Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

scansione combo fix Opzioni
dsl500
Inviato: Monday, April 28, 2008 6:21:48 PM

Rank: Member

Iscritto dal : 6/30/2007
Posts: 0
ciao a tutti mi verificate la scansione di combofix e se devo eliminare qual cosa la procedura, grazie. ComboFix 08-04-26.5 - Utente 2008-04-28 17.20.46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1528 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\dllcache\spoolsv.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-03-28 al 2008-04-28 )))))))))))))))))))))))))))))))))))
.

2008-04-26 18:17 . 2008-04-28 17:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-26 18:17 . 2008-04-26 18:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 18:16 . 2008-04-26 18:17 <DIR> d-------- C:\Programmi\iTunes
2008-04-26 18:16 . 2008-04-26 18:16 <DIR> d-------- C:\Programmi\iPod
2008-04-26 18:16 . 2008-04-26 18:16 <DIR> d-------- C:\Programmi\Bonjour
2008-04-26 18:14 . 2008-04-26 18:15 <DIR> d-------- C:\Programmi\QuickTime
2008-04-25 02:12 . 2008-04-25 02:12 59,782,440 --a------ C:\iTunesSetup.exe
2008-04-22 16:20 . 2008-04-28 16:57 <DIR> d-------- C:\Programmi\Crawler
2008-04-19 19:00 . 2008-04-19 19:00 <DIR> d-------- C:\OpenOffice.org 2.3 Installation Files
2008-04-19 18:54 . 2008-04-25 02:20 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\OpenOffice.org2
2008-04-19 18:49 . 2008-04-19 18:50 <DIR> d-------- C:\Programmi\OpenOffice.org 2.3
2008-04-19 18:45 . 2008-04-19 18:45 <DIR> d-------- C:\OxygenOffice
2008-04-18 17:35 . 2008-04-18 17:35 <DIR> d-------- C:\VundoFix Backups
2008-04-18 10:29 . 2008-04-18 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-04-17 16:26 . 2008-04-17 16:30 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-04-15 14:59 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-15 14:59 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-14 17:53 . 2008-04-14 17:53 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-04-14 16:29 . 2008-04-14 16:29 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-12 03:34 . 2008-04-12 03:34 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-04-10 18:52 . 2008-04-10 18:52 <DIR> d-------- C:\Programmi\MSBuild
2008-04-10 18:49 . 2008-04-13 08:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-10 18:48 . 2008-04-10 18:48 <DIR> d-------- C:\Programmi\Reference Assemblies
2008-04-10 18:47 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-10 18:44 . 2008-04-10 18:44 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-04-10 10:34 . 2008-04-17 18:29 <DIR> d-------- C:\Documents and Settings\Utente\.housecall6.6
2008-04-09 17:12 . 2008-04-09 17:12 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-08 12:16 . 2008-04-08 12:16 693,792 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2008-04-08 12:16 . 2008-04-08 12:16 560,672 --a------ C:\WINDOWS\system32\OGAAddin.dll
2008-04-08 12:16 . 2008-04-08 12:16 504,864 --a------ C:\WINDOWS\system32\OGAVerify.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 18:19 . 2008-03-28 18:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\ATI
2008-03-28 18:19 . 2008-03-28 18:19 4,096 --a------ C:\WINDOWS\system32\crash
2008-03-28 16:54 . 2008-03-28 16:56 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 15:22 28,827,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-28 15:17 339,632 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-28 12:31 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-27 16:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-26 21:25 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Apple Computer
2008-04-26 20:27 583,209 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_04_26_19_22_09_full.dmp.zip
2008-04-26 17:22 2,541,056 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-26 17:22 1,831,424 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-26 16:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-04-15 14:46 4,056,064 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-11 22:47 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\LimeWire
2008-03-23 16:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\FastStone
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 17:23 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-03-10 13:58 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Canon
2008-03-10 13:31 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\ArcSoft
2008-03-08 13:37 --------- d-----w C:\Programmi\Google
2008-03-07 16:49 --------- d-----w C:\Programmi\Java
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-07 15:46 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

