29 1208320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^C6 Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\C6 Messenger.lnk
backup=c:\windows\pss\C6 Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Klaude3d^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=c:\users\Klaude3d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNK.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Klaude3d^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skype.lnk]
path=c:\users\Klaude3d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
backup=c:\windows\pss\Skype.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-736386715-1995483522-3099797811-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C9AA8625-2775-4BE3-B22E-EA7AB9301DDC}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{2E21C932-C153-47E8-8425-75C5E02D4963}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{27FA73E1-B0C1-43AA-A03E-3E41F41D7449}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{C6BAFD06-DC36-40B9-B3C7-6E68F7EF259A}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{83759BA0-7AEB-47D3-A7C4-0810D871DA42}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"TCP Query User{B642A33D-7A96-4BE2-8A9F-2ED2EAE19C22}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{65DC7B7B-DE10-42F9-B673-A1DD6B3DCA1A}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"TCP Query User{E79B185D-420E-431E-9589-4E6E39230FCD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{E1FC2BC2-B904-4869-90AC-7F060EA864A1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{A849A248-80C9-4A37-926E-F5381B6A064D}c:\\users\\klaude3d\\desktop\\emule\\emule.exe"= UDP:c:\users\klaude3d\desktop\emule\emule.exe:emule.exe
"UDP Query User{CB89BD28-C45E-45BA-998D-9E55B8144F24}c:\\users\\klaude3d\\desktop\\emule\\emule.exe"= TCP:c:\users\klaude3d\desktop\emule\emule.exe:emule.exe
"{BBE9F3AD-F195-4CB0-B4D0-F3B85AEC6752}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0BF80177-884C-4CAD-A1BC-26A0A045C4D4}"= UDP:5353:Adobe CSI CS4
"{BFF560FD-31C0-487E-B08E-502B90E1B215}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{9EB671B6-EFC4-43FF-AB0B-3ACA4F847963}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{CFDEC7C7-FA92-4110-BF47-843FABB49699}"= UDP:3703:Adobe Version Cue CS4 Server
"{0A4FC547-467E-4014-B814-5E5EB2FF690F}"= UDP:3704:Adobe Version Cue CS4 Server
"{022FECC8-AF00-4A39-A4D0-E05304CBD2C7}"= UDP:51000:Adobe Version Cue CS4 Server
"{9E627405-3275-4D16-91D1-20782AEA035E}"= UDP:51001:Adobe Version Cue CS4 Server
"{85BCE220-73D5-4A59-96C1-0F38AC7BE05B}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{1BD8E142-9594-475E-83AA-A15E65DEF829}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{6EDDD184-E6D9-4317-AA84-39A7A9C91A3A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{77DE7EF1-9700-40F3-B5DD-FA00CC563F85}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6EBCA6E1-61F4-46F8-8292-937817B130AE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D06DDC06-8A67-4BBF-8046-38D6894D177D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{339E7B55-A4B0-4DDA-83F3-AC5FEB63D664}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{88085790-D132-4718-B1B1-C90AAF3C5D1D}c:\\program files\\next limit\\realflow4\\realflow.exe"= UDP:c:\program files\next limit\realflow4\realflow.exe:realflow
"UDP Query User{C3757EB5-C4AC-480A-90DF-C6AF4496237D}c:\\program files\\next limit\\realflow4\\realflow.exe"= TCP:c:\program files\next limit\realflow4\realflow.exe:realflow
"TCP Query User{17F06F46-A6A6-4DB9-A924-4789B3DCE711}c:\\users\\klaude3d\\desktop\\power-script.0.2.1\\mirc.exe"= UDP:c:\users\klaude3d\desktop\power-script.0.2.1\mirc.exe:mirc.exe
"UDP Query User{6A738567-1673-416B-A95E-AD361D96012A}c:\\users\\klaude3d\\desktop\\power-script.0.2.1\\mirc.exe"= TCP:c:\users\klaude3d\desktop\power-script.0.2.1\mirc.exe:mirc.exe
"TCP Query User{AC7DCB96-374F-4F38-B97F-1A024ECB694C}c:\\power-script.0.2.1\\mirc.exe"= UDP:c:\power-script.0.2.1\mirc.exe:PoWeR-Script
"UDP Query User{74F13F3C-D7D7-4CAD-901E-D997C208F42E}c:\\power-script.0.2.1\\mirc.exe"= TCP:c:\power-script.0.2.1\mirc.exe:PoWeR-Script
"TCP Query User{C0F075D4-53DF-4D11-AAB7-C1336B857426}c:\\flashcad_composer\\flashcad.exe"= UDP:c:\flashcad_composer\flashcad.exe:FlashCAD
"UDP Query User{9712F55B-8C69-4495-84D2-2434D776D732}c:\\flashcad_composer\\flashcad.exe"= TCP:c:\flashcad_composer\flashcad.exe:FlashCAD
"{26B86C2A-4476-4E51-861D-D64FD76FACE8}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{D65D46F2-6FC1-4A59-99A6-270A3631BD61}c:\\flashcad\\flashcad.exe"= UDP:c:\flashcad\flashcad.exe:FlashCAD
"UDP Query User{8E835343-E529-4E16-B46D-868E8011EEF1}c:\\flashcad\\flashcad.exe"= TCP:c:\flashcad\flashcad.exe:FlashCAD
"TCP Query User{9D9A88B1-B8F4-45FB-9102-FEE52081D9F2}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{157429BE-6144-47A5-BB7E-C2DAB8A8E85F}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"{8FFAEE71-5F3A-4164-9AEB-121088906BE1}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{160AF601-6BD6-446C-B699-D89123F9568D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{874410AB-B1FB-4675-8273-F9474BACC5E3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{990C1BD5-18A6-40AD-916B-AC4BA07AC682}"= Disabled:UDP:443:Porta TCP ooVoo 443
"{4D8E1ADF-94C4-438B-9222-1808DE785D5F}"= Disabled:TCP:443:Porta UDP ooVoo 443
"{969E62F6-92AF-4D52-8D38-E8FFDD06D4F9}"= Disabled:UDP:37674:Porta TCP ooVoo 37674
"{43A7F9F8-A1FE-470A-9313-DC05D0509747}"= Disabled:TCP:37674:Porta UDP ooVoo 37674
"{3D1DF0B0-168E-4A48-B7AC-52DDFC0E227E}"= Disabled:TCP:37675:Porta UDP ooVoo 37675
"TCP Query User{DFD0E3EE-7FC5-431C-9A2B-B33A0F895CAB}c:\\c6 messenger\\plugin\\fsmodule\\c6filesharing.exe"= UDP:c:\c6 messenger\plugin\fsmodule\c6filesharing.exe:C6 Scambia File
"UDP Query User{48E999EC-A6E2-4D5F-8972-2932F20B4195}c:\\c6 messenger\\plugin\\fsmodule\\c6filesharing.exe"= TCP:c:\c6 messenger\plugin\fsmodule\c6filesharing.exe:C6 Scambia File
"{13B629EF-0A0D-407C-B5E0-FA891EB3FCCD}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FEC07F1C-82C1-476F-8359-E42B25EACB29}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{897E0A5E-5DF2-423B-AB0D-513F4E08DD08}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{B8BB78E7-61A2-4777-998F-5D58F7FD8195}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{60562E9F-0AC1-43BF-86EB-AF080E3EA4B3}c:\\c6 messenger\\plugin\\fsmodule\\c6filesharing.exe"= UDP:c:\c6 messenger\plugin\fsmodule\c6filesharing.exe:C6 Scambia File
"UDP Query User{2EA7BE2F-B4A2-4E25-8F30-A47CD99812AE}c:\\c6 messenger\\plugin\\fsmodule\\c6filesharing.exe"= TCP:c:\c6 messenger\plugin\fsmodule\c6filesharing.exe:C6 Scambia File
"{0DBDED3A-43F6-498F-A6AF-2F25A38CADD0}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{95FFBFE6-1EB0-4BF4-824A-B587C88BA141}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8D7900B8-508B-4199-9FD8-BDE0F72037E7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B5D3A034-1DBD-4FBE-BEE5-CA528381C2C5}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{71692943-05EE-4314-9D19-AEE20B4EFDEF}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{38C784F0-9F01-4A88-9CAA-77993D6DC4C0}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{D2860F82-4550-40F2-850B-C75791C3CF07}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{DD8B68BA-9BC7-4076-969A-DC8BFAEAE692}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{FA5F14F3-798E-4009-A570-4E0D1E6CA19C}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{2D35C5EE-7FD0-4975-AC49-D5A3F86C6627}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{8650FC83-D8C2-4FA6-B354-F22A71011E48}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{4AB7A7AC-5A32-4529-BFA3-9EA9F834A1FA}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{4487C37E-746E-4C32-83B7-ECC0346E6F08}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{3CFE7E57-63D6-468A-A592-380EBE142A07}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{4E51B7DF-293A-4C96-AE2E-54C118316F17}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{88508258-BFA9-4A79-9553-E69DA8D5C82F}"= UDP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{0D0C84CA-61F6-40BD-BA7F-A91041BB1D37}"= TCP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{81FD4A1E-D97F-4FBB-9679-7C3637558B56}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{C176CF59-24A8-4D0A-B153-5892FC937CD2}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{87DD530E-5BE3-4C5E-94C6-2A43F3D3BB8D}"= UDP:c:\users\Klaude3d\Downloads\guardian.sisx:guardian
"{1329BB00-B379-48CC-84FF-CBCE40D707C3}"= TCP:c:\users\Klaude3d\Downloads\guardian.sisx:guardian
"{171760A2-6405-491E-ABAC-A3C641AABCCD}"= UDP:c:\program files\Nokia\PC Connectivity Solution\NclInstaller.exe:NclInstaller
"{6146B3A0-35EE-42E0-A634-CB7C3FB8ECE3}"= TCP:c:\program files\Nokia\PC Connectivity Solution\NclInstaller.exe:NclInstaller
"TCP Query User{8E17B86B-8FA6-42DE-9199-BDCC9FDE7636}c:\\program files\\icuii\\icuii.exe"= Disabled:UDP:c:\program files\icuii\icuii.exe:ICUII Video Chat Client
"UDP Query User{65346FDF-4A57-4EE9-BBE2-AD290C353FAF}c:\\program files\\icuii\\icuii.exe"= Disabled:TCP:c:\program files\icuii\icuii.exe:ICUII Video Chat Client
"{DDAD558A-750A-4B2A-A3AF-C0AD93A5F397}"= Disabled:UDP:c:\program files\Total Uninstall 5\Tu.exe:Total Uninstall 5
"{6B194647-8990-47C0-80AA-16EC19F7994A}"= Disabled:TCP:c:\program files\Total Uninstall 5\Tu.exe:Total Uninstall 5
"{671B7ADE-6E19-4B87-9CC1-4BBC23C391D1}"= Disabled:UDP:c:\program files\Total Uninstall 5\TuAgent.exe:TuAgent
"{050E5619-2E91-422B-B1AB-8E0317918EF4}"= Disabled:TCP:c:\program files\Total Uninstall 5\TuAgent.exe:TuAgent
"{34F52D46-79F7-4781-99C0-9923FCA153F3}"= Disabled:UDP:c:\program files\Total Uninstall 5\TuStarter.exe:TuStarter
"{1CB99F34-E2AF-40A4-A763-C08FD08EE565}"= Disabled:TCP:c:\program files\Total Uninstall 5\TuStarter.exe:TuStarter
"TCP Query User{65A1DA3A-0942-4080-A3DA-E0F1A78AC4E0}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{275E2F3E-8FE0-4EE5-B893-DE3428A905FF}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{4CBC4944-BC6E-48CD-AFA5-15FEF875A57A}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{8CE6BB3E-1A1A-44D7-98B0-9F17E20C2B7E}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{0D9E3424-099B-4C50-B3D4-627AEB6ED8ED}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{877D84F0-488D-4D2D-9DFB-996A1E1767D4}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{3F79E6EF-9669-40EB-AB5E-97D1E32AFC05}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{5ED57799-5E5B-4FCB-85A9-1DBA1C539354}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{4C455322-C205-413E-9B1E-E67D1D68F58C}c:\\program files\\amsn\\bin\\wish.exe"= UDP:c:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{1B131684-0ACD-4C0F-8B3B-E041786BF558}c:\\program files\\amsn\\bin\\wish.exe"= TCP:c:\program files\amsn\bin\wish.exe:Wish Application
"TCP Query User{B052CE0B-8E78-4188-B17A-8A47E6ADD2A3}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{69794E02-85ED-4015-BC13-7CDF467EA35D}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"{B84819F4-BF99-41BF-8F55-E291C5D5F065}"= UDP:c:\windows\Temp\~os7060.tmp\ossproxy.exe:ossproxy.exe
"{3F5139DF-9B37-41FE-A3B7-26EFB19A1827}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{E3CB033A-5202-4C27-AB98-1F2BB008200A}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{CCA776D8-4B25-4E9E-9B1C-4AD1723DAF50}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{BB797303-0D80-423B-9885-8AB4264C57B5}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{24A67AD6-1B6B-4598-B9B6-C213ADB77676}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{5BC04D40-78BF-4796-9F32-8521834C2D3A}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{2ADC481D-6D93-4DF3-AA84-AADE86B79047}"= UDP:c:\program files\Autodesk\3ds Max 2010\3dsmax.exe:Autodesk 3ds Max 2010 32-bit
"{94620FC5-91A4-4900-B020-58415F1E5264}"= TCP:c:\program files\Autodesk\3ds Max 2010\3dsmax.exe:Autodesk 3ds Max 2010 32-bit
"{8250D3D7-FE69-4C92-8F0A-B9BC997147D5}"= UDP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max 2010 32-bit
"{81732BB1-76F6-4876-A28A-B0F7A977810A}"= TCP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max 2010 32-bit
"{81F3F4C1-DD0D-409A-98D3-69570245589F}"= UDP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max 2010 32-bit
"{36F822EA-F37D-440D-87BF-FCC0789AD8CF}"= TCP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max 2010 32-bit
"{18C8D750-53AA-4DF8-B6DB-A2605C11C40E}"= UDP:86:BroadCam Web Server
"{652248D8-BE0E-4DCA-AD7B-E0C0706D926A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D1B4F88F-50ED-405A-A6CC-27E3EA35774F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{9DA0B873-0E11-4CFA-9CA2-6C62A5A42793}"= UDP:c:\program files\Thunder Network\Thunder\Program\Thunder.exe:Thunder
"{BBE57DBB-D040-43B3-B7BA-A2FD2886D7D1}"= TCP:c:\program files\Thunder Network\Thunder\Program\Thunder.exe:Thunder
"{803541B9-C20F-46F6-B6E2-C06A75D67512}"= UDP:c:\program files\Thunder Network\Thunder\Program\Liveupdate\ThunderLiveUD.exe:Thunder LiveUpdate
"{77575CAD-779F-4820-85D3-2C5897746B61}"= TCP:c:\program files\Thunder Network\Thunder\Program\Liveupdate\ThunderLiveUD.exe:Thunder LiveUpdate
"{B3190357-4B73-4961-9193-506A609B9656}"= UDP:c:\aq\supdate.exe:SIDA.Connect
"{6AD63DC6-B0AE-4656-B2EC-B9332E73CCFE}"= TCP:c:\aq\supdate.exe:SIDA.Connect

