Luke57 ha scritto:Ciao,scarica sdfix da qui:
http://downloads.andymanchesta.com/Remo ... /SDFix.exeDoppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix
* Adesso avvia il sistema in modalità provvisoria
-se non sa come andarci:
http://www.kuma215.it/WI/Mod_Provv.htmlPoi - Apri la cartella SDFix situata in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
- seleziona Y per avviare la pulizia
- Quando te lo chiederà premi un tasto per riavviare
(il sistema sarà piu lungo nell'avviarsi perchè lo script eseguirà l'eliminazione dei file trovati)
- Quando apparirà il desktop il tool terminerà il suo lavoro e visualizzerà il messaggio "Finished"
- Premi un tasto per terminare lo script e ricaricare le icone del desktop
- Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt
Allegalo nel forum.
Poi scarica ComboFix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exeDisconettiti da internet
disattiva l'antivirus
Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione)
Segui le istruzioni e alla fine verrà generato un log. in C:\combofix.txt
Incolla il contenuto del report in un post.
ciao Luke, ho seguito la procedura che hai suggerito, ti allego i report ... (ps era piena zeppa di virus) :
SDFix: Version 1.208 Run by Administrator on 25/07/2008 at 19.57
Microsoft Windows XP [Versione 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\PPHCPA~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\PHCPA8~1.BMP - Deleted
C:\WINDOWS\SYSTEM32\BLPHCP~1.SCR - Deleted
C:\WINDOWS\system32\10.tmp - Deleted
C:\WINDOWS\system32\11.tmp - Deleted
C:\WINDOWS\system32\12.tmp - Deleted
C:\WINDOWS\system32\13.tmp - Deleted
C:\WINDOWS\system32\14.tmp - Deleted
C:\WINDOWS\system32\15.tmp - Deleted
C:\WINDOWS\system32\17.tmp - Deleted
C:\WINDOWS\system32\1A.tmp - Deleted
C:\WINDOWS\system32\1E.tmp - Deleted
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-25 20:13:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecHuh]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=""C:\Programmi\File comuni\System\Bil.exe""
"DisplayName"="SecHuh"
"ObjectName"=".\mVN"
"Description"="Fornisce tre servizi di gestione: il servizio Database catalogo, che serve per confermare le firme dei file di Windows; il servizio Archivio principale protetto, per aggiungere e rimuovere dal computer i certificati dell'autorità di certificazione delle fonti attendibili; e il servizio Chiave, che aiuta a registrare i certificati nel computer. Se questo servizio è interrotto, i servizi di gestione non funzioneranno in modo corretto. Se il servizio è disabilitato, tutti i servizi che dipendono direttamente da questo non potranno essere avviati."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecHuh\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SecHuh]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=""C:\Programmi\File comuni\System\Bil.exe""
"DisplayName"="SecHuh"
"ObjectName"=".\mVN"
"Description"="Fornisce tre servizi di gestione: il servizio Database catalogo, che serve per confermare le firme dei file di Windows; il servizio Archivio principale protetto, per aggiungere e rimuovere dal computer i certificati dell'autorità di certificazione delle fonti attendibili; e il servizio Chiave, che aiuta a registrare i certificati nel computer. Se questo servizio è interrotto, i servizi di gestione non funzioneranno in modo corretto. Se il servizio è disabilitato, tutti i servizi che dipendono direttamente da questo non potranno essere avviati."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SecHuh\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programmi\\iDC++\\iDCPlusPlus.exe"="C:\\Programmi\\iDC++\\iDCPlusPlus.exe:*:Enabled:iDC++"
"C:\\Programmi\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Programmi\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:PowerCinema"
"C:\\Programmi\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Programmi\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Programmi\\uTorrent\\uTorrent.exe"="C:\\Programmi\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\lxddcoms.exe"="C:\\WINDOWS\\system32\\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Programmi\\Lexmark 2500 Series\\lxddamon.exe"="C:\\Programmi\\Lexmark 2500 Series\\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Programmi\\Lexmark 2500 Series\\App4R.exe"="C:\\Programmi\\Lexmark 2500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\Programmi\\MVM 2005 - Delta Force 2\\Df2.exe"="C:\\Programmi\\MVM 2005 - Delta Force 2\\Df2.exe:*:Disabled:Df2"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\Lexmark 2500 Series\\app4r.exe"="C:\\Programmi\\Lexmark 2500 Series\\App4R.exe:*:Enabled:BorgListener"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 6 Jul 2008 6,104,632 A..H. --- "C:\Programmi\Picasa2\setup.exe"
Mon 1 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 14 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3f1ec8dd65f588e7a8a94dcffba142c\BIT6.tmp"
Sat 27 Jan 2007 14,776,112 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eda9bedf230096428613e135c22785bf\BIT7.tmp"
Finished!questo è COMBOFIX :
ComboFix 08-07-24.6 - GIULIA 2008-07-25 20:25:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.624 [GMT 0:00]
Eseguito da: C:\Documents and Settings\GIULIA\Desktop\ANTI v\ComboFix.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\GIULIA\Dati applicazioni\rhcta8j0etba
C:\Programmi\rhcta8j0etba
C:\windows\system32\B.tmp
C:\windows\system32\C.tmp
C:\windows\system32\D.tmp
C:\windows\system32\E.tmp
C:\windows\system32\F.tmp
C:\windows\system32\lphcpa8j0etba.exe
.
