timpano2001
07-12-2008, 00:40
credo di aver preso questo tipo di virus;
questo è il report ottenuto con combofix
qualcuno è così gentile da aiutarmi????
ComboFix 08-12-06.04 - pc 2008-12-07 0.30.54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2692 [GMT 1:00]
Eseguito da: c:\documents and settings\pc\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\pc\Dati applicazioni\inst.exe
c:\windows\system32\aamluekm.dll
c:\windows\system32\nwtrdw.dll
c:\windows\system32\pkwlbepy.ini
c:\windows\system32\Pncrt.dll
c:\windows\system32\QtBKnUvw.ini
c:\windows\system32\QtBKnUvw.ini2
c:\windows\system32\rapwfvik.ini
c:\windows\Tasks\jzpconky.job
.
((((((((((((((((((((((((( Files Creati Da 2008-11-06 al 2008-12-06 )))))))))))))))))))))))))))))))))))
.
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2008-12-06 23:40 . 2008-02-20 06:40 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2008-12-06 23:40 . 2008-12-06 23:40 <DIR> d-------- c:\documents and settings\Administrator
2008-12-06 23:17 . 2008-12-07 00:14 <DIR> d-------- C:\VEXPLITE
2008-12-06 23:17 . 2008-08-30 12:11 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2008-12-06 22:58 . 2008-12-06 22:58 <DIR> d-------- C:\VundoFix Backups
2008-12-05 12:08 . 2008-12-05 12:08 25,088 --a------ c:\windows\system32\drivers\phqghume.sys
2008-12-05 12:08 . 2008-12-05 12:08 25,088 --a------ c:\windows\system32\drivers\fsyjhuvo.sys
2008-12-05 09:52 . 2008-12-07 00:32 2,816 --a------ c:\windows\vmopjpph
2008-12-05 09:47 . 2008-12-05 09:47 34,816 --a------ c:\windows\system32\urqQhhEx.dll
2008-11-27 19:12 . 2008-11-27 19:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2008-11-27 19:11 . 2008-11-28 14:20 <DIR> d-------- c:\programmi\Messenger Plus! Live
2008-11-24 15:54 . 2008-11-24 15:54 <DIR> d-------- c:\documents and settings\pc\Dati applicazioni\Motive
2008-11-24 15:52 . 2008-11-24 15:52 <DIR> d-------- c:\programmi\Motive
2008-11-24 15:41 . 2008-11-24 15:41 <DIR> d-------- c:\programmi\File comuni\Motive
2008-11-24 15:41 . 2008-11-24 15:41 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Motive
2008-11-21 17:40 . 2008-11-21 17:40 268 --ah----- C:\sqmdata09.sqm
2008-11-21 17:40 . 2008-11-21 17:40 244 --ah----- C:\sqmnoopt09.sqm
2008-11-21 14:44 . 2004-05-04 12:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-21 14:44 . 2006-05-20 17:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-11-21 14:44 . 2006-05-11 20:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-11-21 14:44 . 2006-09-29 13:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-11-21 14:44 . 2006-09-29 13:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-11-21 14:44 . 2006-09-29 13:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-11-21 14:44 . 2007-03-18 21:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-11-21 14:42 . 2008-11-21 14:44 <DIR> d-------- c:\programmi\vso
2008-11-14 18:43 . 2008-11-14 18:43 <DIR> d-------- c:\windows\system32\%USERPROFILE%
2008-11-12 15:31 . 2008-10-24 12:21 455,296 --a------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 15:30 . 2008-09-04 18:15 1,106,944 --a------ c:\windows\system32\dllcache\msxml3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 23:27 --------- d-----w c:\programmi\Mozilla Thunderbird
2008-12-05 08:49 --------- d-----w c:\programmi\DVDFab 5
2008-12-05 08:49 --------- d-----w c:\documents and settings\pc\Dati applicazioni\Vso
2008-12-04 19:14 --------- d-----w c:\programmi\eMule
2008-12-03 21:20 --------- d-----w c:\documents and settings\pc\Dati applicazioni\uTorrent
2008-12-02 07:23 --------- d-----w c:\programmi\Finale 2007
2008-11-30 12:59 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-30 12:59 47,360 ----a-w c:\documents and settings\pc\Dati applicazioni\pcouffin.sys
2008-11-29 10:02 --------- d-----w c:\documents and settings\pc\Dati applicazioni\U3
2008-11-24 14:53 --------- d-----w c:\programmi\Alice ti aiuta
2008-11-24 14:42 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-24 14:42 --------- d-----w c:\programmi\Telecom Italia
2008-11-21 15:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\vsosdk
2008-11-14 13:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-11-06 08:18 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-03 18:41 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-03 18:41 286,720 ------w c:\windows\Setup1.exe
2008-11-03 14:39 --------- d-----w c:\programmi\CCleaner
2008-10-30 08:22 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:36 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 16:58 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\dllcache\srv.sys
2008-05-01 09:21 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-05-01 09:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
2008-05-01 09:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008050120080502\index.dat
2008-05-01 09:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-05 09:47 34816 --a------ c:\windows\system32\urqQhhEx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"!AVG Anti-Spyware"="c:\programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-26 6731312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"AliceRE_McciTrayApp"="c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe" [2006-11-21 936960]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2008-12-06 249856]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-11-24 217088]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-22 67128]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2008-04-22 784912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\urqQhhEx.dll" [2008-12-05 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQhhEx]
2008-12-05 09:47 34816 c:\windows\system32\urqQhhEx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll nwtrdw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-07-21 05:15 2157504 c:\programmi\SlySoft\AnyDVD\AnyDVDtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-21 04:35 202024 c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series]
--a------ 2006-02-21 05:00 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBEE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-02-08 05:21 54832 c:\programmi\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-04-22 18:09 67128 c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-11-16 11:01 244512 c:\programmi\File comuni\Logitech\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-04-21 15:41 438359 c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:14 1695232 c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 22:51 1836328 c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-02 04:57 153136 c:\programmi\File comuni\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
--a------ 2007-03-28 19:41 2037352 c:\programmi\Norton Ghost\Agent\VProTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-15 10:01 71216 c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-06-03 14:08 21718312 c:\programmi\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\programmi\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-09-21 02:10 55824 c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-10-04 17:14 1626112 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"h:\\emule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
R0 ahci8086;ahci8086;c:\windows\system32\DRIVERS\ahci8086.sys [2006-10-20 119808]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-08-08 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-08 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-08 90632]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\programmi\CyberLink\PowerDVD\000.fcl [2006-11-03 05:51:58 13560]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-24 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 231704]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2008-11-24 8192]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\viritsvc.exe [2007-10-10 57344]
S0 aylnlfdx;aylnlfdx;c:\windows\system32\drivers\phqghume.sys [2008-12-05 25088]
S0 rcfsqshe;rcfsqshe;c:\windows\system32\drivers\fsyjhuvo.sys [2008-12-05 25088]
S0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [2008-12-06 40960]
S0 vmopjpph;vmopjpph;c:\windows\system32\drivers\mwacrlmo.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3d27029-df0d-11dc-9fa2-806d6172696f}]
\Shell\AutoRun\command - d:\bootcd\wintools\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-06 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORFÃOS REMOVIDOS - - - -
BHO-{345EA9FA-59E1-454E-B102-62036440E06F} - c:\windows\system32\wvUnKBtQ.dll
BHO-{7b67cc52-d976-43ad-bcad-71738c6ea3bc} - c:\windows\system32\nwtrdw.dll
HKCU-Run-LogitechSetup - k:\setup\Setup.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
MSConfigStartUp-4cab5f20 - c:\windows\system32\ypeblwkp.dll
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.tgsoft.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\pc\Dati applicazioni\Mozilla\Firefox\Profiles\u8zid0cp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1400273&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - http:/www.libero.it
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 00:34:05
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
c:\windows\system32\drivers\mwacrlmo.sys 25088 bytes executable
Scansione completata con successo
Files nascosti: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll
c:\windows\system32\urqQhhEx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Norton Ghost\Agent\VProSvc.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\File comuni\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-07 0:35:58 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-06 23:35:54
Pre-Run: 36.621.135.872 byte disponibili
Post-Run: 36,545,810,432 byte disponibili
295
questo è il report ottenuto con combofix
qualcuno è così gentile da aiutarmi????
ComboFix 08-12-06.04 - pc 2008-12-07 0.30.54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2692 [GMT 1:00]
Eseguito da: c:\documents and settings\pc\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\pc\Dati applicazioni\inst.exe
c:\windows\system32\aamluekm.dll
c:\windows\system32\nwtrdw.dll
c:\windows\system32\pkwlbepy.ini
c:\windows\system32\Pncrt.dll
c:\windows\system32\QtBKnUvw.ini
c:\windows\system32\QtBKnUvw.ini2
c:\windows\system32\rapwfvik.ini
c:\windows\Tasks\jzpconky.job
.
((((((((((((((((((((((((( Files Creati Da 2008-11-06 al 2008-12-06 )))))))))))))))))))))))))))))))))))
.
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2008-12-06 23:40 . 2008-02-20 06:40 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2008-12-06 23:40 . 2008-02-19 18:33 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2008-12-06 23:40 . 2008-12-06 23:40 <DIR> d-------- c:\documents and settings\Administrator
2008-12-06 23:17 . 2008-12-07 00:14 <DIR> d-------- C:\VEXPLITE
2008-12-06 23:17 . 2008-08-30 12:11 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2008-12-06 22:58 . 2008-12-06 22:58 <DIR> d-------- C:\VundoFix Backups
2008-12-05 12:08 . 2008-12-05 12:08 25,088 --a------ c:\windows\system32\drivers\phqghume.sys
2008-12-05 12:08 . 2008-12-05 12:08 25,088 --a------ c:\windows\system32\drivers\fsyjhuvo.sys
2008-12-05 09:52 . 2008-12-07 00:32 2,816 --a------ c:\windows\vmopjpph
2008-12-05 09:47 . 2008-12-05 09:47 34,816 --a------ c:\windows\system32\urqQhhEx.dll
2008-11-27 19:12 . 2008-11-27 19:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2008-11-27 19:11 . 2008-11-28 14:20 <DIR> d-------- c:\programmi\Messenger Plus! Live
2008-11-24 15:54 . 2008-11-24 15:54 <DIR> d-------- c:\documents and settings\pc\Dati applicazioni\Motive
2008-11-24 15:52 . 2008-11-24 15:52 <DIR> d-------- c:\programmi\Motive
2008-11-24 15:41 . 2008-11-24 15:41 <DIR> d-------- c:\programmi\File comuni\Motive
2008-11-24 15:41 . 2008-11-24 15:41 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Motive
2008-11-21 17:40 . 2008-11-21 17:40 268 --ah----- C:\sqmdata09.sqm
2008-11-21 17:40 . 2008-11-21 17:40 244 --ah----- C:\sqmnoopt09.sqm
2008-11-21 14:44 . 2004-05-04 12:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-21 14:44 . 2006-05-20 17:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-11-21 14:44 . 2006-05-11 20:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-11-21 14:44 . 2006-09-29 13:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-11-21 14:44 . 2006-09-29 13:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-11-21 14:44 . 2006-09-29 13:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-11-21 14:44 . 2007-03-18 21:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-11-21 14:42 . 2008-11-21 14:44 <DIR> d-------- c:\programmi\vso
2008-11-14 18:43 . 2008-11-14 18:43 <DIR> d-------- c:\windows\system32\%USERPROFILE%
2008-11-12 15:31 . 2008-10-24 12:21 455,296 --a------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 15:30 . 2008-09-04 18:15 1,106,944 --a------ c:\windows\system32\dllcache\msxml3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 23:27 --------- d-----w c:\programmi\Mozilla Thunderbird
2008-12-05 08:49 --------- d-----w c:\programmi\DVDFab 5
2008-12-05 08:49 --------- d-----w c:\documents and settings\pc\Dati applicazioni\Vso
2008-12-04 19:14 --------- d-----w c:\programmi\eMule
2008-12-03 21:20 --------- d-----w c:\documents and settings\pc\Dati applicazioni\uTorrent
2008-12-02 07:23 --------- d-----w c:\programmi\Finale 2007
2008-11-30 12:59 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-30 12:59 47,360 ----a-w c:\documents and settings\pc\Dati applicazioni\pcouffin.sys
2008-11-29 10:02 --------- d-----w c:\documents and settings\pc\Dati applicazioni\U3
2008-11-24 14:53 --------- d-----w c:\programmi\Alice ti aiuta
2008-11-24 14:42 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-24 14:42 --------- d-----w c:\programmi\Telecom Italia
2008-11-21 15:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\vsosdk
2008-11-14 13:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-11-06 08:18 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-03 18:41 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-03 18:41 286,720 ------w c:\windows\Setup1.exe
2008-11-03 14:39 --------- d-----w c:\programmi\CCleaner
2008-10-30 08:22 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:36 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 16:58 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\dllcache\srv.sys
2008-05-01 09:21 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-05-01 09:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
2008-05-01 09:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008050120080502\index.dat
2008-05-01 09:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-05 09:47 34816 --a------ c:\windows\system32\urqQhhEx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"!AVG Anti-Spyware"="c:\programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-26 6731312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"AliceRE_McciTrayApp"="c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe" [2006-11-21 936960]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2008-12-06 249856]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-11-24 217088]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-22 67128]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2008-04-22 784912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\urqQhhEx.dll" [2008-12-05 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQhhEx]
2008-12-05 09:47 34816 c:\windows\system32\urqQhhEx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll nwtrdw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-07-21 05:15 2157504 c:\programmi\SlySoft\AnyDVD\AnyDVDtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-21 04:35 202024 c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series]
--a------ 2006-02-21 05:00 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBEE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-02-08 05:21 54832 c:\programmi\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-04-22 18:09 67128 c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-11-16 11:01 244512 c:\programmi\File comuni\Logitech\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-04-21 15:41 438359 c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:14 1695232 c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 22:51 1836328 c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-02 04:57 153136 c:\programmi\File comuni\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
--a------ 2007-03-28 19:41 2037352 c:\programmi\Norton Ghost\Agent\VProTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-15 10:01 71216 c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-06-03 14:08 21718312 c:\programmi\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\programmi\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-09-21 02:10 55824 c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-10-04 17:14 1626112 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"h:\\emule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
R0 ahci8086;ahci8086;c:\windows\system32\DRIVERS\ahci8086.sys [2006-10-20 119808]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-08-08 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-08 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-08 90632]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\programmi\CyberLink\PowerDVD\000.fcl [2006-11-03 05:51:58 13560]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-24 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 231704]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2008-11-24 8192]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\viritsvc.exe [2007-10-10 57344]
S0 aylnlfdx;aylnlfdx;c:\windows\system32\drivers\phqghume.sys [2008-12-05 25088]
S0 rcfsqshe;rcfsqshe;c:\windows\system32\drivers\fsyjhuvo.sys [2008-12-05 25088]
S0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [2008-12-06 40960]
S0 vmopjpph;vmopjpph;c:\windows\system32\drivers\mwacrlmo.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3d27029-df0d-11dc-9fa2-806d6172696f}]
\Shell\AutoRun\command - d:\bootcd\wintools\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-06 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORFÃOS REMOVIDOS - - - -
BHO-{345EA9FA-59E1-454E-B102-62036440E06F} - c:\windows\system32\wvUnKBtQ.dll
BHO-{7b67cc52-d976-43ad-bcad-71738c6ea3bc} - c:\windows\system32\nwtrdw.dll
HKCU-Run-LogitechSetup - k:\setup\Setup.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
MSConfigStartUp-4cab5f20 - c:\windows\system32\ypeblwkp.dll
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.tgsoft.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\pc\Dati applicazioni\Mozilla\Firefox\Profiles\u8zid0cp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1400273&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - http:/www.libero.it
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 00:34:05
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
c:\windows\system32\drivers\mwacrlmo.sys 25088 bytes executable
Scansione completata con successo
Files nascosti: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll
c:\windows\system32\urqQhhEx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Norton Ghost\Agent\VProSvc.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\File comuni\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-07 0:35:58 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-06 23:35:54
Pre-Run: 36.621.135.872 byte disponibili
Post-Run: 36,545,810,432 byte disponibili
295