[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Documents and Settings\\Gianni\\Desktop\\utorrent-1.6.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\monitor.exe" =
"c:\\Programmi\\Autodesk\\Backburner\\manager.exe" =
"c:\\Programmi\\Autodesk\\Backburner\\server.e xe"=
"c:\\Programmi\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Programmi\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32se rver.exe"=
"c:\\Programmi\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.e xe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:4662
"4672:UDP"= 4672:UDP:4672
"5061:TCP"= 5061:TCP:5061
"5061:UDP"= 5061:UDP:50611
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\s ystem32\drivers\savonaccesscontrol.sys [22/11/2009 16.45.08 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\sys tem32\drivers\savonaccessfilter.sys [22/11/2009 16.45.08 35584]
R2 SAVAdminService;Crea report sullo stato di Sophos Anti-Virus;c:\programmi\Sophos\Sophos Anti-Virus\SAVAdminService.exe [09/12/2008 16.46.23 69632]
R2 SAVService;Sophos Anti-Virus;c:\programmi\Sophos\Sophos Anti-Virus\SavService.exe [09/12/2008 16.44.25 98304]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [11/11/2009 12.55.09 2831232]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/11/2009 21.49.52 691696]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\programmi\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32serve r.exe [12/03/2009 17.36.24 86016]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ ikllpu.sys --> c:\windows\system32\drivers\ikllpu.sys [?]
S3 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/11/2009 21.21.27 66048]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [09/11/2009 21.21.29 167808]
S4 SophosBootDriver;SophosBootDriver;c:\windows\syste m32\drivers\SophosBootDriver.sys [22/11/2009 16.45.09 14976]
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gianni\Dati applicazioni\Mozilla\Firefox\Profiles\ytv88kvh.def ault\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2243838&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\documents and settings\Gianni\Dati applicazioni\Mozilla\Firefox\Profiles\ytv88kvh.def ault\extensions\{27615225-7032-450f-a317-1722cb6ce5ab}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Gianni\Dati applicazioni\Mozilla\Firefox\Profiles\ytv88kvh.def ault\extensions\DTToolbar@toolbarnet.com\component s\DTToolbarFF.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-10-30 18:25
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
************************************************** ************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\programmi\Sophos\AutoUpdate\ALsvc.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Ora fine scansione: 2009-10-30 18:29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-30 17:29
Pre-Run: 205.498.826.752 byte disponibili
Post-Run: 205.365.080.064 byte disponibili
Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1FAE2E4D4A20A2E1C8BF5E93EDDE0003
Rispondi quotando