Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » errore durante il caricamento di C:\WINDOWS\SYSTEM32\XENXNIWVEM.DLL

errore durante il caricamento di C:\WINDOWS\SYSTEM32\XENXNIWVEM.DLL Opzioni
Topic Precedente · Topic Sucessivo
safonismo
Inviato: Sunday, August 24, 2008 10:26:00 AM
Rank: Newbie

Iscritto dal : 8/17/2008
Posts: 0
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\mammo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
C:\Users\mammo\FAVORI~1\Videos.url
C:\Users\mammo\Favorites\Videos.url

.
((((((((((((((((((((((((( Files Creati Da 2008-07-23 al 2008-08-23 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 23:34 81,984 ----a-w C:\Windows\System32\bdod.bin
2008-08-23 23:34 --------- d-----w C:\Users\mammo\AppData\Roaming\DNA
2008-08-23 23:16 --------- d-----w C:\Users\mammo\AppData\Roaming\uTorrent
2008-08-23 22:59 --------- d-----w C:\ProgramData\avg8
2008-08-23 21:07 --------- d-----w C:\ProgramData\.clamwin
2008-08-23 06:32 --------- d-----w C:\Users\mammo\AppData\Roaming\Roxio
2008-08-23 02:42 147,456 --sh--w C:\Users\mammo\ppxcs.exe
2008-08-23 02:42 134,144 --sh--w C:\Users\mammo\intelOP.exe
2008-08-23 02:42 103,424 --sh--w C:\Users\mammo\css.exe
2008-08-23 02:41 103,936 --sh--w C:\Users\mammo\sccs.exe
2008-08-22 20:02 --------- d-----w C:\ProgramData\eMule
2008-08-22 20:01 --------- d-----w C:\Program Files\eMule
2008-08-22 17:55 27,335 ----a-w C:\Users\mammo\AppData\Roaming\nvModes.dat
2008-08-22 09:33 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-21 20:56 --------- d-----w C:\ProgramData\Nero
2008-08-21 20:56 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-19 14:59 --------- d-----w C:\Program Files\ilcorsaronero
2008-08-19 14:59 --------- d-----w C:\Program Files\Conduit
2008-08-19 14:58 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-08-19 14:47 --------- d-----w C:\Program Files\The_Pirate_Bay
2008-08-19 14:35 --------- d---a-w C:\ProgramData\TEMP
2008-08-18 16:48 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-17 07:37 --------- d-----w C:\Users\mammo\AppData\Roaming\Hewlett-Packard
2008-08-15 17:07 --------- d-----w C:\Program Files\Microsoft Works
2008-08-15 12:36 --------- d-----w C:\Program Files\Windows Mail
2008-08-15 12:25 --------- d-----w C:\ProgramData\FLEXnet
2008-08-15 06:23 --------- d-----w C:\Program Files\Trend Micro
2008-08-12 13:21 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-08-11 19:44 --------- d-----w C:\Program Files\Windows Live
2008-08-11 07:43 --------- d-----w C:\Users\mammo\AppData\Roaming\NeroDCTemplates
2008-08-10 15:07 0 ----a-w C:\Users\mammo\AppData\Roaming\wklnhst.dat
2008-08-10 11:15 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-10 10:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-10 10:38 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-10 10:37 --------- d-----w C:\Program Files\Windows Live Favorites
2008-08-10 10:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-10 10:25 --------- d-----w C:\ProgramData\WLInstaller
2008-08-08 10:57 --------- d-----w C:\ProgramData\services
2008-08-07 14:12 --------- d-----w C:\Program Files\AVG
2008-08-07 11:08 64,362 ----a-w C:\Windows\System32\szevnzwujsnrb.exe
2008-08-07 11:07 --------- d-----w C:\ProgramData\SoftLand Ltd
2008-08-02 17:58 --------- d-----w C:\Users\mammo\AppData\Roaming\JLC's Software
2008-08-02 17:52 --------- d-----w C:\Program Files\JLC's Software
2008-07-28 19:51 --------- d-----w C:\Program Files\Lavalys
2008-07-27 12:27 --------- d-----w C:\ProgramData\HP Easy Internet
2008-07-27 12:27 --------- d-----w C:\Program Files\HP Easy Internet
2008-07-18 18:38 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-12 20:31 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-07-09 13:32 174 --sha-w C:\Program Files\desktop.ini
2008-07-05 05:33 --------- d-----w C:\Users\mammo\AppData\Roaming\SUPERAntiSpyware.com
2008-07-05 05:33 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-07-05 05:33 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-05 05:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 10:36 --------- d-----w C:\Program Files\Yahoo!
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-19 03:25 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-19 03:25 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-11 12:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-04-13 05:00 32 ----a-w C:\Users\All Users\ezsid.dat
2008-04-13 05:00 32 ----a-w C:\ProgramData\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-13 04:11 1232896]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"BitTorrent DNA"="C:\Users\mammo\Program Files\DNA\btdna.exe" [2008-05-13 11:59 289088]
"uTorrent"="C:\Users\mammo\Program Files\uTorrent\uTorrent.exe" [2008-08-16 00:18 267056]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 09:14 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 05:36 827392]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-18 12:23 77824]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-09 04:57 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-09 04:57 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-09 04:57 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ADDD198D-8918-4B82-98EC-6A23CCA2CBDA}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{BD4D7ABC-E9B0-4EB5-9BF8-1DB9A0577704}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{79E65E0B-F59B-4AD7-BD59-42C603B07411}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9ECF8212-EAD7-4926-8361-84B8D2E05294}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1F829208-0B45-4B7F-B6BB-2E4EC22D9F84}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{22AC33D6-0E33-40D0-92AE-530D542BF48D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0F5FE1E-5B4D-4D63-9911-2080C9174D73}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FC0F331C-D518-4553-B1FF-B12312C41B98}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FCE11569-97C3-44B6-B7B1-AA58B4DC1E34}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C9D9A26D-E98A-4905-9E85-5BBB4FCE01BE}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{648D01A7-AED2-4011-AACF-932056782953}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1A957E11-A6A4-4CF4-80B3-60F52CF2DE87}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5C094016-B68F-49E8-91BF-72E2E156F3A3}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F2F31C5A-4903-4074-A49A-8CEE78D7F66C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{E063CC8B-5101-4D5F-892D-3798CCC7948B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2897DF93-BBB8-44BD-8000-04FCA2DB9576}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{0EE2569F-4158-4943-AAA8-DE7D6B851F3F}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{B92EA189-1FD7-4352-80D0-A6BBCDF1BED2}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{EEAF4200-555D-4BD1-8746-2D92A010543A}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{4CC08326-17E9-46FC-B53F-B20E64977294}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{436A5DE6-F095-42BB-9583-DCDCBEFA9423}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{7743762A-B5FF-407C-A9CD-A6C3914FCC53}C:\\users\\mammo\\program files\\dna\\btdna.exe"= UDP:C:\users\mammo\program files\dna\btdna.exe:btdna.exe
"UDP Query User{D85851E3-BD54-4F31-9941-17CE90F96CBE}C:\\users\\mammo\\program files\\dna\\btdna.exe"= TCP:C:\users\mammo\program files\dna\btdna.exe:btdna.exe
"TCP Query User{6CDA0449-5B1C-490D-A7E6-5091C79BD09D}C:\\users\\mammo\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\mammo\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{14436924-6CDF-4902-815D-C2083C42F00F}C:\\users\\mammo\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\mammo\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{4B68D636-42AC-4916-B504-CC00775D08DA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule Plus
"UDP Query User{FC810AB0-D58F-455F-A92D-0AC3E8E4F948}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule Plus
"TCP Query User{659BC667-F461-42D2-AAAB-EEF60E2158CA}C:\\users\\mammo\\appdata\\local\\temp\\rar$ex00.626\\emule.exe"= UDP:C:\users\mammo\appdata\local\temp\rar$ex00.626\emule.exe:emule.exe
"UDP Query User{6D7B46F4-9F17-4807-9F20-85D388E10265}C:\\users\\mammo\\appdata\\local\\temp\\rar$ex00.626\\emule.exe"= TCP:C:\users\mammo\appdata\local\temp\rar$ex00.626\emule.exe:emule.exe
"{D14EBCD1-9F2A-4081-A442-33F407A48A67}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DBD043CE-F68C-4A4E-99D0-729A26909A4A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{65078C9B-C0D9-4212-B9DE-CB0456DF068C}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{1691F4D9-0843-4DE7-9E00-F53E0514FCD2}"= UDP:C:\Users\mammo\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{24B89F79-A16C-4ED8-9A84-CC45D04BF9EE}"= TCP:C:\Users\mammo\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{C2146692-7554-4DCD-9566-DF300C51DAA9}C:\\users\\mammo\\downloads\\[pc-multi] dreammatchtennispro2.08\\dream match tennis pro.exe"= UDP:C:\users\mammo\downloads\[pc-multi] dreammatchtennispro2.08\dream match tennis pro.exe:dream match tennis pro.exe
"UDP Query User{381A6C89-814A-4154-B924-6957BEC79765}C:\\users\\mammo\\downloads\\[pc-multi] dreammatchtennispro2.08\\dream match tennis pro.exe"= TCP:C:\users\mammo\downloads\[pc-multi] dreammatchtennispro2.08\dream match tennis pro.exe:dream match tennis pro.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 11:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ddadd62-11eb-11dd-b690-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f4954f4-6ac9-11dd-807d-001a73ca406a}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f4954f5-6ac9-11dd-807d-001a73ca406a}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ba5799-1056-11dd-9573-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ba579a-1056-11dd-9573-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b8cf2fb-13aa-11dd-8b84-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b8cf2fc-13aa-11dd-8b84-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b5ba45-10e2-11dd-8e24-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b5ba46-10e2-11dd-8e24-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31197ae4-1c3a-11dd-8ea3-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31197aee-1c3a-11dd-8ea3-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{332ceefb-0876-11dd-83f2-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{332cef12-0876-11dd-83f2-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6db748-109a-11dd-9709-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6db74f-109a-11dd-9709-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6db75c-109a-11dd-9709-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6db763-109a-11dd-9709-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc27e95-11dc-11dd-9eec-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc27ea8-11dc-11dd-9eec-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc27ec1-11dc-11dd-9eec-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc27ec2-11dc-11dd-9eec-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f63c2e33-11c3-11dd-8abd-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f63c2e37-11c3-11dd-8abd-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f63c2e38-11c3-11dd-8abd-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac955d1-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac955d8-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac955eb-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac955f2-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac95605-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac9560c-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-23 C:\Windows\Tasks\User_Feed_Synchronization-{2831D117-3C39-4A3A-970E-D1163BC1AF52}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-10 C:\Windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{862225c5-971b-0af5-0c96-ea32dc608ec2} - C:\Windows\system32\xenxniwvem.dll
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-E07IXLRD_285013 - C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE
HKCU-Run-LphantAutoRun - C:\Program Files\Lphant\eLePhantClient.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-{952064a9-6722-3784-6018-dc888cd590b0} - C:\Windows\system32\xenxniwvem.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://it.yahoo.com/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R1 -: HKCU-SearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: Aggiungi a PDF esistente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Converti destinazione link in Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Converti destinazione link in file PDF esistente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Converti i link selezionati in Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Converti i link selezionati in file PDF esistente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Converti in Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Converti selezione in Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Converti selezione in file PDF esistente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 01:38:19
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-24 1:40:45
ComboFix-quarantined-files.txt 2008-08-23 23:40:28

Pre-Run: Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
Post-Run: 28,835,287,040 byte disponibili

283 --- E O F --- 2008-08-21 19:19:00

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\mammo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
C:\Users\mammo\FAVORI~1\Videos.url
C:\Users\mammo\Favorites\Videos.url

.
((((((((((((((((((((((((( Files Creati Da 2008-07-23 al 2008-08-23 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 23:34 81,984 ----a-w C:\Windows\System32\bdod.bin
2008-08-23 23:34 --------- d-----w C:\Users\mammo\AppData\Roaming\DNA
2008-08-23 23:16 --------- d-----w C:\Users\mammo\AppData\Roaming\uTorrent
2008-08-23 22:59 --------- d-----w C:\ProgramData\avg8
2008-08-23 21:07 --------- d-----w C:\ProgramData\.clamwin
2008-08-23 06:32 --------- d-----w C:\Users\mammo\AppData\Roaming\Roxio
2008-08-23 02:42 147,456 --sh--w C:\Users\mammo\ppxcs.exe
2008-08-23 02:42 134,144 --sh--w C:\Users\mammo\intelOP.exe
2008-08-23 02:42 103,424 --sh--w C:\Users\mammo\css.exe
2008-08-23 02:41 103,936 --sh--w C:\Users\mammo\sccs.exe
2008-08-22 20:02 --------- d-----w C:\ProgramData\eMule
2008-08-22 20:01 --------- d-----w C:\Program Files\eMule
2008-08-22 17:55 27,335 ----a-w C:\Users\mammo\AppData\Roaming\nvModes.dat
2008-08-22 09:33 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-21 20:56 --------- d-----w C:\ProgramData\Nero
2008-08-21 20:56 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-19 14:59 --------- d-----w C:\Program Files\ilcorsaronero
2008-08-19 14:59 --------- d-----w C:\Program Files\Conduit
2008-08-19 14:58 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-08-19 14:47 --------- d-----w C:\Program Files\The_Pirate_Bay
2008-08-19 14:35 --------- d---a-w C:\ProgramData\TEMP
2008-08-18 16:48 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-17 07:37 --------- d-----w C:\Users\mammo\AppData\Roaming\Hewlett-Packard
2008-08-15 17:07 --------- d-----w C:\Program Files\Microsoft Works
2008-08-15 12:36 --------- d-----w C:\Program Files\Windows Mail
2008-08-15 12:25 --------- d-----w C:\ProgramData\FLEXnet
2008-08-15 06:23 --------- d-----w C:\Program Files\Trend Micro
2008-08-12 13:21 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-08-11 19:44 --------- d-----w C:\Program Files\Windows Live
2008-08-11 07:43 --------- d-----w C:\Users\mammo\AppData\Roaming\NeroDCTemplates
2008-08-10 15:07 0 ----a-w C:\Users\mammo\AppData\Roaming\wklnhst.dat
2008-08-10 11:15 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-10 10:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-10 10:38 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-10 10:37 --------- d-----w C:\Program Files\Windows Live Favorites
2008-08-10 10:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-10 10:25 --------- d-----w C:\ProgramData\WLInstaller
2008-08-08 10:57 --------- d-----w C:\ProgramData\services
2008-08-07 14:12 --------- d-----w C:\Program Files\AVG
2008-08-07 11:08 64,362 ----a-w C:\Windows\System32\szevnzwujsnrb.exe
2008-08-07 11:07 --------- d-----w C:\ProgramData\SoftLand Ltd
2008-08-02 17:58 --------- d-----w C:\Users\mammo\AppData\Roaming\JLC's Software
2008-08-02 17:52 --------- d-----w C:\Program Files\JLC's Software
2008-07-28 19:51 --------- d-----w C:\Program Files\Lavalys
2008-07-27 12:27 --------- d-----w C:\ProgramData\HP Easy Internet
2008-07-27 12:27 --------- d-----w C:\Program Files\HP Easy Internet
2008-07-18 18:38 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-12 20:31 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-07-09 13:32 174 --sha-w C:\Program Files\desktop.ini
2008-07-05 05:33 --------- d-----w C:\Users\mammo\AppData\Roaming\SUPERAntiSpyware.com
2008-07-05 05:33 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-07-05 05:33 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-05 05:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 10:36 --------- d-----w C:\Program Files\Yahoo!
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-19 03:25 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-19 03:25 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-11 12:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-04-13 05:00 32 ----a-w C:\Users\All Users\ezsid.dat
2008-04-13 05:00 32 ----a-w C:\ProgramData\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-13 04:11 1232896]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"BitTorrent DNA"="C:\Users\mammo\Program Files\DNA\btdna.exe" [2008-05-13 11:59 289088]
"uTorrent"="C:\Users\mammo\Program Files\uTorrent\uTorrent.exe" [2008-08-16 00:18 267056]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 09:14 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 05:36 827392]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-18 12:23 77824]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-09 04:57 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-09 04:57 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-09 04:57 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ADDD198D-8918-4B82-98EC-6A23CCA2CBDA}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{BD4D7ABC-E9B0-4EB5-9BF8-1DB9A0577704}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{79E65E0B-F59B-4AD7-BD59-42C603B07411}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9ECF8212-EAD7-4926-8361-84B8D2E05294}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1F829208-0B45-4B7F-B6BB-2E4EC22D9F84}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{22AC33D6-0E33-40D0-92AE-530D542BF48D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0F5FE1E-5B4D-4D63-9911-2080C9174D73}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FC0F331C-D518-4553-B1FF-B12312C41B98}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FCE11569-97C3-44B6-B7B1-AA58B4DC1E34}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C9D9A26D-E98A-4905-9E85-5BBB4FCE01BE}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{648D01A7-AED2-4011-AACF-932056782953}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1A957E11-A6A4-4CF4-80B3-60F52CF2DE87}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5C094016-B68F-49E8-91BF-72E2E156F3A3}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F2F31C5A-4903-4074-A49A-8CEE78D7F66C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{E063CC8B-5101-4D5F-892D-3798CCC7948B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2897DF93-BBB8-44BD-8000-04FCA2DB9576}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{0EE2569F-4158-4943-AAA8-DE7D6B851F3F}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{B92EA189-1FD7-4352-80D0-A6BBCDF1BED2}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{EEAF4200-555D-4BD1-8746-2D92A010543A}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{4CC08326-17E9-46FC-B53F-B20E64977294}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{436A5DE6-F095-42BB-9583-DCDCBEFA9423}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{7743762A-B5FF-407C-A9CD-A6C3914FCC53}C:\\users\\mammo\\program files\\dna\\btdna.exe"= UDP:C:\users\mammo\program files\dna\btdna.exe:btdna.exe
"UDP Query User{D85851E3-BD54-4F31-9941-17CE90F96CBE}C:\\users\\mammo\\program files\\dna\\btdna.exe"= TCP:C:\users\mammo\program files\dna\btdna.exe:btdna.exe
"TCP Query User{6CDA0449-5B1C-490D-A7E6-5091C79BD09D}C:\\users\\mammo\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\mammo\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{14436924-6CDF-4902-815D-C2083C42F00F}C:\\users\\mammo\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\mammo\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{4B68D636-42AC-4916-B504-CC00775D08DA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule Plus
"UDP Query User{FC810AB0-D58F-455F-A92D-0AC3E8E4F948}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule Plus
"TCP Query User{659BC667-F461-42D2-AAAB-EEF60E2158CA}C:\\users\\mammo\\appdata\\local\\temp\\rar$ex00.626\\emule.exe"= UDP:C:\users\mammo\appdata\local\temp\rar$ex00.626\emule.exe:emule.exe
"UDP Query User{6D7B46F4-9F17-4807-9F20-85D388E10265}C:\\users\\mammo\\appdata\\local\\temp\\rar$ex00.626\\emule.exe"= TCP:C:\users\mammo\appdata\local\temp\rar$ex00.626\emule.exe:emule.exe
"{D14EBCD1-9F2A-4081-A442-33F407A48A67}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DBD043CE-F68C-4A4E-99D0-729A26909A4A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{65078C9B-C0D9-4212-B9DE-CB0456DF068C}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{1691F4D9-0843-4DE7-9E00-F53E0514FCD2}"= UDP:C:\Users\mammo\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{24B89F79-A16C-4ED8-9A84-CC45D04BF9EE}"= TCP:C:\Users\mammo\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{C2146692-7554-4DCD-9566-DF300C51DAA9}C:\\users\\mammo\\downloads\\[pc-multi] dreammatchtennispro2.08\\dream match tennis pro.exe"= UDP:C:\users\mammo\downloads\[pc-multi] dreammatchtennispro2.08\dream match tennis pro.exe:dream match tennis pro.exe
"UDP Query User{381A6C89-814A-4154-B924-6957BEC79765}C:\\users\\mammo\\downloads\\[pc-multi] dreammatchtennispro2.08\\dream match tennis pro.exe"= TCP:C:\users\mammo\downloads\[pc-multi] dreammatchtennispro2.08\dream match tennis pro.exe:dream match tennis pro.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 11:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ddadd62-11eb-11dd-b690-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f4954f4-6ac9-11dd-807d-001a73ca406a}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f4954f5-6ac9-11dd-807d-001a73ca406a}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ba5799-1056-11dd-9573-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ba579a-1056-11dd-9573-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b8cf2fb-13aa-11dd-8b84-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b8cf2fc-13aa-11dd-8b84-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b5ba45-10e2-11dd-8e24-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b5ba46-10e2-11dd-8e24-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31197ae4-1c3a-11dd-8ea3-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31197aee-1c3a-11dd-8ea3-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{332ceefb-0876-11dd-83f2-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{332cef12-0876-11dd-83f2-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6db748-109a-11dd-9709-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6db74f-109a-11dd-9709-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6db75c-109a-11dd-9709-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6db763-109a-11dd-9709-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc27e95-11dc-11dd-9eec-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc27ea8-11dc-11dd-9eec-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc27ec1-11dc-11dd-9eec-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc27ec2-11dc-11dd-9eec-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f63c2e33-11c3-11dd-8abd-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f63c2e37-11c3-11dd-8abd-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f63c2e38-11c3-11dd-8abd-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac955d1-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac955d8-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac955eb-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac955f2-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac95605-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac9560c-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-23 C:\Windows\Tasks\User_Feed_Synchronization-{2831D117-3C39-4A3A-970E-D1163BC1AF52}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-10 C:\Windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{862225c5-971b-0af5-0c96-ea32dc608ec2} - C:\Windows\system32\xenxniwvem.dll
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-E07IXLRD_285013 - C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE
HKCU-Run-LphantAutoRun - C:\Program Files\Lphant\eLePhantClient.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-{952064a9-6722-3784-6018-dc888cd590b0} - C:\Windows\system32\xenxniwvem.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://it.yahoo.com/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R1 -: HKCU-SearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: Aggiungi a PDF esistente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Converti destinazione link in Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Converti destinazione link in file PDF esistente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Converti i link selezionati in Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Converti i link selezionati in file PDF esistente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Converti in Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Converti selezione in Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Converti selezione in file PDF esistente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 01:38:19
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-24 1:40:45
ComboFix-quarantined-files.txt 2008-08-23 23:40:28

Pre-Run: Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
Post-Run: 28,835,287,040 byte disponibili

283 --- E O F --- 2008-08-21 19:19:00

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\mammo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
C:\Users\mammo\FAVORI~1\Videos.url
C:\Users\mammo\Favorites\Videos.url

.
((((((((((((((((((((((((( Files Creati Da 2008-07-23 al 2008-08-23 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 23:34 81,984 ----a-w C:\Windows\System32\bdod.bin
2008-08-23 23:34 --------- d-----w C:\Users\mammo\AppData\Roaming\DNA
2008-08-23 23:16 --------- d-----w C:\Users\mammo\AppData\Roaming\uTorrent
2008-08-23 22:59 --------- d-----w C:\ProgramData\avg8
2008-08-23 21:07 --------- d-----w C:\ProgramData\.clamwin
2008-08-23 06:32 --------- d-----w C:\Users\mammo\AppData\Roaming\Roxio
2008-08-23 02:42 147,456 --sh--w C:\Users\mammo\ppxcs.exe
2008-08-23 02:42 134,144 --sh--w C:\Users\mammo\intelOP.exe
2008-08-23 02:42 103,424 --sh--w C:\Users\mammo\css.exe
2008-08-23 02:41 103,936 --sh--w C:\Users\mammo\sccs.exe
2008-08-22 20:02 --------- d-----w C:\ProgramData\eMule
2008-08-22 20:01 --------- d-----w C:\Program Files\eMule
2008-08-22 17:55 27,335 ----a-w C:\Users\mammo\AppData\Roaming\nvModes.dat
2008-08-22 09:33 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-21 20:56 --------- d-----w C:\ProgramData\Nero
2008-08-21 20:56 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-19 14:59 --------- d-----w C:\Program Files\ilcorsaronero
2008-08-19 14:59 --------- d-----w C:\Program Files\Conduit
2008-08-19 14:58 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-08-19 14:47 --------- d-----w C:\Program Files\The_Pirate_Bay
2008-08-19 14:35 --------- d---a-w C:\ProgramData\TEMP
2008-08-18 16:48 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-17 07:37 --------- d-----w C:\Users\mammo\AppData\Roaming\Hewlett-Packard
2008-08-15 17:07 --------- d-----w C:\Program Files\Microsoft Works
2008-08-15 12:36 --------- d-----w C:\Program Files\Windows Mail
2008-08-15 12:25 --------- d-----w C:\ProgramData\FLEXnet
2008-08-15 06:23 --------- d-----w C:\Program Files\Trend Micro
2008-08-12 13:21 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-08-11 19:44 --------- d-----w C:\Program Files\Windows Live
2008-08-11 07:43 --------- d-----w C:\Users\mammo\AppData\Roaming\NeroDCTemplates
2008-08-10 15:07 0 ----a-w C:\Users\mammo\AppData\Roaming\wklnhst.dat
2008-08-10 11:15 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-10 10:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-10 10:38 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-10 10:37 --------- d-----w C:\Program Files\Windows Live Favorites
2008-08-10 10:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-10 10:25 --------- d-----w C:\ProgramData\WLInstaller
2008-08-08 10:57 --------- d-----w C:\ProgramData\services
2008-08-07 14:12 --------- d-----w C:\Program Files\AVG
2008-08-07 11:08 64,362 ----a-w C:\Windows\System32\szevnzwujsnrb.exe
2008-08-07 11:07 --------- d-----w C:\ProgramData\SoftLand Ltd
2008-08-02 17:58 --------- d-----w C:\Users\mammo\AppData\Roaming\JLC's Software
2008-08-02 17:52 --------- d-----w C:\Program Files\JLC's Software
2008-07-28 19:51 --------- d-----w C:\Program Files\Lavalys
2008-07-27 12:27 --------- d-----w C:\ProgramData\HP Easy Internet
2008-07-27 12:27 --------- d-----w C:\Program Files\HP Easy Internet
2008-07-18 18:38 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-12 20:31 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-07-09 13:32 174 --sha-w C:\Program Files\desktop.ini
2008-07-05 05:33 --------- d-----w C:\Users\mammo\AppData\Roaming\SUPERAntiSpyware.com
2008-07-05 05:33 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-07-05 05:33 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-05 05:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 10:36 --------- d-----w C:\Program Files\Yahoo!
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-19 03:25 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-19 03:25 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-11 12:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-04-13 05:00 32 ----a-w C:\Users\All Users\ezsid.dat
2008-04-13 05:00 32 ----a-w C:\ProgramData\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-13 04:11 1232896]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"BitTorrent DNA"="C:\Users\mammo\Program Files\DNA\btdna.exe" [2008-05-13 11:59 289088]
"uTorrent"="C:\Users\mammo\Program Files\uTorrent\uTorrent.exe" [2008-08-16 00:18 267056]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 09:14 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 05:36 827392]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-18 12:23 77824]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-09 04:57 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-09 04:57 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-09 04:57 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ADDD198D-8918-4B82-98EC-6A23CCA2CBDA}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{BD4D7ABC-E9B0-4EB5-9BF8-1DB9A0577704}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{79E65E0B-F59B-4AD7-BD59-42C603B07411}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9ECF8212-EAD7-4926-8361-84B8D2E05294}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1F829208-0B45-4B7F-B6BB-2E4EC22D9F84}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{22AC33D6-0E33-40D0-92AE-530D542BF48D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0F5FE1E-5B4D-4D63-9911-2080C9174D73}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FC0F331C-D518-4553-B1FF-B12312C41B98}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FCE11569-97C3-44B6-B7B1-AA58B4DC1E34}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C9D9A26D-E98A-4905-9E85-5BBB4FCE01BE}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{648D01A7-AED2-4011-AACF-932056782953}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1A957E11-A6A4-4CF4-80B3-60F52CF2DE87}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5C094016-B68F-49E8-91BF-72E2E156F3A3}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F2F31C5A-4903-4074-A49A-8CEE78D7F66C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{E063CC8B-5101-4D5F-892D-3798CCC7948B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2897DF93-BBB8-44BD-8000-04FCA2DB9576}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{0EE2569F-4158-4943-AAA8-DE7D6B851F3F}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{B92EA189-1FD7-4352-80D0-A6BBCDF1BED2}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{EEAF4200-555D-4BD1-8746-2D92A010543A}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{4CC08326-17E9-46FC-B53F-B20E64977294}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{436A5DE6-F095-42BB-9583-DCDCBEFA9423}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{7743762A-B5FF-407C-A9CD-A6C3914FCC53}C:\\users\\mammo\\program files\\dna\\btdna.exe"= UDP:C:\users\mammo\program files\dna\btdna.exe:btdna.exe
"UDP Query User{D85851E3-BD54-4F31-9941-17CE90F96CBE}C:\\users\\mammo\\program files\\dna\\btdna.exe"= TCP:C:\users\mammo\program files\dna\btdna.exe:btdna.exe
"TCP Query User{6CDA0449-5B1C-490D-A7E6-5091C79BD09D}C:\\users\\mammo\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\mammo\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{14436924-6CDF-4902-815D-C2083C42F00F}C:\\users\\mammo\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\mammo\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{4B68D636-42AC-4916-B504-CC00775D08DA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule Plus
"UDP Query User{FC810AB0-D58F-455F-A92D-0AC3E8E4F948}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule Plus
"TCP Query User{659BC667-F461-42D2-AAAB-EEF60E2158CA}C:\\users\\mammo\\appdata\\local\\temp\\rar$ex00.626\\emule.exe"= UDP:C:\users\mammo\appdata\local\temp\rar$ex00.626\emule.exe:emule.exe
"UDP Query User{6D7B46F4-9F17-4807-9F20-85D388E10265}C:\\users\\mammo\\appdata\\local\\temp\\rar$ex00.626\\emule.exe"= TCP:C:\users\mammo\appdata\local\temp\rar$ex00.626\emule.exe:emule.exe
"{D14EBCD1-9F2A-4081-A442-33F407A48A67}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DBD043CE-F68C-4A4E-99D0-729A26909A4A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{65078C9B-C0D9-4212-B9DE-CB0456DF068C}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{1691F4D9-0843-4DE7-9E00-F53E0514FCD2}"= UDP:C:\Users\mammo\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{24B89F79-A16C-4ED8-9A84-CC45D04BF9EE}"= TCP:C:\Users\mammo\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{C2146692-7554-4DCD-9566-DF300C51DAA9}C:\\users\\mammo\\downloads\\[pc-multi] dreammatchtennispro2.08\\dream match tennis pro.exe"= UDP:C:\users\mammo\downloads\[pc-multi] dreammatchtennispro2.08\dream match tennis pro.exe:dream match tennis pro.exe
"UDP Query User{381A6C89-814A-4154-B924-6957BEC79765}C:\\users\\mammo\\downloads\\[pc-multi] dreammatchtennispro2.08\\dream match tennis pro.exe"= TCP:C:\users\mammo\downloads\[pc-multi] dreammatchtennispro2.08\dream match tennis pro.exe:dream match tennis pro.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 11:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ddadd62-11eb-11dd-b690-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f4954f4-6ac9-11dd-807d-001a73ca406a}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f4954f5-6ac9-11dd-807d-001a73ca406a}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ba5799-1056-11dd-9573-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ba579a-1056-11dd-9573-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b8cf2fb-13aa-11dd-8b84-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b8cf2fc-13aa-11dd-8b84-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b5ba45-10e2-11dd-8e24-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b5ba46-10e2-11dd-8e24-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31197ae4-1c3a-11dd-8ea3-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31197aee-1c3a-11dd-8ea3-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{332ceefb-0876-11dd-83f2-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{332cef12-0876-11dd-83f2-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6db748-109a-11dd-9709-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6db74f-109a-11dd-9709-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6db75c-109a-11dd-9709-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6db763-109a-11dd-9709-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc27e95-11dc-11dd-9eec-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc27ea8-11dc-11dd-9eec-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc27ec1-11dc-11dd-9eec-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc27ec2-11dc-11dd-9eec-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f63c2e33-11c3-11dd-8abd-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f63c2e37-11c3-11dd-8abd-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f63c2e38-11c3-11dd-8abd-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac955d1-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac955d8-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac955eb-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac955f2-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac95605-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac9560c-14e9-11dd-9f43-001b24d3d21d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-23 C:\Windows\Tasks\User_Feed_Synchronization-{2831D117-3C39-4A3A-970E-D1163BC1AF52}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-10 C:\Windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{862225c5-971b-0af5-0c96-ea32dc608ec2} - C:\Windows\system32\xenxniwvem.dll
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-E07IXLRD_285013 - C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE
HKCU-Run-LphantAutoRun - C:\Program Files\Lphant\eLePhantClient.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-{952064a9-6722-3784-6018-dc888cd590b0} - C:\Windows\system32\xenxniwvem.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://it.yahoo.com/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R1 -: HKCU-SearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: Aggiungi a PDF esistente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Converti destinazione link in Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Converti destinazione link in file PDF esistente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Converti i link selezionati in Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Converti i link selezionati in file PDF esistente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Converti in Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Converti selezione in Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Converti selezione in file PDF esistente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 01:38:19
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-24 1:40:45
ComboFix-quarantined-files.txt 2008-08-23 23:40:28

Pre-Run: Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
Post-Run: 28,835,287,040 byte disponibili

283 --- E O F --- 2008-08-21 19:19:00
Torna in alto
 
Sponsor
Inviato: Sunday, August 24, 2008 10:26:00 AM

 
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » errore durante il caricamento di C:\WINDOWS\SYSTEM32\XENXNIWVEM.DLL


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.