ComboFix 08-12-06.06 - Lorenzo 2008-12-07 9.52.45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.381 [GMT 1:00]
Eseguito da: d:\documents and settings\Lorenzo\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: d:\documents and settings\Lorenzo\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((( Files Creati Da 2008-11-07 al 2008-12-07 )))))))))))))))))))))))))))))))))))
.
2008-12-06 16:12 . 2008-12-06 16:12 268 --ah----- C:\sqmdata02.sqm
2008-12-06 16:12 . 2008-12-06 16:12 244 --ah----- C:\sqmnoopt02.sqm
2008-12-05 22:59 . 2008-12-05 22:59 <DIR> d-------- d:\documents and settings\Lorenzo\Dati applicazioni\Malwarebytes
2008-12-05 22:59 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-05 22:58 . 2008-12-05 22:58 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-05 22:58 . 2008-12-05 22:59 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-05 22:58 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 18:10 . 2008-12-05 18:10 268 --ah----- C:\sqmdata01.sqm
2008-12-05 18:10 . 2008-12-05 18:10 244 --ah----- C:\sqmnoopt01.sqm
2008-12-05 08:41 . 2008-12-05 08:42 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-05 08:41 . 2008-12-05 08:41 <DIR> d-------- c:\programmi\Lavasoft
2008-12-05 08:41 . 2008-12-05 08:41 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-12-04 19:44 . 2008-12-04 22:05 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-04 19:44 . 2008-12-04 22:04 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2008-12-04 18:34 . 2008-12-04 18:34 <DIR> d-------- d:\documents and settings\Lorenzo\Dati applicazioni\.clamwin
2008-12-04 18:34 . 2008-12-04 18:34 <DIR> d-------- d:\documents and settings\All Users\.clamwin
2008-12-04 18:34 . 2008-12-04 18:34 <DIR> d-------- c:\programmi\ClamWin
2008-11-29 10:07 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-13 19:47 . 2008-11-13 19:47 <DIR> d--hs---- C:\found.000
2008-11-13 09:52 . 2008-09-04 18:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 09:52 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 08:55 55,279,648 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-06 19:21 649,100 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-06 16:01 46,134,152 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-06 08:55 --------- d-----w c:\programmi\eMule
2008-11-29 09:07 --------- d-----w c:\programmi\Java
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:36 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 16:58 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:24 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-01 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-01 86016]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"SpeedTouch USB Diagnostics"="c:\programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 878080]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-08-29 98304]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-29 1261336]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 c:\windows\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2005-12-01 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2007-08-03 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\FILECO~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-06 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-27 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-27 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-06 76040]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-08-29 825600]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico; []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{061c0434-24cf-11dd-b71b-001731691e73}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e33b3b37-9bba-11db-b58e-0090d0d6bb0f}]
\Shell\AutoRun\command - G:\CruzerProfile.exe /autorun
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-07 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/ig?sourceid=navclient&hl=it&ie=UTF-8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxFireFox -: Profile - d:\documents and settings\Lorenzo\Dati applicazioni\Mozilla\Firefox\Profiles\t3cjyjph.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
FF -: plugin - c:\programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-07 09:54:58
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
r16 ha scritto:Ciao.
Ma hai fatto l'operazione che ti ho indicato con Combofix?
No, perchè mi ero incasinato (non avevo capito che quella sul desktop non era una semplice icona, ma proprio il .exe). Cmq l'ho reinstallato e ho fatto l'operazione che mi hai detto: ecco qua
[quote]
ComboFix 08-12-06.06 - Lorenzo 2008-12-07 9.52.45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.381 [GMT 1:00]
Eseguito da: d:\documents and settings\Lorenzo\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: d:\documents and settings\Lorenzo\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((( Files Creati Da 2008-11-07 al 2008-12-07 )))))))))))))))))))))))))))))))))))
.
2008-12-06 16:12 . 2008-12-06 16:12 268 --ah----- C:\sqmdata02.sqm
2008-12-06 16:12 . 2008-12-06 16:12 244 --ah----- C:\sqmnoopt02.sqm
2008-12-05 22:59 . 2008-12-05 22:59 <DIR> d-------- d:\documents and settings\Lorenzo\Dati applicazioni\Malwarebytes
2008-12-05 22:59 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-05 22:58 . 2008-12-05 22:58 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-05 22:58 . 2008-12-05 22:59 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-05 22:58 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 18:10 . 2008-12-05 18:10 268 --ah----- C:\sqmdata01.sqm
2008-12-05 18:10 . 2008-12-05 18:10 244 --ah----- C:\sqmnoopt01.sqm
2008-12-05 08:41 . 2008-12-05 08:42 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-05 08:41 . 2008-12-05 08:41 <DIR> d-------- c:\programmi\Lavasoft
2008-12-05 08:41 . 2008-12-05 08:41 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-12-04 19:44 . 2008-12-04 22:05 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-04 19:44 . 2008-12-04 22:04 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2008-12-04 18:34 . 2008-12-04 18:34 <DIR> d-------- d:\documents and settings\Lorenzo\Dati applicazioni\.clamwin
2008-12-04 18:34 . 2008-12-04 18:34 <DIR> d-------- d:\documents and settings\All Users\.clamwin
2008-12-04 18:34 . 2008-12-04 18:34 <DIR> d-------- c:\programmi\ClamWin
2008-11-29 10:07 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-13 19:47 . 2008-11-13 19:47 <DIR> d--hs---- C:\found.000
2008-11-13 09:52 . 2008-09-04 18:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 09:52 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 08:55 55,279,648 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-06 19:21 649,100 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-06 16:01 46,134,152 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-06 08:55 --------- d-----w c:\programmi\eMule
2008-11-29 09:07 --------- d-----w c:\programmi\Java
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:36 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 16:58 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:24 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-01 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-01 86016]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"SpeedTouch USB Diagnostics"="c:\programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 878080]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-08-29 98304]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-29 1261336]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 c:\windows\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2005-12-01 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2007-08-03 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\FILECO~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-06 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-27 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-27 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-06 76040]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-08-29 825600]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico; []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{061c0434-24cf-11dd-b71b-001731691e73}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e33b3b37-9bba-11db-b58e-0090d0d6bb0f}]
\Shell\AutoRun\command - G:\CruzerProfile.exe /autorun
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-07 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/ig?sourceid=navclient&hl=it&ie=UTF-8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxFireFox -: Profile - d:\documents and settings\Lorenzo\Dati applicazioni\Mozilla\Firefox\Profiles\t3cjyjph.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
FF -: plugin - c:\programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-07 09:54:58
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\
00\
00\
00\
00\
02\
00\
00\
00À
[%\
00«Ô’|\
00\
00\
00\
00\
00\
00\
00\
00\
00\
00\
00\
00(\
00\
00\
00\
00\
00/\
03pè\13\
00pè\13\
00\18î"
.
Ora fine scansione: 2008-12-07 9.56.05
ComboFix-quarantined-files.txt 2008-12-07 08:56:01
ComboFix2.txt 2008-12-05 22:49:56
Pre-Run: 4.569.812.992 byte disponibili
Post-Run: 4,553,265,152 byte disponibili
166 --- E O F --- 2008-11-13 09:03:57
