Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Non riesco a capire cosa sta' succedendo Pc impazzito!!!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Non riesco a capire cosa sta' succedendo Pc impazzito!!!

Messaggioda klaude4d » mer ago 12, 2009 9:42 am

salve ragazzi tempo fa' circa un mese ho contratto il beagle, antivirus bloccato etc. credevo di averlo debellato ma credo non sia cosi.
Da ieri il pc e' impazzito, navigazione lenta non apre piu alcune pagine, ma la cosa piu grave e' che on riesco a fare piu online scanner di kaspersky, icon ie neanke dice che e' attivato senza componenti aggiuntivi ma sono tutti attivati.
Ieri mentre provavo a fare una scansione con malverbyte per caso vado a vedere gestione attività mi ritrovo qualcosa come 1832 processi conime.exe pero' al riavvio sono spariti consigli? cosa e' successo ? non so se ho un virus o cosa e' successo cosa posso seguire per ripristinare il funzionamento dello scanner online? dimenticavo che prima di tutto questo ricevevo molto spesso il messaggio "processo host di windows rundll32 ha smesso di funzionare"
Avatar utente
klaude4d
Aficionado
Aficionado
 
Messaggi: 146
Iscritto il: mar lug 14, 2009 11:07 pm

Re: Non riesco a capire cosa sta' succedendo Pc impazzito!!!

Messaggioda crazy.cat » mer ago 12, 2009 9:51 am

Cominciamo con il vedere un log della scansione di combofix.
Poi vedremo come proseguire.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Non riesco a capire cosa sta' succedendo Pc impazzito!!!

Messaggioda klaude4d » mer ago 12, 2009 10:09 am

lo eseguo in provvisoria o va bene anche come amministratore normale ?^ l ho eseguito in modalita' amministratore non da provvisoria mi ha detto aggiornamento critico necessario, si riavvierà poi impossibile trvare il file combofix verificare il percorso del file e che esista 1!!!!

brutto presagio ?
Ultima modifica di klaude4d il mer ago 12, 2009 10:12 am, modificato 1 volta in totale.
Avatar utente
klaude4d
Aficionado
Aficionado
 
Messaggi: 146
Iscritto il: mar lug 14, 2009 11:07 pm


Re: Non riesco a capire cosa sta' succedendo Pc impazzito!!!

Messaggioda crazy.cat » mer ago 12, 2009 10:10 am

Fai come utente normale, niente provvisoria.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Non riesco a capire cosa sta' succedendo Pc impazzito!!!

Messaggioda klaude4d » mer ago 12, 2009 10:28 am

ho scaricato ultima versione da bleeping l ho avviato ma mi sono fermato perche avira mi ha trovato 2 errori : virus elicar - test - signature , 2 volte che faccio? con l avvio di combofix ho notato poi anche che la rete locale ora mi dice non identificata come proseguo ?
Avatar utente
klaude4d
Aficionado
Aficionado
 
Messaggi: 146
Iscritto il: mar lug 14, 2009 11:07 pm

Re: Non riesco a capire cosa sta' succedendo Pc impazzito!!!

Messaggioda klaude4d » mer ago 12, 2009 10:52 am

ok posto il rapporto combo fix, devo fare una precisazione che dopo tutto il processo di combo quando ho riaperto i programmi tipo firefox safari etc. mi diceva impossibile aprire applicazione desideri rimuoverlo?

ComboFix 09-08-10.06 - Klaude3d 12/08/2009 11.30.10.1.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3070.1364 [GMT 2:00]
Eseguito da: c:\users\Klaude3d\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt


.
((((((((((((((((((((((((( Files Creati Da 2009-07-12 al 2009-08-12 )))))))))))))))))))))))))))))))))))
.