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/04/03 20:41];c:\program files\CyberLink\PowerDVD8\000.fcl [05/03/2009 1:47 87536]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\System32\drivers\diginet.sys [18/02/2009 1:45 16400]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 5:36 86016]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [04/02/2009 2:58 208144]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [19/02/2008 3:15 106496]
S2 gupdate1c9c36be6dd4e70;Servizio di Google Update (gupdate1c9c36be6dd4e70);c:\program files\Google\Update\GoogleUpdate.exe [22/04/2009 7:00 133104]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 2:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 2:48 8320]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 6:46 284016]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [03/02/2009 5:57 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-AdobeBridge - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://google/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: ʹÓÃѸÀ×ÏÂÔØ - c:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - c:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: ?????? - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: ?????????? - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
TCP: {456BCF8F-B8B7-44C9-9FC9-31E04622AE59} = 85.37.17.57 85.38.28.80
FF - ProfilePath - c:\users\Klaude3d\AppData\Roaming\Mozilla\Firefox\Profiles\8rsu1hh0.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft Research\HD View\nphdview.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPC6Helper.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\users\Klaude3d\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 13:49
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-736386715-1995483522-3099797811-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77C79333-22E7-DB6E-EB65-829DEBBF482A}*]
"hafjbahbcoaekpmd"=hex:6b,61,61,69,66,68,69,6c,64,65,63,65,68,62,69,68,6c,61,
6a,6a,65,66,00,00
"ialklbndnjaglgoeih"=hex:6b,61,61,69,66,68,69,6c,64,65,63,65,68,62,69,68,6c,61,
6a,6a,65,66,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3588)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ASUS\AASP\1.00.46\aaCenter.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-16 13:58 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-16 11:58