------- Sigcheck -------

2004-08-19 14:00 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\winlogon.exe
2004-08-19 14:00 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-19 14:00 504832 4166454e2bcfcc20d1b8a5ac9feab243 C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 20:12 2060672 de16030e8209fd96eeb06d9e3d8c84a8 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:06 2063104 f89d8e24fbe047506d60b850d00bdee3 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 14:00 2018816 4b42a1c0085ce18e4be81a25a3d1c9cf C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:07 2018816 ac8e98040f804fc77b4ec7a870dafe3e C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2061312 49baea1d9379df8cd897aff9f49bc9de C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2276864 ea327555567c23a3ae80bb69a05810e7 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2276864 ea327555567c23a3ae80bb69a05810e7 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 18:02 2019328 f5da1e6ecad8b9705a2df4a7e5a2d16d C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 20:12 2183296 c120a33c71e706545cf26d6276bc0344 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:06 2185856 763ea08993b467a3af048ef185b1f805 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 14:00 2151936 8ab08c18bed548f7a534e9650911f660 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:07 2139136 e4c79833b41219e8a075d19dd81fed14 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2184064 5ec517cc0865808df80d2184b0131d27 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2397184 4313760e0b8c44555a4463c64b83e803 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2397184 4313760e0b8c44555a4463c64b83e803 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 18:02 2139648 4fbb54345fe2bbb1314c97377a8eabee C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2007-06-13 15:22 1554432 391eb0f3bd36758d332832b71f1456dd C:\WINDOWS\explorer.exe
2007-06-13 15:10 1035776 b4e85805be6d23de697f7b3ba7492d0b C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 14:00 1034752 178d42bd8fc34a9837417a6ce1d6bb7b C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1554432 391eb0f3bd36758d332832b71f1456dd C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:22 1035776 7e2817a623e16f830b660f81c0fd63da C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-19 14:00 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\ctfmon.exe
2004-08-19 14:00 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\dllcache\ctfmon.exe
2004-08-19 14:00 15360 5b33b4265966ee063c7fbea28958d9c2 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 25088]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 01:35 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 17:47 16860672 C:\WINDOWS\RTHDCPL.exe]
"CnxDslTaskBar"="C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2002-03-11 11:00 397312]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 22:54 919016]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HydraVisionDesktopManager"="C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00 270336]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 25088]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23879:TCP"= 23879:TCP:BitComet 23879 TCP
"23879:UDP"= 23879:UDP:BitComet 23879 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 12:33]
R3 CnxTgN;Conexant AccessRunner PCI ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-03-11 10:54]
R3 CnxTgP;Conexant AccessRunner PCI ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgP.sys [2002-03-11 10:52]
R3 CnxTgR;Conexant AccessRunner PCI ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTgR.sys [2002-03-11 10:51]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-21 16:30:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 17:22:42
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-04-28 17.23.37
ComboFix-quarantined-files.txt 2008-04-28 15:23:33

11 Directory 311,048,028,160 byte disponibili
15 Directory 311,053,983,744 byte disponibili

168 --- E O F --- 2008-04-18 08:27:10
ComboFix 08-04-26.5 - Utente 2008-04-28 17.20.46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1528 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\dllcache\spoolsv.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-03-28 al 2008-04-28 )))))))))))))))))))))))))))))))))))
.

2008-04-26 18:17 . 2008-04-28 17:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-26 18:17 . 2008-04-26 18:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 18:16 . 2008-04-26 18:17 <DIR> d-------- C:\Programmi\iTunes
2008-04-26 18:16 . 2008-04-26 18:16 <DIR> d-------- C:\Programmi\iPod
2008-04-26 18:16 . 2008-04-26 18:16 <DIR> d-------- C:\Programmi\Bonjour
2008-04-26 18:14 . 2008-04-26 18:15 <DIR> d-------- C:\Programmi\QuickTime
2008-04-25 02:12 . 2008-04-25 02:12 59,782,440 --a------ C:\iTunesSetup.exe
2008-04-22 16:20 . 2008-04-28 16:57 <DIR> d-------- C:\Programmi\Crawler
2008-04-19 19:00 . 2008-04-19 19:00 <DIR> d-------- C:\OpenOffice.org 2.3 Installation Files
2008-04-19 18:54 . 2008-04-25 02:20 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\OpenOffice.org2
2008-04-19 18:49 . 2008-04-19 18:50 <DIR> d-------- C:\Programmi\OpenOffice.org 2.3
2008-04-19 18:45 . 2008-04-19 18:45 <DIR> d-------- C:\OxygenOffice
2008-04-18 17:35 . 2008-04-18 17:35 <DIR> d-------- C:\VundoFix Backups
2008-04-18 10:29 . 2008-04-18 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-04-17 16:26 . 2008-04-17 16:30 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-04-15 14:59 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-15 14:59 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-14 17:53 . 2008-04-14 17:53 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-04-14 16:29 . 2008-04-14 16:29 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-12 03:34 . 2008-04-12 03:34 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-04-10 18:52 . 2008-04-10 18:52 <DIR> d-------- C:\Programmi\MSBuild
2008-04-10 18:49 . 2008-04-13 08:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-10 18:48 . 2008-04-10 18:48 <DIR> d-------- C:\Programmi\Reference Assemblies
2008-04-10 18:47 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-10 18:44 . 2008-04-10 18:44 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-04-10 10:34 . 2008-04-17 18:29 <DIR> d-------- C:\Documents and Settings\Utente\.housecall6.6
2008-04-09 17:12 . 2008-04-09 17:12 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-08 12:16 . 2008-04-08 12:16 693,792 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2008-04-08 12:16 . 2008-04-08 12:16 560,672 --a------ C:\WINDOWS\system32\OGAAddin.dll
2008-04-08 12:16 . 2008-04-08 12:16 504,864 --a------ C:\WINDOWS\system32\OGAVerify.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 18:19 . 2008-03-28 18:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\ATI
2008-03-28 18:19 . 2008-03-28 18:19 4,096 --a------ C:\WINDOWS\system32\crash
2008-03-28 16:54 . 2008-03-28 16:56 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 15:22 28,827,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-28 15:17 339,632 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-28 12:31 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-27 16:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-26 21:25 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Apple Computer
2008-04-26 20:27 583,209 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_04_26_19_22_09_full.dmp.zip
2008-04-26 17:22 2,541,056 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-26 17:22 1,831,424 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-26 16:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-04-15 14:46 4,056,064 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-11 22:47 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\LimeWire
2008-03-23 16:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\FastStone
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 17:23 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-03-10 13:58 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Canon
2008-03-10 13:31 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\ArcSoft
2008-03-08 13:37 --------- d-----w C:\Programmi\Google
2008-03-07 16:49 --------- d-----w C:\Programmi\Java
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-07 15:46 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

------- Sigcheck -------

2004-08-19 14:00 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\winlogon.exe
2004-08-19 14:00 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-19 14:00 504832 4166454e2bcfcc20d1b8a5ac9feab243 C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 20:12 2060672 de16030e8209fd96eeb06d9e3d8c84a8 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:06 2063104 f89d8e24fbe047506d60b850d00bdee3 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 14:00 2018816 4b42a1c0085ce18e4be81a25a3d1c9cf C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:07 2018816 ac8e98040f804fc77b4ec7a870dafe3e C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2061312 49baea1d9379df8cd897aff9f49bc9de C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2276864 ea327555567c23a3ae80bb69a05810e7 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2276864 ea327555567c23a3ae80bb69a05810e7 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 18:02 2019328 f5da1e6ecad8b9705a2df4a7e5a2d16d C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 20:12 2183296 c120a33c71e706545cf26d6276bc0344 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:06 2185856 763ea08993b467a3af048ef185b1f805 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 14:00 2151936 8ab08c18bed548f7a534e9650911f660 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:07 2139136 e4c79833b41219e8a075d19dd81fed14 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2184064 5ec517cc0865808df80d2184b0131d27 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2397184 4313760e0b8c44555a4463c64b83e803 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2397184 4313760e0b8c44555a4463c64b83e803 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 18:02 2139648 4fbb54345fe2bbb1314c97377a8eabee C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2007-06-13 15:22 1554432 391eb0f3bd36758d332832b71f1456dd C:\WINDOWS\explorer.exe
2007-06-13 15:10 1035776 b4e85805be6d23de697f7b3ba7492d0b C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 14:00 1034752 178d42bd8fc34a9837417a6ce1d6bb7b C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1554432 391eb0f3bd36758d332832b71f1456dd C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:22 1035776 7e2817a623e16f830b660f81c0fd63da C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-19 14:00 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\ctfmon.exe
2004-08-19 14:00 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\dllcache\ctfmon.exe
2004-08-19 14:00 15360 5b33b4265966ee063c7fbea28958d9c2 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 25088]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 01:35 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 17:47 16860672 C:\WINDOWS\RTHDCPL.exe]
"CnxDslTaskBar"="C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2002-03-11 11:00 397312]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 22:54 919016]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HydraVisionDesktopManager"="C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00 270336]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 25088]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23879:TCP"= 23879:TCP:BitComet 23879 TCP
"23879:UDP"= 23879:UDP:BitComet 23879 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 12:33]
R3 CnxTgN;Conexant AccessRunner PCI ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-03-11 10:54]
R3 CnxTgP;Conexant AccessRunner PCI ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgP.sys [2002-03-11 10:52]
R3 CnxTgR;Conexant AccessRunner PCI ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTgR.sys [2002-03-11 10:51]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-21 16:30:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 17:22:42
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-04-28 17.23.37
ComboFix-quarantined-files.txt 2008-04-28 15:23:33

11 Directory 311,048,028,160 byte disponibili
15 Directory 311,053,983,744 byte disponibili

168 --- E O F --- 2008-04-18 08:27:10
ComboFix 08-04-26.5 - Utente 2008-04-28 17.20.46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1528 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\dllcache\spoolsv.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-03-28 al 2008-04-28 )))))))))))))))))))))))))))))))))))
.

2008-04-26 18:17 . 2008-04-28 17:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-26 18:17 . 2008-04-26 18:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 18:16 . 2008-04-26 18:17 <DIR> d-------- C:\Programmi\iTunes
2008-04-26 18:16 . 2008-04-26 18:16 <DIR> d-------- C:\Programmi\iPod
2008-04-26 18:16 . 2008-04-26 18:16 <DIR> d-------- C:\Programmi\Bonjour
2008-04-26 18:14 . 2008-04-26 18:15 <DIR> d-------- C:\Programmi\QuickTime
2008-04-25 02:12 . 2008-04-25 02:12 59,782,440 --a------ C:\iTunesSetup.exe
2008-04-22 16:20 . 2008-04-28 16:57 <DIR> d-------- C:\Programmi\Crawler
2008-04-19 19:00 . 2008-04-19 19:00 <DIR> d-------- C:\OpenOffice.org 2.3 Installation Files
2008-04-19 18:54 . 2008-04-25 02:20 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\OpenOffice.org2
2008-04-19 18:49 . 2008-04-19 18:50 <DIR> d-------- C:\Programmi\OpenOffice.org 2.3
2008-04-19 18:45 . 2008-04-19 18:45 <DIR> d-------- C:\OxygenOffice
2008-04-18 17:35 . 2008-04-18 17:35 <DIR> d-------- C:\VundoFix Backups
2008-04-18 10:29 . 2008-04-18 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-04-17 16:26 . 2008-04-17 16:30 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-04-15 14:59 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-15 14:59 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-14 17:53 . 2008-04-14 17:53 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-04-14 16:29 . 2008-04-14 16:29 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-12 03:34 . 2008-04-12 03:34 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-04-10 18:52 . 2008-04-10 18:52 <DIR> d-------- C:\Programmi\MSBuild
2008-04-10 18:49 . 2008-04-13 08:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-10 18:48 . 2008-04-10 18:48 <DIR> d-------- C:\Programmi\Reference Assemblies
2008-04-10 18:47 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-10 18:44 . 2008-04-10 18:44 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-04-10 10:34 . 2008-04-17 18:29 <DIR> d-------- C:\Documents and Settings\Utente\.housecall6.6
2008-04-09 17:12 . 2008-04-09 17:12 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-08 12:16 . 2008-04-08 12:16 693,792 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2008-04-08 12:16 . 2008-04-08 12:16 560,672 --a------ C:\WINDOWS\system32\OGAAddin.dll
2008-04-08 12:16 . 2008-04-08 12:16 504,864 --a------ C:\WINDOWS\system32\OGAVerify.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 18:19 . 2008-03-28 18:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\ATI
2008-03-28 18:19 . 2008-03-28 18:19 4,096 --a------ C:\WINDOWS\system32\crash
2008-03-28 16:54 . 2008-03-28 16:56 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 15:22 28,827,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-28 15:17 339,632 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-28 12:31 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-27 16:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-26 21:25 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Apple Computer
2008-04-26 20:27 583,209 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_04_26_19_22_09_full.dmp.zip
2008-04-26 17:22 2,541,056 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-26 17:22 1,831,424 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-26 16:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-04-15 14:46 4,056,064 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-11 22:47 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\LimeWire
2008-03-23 16:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\FastStone
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 17:23 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-03-10 13:58 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Canon
2008-03-10 13:31 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\ArcSoft
2008-03-08 13:37 --------- d-----w C:\Programmi\Google
2008-03-07 16:49 --------- d-----w C:\Programmi\Java
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-07 15:46 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

------- Sigcheck -------

2004-08-19 14:00 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\winlogon.exe
2004-08-19 14:00 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-19 14:00 504832 4166454e2bcfcc20d1b8a5ac9feab243 C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 20:12 2060672 de16030e8209fd96eeb06d9e3d8c84a8 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:06 2063104 f89d8e24fbe047506d60b850d00bdee3 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 14:00 2018816 4b42a1c0085ce18e4be81a25a3d1c9cf C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:07 2018816 ac8e98040f804fc77b4ec7a870dafe3e C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2061312 49baea1d9379df8cd897aff9f49bc9de C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2276864 ea327555567c23a3ae80bb69a05810e7 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2276864 ea327555567c23a3ae80bb69a05810e7 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 18:02 2019328 f5da1e6ecad8b9705a2df4a7e5a2d16d C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 20:12 2183296 c120a33c71e706545cf26d6276bc0344 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:06 2185856 763ea08993b467a3af048ef185b1f805 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 14:00 2151936 8ab08c18bed548f7a534e9650911f660 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:07 2139136 e4c79833b41219e8a075d19dd81fed14 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2184064 5ec517cc0865808df80d2184b0131d27 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2397184 4313760e0b8c44555a4463c64b83e803 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2397184 4313760e0b8c44555a4463c64b83e803 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 18:02 2139648 4fbb54345fe2bbb1314c97377a8eabee C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2007-06-13 15:22 1554432 391eb0f3bd36758d332832b71f1456dd C:\WINDOWS\explorer.exe
2007-06-13 15:10 1035776 b4e85805be6d23de697f7b3ba7492d0b C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 14:00 1034752 178d42bd8fc34a9837417a6ce1d6bb7b C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1554432 391eb0f3bd36758d332832b71f1456dd C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:22 1035776 7e2817a623e16f830b660f81c0fd63da C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-19 14:00 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\ctfmon.exe
2004-08-19 14:00 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\dllcache\ctfmon.exe
2004-08-19 14:00 15360 5b33b4265966ee063c7fbea28958d9c2 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 25088]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 01:35 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 17:47 16860672 C:\WINDOWS\RTHDCPL.exe]
"CnxDslTaskBar"="C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2002-03-11 11:00 397312]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 22:54 919016]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HydraVisionDesktopManager"="C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00 270336]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 25088]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23879:TCP"= 23879:TCP:BitComet 23879 TCP
"23879:UDP"= 23879:UDP:BitComet 23879 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 12:33]
R3 CnxTgN;Conexant AccessRunner PCI ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-03-11 10:54]
R3 CnxTgP;Conexant AccessRunner PCI ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgP.sys [2002-03-11 10:52]
R3 CnxTgR;Conexant AccessRunner PCI ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTgR.sys [2002-03-11 10:51]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-21 16:30:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 17:22:42
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-04-28 17.23.37
ComboFix-quarantined-files.txt 2008-04-28 15:23:33

11 Directory 311,048,028,160 byte disponibili
15 Directory 311,053,983,744 byte disponibili

168 --- E O F --- 2008-04-18 08:27:10
ComboFix 08-04-26.5 - Utente 2008-04-28 17.20.46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1528 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\dllcache\spoolsv.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-03-28 al 2008-04-28 )))))))))))))))))))))))))))))))))))
.

2008-04-26 18:17 . 2008-04-28 17:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-26 18:17 . 2008-04-26 18:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 18:16 . 2008-04-26 18:17 <DIR> d-------- C:\Programmi\iTunes
2008-04-26 18:16 . 2008-04-26 18:16 <DIR> d-------- C:\Programmi\iPod
2008-04-26 18:16 . 2008-04-26 18:16 <DIR> d-------- C:\Programmi\Bonjour
2008-04-26 18:14 . 2008-04-26 18:15 <DIR> d-------- C:\Programmi\QuickTime
2008-04-25 02:12 . 2008-04-25 02:12 59,782,440 --a------ C:\iTunesSetup.exe
2008-04-22 16:20 . 2008-04-28 16:57 <DIR> d-------- C:\Programmi\Crawler
2008-04-19 19:00 . 2008-04-19 19:00 <DIR> d-------- C:\OpenOffice.org 2.3 Installation Files
2008-04-19 18:54 . 2008-04-25 02:20 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\OpenOffice.org2
2008-04-19 18:49 . 2008-04-19 18:50 <DIR> d-------- C:\Programmi\OpenOffice.org 2.3
2008-04-19 18:45 . 2008-04-19 18:45 <DIR> d-------- C:\OxygenOffice
2008-04-18 17:35 . 2008-04-18 17:35 <DIR> d-------- C:\VundoFix Backups
2008-04-18 10:29 . 2008-04-18 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-04-17 16:26 . 2008-04-17 16:30 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-04-15 14:59 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-15 14:59 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-14 17:53 . 2008-04-14 17:53 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-04-14 16:29 . 2008-04-14 16:29 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-12 03:34 . 2008-04-12 03:34 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-04-10 18:52 . 2008-04-10 18:52 <DIR> d-------- C:\Programmi\MSBuild
2008-04-10 18:49 . 2008-04-13 08:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-10 18:48 . 2008-04-10 18:48 <DIR> d-------- C:\Programmi\Reference Assemblies
2008-04-10 18:47 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-10 18:44 . 2008-04-10 18:44 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-04-10 10:34 . 2008-04-17 18:29 <DIR> d-------- C:\Documents and Settings\Utente\.housecall6.6
2008-04-09 17:12 . 2008-04-09 17:12 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-08 12:16 . 2008-04-08 12:16 693,792 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2008-04-08 12:16 . 2008-04-08 12:16 560,672 --a------ C:\WINDOWS\system32\OGAAddin.dll
2008-04-08 12:16 . 2008-04-08 12:16 504,864 --a------ C:\WINDOWS\system32\OGAVerify.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 18:19 . 2008-03-28 18:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\ATI
2008-03-28 18:19 . 2008-03-28 18:19 4,096 --a------ C:\WINDOWS\system32\crash
2008-03-28 16:54 . 2008-03-28 16:56 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 15:22 28,827,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-28 15:17 339,632 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-28 12:31 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-27 16:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-26 21:25 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Apple Computer
2008-04-26 20:27 583,209 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_04_26_19_22_09_full.dmp.zip
2008-04-26 17:22 2,541,056 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-26 17:22 1,831,424 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-26 16:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-04-15 14:46 4,056,064 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-11 22:47 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\LimeWire
2008-03-23 16:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\FastStone
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 17:23 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-03-10 13:58 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Canon
2008-03-10 13:31 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\ArcSoft
2008-03-08 13:37 --------- d-----w C:\Programmi\Google
2008-03-07 16:49 --------- d-----w C:\Programmi\Java
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-07 15:46 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

------- Sigcheck -------

2004-08-19 14:00 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\winlogon.exe
2004-08-19 14:00 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-19 14:00 504832 4166454e2bcfcc20d1b8a5ac9feab243 C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 20:12 2060672 de16030e8209fd96eeb06d9e3d8c84a8 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:06 2063104 f89d8e24fbe047506d60b850d00bdee3 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 14:00 2018816 4b42a1c0085ce18e4be81a25a3d1c9cf C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:07 2018816 ac8e98040f804fc77b4ec7a870dafe3e C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2061312 49baea1d9379df8cd897aff9f49bc9de C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2276864 ea327555567c23a3ae80bb69a05810e7 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2276864 ea327555567c23a3ae80bb69a05810e7 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 18:02 2019328 f5da1e6ecad8b9705a2df4a7e5a2d16d C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 20:12 2183296 c120a33c71e706545cf26d6276bc0344 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:06 2185856 763ea08993b467a3af048ef185b1f805 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 14:00 2151936 8ab08c18bed548f7a534e9650911f660 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:07 2139136 e4c79833b41219e8a075d19dd81fed14 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2184064 5ec517cc0865808df80d2184b0131d27 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2397184 4313760e0b8c44555a4463c64b83e803 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2397184 4313760e0b8c44555a4463c64b83e803 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 18:02 2139648 4fbb54345fe2bbb1314c97377a8eabee C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2007-06-13 15:22 1554432 391eb0f3bd36758d332832b71f1456dd C:\WINDOWS\explorer.exe
2007-06-13 15:10 1035776 b4e85805be6d23de697f7b3ba7492d0b C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 14:00 1034752 178d42bd8fc34a9837417a6ce1d6bb7b C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1554432 391eb0f3bd36758d332832b71f1456dd C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:22 1035776 7e2817a623e16f830b660f81c0fd63da C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-19 14:00 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\ctfmon.exe
2004-08-19 14:00 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\dllcache\ctfmon.exe
2004-08-19 14:00 15360 5b33b4265966ee063c7fbea28958d9c2 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 25088]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 01:35 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 17:47 16860672 C:\WINDOWS\RTHDCPL.exe]
"CnxDslTaskBar"="C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2002-03-11 11:00 397312]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 22:54 919016]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HydraVisionDesktopManager"="C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00 270336]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 25088]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23879:TCP"= 23879:TCP:BitComet 23879 TCP
"23879:UDP"= 23879:UDP:BitComet 23879 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 12:33]
R3 CnxTgN;Conexant AccessRunner PCI ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-03-11 10:54]
R3 CnxTgP;Conexant AccessRunner PCI ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgP.sys [2002-03-11 10:52]
R3 CnxTgR;Conexant AccessRunner PCI ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTgR.sys [2002-03-11 10:51]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-21 16:30:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 17:22:42
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-04-28 17.23.37
ComboFix-quarantined-files.txt 2008-04-28 15:23:33

11 Directory 311,048,028,160 byte disponibili
15 Directory 311,053,983,744 byte disponibili

168 --- E O F --- 2008-04-18 08:27:10
ComboFix 08-04-26.5 - Utente 2008-04-28 17.20.46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1528 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\dllcache\spoolsv.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-03-28 al 2008-04-28 )))))))))))))))))))))))))))))))))))
.

2008-04-26 18:17 . 2008-04-28 17:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-26 18:17 . 2008-04-26 18:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 18:16 . 2008-04-26 18:17 <DIR> d-------- C:\Programmi\iTunes
2008-04-26 18:16 . 2008-04-26 18:16 <DIR> d-------- C:\Programmi\iPod
2008-04-26 18:16 . 2008-04-26 18:16 <DIR> d-------- C:\Programmi\Bonjour
2008-04-26 18:14 . 2008-04-26 18:15 <DIR> d-------- C:\Programmi\QuickTime
2008-04-25 02:12 . 2008-04-25 02:12 59,782,440 --a------ C:\iTunesSetup.exe
2008-04-22 16:20 . 2008-04-28 16:57 <DIR> d-------- C:\Programmi\Crawler
2008-04-19 19:00 . 2008-04-19 19:00 <DIR> d-------- C:\OpenOffice.org 2.3 Installation Files
2008-04-19 18:54 . 2008-04-25 02:20 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\OpenOffice.org2
2008-04-19 18:49 . 2008-04-19 18:50 <DIR> d-------- C:\Programmi\OpenOffice.org 2.3
2008-04-19 18:45 . 2008-04-19 18:45 <DIR> d-------- C:\OxygenOffice
2008-04-18 17:35 . 2008-04-18 17:35 <DIR> d-------- C:\VundoFix Backups
2008-04-18 10:29 . 2008-04-18 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-04-17 16:26 . 2008-04-17 16:30 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-04-15 14:59 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-15 14:59 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-14 17:53 . 2008-04-14 17:53 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-04-14 16:29 . 2008-04-14 16:29 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-12 03:34 . 2008-04-12 03:34 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-04-10 18:52 . 2008-04-10 18:52 <DIR> d-------- C:\Programmi\MSBuild
2008-04-10 18:49 . 2008-04-13 08:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-10 18:48 . 2008-04-10 18:48 <DIR> d-------- C:\Programmi\Reference Assemblies
2008-04-10 18:47 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-10 18:44 . 2008-04-10 18:44 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-04-10 10:34 . 2008-04-17 18:29 <DIR> d-------- C:\Documents and Settings\Utente\.housecall6.6
2008-04-09 17:12 . 2008-04-09 17:12 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-08 12:16 . 2008-04-08 12:16 693,792 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2008-04-08 12:16 . 2008-04-08 12:16 560,672 --a------ C:\WINDOWS\system32\OGAAddin.dll
2008-04-08 12:16 . 2008-04-08 12:16 504,864 --a------ C:\WINDOWS\system32\OGAVerify.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 18:19 . 2008-03-28 18:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\ATI
2008-03-28 18:19 . 2008-03-28 18:19 4,096 --a------ C:\WINDOWS\system32\crash
2008-03-28 16:54 . 2008-03-28 16:56 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 15:22 28,827,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-28 15:17 339,632 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-28 12:31 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-27 16:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-26 21:25 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Apple Computer
2008-04-26 20:27 583,209 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_04_26_19_22_09_full.dmp.zip
2008-04-26 17:22 2,541,056 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-26 17:22 1,831,424 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-26 16:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-04-15 14:46 4,056,064 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-11 22:47 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\LimeWire
2008-03-23 16:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\FastStone
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 17:23 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-03-10 13:58 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Canon
2008-03-10 13:31 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\ArcSoft
2008-03-08 13:37 --------- d-----w C:\Programmi\Google
2008-03-07 16:49 --------- d-----w C:\Programmi\Java
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-07 15:46 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

------- Sigcheck -------

2004-08-19 14:00 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\winlogon.exe
2004-08-19 14:00 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-19 14:00 504832 4166454e2bcfcc20d1b8a5ac9feab243 C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 20:12 2060672 de16030e8209fd96eeb06d9e3d8c84a8 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:06 2063104 f89d8e24fbe047506d60b850d00bdee3 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 14:00 2018816 4b42a1c0085ce18e4be81a25a3d1c9cf C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:07 2018816 ac8e98040f804fc77b4ec7a870dafe3e C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2061312 49baea1d9379df8cd897aff9f49bc9de C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2276864 ea327555567c23a3ae80bb69a05810e7 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2276864 ea327555567c23a3ae80bb69a05810e7 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 18:02 2019328 f5da1e6ecad8b9705a2df4a7e5a2d16d C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 20:12 2183296 c120a33c71e706545cf26d6276bc0344 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:06 2185856 763ea08993b467a3af048ef185b1f805 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 14:00 2151936 8ab08c18bed548f7a534e9650911f660 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:07 2139136 e4c79833b41219e8a075d19dd81fed14 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2184064 5ec517cc0865808df80d2184b0131d27 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2397184 4313760e0b8c44555a4463c64b83e803 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2397184 4313760e0b8c44555a4463c64b83e803 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 18:02 2139648 4fbb54345fe2bbb1314c97377a8eabee C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2007-06-13 15:22 1554432 391eb0f3bd36758d332832b71f1456dd C:\WINDOWS\explorer.exe
2007-06-13 15:10 1035776 b4e85805be6d23de697f7b3ba7492d0b C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 14:00 1034752 178d42bd8fc34a9837417a6ce1d6bb7b C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1554432 391eb0f3bd36758d332832b71f1456dd C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:22 1035776 7e2817a623e16f830b660f81c0fd63da C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-19 14:00 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\ctfmon.exe
2004-08-19 14:00 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\dllcache\ctfmon.exe
2004-08-19 14:00 15360 5b33b4265966ee063c7fbea28958d9c2 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 25088]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 01:35 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 17:47 16860672 C:\WINDOWS\RTHDCPL.exe]
"CnxDslTaskBar"="C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2002-03-11 11:00 397312]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 22:54 919016]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HydraVisionDesktopManager"="C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00 270336]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 25088]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23879:TCP"= 23879:TCP:BitComet 23879 TCP
"23879:UDP"= 23879:UDP:BitComet 23879 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 12:33]
R3 CnxTgN;Conexant AccessRunner PCI ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-03-11 10:54]
R3 CnxTgP;Conexant AccessRunner PCI ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgP.sys [2002-03-11 10:52]
R3 CnxTgR;Conexant AccessRunner PCI ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTgR.sys [2002-03-11 10:51]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-21 16:30:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 17:22:42
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-04-28 17.23.37
ComboFix-quarantined-files.txt 2008-04-28 15:23:33

11 Directory 311,048,028,160 byte disponibili
15 Directory 311,053,983,744 byte disponibili

168 --- E O F --- 2008-04-18 08:27:10
Sponsor
Inviato: Monday, April 28, 2008 6:21:48 PM

 
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.