2009-08-12 09:39 . 2009-08-12 09:39 -------- d-----w- c:\users\SS-Dobermann-SS\AppData\Local\temp
2009-08-12 09:39 . 2009-08-12 09:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-11 21:58 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-11 21:58 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-11 21:58 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-11 21:58 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-11 21:58 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-11 21:58 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-11 21:58 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-11 21:58 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-11 21:56 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 21:56 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 21:56 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 21:56 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 21:56 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 21:56 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 21:56 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 21:56 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 14:35 . 2009-08-11 14:35 -------- d-----w- c:\windows\system32\dllcache
2009-08-10 16:53 . 2009-08-10 16:53 -------- d-----w- c:\program files\Defraggler
2009-08-10 12:41 . 2009-08-10 12:40 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-10 12:40 . 2009-08-10 13:30 -------- d-----w- c:\users\Klaude3d\.housecall6.6
2009-08-09 18:05 . 2009-08-09 18:08 -------- d-----w- c:\users\Klaude3d\{11b30d6b-7372-43f8-8f8f-3967e6b452f0}
2009-08-09 17:57 . 2007-04-10 12:37 212392 ----a-w- c:\windows\system32\drivers\FeroASD504.bin
2009-08-09 17:57 . 2007-04-10 12:37 212392 ----a-w- c:\windows\system32\drivers\FeroASD503.bin
2009-08-09 17:57 . 2007-04-10 10:03 234456 ----a-w- c:\windows\system32\drivers\FeroSD406.bin
2009-08-09 17:57 . 2006-01-04 09:42 212392 ----a-w- c:\windows\system32\drivers\FeroDSD401.bin
2009-08-09 17:57 . 2005-11-07 15:42 212392 ----a-w- c:\windows\system32\drivers\FeroASD401.bin
2009-08-09 17:57 . 2005-08-29 13:42 234456 ----a-w- c:\windows\system32\drivers\FeroSD405.bin
2009-08-09 17:47 . 2009-08-09 17:49 -------- d-----w- c:\users\Klaude3d\{960dfebd-7df3-4912-ad5a-598d735c7ab7}
2009-08-07 11:58 . 2009-08-07 11:59 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\MAGIX
2009-08-07 11:56 . 2003-04-18 13:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-08-07 11:54 . 2009-08-07 11:57 -------- d-----w- c:\windows\system32\MAGIX
2009-08-07 11:54 . 2009-08-07 11:56 -------- d-----w- C:\MAGIX
2009-08-07 11:54 . 2002-09-20 21:33 1089536 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-08-07 11:54 . 1999-01-28 11:44 49152 ----a-w- c:\windows\system32\INETWH32.dll
2009-08-07 11:54 . 1998-10-15 14:28 85504 ----a-w- c:\windows\system32\HtmlWH.dll
2009-08-06 22:10 . 2005-09-15 14:55 458752 ----a-w- c:\windows\system32\mgxoschk.dll
2009-08-06 13:39 . 2009-08-06 13:39 -------- d-----w- c:\program files\Algorithmix
2009-08-06 13:33 . 1999-07-22 10:23 36864 ------w- c:\windows\Algoui.exe
2009-08-06 10:59 . 2009-08-06 11:03 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Luxology
2009-08-06 10:57 . 2009-08-06 16:33 -------- d-----w- c:\program files\Luxology
2009-08-06 10:55 . 2009-08-06 10:55 -------- d-----w- c:\users\Klaude3d\AppData\Local\Downloaded Installations
2009-08-04 21:36 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-08-04 10:10 . 2008-06-11 08:47 9022288 ----a-w- c:\users\Klaude3d\AppData\Roaming\TomTom\HOME\Profiles\yuu3fbhm.default\extensions\Navcore.8.010.9369@tomtom.com\8-010-9369-1.dll
2009-08-04 09:53 . 2009-08-04 09:53 -------- d-----w- c:\progra~2\TomTom
2009-08-04 09:52 . 2009-08-04 09:52 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\TomTom
2009-08-04 09:52 . 2009-08-04 09:52 -------- d-----w- c:\users\Klaude3d\AppData\Local\TomTom
2009-08-04 09:51 . 2009-08-04 09:51 -------- d-----w- c:\program files\TomTom International B.V
2009-08-04 09:51 . 2009-08-04 09:51 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-04 09:50 . 2009-08-04 09:50 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-07-31 23:09 . 2009-08-10 22:23 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\vlc
2009-07-28 20:26 . 2009-07-28 20:26 -------- d-----w- c:\users\Klaude3d\AppData\Local\Nero
2009-07-26 22:31 . 2009-07-26 22:31 -------- d-----w- c:\program files\SIM Secretary
2009-07-26 22:12 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-07-26 21:54 . 2003-06-03 09:51 34825 ----a-w- c:\windows\system32\drivers\IMT0521.sys
2009-07-26 21:54 . 2009-07-26 21:57 -------- d-----w- c:\users\Klaude3d\{68b4e33b-4ba4-48a1-bd4e-2aee92bf79b9}
2009-07-26 18:11 . 2009-07-26 18:11 -------- d-----w- c:\users\Klaude3d\AppData\Local\Activision