Pre-Run: 29.257.060.352 byte disponibili
Post-Run: 29.091.123.200 byte disponibili

499 --- E O F --- 2009-07-15 09:43
Avatar utente
klaude4d
Aficionado
Aficionado
 
Messaggi: 146
Iscritto il: mar lug 14, 2009 11:07 pm

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda ste_95 » gio lug 16, 2009 1:47 pm

Carica questo file su http://www.virustotal.com.
c:\aq\supdate.exe

Hai riscaricato le applicazioni che non partono? Sei su Vista?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda klaude4d » ven lug 17, 2009 9:14 am

buongiorno ste spero ci sei, il file lo ho analozzato e i 41 antivirus non hanno trovato niente di anormale, si tratta del file che permette al programma sella scuola guida di aggiornare tramite i loro server le chede quiz.
ho rifatto combofix, posto il log ; mi aiuteresti a capire quali sono le righe a cui bisogna fare attenzione? i lo vedo come un log che riporta solo cio' che si avvia, i servizi, e i nuovi programmi installati in un ultimo periodo.

ComboFix 09-07-14.08 - Klaude3d 17/07/2009 9:54.1.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3070.2130 [GMT 2:00]
Eseguito da: c:\users\Klaude3d\Desktop\ararara.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2009-06-17 al 2009-07-17 )))))))))))))))))))))))))))))))))))
.