---- Previous Run -------
.
C:\windows\install.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-06-25 al 2008-07-25 )))))))))))))))))))))))))))))))))))
.
2008-07-25 19:53 . 2008-07-25 19:53 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-25 19:52 . 2006-03-16 17:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-07-25 19:52 . 2006-03-16 17:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-07-25 19:52 . 2006-03-16 17:45 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-07-25 19:52 . 2006-03-16 17:48 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-07-25 19:52 . 2006-03-16 17:45 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-07-25 19:52 . 2008-07-25 20:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-07-25 19:52 . 2006-03-16 17:45 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-07-25 19:52 . 2006-03-16 17:45 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-07-25 19:52 . 2008-07-25 19:52 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-25 19:49 . 2008-07-25 20:15 <DIR> d-------- C:\SDFix
2008-07-23 10:26 . 2008-07-23 10:26 268 --ah----- C:\sqmdata05.sqm
2008-07-23 10:26 . 2008-07-23 10:26 244 --ah----- C:\sqmnoopt05.sqm
2008-07-23 09:20 . 2008-07-23 09:20 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-07-23 09:20 . 2008-07-23 09:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-07-22 14:22 . 2008-07-22 14:22 268 --ah----- C:\sqmdata04.sqm
2008-07-22 14:22 . 2008-07-22 14:22 244 --ah----- C:\sqmnoopt04.sqm
2008-07-22 14:11 . 2008-07-22 14:11 268 --ah----- C:\sqmdata03.sqm
2008-07-22 14:11 . 2008-07-22 14:11 244 --ah----- C:\sqmnoopt03.sqm
2008-07-22 14:06 . 2008-07-22 14:06 268 --ah----- C:\sqmdata02.sqm
2008-07-22 14:06 . 2008-07-22 14:06 244 --ah----- C:\sqmnoopt02.sqm
2008-07-22 13:14 . 2008-07-23 10:42 <DIR> d-------- C:\Programmi\Navilog1
2008-07-14 21:48 . 2008-07-14 21:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 21:48 . 2008-07-14 21:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-08 11:19 . 2008-07-08 11:19 268 --ah----- C:\sqmdata01.sqm
2008-07-08 11:19 . 2008-07-08 11:19 244 --ah----- C:\sqmnoopt01.sqm
2008-07-06 16:37 . 2008-07-06 16:37 <DIR> d-------- C:\Programmi\Google
2008-07-06 16:37 . 2006-10-05 02:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-06 16:37 . 2006-10-05 02:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-06 16:36 . 2008-07-06 23:39 <DIR> d-------- C:\Programmi\Picasa2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 09:20 --------- d-----w C:\Programmi\SUPERAntiSpyware
2008-07-23 09:20 --------- d-----w C:\Documents and Settings\GIULIA\Dati applicazioni\SUPERAntiSpyware.com
2008-07-16 22:41 --------- d-----w C:\Programmi\Lx_cats
2008-07-07 11:42 --------- d-----w C:\Programmi\MVM 2005 - Delta Force 2
2008-07-02 14:43 --------- d-----w C:\Programmi\C'è Posta
2008-06-20 17:39 247,296 ----a-w C:\windows\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\windows\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\windows\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\windows\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\windows\system32\drivers\bthport.sys
2008-05-07 05:14 1,292,800 ----a-w C:\windows\system32\quartz.dll
2001-09-13 13:19 1,732,608 ----a-w C:\Programmi\ScnPanel.exe
2000-11-30 22:33 293 ----a-w C:\Programmi\Ultima.psl
2000-10-31 15:05 79,650 ----a-w C:\Programmi\ScnPanel.hlp
2000-02-25 21:49 1,836,032 ----a-w C:\Programmi\XPage3b.dll
2000-02-25 21:45 348,672 ----a-w C:\Programmi\TB1PLUG.PSP
2000-02-25 21:44 888,320 ----a-w C:\Programmi\XIFFPLUG.PSP
2000-02-25 21:43 2,259,456 ----a-w C:\Programmi\XOcr3.dll
2000-02-25 21:41 650,240 ----a-w C:\Programmi\Xfile.psp
2000-02-25 21:40 1,290,752 ----a-w C:\Programmi\XIMAGE3.DLL
2000-02-25 21:36 3,401 ----a-w C:\Programmi\CONV.DAT
2000-02-25 21:36 1,320 ----a-w C:\Programmi\convfonts.dat
1999-12-10 22:04 44,544 ----a-w C:\Programmi\BINDER.DLL
1999-11-22 16:14 218,624 ----a-w C:\Programmi\W019T32W.DLL
1999-07-21 09:25 156 ----a-w C:\Programmi\DEVMODE.PRN
1999-05-05 10:21 239,104 ----a-w C:\Programmi\XCONV32.DLL
1999-02-12 08:04 1,325,568 ----a-w C:\Programmi\ICRSRV32.EXE
1998-09-30 23:08 107,520 ----a-w C:\Programmi\W001T32W.DLL
1998-08-05 17:40 237,568 ----a-w C:\Programmi\W048T32W.DLL
1998-07-21 22:59 223,232 ----a-w C:\Programmi\W042T32W.DLL
1998-05-06 15:52 164,864 ----a-w C:\Programmi\W033T32W.DLL
1997-12-17 19:40 164,352 ----a-w C:\Programmi\ICR32.DLL
1997-12-17 11:45 896,442 ----a-w C:\Programmi\GERMAN.LC
1997-12-17 11:45 859,094 ----a-w C:\Programmi\SPANISH.LC
1997-12-17 11:45 790,945 ----a-w C:\Programmi\FRENCH.LC
1997-12-17 11:45 754,990 ----a-w C:\Programmi\DUTCH.LC
1997-12-17 11:45 753,571 ----a-w C:\Programmi\ENGLISH.LC
1997-12-17 11:45 751,614 ----a-w C:\Programmi\PORT.LC
1997-12-17 11:45 696,056 ----a-w C:\Programmi\ITALIAN.LC
1997-12-17 11:45 687,496 ----a-w C:\Programmi\SWEDISH.LC
1997-12-17 11:45 677,183 ----a-w C:\Programmi\DANISH.LC
1997-12-17 11:45 617,038 ----a-w C:\Programmi\FINNISH.LC
1997-12-17 11:45 578,687 ----a-w C:\Programmi\NORSK.LC
1997-12-17 11:45 318,205 ----a-w C:\Programmi\RUSSIAN.LC
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"E06IXLRD_10054343"="C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" [2005-06-04 16:06 301776]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2008-02-26 01:23 443968]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hotplug"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe" [2005-07-28 10:42 278528]
"SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-05-18 14:44 905216]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-15 04:01 5513216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-12-15 04:01 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 23:19 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe" [2005-12-05 16:04 65536]
"PCMService"="C:\Programmi\CyberLink\PowerCinema\PCMService.exe" [2006-05-25 17:57 147456]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-12-02 15:13 98304]
"lxddmon.exe"="C:\Programmi\Lexmark 2500 Series\lxddmon.exe" [2007-02-12 23:58 291760]
"lxddamon"="C:\Programmi\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 23:32 20480]
"FaxCenterServer"="C:\Programmi\Lexmark Fax Solutions\fm3032.exe" [2007-02-13 00:00 312240]
"LXDDCATS"="C:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 22:05 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-14 09:42 23040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]
C:\Documents and Settings\GIULIA\Menu Avvio\Programmi\Esecuzione automatica\
C'Š Posta.lnk - C:\Programmi\C'Š Posta\CPosta.exe [2004-06-21 09:33:46 729174]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-03-16 12:26:21 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon]
2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-12-15 04:01 1490944 C:\WINDOWS\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Programmi\\CyberLink\\PowerCinema\\PCMService.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Programmi\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Programmi\\Lexmark 2500 Series\\App4R.exe"=
"C:\\Programmi\\MVM 2005 - Delta Force 2\\Df2.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\windows\system32\drivers\aswSP.sys [2008-05-15 23:20]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-15 23:16]
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-12 23:59]
R3 3xHybrid;3xHybrid service;C:\windows\system32\DRIVERS\3xHybrid.sys [2005-12-26 08:08]
S2 SecHuh;SecHuh;C:\Programmi\File comuni\System\Bil.exe []
S3 SampleScanner;Sm@rtScan Slim Edition Scanner;C:\windows\system32\DRIVERS\GT680x.sys []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Default_Search_URL =
hxxp://www.google.com/ieR1 -: HKCU-Internet Connection Wizard,ShellNext =
https://login.live.com/ppsecure/sha1auth.srf?lc=1040R1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/search?q=%s
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-25 20:29:20
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-07-25 20:30:49
ComboFix-quarantined-files.txt 2008-07-25 20:30:29
Pre-Run: 168,755,740,672 byte disponibili
Post-Run: 168,744,001,536 byte disponibili
195 --- E O F --- 2008-07-08 23:11:24