2009-07-26 17:43 . 2009-07-26 17:43 -------- d-----w- c:\program files\Activision
2009-07-23 22:08 . 2009-07-23 22:08 -------- d-----w- c:\program files\Common Files\Skype
2009-07-20 16:35 . 2009-07-20 16:35 -------- d-----w- c:\program files\iPod
2009-07-19 15:40 . 2009-07-19 15:40 -------- d-----w- c:\users\Klaude3d\AppData\Local\BVRP Software
2009-07-18 22:48 . 2009-07-18 22:48 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-17 22:17 . 2009-07-17 22:17 -------- d--h--w- C:\Classes
2009-07-17 08:02 . 2009-08-12 09:39 -------- d-----w- c:\users\Klaude3d\AppData\Local\temp
2009-07-15 10:23 . 2009-07-20 23:18 -------- d-----w- C:\FindyKill
2009-07-15 06:07 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 06:07 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 06:07 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 06:07 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 13:41 . 2009-07-13 13:41 -------- d-----w- c:\users\Klaude3d\AppData\Local\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 09:32 . 2009-02-05 18:37 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Skype
2009-08-12 08:03 . 2009-02-05 18:40 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\skypePM
2009-08-12 08:02 . 2009-07-20 23:05 32156 ----a-w- c:\progra~2\nvModes.dat
2009-08-12 05:41 . 2009-02-07 17:13 -------- d-----w- c:\progra~2\Google Updater
2009-08-12 01:03 . 2009-02-03 16:54 -------- d-----w- c:\progra~2\NVIDIA
2009-08-11 22:01 . 2009-02-05 23:05 -------- d-----w- c:\progra~2\Microsoft Help
2009-08-11 22:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 21:54 . 2009-02-04 12:58 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\USBSafelyRemove
2009-08-10 21:14 . 2006-11-06 01:52 673790 ----a-w- c:\windows\system32\perfh010.dat
2009-08-10 21:14 . 2006-11-06 01:52 124488 ----a-w- c:\windows\system32\perfc010.dat
2009-08-10 12:30 . 2009-02-03 22:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-09 17:57 . 2009-02-03 23:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 13:28 . 2009-07-09 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 13:25 . 2009-08-07 23:56 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-08 13:25 . 2009-02-03 22:48 -------- d-----w- c:\program files\Java
2009-08-08 12:56 . 2009-02-03 15:23 157280 ----a-w- c:\users\Klaude3d\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-07 11:55 . 2009-08-07 11:55 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-08-07 11:55 . 2009-08-07 11:55 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-08-07 11:55 . 2009-08-07 11:55 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2009-08-07 11:22 . 2009-04-09 16:04 -------- d-----w- c:\progra~2\Installations
2009-08-07 11:22 . 2009-04-09 15:59 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-07 11:22 . 2009-04-09 15:54 -------- d-----w- c:\program files\Nokia
2009-08-05 11:34 . 2009-03-19 11:31 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Winamp
2009-08-03 11:36 . 2009-07-09 12:00 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-07-09 12:00 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 17:14 . 2009-02-04 07:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 14:55 . 2009-05-24 16:36 -------- d-----w- c:\progra~2\AQ
2009-07-23 22:10 . 2009-02-05 18:35 -------- d-----r- c:\program files\Skype
2009-07-23 22:08 . 2009-02-05 18:35 -------- d-----w- c:\progra~2\Skype
2009-07-20 16:35 . 2009-06-08 16:30 -------- d-----w- c:\program files\iTunes
2009-07-20 16:35 . 2009-04-06 16:54 -------- d-----w- c:\program files\Common Files\Apple
2009-07-19 18:14 . 2009-07-19 18:14 52962 ----a-w- c:\windows\inf\Nokia Music\0010\tmp1C07.tmp
2009-07-19 18:14 . 2009-07-19 18:14 52962 ----a-w- c:\windows\inf\Nokia Music\0009\tmp1C07.tmp
2009-07-19 18:14 . 2009-07-19 18:14 52962 ----a-w- c:\windows\inf\Nokia Music\0000\tmp1C07.tmp
2009-07-19 18:14 . 2009-07-19 18:14 1657 ----a-w- c:\windows\inf\Nokia Music\tmp1C08.tmp
2009-07-19 17:41 . 2009-05-03 13:04 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\vghd
2009-07-19 17:33 . 2009-04-19 13:57 -------- d-----w- c:\program files\Manifold Toolbar
2009-07-19 17:32 . 2009-02-06 00:46 -------- d-----w- c:\program files\MSN Messenger
2009-07-19 17:32 . 2009-02-04 00:01 -------- d-----w- c:\program files\Windows Live
2009-07-19 17:25 . 2009-05-24 16:52 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Juce VST Host
2009-07-18 22:57 . 2009-02-03 16:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-18 22:57 . 2009-02-03 16:41 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-18 16:06 . 2009-07-29 07:38 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 07:38 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 07:38 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 10:47 . 2009-06-21 12:08 -------- d-----w- c:\program files\AVS4YOU