2009-07-16 18:48 . 2009-07-16 18:50 -------- d-s---w- C:\klaude
2009-07-16 18:44 . 2009-07-16 18:44 -------- d-s---w- C:\ComboFix
2009-07-16 11:58 . 2009-07-17 08:00 -------- d-----w- c:\users\Klaude3d\AppData\Local\temp
2009-07-15 10:23 . 2009-07-16 22:22 -------- d-----w- C:\FindyKill
2009-07-15 06:07 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 06:07 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 06:07 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 06:07 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 13:41 . 2009-07-13 13:41 -------- d-----w- c:\users\Klaude3d\AppData\Local\Apple
2009-07-12 04:36 . 2009-07-12 04:39 -------- d-sh--w- c:\users\Klaude3d\Phone Browser
2009-07-11 00:41 . 2009-07-11 00:41 -------- d-----w- c:\users\Klaude3d\AppData\Local\Autodesk
2009-07-10 22:36 . 2009-07-15 22:31 -------- d-----w- c:\users\Klaude3d\AppData\Local\Adobe
2009-07-10 21:38 . 2009-07-15 22:41 -------- d-----w- c:\users\Klaude3d\AppData\Local\Apple Computer
2009-07-09 12:00 . 2009-07-09 12:00 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Malwarebytes
2009-07-09 12:00 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 12:00 . 2009-07-15 09:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 12:00 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 12:00 . 2009-07-09 12:00 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-09 10:42 . 2009-07-09 11:50 -------- d-----w- c:\windows\Symbols
2009-07-09 09:55 . 2009-07-09 11:35 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-07-08 23:11 . 2009-07-08 23:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-08 22:44 . 2009-07-08 22:44 20914549 ----a-w- c:\users\Klaude3d\AppData\Roaming\Nokia\Nokia Download!\Temp\Nokia_Download_newUI_2.1.19.0_setup.exe
2009-06-28 15:45 . 2009-06-28 15:45 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-06-28 15:41 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-26 22:42 . 2009-06-26 22:42 -------- d-----w- c:\progra~2\Thunder Network
2009-06-26 22:42 . 2009-06-26 23:09 -------- d-----r- C:\TDDOWNLOAD
2009-06-26 22:40 . 2009-06-26 22:40 20 ----a-w- c:\windows\system32\pub_store.dat
2009-06-26 22:40 . 2009-06-26 22:40 -------- d-----w- c:\program files\Common Files\Thunder Network
2009-06-26 22:40 . 2009-06-26 22:40 -------- d-----w- c:\program files\Thunder Network
2009-06-21 12:10 . 2009-06-21 12:10 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\AVS4YOU
2009-06-21 12:10 . 2009-06-21 12:10 -------- d-----w- c:\progra~2\AVS4YOU
2009-06-21 12:08 . 2009-06-21 13:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-21 12:08 . 2009-07-15 10:47 -------- d-----w- c:\program files\AVS4YOU
2009-06-17 22:20 . 2009-07-05 12:11 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\MessengerDiscovery 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 07:53 . 2009-02-05 18:37 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Skype
2009-07-17 04:16 . 2009-02-07 17:13 -------- d-----w- c:\progra~2\Google Updater
2009-07-16 22:03 . 2009-02-05 18:40 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\skypePM
2009-07-16 18:23 . 2006-11-06 01:52 670772 ----a-w- c:\windows\system32\perfh010.dat
2009-07-16 18:23 . 2006-11-06 01:52 123414 ----a-w- c:\windows\system32\perfc010.dat
2009-07-16 12:28 . 2009-04-09 15:54 -------- d-----w- c:\program files\Nokia
2009-07-15 23:47 . 2009-05-24 16:36 -------- d-----w- c:\progra~2\AQ
2009-07-15 09:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 09:43 . 2009-02-05 23:05 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-13 21:37 . 2009-03-30 17:51 -------- d-----w- c:\program files\Safari
2009-07-10 09:11 . 2009-02-06 00:46 -------- d-----w- c:\program files\MSN Messenger
2009-07-10 09:11 . 2009-02-04 09:18 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-09 09:19 . 2009-02-03 22:56 -------- d-----w- c:\program files\Trillian
2009-07-08 23:24 . 2009-04-09 16:01 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-08 23:24 . 2009-04-09 15:59 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-08 23:23 . 2009-04-09 16:04 -------- d-----w- c:\progra~2\Installations
2009-07-08 12:25 . 2009-04-14 00:03 -------- d-----w- c:\progra~2\Nokia
2009-07-08 12:10 . 2009-04-09 16:09 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Nokia
2009-07-08 08:48 . 2009-04-10 01:55 -------- d-----w- c:\program files\WebcamMax
2009-06-28 17:10 . 2009-02-04 12:58 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\USBSafelyRemove
2009-06-28 16:06 . 2009-06-28 16:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-06-28 16:06 . 2009-02-03 15:23 143152 ----a-w- c:\users\Klaude3d\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 15:41 . 2009-04-09 15:59 -------- d-----w- c:\program files\DIFX
2009-06-28 15:27 . 2009-06-28 15:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-06-21 21:56 . 2009-05-31 12:23 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\NCH Software
2009-06-21 21:55 . 2009-05-31 12:23 -------- d-----w- c:\progra~2\NCH Software
2009-06-21 12:30 . 2009-05-24 16:52 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Juce VST Host
2009-06-21 12:28 . 2009-02-04 09:19 -------- d-----w- c:\program files\MessengerDiscovery
2009-06-21 12:23 . 2009-02-03 23:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 11:54 . 2009-06-21 11:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-21 11:53 . 2009-02-16 23:40 -------- d-----w- c:\program files\DirectVobSub
2009-06-21 11:53 . 2009-02-16 23:45 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2009-06-21 11:52 . 2009-02-16 23:45 -------- d-----w- c:\program files\CD Audio Reader Filter
2009-06-21 11:52 . 2009-02-16 23:43 -------- d-----w- c:\program files\SHOUTcast Source
2009-06-21 11:52 . 2009-02-16 23:42 -------- d-----w- c:\program files\DSP-worx
2009-06-21 11:52 . 2009-06-08 11:06 -------- d-----w- c:\program files\DivX
2009-06-21 11:52 . 2009-02-16 23:45 -------- d-----w- c:\program files\RealMedia
2009-06-21 11:51 . 2009-06-08 11:07 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\DivX
2009-06-11 03:39 . 2009-06-08 16:30 -------- d-----w- c:\program files\iTunes
2009-06-11 03:39 . 2009-06-11 03:39 -------- d-----w- c:\program files\iPod
2009-06-11 03:39 . 2009-04-06 16:54 -------- d-----w- c:\program files\Common Files\Apple
2009-06-11 03:38 . 2009-02-06 11:18 -------- d-----w- c:\program files\QuickTime
2009-06-10 23:14 . 2009-02-06 11:24 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Apple Computer
2009-06-08 16:30 . 2009-02-06 11:18 -------- d-----w- c:\progra~2\Apple Computer
2009-06-08 11:06 . 2009-02-05 19:50 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-08 11:06 . 2009-06-08 11:06 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-07 09:52 . 2009-06-07 09:52 -------- d-----w- c:\program files\NetworkActiv PIAFCTM 1.5
2009-06-02 16:11 . 2009-06-21 11:54 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-31 18:20 . 2009-05-31 18:19 -------- d-----w- c:\program files\Total Video Converter
2009-05-31 12:23 . 2009-05-31 12:23 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\NCH Swift Sound
2009-05-31 12:21 . 2009-05-31 12:21 58949 ----a-w- c:\users\Klaude3d\ia_remove.sh0254.tmp
2009-05-31 11:26 . 2009-05-31 11:26 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-30 16:48 . 2009-05-18 21:43 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Nseries
2009-05-30 16:00 . 2009-05-30 16:00 297984 ----a-w- c:\windows\system32\LTKRN10N.DLL
2009-05-29 22:41 . 2009-02-05 18:10 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Autodesk
2009-05-29 22:41 . 2009-02-05 18:03 -------- d-----w- c:\progra~2\Autodesk
2009-05-29 21:59 . 2009-02-24 01:54 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Camfrog
2009-05-29 21:37 . 2009-06-21 11:54 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-06-21 11:54 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-29 11:36 . 2009-05-29 11:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 11:36 . 2009-05-29 11:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-28 18:29 . 2009-02-05 22:34 -------- d-----w- c:\progra~2\FLEXnet
2009-05-28 18:22 . 2009-02-05 18:03 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-05-28 18:18 . 2009-02-05 18:02 -------- d-----w- c:\program files\Autodesk
2009-05-27 21:46 . 2009-05-27 21:40 -------- d-----w- c:\program files\AutoCAD 2009
2009-05-26 01:56 . 2009-02-07 17:13 -------- d-----w- c:\program files\Google
2009-05-25 23:12 . 2009-05-25 23:12 -------- d-----w- c:\program files\Avira
2009-05-25 23:12 . 2009-05-25 23:12 -------- d-----w- c:\progra~2\Avira
2009-05-24 17:19 . 2009-03-19 18:31 -------- d-----w- c:\program files\Opera
2009-05-24 01:10 . 2009-05-24 01:10 -------- d-----w- c:\progra~2\TechSmith
2009-05-24 01:10 . 2009-05-24 01:10 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-05-24 01:10 . 2009-05-24 01:10 -------- d-----w- c:\program files\TechSmith
2009-05-23 23:21 . 2009-05-23 23:21 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\muvee Technologies
2009-05-23 23:21 . 2009-05-23 23:21 -------- d-----w- c:\progra~2\muvee Technologies
2009-05-22 23:11 . 2009-05-22 23:11 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Babylon
2009-05-22 23:11 . 2009-05-22 23:11 -------- d-----w- c:\progra~2\Babylon
2009-05-21 22:29 . 2009-04-30 00:02 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\OpenWith.org Cache
2009-05-18 22:49 . 2009-05-18 22:47 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\dvdcss
2009-05-11 10:47 . 2009-05-11 10:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-05 18:37 . 2009-02-03 23:59 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-03 13:40 . 2009-05-03 13:05 5 ----a-w- c:\windows\sbacknt.bin
2009-05-03 13:27 . 2009-05-03 13:27 152904 ----a-w- c:\windows\system32\vghd.scr
2009-05-01 21:02 . 2009-06-21 11:54 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-06-21 11:54 685056 ----a-w- c:\windows\system32\divx.dll
2009-04-30 12:37 . 2009-06-11 01:24 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-11 01:24 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-24 16:05 . 2009-06-10 02:56 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 02:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 02:55 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-10 02:56 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 02:55 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 02:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-20 15:14 . 2009-04-20 15:14 368640 ----a-w- c:\windows\system32\ReWire.dll
2009-06-24 16:22 . 2009-02-03 16:06 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2009-01-04 743936]
"SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2006-09-09 990208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Camtasia Recorder"="c:\program files\TechSmith\Camtasia Studio 6\CamRecorder.exe" [2008-10-10 2678104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"Camfrog"="c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 36352]
"Google Update"="c:\users\Klaude3d\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-03 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-02-25 37888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-07-09 15872]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\users\Klaude3d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CamRecorder.exe [2004-3-29 1208320]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
SIDA.Connect.lnk - c:\aq\supdate.exe [2008-12-10 2151936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^C6 Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\C6 Messenger.lnk
backup=c:\windows\pss\C6 Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Klaude3d^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=c:\users\Klaude3d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNK.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Klaude3d^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skype.lnk]
path=c:\users\Klaude3d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
backup=c:\windows\pss\Skype.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-736386715-1995483522-3099797811-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C9AA8625-2775-4BE3-B22E-EA7AB9301DDC}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{2E21C932-C153-47E8-8425-75C5E02D4963}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{27FA73E1-B0C1-43AA-A03E-3E41F41D7449}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{C6BAFD06-DC36-40B9-B3C7-6E68F7EF259A}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{83759BA0-7AEB-47D3-A7C4-0810D871DA42}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"TCP Query User{B642A33D-7A96-4BE2-8A9F-2ED2EAE19C22}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{65DC7B7B-DE10-42F9-B673-A1DD6B3DCA1A}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"TCP Query User{E79B185D-420E-431E-9589-4E6E39230FCD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{E1FC2BC2-B904-4869-90AC-7F060EA864A1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{A849A248-80C9-4A37-926E-F5381B6A064D}c:\\users\\klaude3d\\desktop\\emule\\emule.exe"= UDP:c:\users\klaude3d\desktop\emule\emule.exe:emule.exe
"UDP Query User{CB89BD28-C45E-45BA-998D-9E55B8144F24}c:\\users\\klaude3d\\desktop\\emule\\emule.exe"= TCP:c:\users\klaude3d\desktop\emule\emule.exe:emule.exe
"{BBE9F3AD-F195-4CB0-B4D0-F3B85AEC6752}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0BF80177-884C-4CAD-A1BC-26A0A045C4D4}"= UDP:5353:Adobe CSI CS4
"{BFF560FD-31C0-487E-B08E-502B90E1B215}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{9EB671B6-EFC4-43FF-AB0B-3ACA4F847963}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{CFDEC7C7-FA92-4110-BF47-843FABB49699}"= UDP:3703:Adobe Version Cue CS4 Server
"{0A4FC547-467E-4014-B814-5E5EB2FF690F}"= UDP:3704:Adobe Version Cue CS4 Server
"{022FECC8-AF00-4A39-A4D0-E05304CBD2C7}"= UDP:51000:Adobe Version Cue CS4 Server
"{9E627405-3275-4D16-91D1-20782AEA035E}"= UDP:51001:Adobe Version Cue CS4 Server
"{85BCE220-73D5-4A59-96C1-0F38AC7BE05B}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{1BD8E142-9594-475E-83AA-A15E65DEF829}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{6EDDD184-E6D9-4317-AA84-39A7A9C91A3A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{77DE7EF1-9700-40F3-B5DD-FA00CC563F85}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6EBCA6E1-61F4-46F8-8292-937817B130AE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D06DDC06-8A67-4BBF-8046-38D6894D177D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{339E7B55-A4B0-4DDA-83F3-AC5FEB63D664}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{88085790-D132-4718-B1B1-C90AAF3C5D1D}c:\\program files\\next limit\\realflow4\\realflow.exe"= UDP:c:\program files\next limit\realflow4\realflow.exe:realflow
"UDP Query User{C3757EB5-C4AC-480A-90DF-C6AF4496237D}c:\\program files\\next limit\\realflow4\\realflow.exe"= TCP:c:\program files\next limit\realflow4\realflow.exe:realflow
"TCP Query User{17F06F46-A6A6-4DB9-A924-4789B3DCE711}c:\\users\\klaude3d\\desktop\\power-script.0.2.1\\mirc.exe"= UDP:c:\users\klaude3d\desktop\power-script.0.2.1\mirc.exe:mirc.exe
"UDP Query User{6A738567-1673-416B-A95E-AD361D96012A}c:\\users\\klaude3d\\desktop\\power-script.0.2.1\\mirc.exe"= TCP:c:\users\klaude3d\desktop\power-script.0.2.1\mirc.exe:mirc.exe
"TCP Query User{AC7DCB96-374F-4F38-B97F-1A024ECB694C}c:\\power-script.0.2.1\\mirc.exe"= UDP:c:\power-script.0.2.1\mirc.exe:PoWeR-Script
"UDP Query User{74F13F3C-D7D7-4CAD-901E-D997C208F42E}c:\\power-script.0.2.1\\mirc.exe"= TCP:c:\power-script.0.2.1\mirc.exe:PoWeR-Script
"TCP Query User{C0F075D4-53DF-4D11-AAB7-C1336B857426}c:\\flashcad_composer\\flashcad.exe"= UDP:c:\flashcad_composer\flashcad.exe:FlashCAD
"UDP Query User{9712F55B-8C69-4495-84D2-2434D776D732}c:\\flashcad_composer\\flashcad.exe"= TCP:c:\flashcad_composer\flashcad.exe:FlashCAD
"{26B86C2A-4476-4E51-861D-D64FD76FACE8}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{D65D46F2-6FC1-4A59-99A6-270A3631BD61}c:\\flashcad\\flashcad.exe"= UDP:c:\flashcad\flashcad.exe:FlashCAD
"UDP Query User{8E835343-E529-4E16-B46D-868E8011EEF1}c:\\flashcad\\flashcad.exe"= TCP:c:\flashcad\flashcad.exe:FlashCAD
"TCP Query User{9D9A88B1-B8F4-45FB-9102-FEE52081D9F2}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{157429BE-6144-47A5-BB7E-C2DAB8A8E85F}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"{8FFAEE71-5F3A-4164-9AEB-121088906BE1}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{160AF601-6BD6-446C-B699-D89123F9568D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{874410AB-B1FB-4675-8273-F9474BACC5E3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{990C1BD5-18A6-40AD-916B-AC4BA07AC682}"= Disabled:UDP:443:Porta TCP ooVoo 443
"{4D8E1ADF-94C4-438B-9222-1808DE785D5F}"= Disabled:TCP:443:Porta UDP ooVoo 443
"{969E62F6-92AF-4D52-8D38-E8FFDD06D4F9}"= Disabled:UDP:37674:Porta TCP ooVoo 37674
"{43A7F9F8-A1FE-470A-9313-DC05D0509747}"= Disabled:TCP:37674:Porta UDP ooVoo 37674
"{3D1DF0B0-168E-4A48-B7AC-52DDFC0E227E}"= Disabled:TCP:37675:Porta UDP ooVoo 37675
"TCP Query User{DFD0E3EE-7FC5-431C-9A2B-B33A0F895CAB}c:\\c6 messenger\\plugin\\fsmodule\\c6filesharing.exe"= UDP:c:\c6 messenger\plugin\fsmodule\c6filesharing.exe:C6 Scambia File
"UDP Query User{48E999EC-A6E2-4D5F-8972-2932F20B4195}c:\\c6 messenger\\plugin\\fsmodule\\c6filesharing.exe"= TCP:c:\c6 messenger\plugin\fsmodule\c6filesharing.exe:C6 Scambia File
"{13B629EF-0A0D-407C-B5E0-FA891EB3FCCD}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FEC07F1C-82C1-476F-8359-E42B25EACB29}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{897E0A5E-5DF2-423B-AB0D-513F4E08DD08}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{B8BB78E7-61A2-4777-998F-5D58F7FD8195}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{60562E9F-0AC1-43BF-86EB-AF080E3EA4B3}c:\\c6 messenger\\plugin\\fsmodule\\c6filesharing.exe"= UDP:c:\c6 messenger\plugin\fsmodule\c6filesharing.exe:C6 Scambia File
"UDP Query User{2EA7BE2F-B4A2-4E25-8F30-A47CD99812AE}c:\\c6 messenger\\plugin\\fsmodule\\c6filesharing.exe"= TCP:c:\c6 messenger\plugin\fsmodule\c6filesharing.exe:C6 Scambia File
"{0DBDED3A-43F6-498F-A6AF-2F25A38CADD0}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{95FFBFE6-1EB0-4BF4-824A-B587C88BA141}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8D7900B8-508B-4199-9FD8-BDE0F72037E7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B5D3A034-1DBD-4FBE-BEE5-CA528381C2C5}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{71692943-05EE-4314-9D19-AEE20B4EFDEF}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{38C784F0-9F01-4A88-9CAA-77993D6DC4C0}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{D2860F82-4550-40F2-850B-C75791C3CF07}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{DD8B68BA-9BC7-4076-969A-DC8BFAEAE692}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{FA5F14F3-798E-4009-A570-4E0D1E6CA19C}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{2D35C5EE-7FD0-4975-AC49-D5A3F86C6627}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{8650FC83-D8C2-4FA6-B354-F22A71011E48}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{4AB7A7AC-5A32-4529-BFA3-9EA9F834A1FA}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{4487C37E-746E-4C32-83B7-ECC0346E6F08}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{3CFE7E57-63D6-468A-A592-380EBE142A07}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{4E51B7DF-293A-4C96-AE2E-54C118316F17}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{88508258-BFA9-4A79-9553-E69DA8D5C82F}"= UDP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{0D0C84CA-61F6-40BD-BA7F-A91041BB1D37}"= TCP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{81FD4A1E-D97F-4FBB-9679-7C3637558B56}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{C176CF59-24A8-4D0A-B153-5892FC937CD2}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{87DD530E-5BE3-4C5E-94C6-2A43F3D3BB8D}"= UDP:c:\users\Klaude3d\Downloads\guardian.sisx:guardian
"{1329BB00-B379-48CC-84FF-CBCE40D707C3}"= TCP:c:\users\Klaude3d\Downloads\guardian.sisx:guardian
"{171760A2-6405-491E-ABAC-A3C641AABCCD}"= UDP:c:\program files\Nokia\PC Connectivity Solution\NclInstaller.exe:NclInstaller
"{6146B3A0-35EE-42E0-A634-CB7C3FB8ECE3}"= TCP:c:\program files\Nokia\PC Connectivity Solution\NclInstaller.exe:NclInstaller
"TCP Query User{8E17B86B-8FA6-42DE-9199-BDCC9FDE7636}c:\\program files\\icuii\\icuii.exe"= Disabled:UDP:c:\program files\icuii\icuii.exe:ICUII Video Chat Client
"UDP Query User{65346FDF-4A57-4EE9-BBE2-AD290C353FAF}c:\\program files\\icuii\\icuii.exe"= Disabled:TCP:c:\program files\icuii\icuii.exe:ICUII Video Chat Client
"{DDAD558A-750A-4B2A-A3AF-C0AD93A5F397}"= Disabled:UDP:c:\program files\Total Uninstall 5\Tu.exe:Total Uninstall 5
"{6B194647-8990-47C0-80AA-16EC19F7994A}"= Disabled:TCP:c:\program files\Total Uninstall 5\Tu.exe:Total Uninstall 5
"{671B7ADE-6E19-4B87-9CC1-4BBC23C391D1}"= Disabled:UDP:c:\program files\Total Uninstall 5\TuAgent.exe:TuAgent
"{050E5619-2E91-422B-B1AB-8E0317918EF4}"= Disabled:TCP:c:\program files\Total Uninstall 5\TuAgent.exe:TuAgent
"{34F52D46-79F7-4781-99C0-9923FCA153F3}"= Disabled:UDP:c:\program files\Total Uninstall 5\TuStarter.exe:TuStarter
"{1CB99F34-E2AF-40A4-A763-C08FD08EE565}"= Disabled:TCP:c:\program files\Total Uninstall 5\TuStarter.exe:TuStarter
"TCP Query User{65A1DA3A-0942-4080-A3DA-E0F1A78AC4E0}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{275E2F3E-8FE0-4EE5-B893-DE3428A905FF}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{4CBC4944-BC6E-48CD-AFA5-15FEF875A57A}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{8CE6BB3E-1A1A-44D7-98B0-9F17E20C2B7E}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{0D9E3424-099B-4C50-B3D4-627AEB6ED8ED}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{877D84F0-488D-4D2D-9DFB-996A1E1767D4}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{3F79E6EF-9669-40EB-AB5E-97D1E32AFC05}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{5ED57799-5E5B-4FCB-85A9-1DBA1C539354}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{4C455322-C205-413E-9B1E-E67D1D68F58C}c:\\program files\\amsn\\bin\\wish.exe"= UDP:c:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{1B131684-0ACD-4C0F-8B3B-E041786BF558}c:\\program files\\amsn\\bin\\wish.exe"= TCP:c:\program files\amsn\bin\wish.exe:Wish Application
"TCP Query User{B052CE0B-8E78-4188-B17A-8A47E6ADD2A3}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{69794E02-85ED-4015-BC13-7CDF467EA35D}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"{B84819F4-BF99-41BF-8F55-E291C5D5F065}"= UDP:c:\windows\Temp\~os7060.tmp\ossproxy.exe:ossproxy.exe
"{3F5139DF-9B37-41FE-A3B7-26EFB19A1827}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{E3CB033A-5202-4C27-AB98-1F2BB008200A}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{CCA776D8-4B25-4E9E-9B1C-4AD1723DAF50}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{BB797303-0D80-423B-9885-8AB4264C57B5}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{24A67AD6-1B6B-4598-B9B6-C213ADB77676}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{5BC04D40-78BF-4796-9F32-8521834C2D3A}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{2ADC481D-6D93-4DF3-AA84-AADE86B79047}"= UDP:c:\program files\Autodesk\3ds Max 2010\3dsmax.exe:Autodesk 3ds Max 2010 32-bit
"{94620FC5-91A4-4900-B020-58415F1E5264}"= TCP:c:\program files\Autodesk\3ds Max 2010\3dsmax.exe:Autodesk 3ds Max 2010 32-bit
"{8250D3D7-FE69-4C92-8F0A-B9BC997147D5}"= UDP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max 2010 32-bit
"{81732BB1-76F6-4876-A28A-B0F7A977810A}"= TCP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max 2010 32-bit
"{81F3F4C1-DD0D-409A-98D3-69570245589F}"= UDP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max 2010 32-bit
"{36F822EA-F37D-440D-87BF-FCC0789AD8CF}"= TCP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max 2010 32-bit
"{18C8D750-53AA-4DF8-B6DB-A2605C11C40E}"= UDP:86:BroadCam Web Server
"{652248D8-BE0E-4DCA-AD7B-E0C0706D926A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D1B4F88F-50ED-405A-A6CC-27E3EA35774F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{9DA0B873-0E11-4CFA-9CA2-6C62A5A42793}"= UDP:c:\program files\Thunder Network\Thunder\Program\Thunder.exe:Thunder
"{BBE57DBB-D040-43B3-B7BA-A2FD2886D7D1}"= TCP:c:\program files\Thunder Network\Thunder\Program\Thunder.exe:Thunder
"{803541B9-C20F-46F6-B6E2-C06A75D67512}"= UDP:c:\program files\Thunder Network\Thunder\Program\Liveupdate\ThunderLiveUD.exe:Thunder LiveUpdate
"{77575CAD-779F-4820-85D3-2C5897746B61}"= TCP:c:\program files\Thunder Network\Thunder\Program\Liveupdate\ThunderLiveUD.exe:Thunder LiveUpdate
"{B3190357-4B73-4961-9193-506A609B9656}"= UDP:c:\aq\supdate.exe:SIDA.Connect
"{6AD63DC6-B0AE-4656-B2EC-B9332E73CCFE}"= TCP:c:\aq\supdate.exe:SIDA.Connect

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/04/03 20:41];c:\program files\CyberLink\PowerDVD8\000.fcl [05/03/2009 1:47 87536]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\System32\drivers\diginet.sys [18/02/2009 1:45 16400]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 5:36 86016]
S2 gupdate1c9c36be6dd4e70;Servizio di Google Update (gupdate1c9c36be6dd4e70);c:\program files\Google\Update\GoogleUpdate.exe [22/04/2009 7:00 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 2:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 2:48 8320]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 6:46 284016]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [03/02/2009 5:57 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: ʹÓÃѸÀ×ÏÂÔØ - c:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - c:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: ?????? - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: ?????????? - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
FF - ProfilePath - c:\users\Klaude3d\AppData\Roaming\Mozilla\Firefox\Profiles\8rsu1hh0.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft Research\HD View\nphdview.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPC6Helper.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\users\Klaude3d\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 10:00
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-736386715-1995483522-3099797811-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77C79333-22E7-DB6E-EB65-829DEBBF482A}*]
"hafjbahbcoaekpmd"=hex:6b,61,61,69,66,68,69,6c,64,65,63,65,68,62,69,68,6c,61,
6a,6a,65,66,00,00
"ialklbndnjaglgoeih"=hex:6b,61,61,69,66,68,69,6c,64,65,63,65,68,62,69,68,6c,61,
6a,6a,65,66,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-07-17 10:02
ComboFix-quarantined-files.txt 2009-07-17 08:02

Pre-Run: 13.302.132.736 byte disponibili
Post-Run: 13.271.547.904 byte disponibili

456 --- E O F --- 2009-07-15 09:43


grazie per il tuo sostegno.
Avatar utente
klaude4d
Aficionado
Aficionado
 
Messaggi: 146
Iscritto il: mar lug 14, 2009 11:07 pm

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda ste_95 » ven lug 17, 2009 9:30 am

Nel log non si vedono infatti anomalie di alcun genere.
ste_95 ha scritto:Hai riscaricato le applicazioni che non partono? Sei su Vista?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda klaude4d » ven lug 17, 2009 11:09 pm

scusate la domanda!!! ho riffatto la scancsione con kaspersky e mi ha trovato ancora 2 file infetti :
C:\PoWeR-Script.0.2.1\mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631
C:\Program Files\NetworkActiv PIAFCTM 1.5\NetworkActivPIAFCTMv1.5.exe Infected: not-a-virus:NetTool.Win32.Piafctm.152

come devo comportarmi in avenger? devo impartire file to delete oppure un altro comando visto che si tratta per il primo di un programma di scarico e il secondo non so cosa sia?

grazie dell'aiuto.
Avatar utente
klaude4d
Aficionado
Aficionado
 
Messaggi: 146
Iscritto il: mar lug 14, 2009 11:07 pm

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda ste_95 » sab lug 18, 2009 8:03 am

Non ti preoccupare, come dice anche la scansione, sono "not-a-virus". E riguardo alle mie domande? [rolleyes]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda klaude4d » dom lug 19, 2009 10:43 am

li ho riscaricati e installati, ho vista, ma ancora orologio non e' tornato a segnare il tempo giusto.e la finestra che dovrebbe venire fuori quando avvii il pc in ci dice windows ha bloccato alcuni programmi in esecuzione automatica se ci clikko mi da applicazione win32 non valida credo che ancora qualcosa ce che non và che fare?
Avatar utente
klaude4d
Aficionado
Aficionado
 
Messaggi: 146
Iscritto il: mar lug 14, 2009 11:07 pm

Re: SCIPT AVENGER CHI PUO' AIUTARMI A IMPARTIRE I COMANDI ?

Messaggioda ste_95 » dom lug 19, 2009 10:48 am

Usa FindyKill con l'opzione 2 come spiegato qui:
http://www.MegaLab.it/3724/3/il-worm-ba ... -rimozione
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 15 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising