Ho il problema di tanti, ho fatto scansione con COMBOFIX mi aiutate per favore, non riesco a togliere nemmeno nel registro il file avgtdix... non mi fa reistallare AVG....
ComboFix 09-01-21.04 - utente 2009-01-28 9.50.58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.511.203 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\MIDI FILES DA CORREGGERE\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated)
AV: Kaspersky Anti-Virus 6.0 *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
FW: Bitdefender Firewall *disabled*
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\utente\Dati applicazioni\inst.exe
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\cioqe.dat
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\cioqe.exe
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\cioqe_nav.dat
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\cioqe_navps.dat
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Service_ISODrive
((((((((((((((((((((((((( Files Creati Da 2008-12-28 al 2009-01-28 )))))))))))))))))))))))))))))))))))
.
2009-01-28 02:57 . 2009-01-28 02:57 <DIR> d-------- c:\documents and settings\NetworkService\Menu Avvio
2009-01-28 02:24 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-27 23:36 . 2008-08-14 14:42 2,184,064 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-27 23:36 . 2008-08-14 14:42 2,139,648 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-27 23:36 . 2008-08-14 14:42 2,061,440 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-27 23:36 . 2008-08-14 14:42 2,019,328 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-27 20:05 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-27 15:01 . 2001-08-31 16:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2009-01-27 14:59 . 2004-08-03 21:31 482,304 --a--c--- c:\windows\system32\dllcache\pintlgnt.ime
2009-01-27 14:58 . 2001-08-31 16:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-01-27 14:57 . 2001-08-31 16:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-01-27 14:56 . 2001-08-31 16:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll
2009-01-27 14:55 . 2004-08-19 14:39 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2009-01-27 14:52 . 2009-01-27 14:52 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-27 14:52 . 2009-01-27 14:52 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-27 14:52 . 2009-01-27 14:52 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-27 14:52 . 2009-01-27 14:52 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-01-27 14:52 . 2009-01-27 14:52 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-27 14:52 . 2009-01-27 14:52 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-27 14:51 . 2001-08-31 16:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-01-27 14:38 . 2004-08-19 15:39 4,274,816 --a------ c:\windows\system32\nv4_disp.dll
2009-01-27 14:38 . 2004-08-03 22:29 1,897,408 --a------ c:\windows\system32\drivers\nv4_mini.sys
2009-01-27 14:37 . 2001-08-17 20:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys
2009-01-24 19:54 . 2009-01-24 18:05 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-24 18:05 . 2009-01-24 18:05 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-24 17:58 . 2009-01-24 17:58 <DIR> d--h-c--- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-21 16:28 . 2009-01-21 16:28 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\FDRLab
2009-01-14 16:31 . 2009-01-14 16:32 <DIR> d-------- c:\programmi\File Scavenger 3.0
2009-01-03 21:26 . 2004-08-19 14:39 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-03 17:52 . 2009-01-03 17:52 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\ACD Systems
2009-01-03 17:50 . 2009-01-03 17:50 <DIR> d-------- c:\programmi\File comuni\ACD Systems
2009-01-03 17:50 . 2009-01-03 17:50 <DIR> d-------- c:\programmi\ACD Systems
2009-01-03 17:50 . 2009-01-03 17:50 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ACD Systems
2009-01-03 09:31 . 2009-01-03 09:31 <DIR> d-------- c:\programmi\Extension Changer
2008-12-30 10:08 . 2008-12-30 10:08 <DIR> d-------- c:\programmi\Google Video
2008-12-28 16:32 . 2008-12-28 16:44 <DIR> d-------- c:\programmi\Hotspot Shield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 08:40 --------- d-----w c:\programmi\MOZILLA FIREFOX 2
2009-01-28 07:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-01-28 07:18 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-27 21:30 --------- d-----w c:\programmi\Spyware Doctor
2009-01-25 07:02 --------- d-----w c:\programmi\Free FLV Converter
2009-01-24 16:58 --------- d-----w c:\programmi\Lavasoft
2009-01-20 14:47 --------- d-----w c:\documents and settings\utente\Dati applicazioni\Vso
2009-01-19 14:19 --------- d-----w c:\programmi\FairUse Wizard 2
2009-01-14 00:28 --------- d-----w c:\programmi\eMule
2009-01-12 20:30 --------- d-----w c:\programmi\QuickTime
2009-01-03 07:32 --------- d-----w c:\programmi\Erickson
2009-01-02 09:34 --------- d-----w c:\programmi\CCleaner
2009-01-02 09:06 --------- d-----w c:\programmi\Unlocker
2008-12-26 21:54 --------- d-----w c:\programmi\Java
2008-12-26 16:11 --------- d-----w c:\documents and settings\utente\Dati applicazioni\Desktopicon
2008-12-22 09:12 --------- d-----w c:\programmi\Alchemy Mindworks
2008-12-21 14:21 --------- d-----w c:\programmi\Giotec
2008-12-21 14:07 --------- d-----w c:\programmi\Disney Interactive
2008-12-21 14:04 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-21 14:00 --------- d-----w c:\programmi\Formosoft
2008-12-21 07:42 --------- d-----w c:\programmi\RadioXpi
2008-12-19 11:03 --------- d-----w c:\documents and settings\utente\Dati applicazioni\LaParola
2008-12-15 19:36 --------- d-----w c:\documents and settings\utente\Dati applicazioni\uTorrent
2008-12-15 12:05 --------- d-----w c:\documents and settings\utente\Dati applicazioni\iSpring Solutions
2008-12-15 11:58 --------- d-----w c:\programmi\iSpring
2008-12-15 11:58 --------- d-----w c:\programmi\File comuni\iSpring Solutions
2008-12-12 08:43 --------- d-----w c:\programmi\iSpring Free 3
2008-12-12 08:43 --------- d-----w c:\programmi\File comuni\CPS Labs Ltd
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 19:27 --------- d-----w c:\documents and settings\utente\Dati applicazioni\CPS Labs
2008-12-08 13:53 --------- d-----w c:\programmi\PDFCreator
2008-12-08 13:52 15,251 ----a-w c:\programmi\settings.dat
2008-12-08 13:39 --------- d-----w c:\programmi\File comuni\Apple
2008-12-08 13:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-06 07:03 --------- d-----w c:\programmi\Security Task Manager
2008-12-06 07:03 --------- d-----w c:\programmi\Photo to VCD SVCD DVD Converter
2008-12-05 08:16 --------- d-----w c:\documents and settings\utente\Dati applicazioni\Apple Computer
2008-12-05 08:03 --------- d-----w c:\programmi\Apple Software Update
2008-12-05 08:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2008-09-30 07:55 47,360 ----a-w c:\documents and settings\utente\Dati applicazioni\pcouffin.sys
2002-07-26 15:02 153,088 ----a-w c:\programmi\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 49,152 2001-12-19 10:59:50 c:\programmi\Elaborate Bytes\CloneCD\bak\CloneCDTray.exe
----a-w 45,056 2001-12-06 11:09:08 c:\programmi\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe
----a-w 36,975 2005-04-13 02:48:52 c:\programmi\Java\jre1.5.0_03\bin\bak\jusched.exe
----a-w 421,888 2006-04-19 23:17:05 c:\programmi\Picasa2\bak\PicasaMediaDetector.exe
----a-w 443,968 2008-02-26 01:23:34 c:\programmi\Picasa2\PicasaMediaDetector.exe
----a-w 192,512 2004-04-23 09:00:36 c:\programmi\Pinnacle\Shared Files\Programs\USBTip\bak\USBTip.exe
----a-w 98,304 2005-04-30 10:52:56 c:\programmi\QuickTime\bak\qttask.exe
----a-w 413,696 2008-09-06 14:09:14 c:\programmi\QuickTime\QTTask.exe
----a-w 15,360 2004-08-19 13:39:36 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 13:39:36 c:\windows\system32\ctfmon.exe
----a-w 155,648 2001-07-09 10:50:42 c:\windows\system32\bak\NeroCheck.exe
----a-w 303,104 2005-10-13 15:52:42 c:\windows\system32\bak\sistray.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Picasa Media Detector"="c:\programmi\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"msnmsgr"="c:\programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"cioqe"="c:\documents and settings\utente\impostazioni locali\dati applicazioni\cioqe.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-24 507224]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 c:\windows\SOUNDMAN.EXE]
"Cmaudio"="cmicnfg.cpl" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"MSACM.CEGSM"= mobilev.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Device Detector 3.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^LG SyncManager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\LG SyncManager.lnk
backup=c:\windows\pss\LG SyncManager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceRE_McciTrayApp]
--a------ 2006-11-21 15:26 936960 c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 14:39 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E08IXLRD_10662281]
--a------ 2007-06-12 22:09 351000 c:\programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-10-14 17:59 1168264 c:\programmi\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-04-21 14:41 438359 c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
c:\windows\system32\NeroCheck.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Tray]
c:\windows\System32\sistray.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XMS7 StartUp]
c:\programmi\XMS7\XMS7.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBService"=2 (0x2)
"MDM"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eBay\\Turbo Lister2\\Tl.exe"=
"c:\\Documents and Settings\\utente\\Desktop\\FUSIONSCRIPT\\mirc.exe"=
"c:\\Documents and Settings\\utente\\Documenti\\FUSIONSCRIPT\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-24 64160]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-10-14 160792]
R4 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DlPortIO.sys [2007-10-05 3584]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
R4 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2008-10-12 8192]
R4 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [2008-10-14 356920]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [2007-05-30 30368]
S3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys --> c:\windows\system32\DRIVERS\zd1211u.sys [?]
S4 FILESpy;FILESpy;\??\c:\programmi\Softwin\BitDefender9\filespy.sys --> c:\programmi\Softwin\BitDefender9\filespy.sys [?]
S4 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2004-10-11 91520]
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-24 18:05]
2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uDefault_Search_URL =
hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\programmi\File comuni\PC Tools\LSP\PCTLsp.dll
Trusted Zone: imageshack.us\toolbar
TCP: {2C9E2C8D-C231-4899-B288-91A83208EAE5} = 85.37.17.39 85.38.28.71
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\ucgupdqs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL -
hxxp://search.yahoo.com/search?ei=UTF-8 ... e=vdio5&p=FF - component: c:\programmi\MOZILLA FIREFOX 2\components\xpinstal.dll
FF - component: c:\programmi\MOZILLA FIREFOX 2\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-28 09:54:51
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,32,1b,d8,fe,3d,
2e,cf,97,2e,e8,e1,00,eb,16,2b,de,46,c7,fb,6e,74,05,9c,f3,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,74,7f,7f,dd,6c,
3a,63,5e,46,47,15,b0,92,4b,c7,ef,7e,6e,ba,08,69,d1,5d,73,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,fe,00,92,7d,ee,
b0,35,19,7a,45,05,fd,91,e8,6f,31,da,e2,67,b0,d9,f3,3c,cf,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,72,f6,48,68,12,
8f,a0,76,6b,65,49,6a,7e,99,74,f7,67,2a,05,39,84,91,f0,c2,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,53,5c,e8,f4,bb,
de,28,a9,e9,02,6c,fa,fb,1d,47,57,9a,83,bb,69,0f,55,82,3c,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,cd,c8,34,55,40,
a4,38,78,50,93,e5,ab,ec,6a,4e,ab,41,70,ed,5b,90,4e,72,67,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c5,9f,f8,bd,d4,
97,33,c6,97,20,4e,9a,c7,f1,35,ee,fa,8c,06,e2,7d,d7,75,1c,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,1b,dd,ce,13,ef,
6d,ce,65,aa,52,c6,00,84,3c,26,64,de,6f,e7,2f,22,4a,3b,9d,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,91,d9,7f,8e,c8,
84,f7,4f,b2,46,9a,e2,1b,fe,1b,94,7d,d1,0d,30,df,ca,80,db,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,f6,92,46,e8,6f,
60,9f,f0,37,a4,aa,c3,a6,15,56,0a,a6,36,6e,e8,bc,6e,65,c9,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,4f,b2,a2,68,de,
c3,58,73,f8,31,0f,a9,5f,a0,ec,fb,29,a2,d1,0f,11,62,da,87,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,df,63,65,85,8c,
5b,ea,d2,05,73,21,dd,54,d8,4a,c5,14,33,b6,64,ea,6e,3f,d0,6c,43,2d,1e,aa,22,\
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmi\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-01-28 10:06:13 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-01-28 09:06:10
ComboFix2.txt 2008-07-10 11:06:26
Pre-Run: 20.386.856.960 byte disponibili
Post-Run: 20,470,255,616 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
351 --- E O F --- 2009-01-28 02:01:02