2009-07-13 21:37 . 2009-03-30 17:51 -------- d-----w- c:\program files\Safari
2009-07-10 14:15 . 2009-07-10 14:15 680 ----a-w- c:\users\Default\AppData\Local\d3d9caps.dat
2009-07-10 14:06 . 2009-07-10 14:06 -------- d-----w- c:\users\Default\AppData\Roaming\Malwarebytes
2009-07-10 05:01 . 2009-02-03 16:39 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-09 12:00 . 2009-07-09 12:00 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Malwarebytes
2009-07-09 12:00 . 2009-07-09 12:00 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-09 11:35 . 2009-07-09 09:55 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-07-09 09:19 . 2009-02-03 22:56 -------- d-----w- c:\program files\Trillian
2009-07-08 23:24 . 2009-04-09 16:01 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-08 23:11 . 2009-07-08 23:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-08 22:44 . 2009-07-08 22:44 20914549 ----a-w- c:\users\Klaude3d\AppData\Roaming\Nokia\Nokia Download!\Temp\Nokia_Download_newUI_2.1.19.0_setup.exe
2009-07-08 12:25 . 2009-04-14 00:03 -------- d-----w- c:\progra~2\Nokia
2009-07-08 12:10 . 2009-04-09 16:09 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\Nokia
2009-07-05 12:11 . 2009-06-17 22:20 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\MessengerDiscovery 2
2009-06-28 16:06 . 2009-06-28 16:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-06-28 15:45 . 2009-06-28 15:45 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-06-28 15:41 . 2009-04-09 15:59 -------- d-----w- c:\program files\DIFX
2009-06-28 15:27 . 2009-06-28 15:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-06-26 22:42 . 2009-06-26 22:42 -------- d-----w- c:\progra~2\Thunder Network
2009-06-26 22:40 . 2009-06-26 22:40 20 ----a-w- c:\windows\system32\pub_store.dat
2009-06-26 22:40 . 2009-06-26 22:40 -------- d-----w- c:\program files\Common Files\Thunder Network
2009-06-26 22:40 . 2009-06-26 22:40 -------- d-----w- c:\program files\Thunder Network
2009-06-21 21:56 . 2009-05-31 12:23 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\NCH Software
2009-06-21 21:55 . 2009-05-31 12:23 -------- d-----w- c:\progra~2\NCH Software
2009-06-21 13:24 . 2009-06-21 12:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-21 12:28 . 2009-02-04 09:19 -------- d-----w- c:\program files\MessengerDiscovery
2009-06-21 12:10 . 2009-06-21 12:10 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\AVS4YOU
2009-06-21 12:10 . 2009-06-21 12:10 -------- d-----w- c:\progra~2\AVS4YOU
2009-06-21 11:53 . 2009-02-16 23:40 -------- d-----w- c:\program files\DirectVobSub
2009-06-21 11:53 . 2009-02-16 23:45 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2009-06-21 11:52 . 2009-02-16 23:45 -------- d-----w- c:\program files\CD Audio Reader Filter
2009-06-21 11:52 . 2009-02-16 23:43 -------- d-----w- c:\program files\SHOUTcast Source
2009-06-21 11:52 . 2009-02-16 23:42 -------- d-----w- c:\program files\DSP-worx
2009-06-21 11:52 . 2009-06-08 11:06 -------- d-----w- c:\program files\DivX
2009-06-21 11:52 . 2009-02-16 23:45 -------- d-----w- c:\program files\RealMedia
2009-06-21 11:51 . 2009-06-08 11:07 -------- d-----w- c:\users\Klaude3d\AppData\Roaming\DivX
2009-06-10 16:33 . 2009-06-10 16:33 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 16:33 . 2009-06-10 16:33 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 16:33 . 2009-06-10 16:33 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 16:33 . 2009-06-10 16:33 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 16:33 . 2009-06-10 16:33 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 16:33 . 2009-01-15 07:19 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2009-01-15 07:19 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-10 06:35 . 2009-06-10 06:35 1505824 ----a-w- c:\windows\system32\nvcpluir.dll
2009-06-10 06:35 . 2009-06-10 06:35 1358368 ----a-w- c:\windows\system32\nvsvsr.dll
2009-06-10 06:35 . 2009-06-10 06:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 06:35 . 2009-06-10 06:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 04:33 . 2009-06-10 04:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 04:33 . 2009-06-10 04:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 04:33 . 2009-06-10 04:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2009-01-04 743936]
"SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2006-09-09 990208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Camtasia Recorder"="c:\program files\TechSmith\Camtasia Studio 6\CamRecorder.exe" [2008-10-10 2678104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"Camfrog"="c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2009-06-16 41800]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-02-25 37888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-07-09 15872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-10 149280]

c:\users\Klaude3d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CamRecorder.exe [2004-3-29 1208320]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
SIDA.Connect.lnk - c:\aq\supdate.exe [2008-12-10 2151936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^C6 Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\C6 Messenger.lnk
backup=c:\windows\pss\C6 Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Klaude3d^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=c:\users\Klaude3d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNK.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Klaude3d^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\users\Klaude3d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Klaude3d^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skype.lnk]
path=c:\users\Klaude3d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
backup=c:\windows\pss\Skype.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-736386715-1995483522-3099797811-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C9AA8625-2775-4BE3-B22E-EA7AB9301DDC}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{2E21C932-C153-47E8-8425-75C5E02D4963}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{27FA73E1-B0C1-43AA-A03E-3E41F41D7449}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{C6BAFD06-DC36-40B9-B3C7-6E68F7EF259A}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{83759BA0-7AEB-47D3-A7C4-0810D871DA42}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"TCP Query User{B642A33D-7A96-4BE2-8A9F-2ED2EAE19C22}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{65DC7B7B-DE10-42F9-B673-A1DD6B3DCA1A}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"TCP Query User{E79B185D-420E-431E-9589-4E6E39230FCD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{E1FC2BC2-B904-4869-90AC-7F060EA864A1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{A849A248-80C9-4A37-926E-F5381B6A064D}c:\\users\\klaude3d\\desktop\\emule\\emule.exe"= UDP:c:\users\klaude3d\desktop\emule\emule.exe:emule.exe
"UDP Query User{CB89BD28-C45E-45BA-998D-9E55B8144F24}c:\\users\\klaude3d\\desktop\\emule\\emule.exe"= TCP:c:\users\klaude3d\desktop\emule\emule.exe:emule.exe
"{BBE9F3AD-F195-4CB0-B4D0-F3B85AEC6752}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0BF80177-884C-4CAD-A1BC-26A0A045C4D4}"= UDP:5353:Adobe CSI CS4
"{BFF560FD-31C0-487E-B08E-502B90E1B215}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{9EB671B6-EFC4-43FF-AB0B-3ACA4F847963}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{CFDEC7C7-FA92-4110-BF47-843FABB49699}"= UDP:3703:Adobe Version Cue CS4 Server
"{0A4FC547-467E-4014-B814-5E5EB2FF690F}"= UDP:3704:Adobe Version Cue CS4 Server
"{022FECC8-AF00-4A39-A4D0-E05304CBD2C7}"= UDP:51000:Adobe Version Cue CS4 Server
"{9E627405-3275-4D16-91D1-20782AEA035E}"= UDP:51001:Adobe Version Cue CS4 Server
"{85BCE220-73D5-4A59-96C1-0F38AC7BE05B}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{1BD8E142-9594-475E-83AA-A15E65DEF829}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{6EDDD184-E6D9-4317-AA84-39A7A9C91A3A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{77DE7EF1-9700-40F3-B5DD-FA00CC563F85}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6EBCA6E1-61F4-46F8-8292-937817B130AE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D06DDC06-8A67-4BBF-8046-38D6894D177D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{339E7B55-A4B0-4DDA-83F3-AC5FEB63D664}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{88085790-D132-4718-B1B1-C90AAF3C5D1D}c:\\program files\\next limit\\realflow4\\realflow.exe"= UDP:c:\program files\next limit\realflow4\realflow.exe:realflow
"UDP Query User{C3757EB5-C4AC-480A-90DF-C6AF4496237D}c:\\program files\\next limit\\realflow4\\realflow.exe"= TCP:c:\program files\next limit\realflow4\realflow.exe:realflow
"TCP Query User{17F06F46-A6A6-4DB9-A924-4789B3DCE711}c:\\users\\klaude3d\\desktop\\power-script.0.2.1\\mirc.exe"= UDP:c:\users\klaude3d\desktop\power-script.0.2.1\mirc.exe:mirc.exe
"UDP Query User{6A738567-1673-416B-A95E-AD361D96012A}c:\\users\\klaude3d\\desktop\\power-script.0.2.1\\mirc.exe"= TCP:c:\users\klaude3d\desktop\power-script.0.2.1\mirc.exe:mirc.exe
"TCP Query User{AC7DCB96-374F-4F38-B97F-1A024ECB694C}c:\\power-script.0.2.1\\mirc.exe"= UDP:c:\power-script.0.2.1\mirc.exe:PoWeR-Script
"UDP Query User{74F13F3C-D7D7-4CAD-901E-D997C208F42E}c:\\power-script.0.2.1\\mirc.exe"= TCP:c:\power-script.0.2.1\mirc.exe:PoWeR-Script
"TCP Query User{C0F075D4-53DF-4D11-AAB7-C1336B857426}c:\\flashcad_composer\\flashcad.exe"= UDP:c:\flashcad_composer\flashcad.exe:FlashCAD
"UDP Query User{9712F55B-8C69-4495-84D2-2434D776D732}c:\\flashcad_composer\\flashcad.exe"= TCP:c:\flashcad_composer\flashcad.exe:FlashCAD
"{26B86C2A-4476-4E51-861D-D64FD76FACE8}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{D65D46F2-6FC1-4A59-99A6-270A3631BD61}c:\\flashcad\\flashcad.exe"= UDP:c:\flashcad\flashcad.exe:FlashCAD
"UDP Query User{8E835343-E529-4E16-B46D-868E8011EEF1}c:\\flashcad\\flashcad.exe"= TCP:c:\flashcad\flashcad.exe:FlashCAD
"TCP Query User{9D9A88B1-B8F4-45FB-9102-FEE52081D9F2}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{157429BE-6144-47A5-BB7E-C2DAB8A8E85F}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"{8FFAEE71-5F3A-4164-9AEB-121088906BE1}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{160AF601-6BD6-446C-B699-D89123F9568D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{874410AB-B1FB-4675-8273-F9474BACC5E3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{990C1BD5-18A6-40AD-916B-AC4BA07AC682}"= Disabled:UDP:443:Porta TCP ooVoo 443
"{4D8E1ADF-94C4-438B-9222-1808DE785D5F}"= Disabled:TCP:443:Porta UDP ooVoo 443
"{969E62F6-92AF-4D52-8D38-E8FFDD06D4F9}"= Disabled:UDP:37674:Porta TCP ooVoo 37674
"{43A7F9F8-A1FE-470A-9313-DC05D0509747}"= Disabled:TCP:37674:Porta UDP ooVoo 37674
"{3D1DF0B0-168E-4A48-B7AC-52DDFC0E227E}"= Disabled:TCP:37675:Porta UDP ooVoo 37675
"TCP Query User{DFD0E3EE-7FC5-431C-9A2B-B33A0F895CAB}c:\\c6 messenger\\plugin\\fsmodule\\c6filesharing.exe"= UDP:c:\c6 messenger\plugin\fsmodule\c6filesharing.exe:C6 Scambia File
"UDP Query User{48E999EC-A6E2-4D5F-8972-2932F20B4195}c:\\c6 messenger\\plugin\\fsmodule\\c6filesharing.exe"= TCP:c:\c6 messenger\plugin\fsmodule\c6filesharing.exe:C6 Scambia File
"{13B629EF-0A0D-407C-B5E0-FA891EB3FCCD}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FEC07F1C-82C1-476F-8359-E42B25EACB29}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{897E0A5E-5DF2-423B-AB0D-513F4E08DD08}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{B8BB78E7-61A2-4777-998F-5D58F7FD8195}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{60562E9F-0AC1-43BF-86EB-AF080E3EA4B3}c:\\c6 messenger\\plugin\\fsmodule\\c6filesharing.exe"= UDP:c:\c6 messenger\plugin\fsmodule\c6filesharing.exe:C6 Scambia File
"UDP Query User{2EA7BE2F-B4A2-4E25-8F30-A47CD99812AE}c:\\c6 messenger\\plugin\\fsmodule\\c6filesharing.exe"= TCP:c:\c6 messenger\plugin\fsmodule\c6filesharing.exe:C6 Scambia File
"{0DBDED3A-43F6-498F-A6AF-2F25A38CADD0}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{95FFBFE6-1EB0-4BF4-824A-B587C88BA141}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8D7900B8-508B-4199-9FD8-BDE0F72037E7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B5D3A034-1DBD-4FBE-BEE5-CA528381C2C5}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{71692943-05EE-4314-9D19-AEE20B4EFDEF}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{38C784F0-9F01-4A88-9CAA-77993D6DC4C0}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{D2860F82-4550-40F2-850B-C75791C3CF07}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{DD8B68BA-9BC7-4076-969A-DC8BFAEAE692}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{FA5F14F3-798E-4009-A570-4E0D1E6CA19C}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{2D35C5EE-7FD0-4975-AC49-D5A3F86C6627}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{8650FC83-D8C2-4FA6-B354-F22A71011E48}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{4AB7A7AC-5A32-4529-BFA3-9EA9F834A1FA}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{4487C37E-746E-4C32-83B7-ECC0346E6F08}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{3CFE7E57-63D6-468A-A592-380EBE142A07}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{4E51B7DF-293A-4C96-AE2E-54C118316F17}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{88508258-BFA9-4A79-9553-E69DA8D5C82F}"= UDP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{0D0C84CA-61F6-40BD-BA7F-A91041BB1D37}"= TCP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{81FD4A1E-D97F-4FBB-9679-7C3637558B56}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{C176CF59-24A8-4D0A-B153-5892FC937CD2}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{87DD530E-5BE3-4C5E-94C6-2A43F3D3BB8D}"= UDP:c:\users\Klaude3d\Downloads\guardian.sisx:guardian
"{1329BB00-B379-48CC-84FF-CBCE40D707C3}"= TCP:c:\users\Klaude3d\Downloads\guardian.sisx:guardian
"{171760A2-6405-491E-ABAC-A3C641AABCCD}"= UDP:c:\program files\Nokia\PC Connectivity Solution\NclInstaller.exe:NclInstaller
"{6146B3A0-35EE-42E0-A634-CB7C3FB8ECE3}"= TCP:c:\program files\Nokia\PC Connectivity Solution\NclInstaller.exe:NclInstaller
"TCP Query User{8E17B86B-8FA6-42DE-9199-BDCC9FDE7636}c:\\program files\\icuii\\icuii.exe"= Disabled:UDP:c:\program files\icuii\icuii.exe:ICUII Video Chat Client
"UDP Query User{65346FDF-4A57-4EE9-BBE2-AD290C353FAF}c:\\program files\\icuii\\icuii.exe"= Disabled:TCP:c:\program files\icuii\icuii.exe:ICUII Video Chat Client
"{DDAD558A-750A-4B2A-A3AF-C0AD93A5F397}"= Disabled:UDP:c:\program files\Total Uninstall 5\Tu.exe:Total Uninstall 5
"{6B194647-8990-47C0-80AA-16EC19F7994A}"= Disabled:TCP:c:\program files\Total Uninstall 5\Tu.exe:Total Uninstall 5
"{671B7ADE-6E19-4B87-9CC1-4BBC23C391D1}"= Disabled:UDP:c:\program files\Total Uninstall 5\TuAgent.exe:TuAgent
"{050E5619-2E91-422B-B1AB-8E0317918EF4}"= Disabled:TCP:c:\program files\Total Uninstall 5\TuAgent.exe:TuAgent
"{34F52D46-79F7-4781-99C0-9923FCA153F3}"= Disabled:UDP:c:\program files\Total Uninstall 5\TuStarter.exe:TuStarter
"{1CB99F34-E2AF-40A4-A763-C08FD08EE565}"= Disabled:TCP:c:\program files\Total Uninstall 5\TuStarter.exe:TuStarter
"TCP Query User{65A1DA3A-0942-4080-A3DA-E0F1A78AC4E0}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{275E2F3E-8FE0-4EE5-B893-DE3428A905FF}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{4CBC4944-BC6E-48CD-AFA5-15FEF875A57A}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{8CE6BB3E-1A1A-44D7-98B0-9F17E20C2B7E}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{0D9E3424-099B-4C50-B3D4-627AEB6ED8ED}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{877D84F0-488D-4D2D-9DFB-996A1E1767D4}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{3F79E6EF-9669-40EB-AB5E-97D1E32AFC05}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{5ED57799-5E5B-4FCB-85A9-1DBA1C539354}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{4C455322-C205-413E-9B1E-E67D1D68F58C}c:\\program files\\amsn\\bin\\wish.exe"= UDP:c:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{1B131684-0ACD-4C0F-8B3B-E041786BF558}c:\\program files\\amsn\\bin\\wish.exe"= TCP:c:\program files\amsn\bin\wish.exe:Wish Application
"TCP Query User{B052CE0B-8E78-4188-B17A-8A47E6ADD2A3}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{69794E02-85ED-4015-BC13-7CDF467EA35D}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"{B84819F4-BF99-41BF-8F55-E291C5D5F065}"= UDP:c:\windows\Temp\~os7060.tmp\ossproxy.exe:ossproxy.exe
"{3F5139DF-9B37-41FE-A3B7-26EFB19A1827}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{E3CB033A-5202-4C27-AB98-1F2BB008200A}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{CCA776D8-4B25-4E9E-9B1C-4AD1723DAF50}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{BB797303-0D80-423B-9885-8AB4264C57B5}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{24A67AD6-1B6B-4598-B9B6-C213ADB77676}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{5BC04D40-78BF-4796-9F32-8521834C2D3A}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{2ADC481D-6D93-4DF3-AA84-AADE86B79047}"= UDP:c:\program files\Autodesk\3ds Max 2010\3dsmax.exe:Autodesk 3ds Max 2010 32-bit
"{94620FC5-91A4-4900-B020-58415F1E5264}"= TCP:c:\program files\Autodesk\3ds Max 2010\3dsmax.exe:Autodesk 3ds Max 2010 32-bit
"{8250D3D7-FE69-4C92-8F0A-B9BC997147D5}"= UDP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max 2010 32-bit
"{81732BB1-76F6-4876-A28A-B0F7A977810A}"= TCP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max 2010 32-bit
"{81F3F4C1-DD0D-409A-98D3-69570245589F}"= UDP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max 2010 32-bit
"{36F822EA-F37D-440D-87BF-FCC0789AD8CF}"= TCP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max 2010 32-bit
"{18C8D750-53AA-4DF8-B6DB-A2605C11C40E}"= UDP:86:BroadCam Web Server
"{B3190357-4B73-4961-9193-506A609B9656}"= UDP:c:\aq\supdate.exe:SIDA.Connect
"{6AD63DC6-B0AE-4656-B2EC-B9332E73CCFE}"= TCP:c:\aq\supdate.exe:SIDA.Connect
"{C0AE53D5-1797-405A-8E2F-2EC7EFE206D7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A442C1E5-29E3-4D32-82B8-1B9BCCCB64A9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F0D4BE5E-DFFD-4988-8365-E3C2FE173246}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{F01A88C1-C8BC-48DF-BFE2-8E5362809B54}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{0A83A220-8F43-4362-9D27-E1FCC8FC3741}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{73CCEDA3-0E68-408C-A216-FB7E0E4F17B3}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/04/03 20:41];c:\program files\CyberLink\PowerDVD8\000.fcl [05/03/2009 01.47.50 87536]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\System32\drivers\diginet.sys [18/02/2009 13.45.12 16400]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 17.36.24 86016]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 06.33.00 232960]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [03/06/2009 14.46.36 92008]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [04/02/2009 14.58.49 208144]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [19/02/2008 03.15.38 106496]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16.28.36 1533808]
S2 gupdate1c9c36be6dd4e70;Servizio di Google Update (gupdate1c9c36be6dd4e70);c:\program files\Google\Update\GoogleUpdate.exe [22/04/2009 19.00.54 133104]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;c:\windows\System32\drivers\IMT0521.sys [26/07/2009 23.54.59 34825]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 14.48.18 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 14.48.12 8320]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 06.46.20 284016]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [03/02/2009 17.57.16 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: ?????? - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: ?????????? - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
TCP: {456BCF8F-B8B7-44C9-9FC9-31E04622AE59} = 85.37.17.57 85.38.28.80
FF - ProfilePath - c:\users\Klaude3d\AppData\Roaming\Mozilla\Firefox\Profiles\8rsu1hh0.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft Research\HD View\nphdview.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPC6Helper.dll
FF - plugin: c:\users\Klaude3d\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 11:39
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-736386715-1995483522-3099797811-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77C79333-22E7-DB6E-EB65-829DEBBF482A}*]
"hafjbahbcoaekpmd"=hex:6b,61,61,69,66,68,69,6c,64,65,63,65,68,62,69,68,6c,61,
6a,6a,65,66,00,00
"ialklbndnjaglgoeih"=hex:6b,61,61,69,66,68,69,6c,64,65,63,65,68,62,69,68,6c,61,
6a,6a,65,66,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(5972)
c:\program files\Trillian\events.dll
.
Ora fine scansione: 2009-08-12 11.41.48
ComboFix-quarantined-files.txt 2009-08-12 09:41

Pre-Run: 21.127.860.224 byte disponibili
Post-Run: 21.157.335.040 byte disponibili

508 --- E O F --- 2009-08-11 22:02
Avatar utente
klaude4d
Aficionado
Aficionado
 
Messaggi: 146
Iscritto il: mar lug 14, 2009 11:07 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising