log combofix
Inviato: mer feb 04, 2009 3:06 amda ziognu
potreste analizzarmi questo log per favore? sono un po' di giorni che il mio pc si blocca quando lo lascio inutilizzato..
ComboFix 09-02-02.04 - Claudio 2009-02-04 2.57.50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2046.1402 [GMT 1:00]
Eseguito da: L:\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
L:\autorun.inf
.
((((((((((((((((((((((((( Files Creati Da 2009-01-04 al 2009-02-04 )))))))))))))))))))))))))))))))))))
.
2009-02-03 21:23 . 2009-02-03 21:24 <DIR> d-------- c:\programmi\RegCleaner
2009-01-26 23:58 . 2009-02-04 01:50 6,524,960 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-26 23:58 . 2009-02-03 03:06 31,808 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-26 15:18 . 2009-01-26 15:18 <DIR> d-------- c:\programmi\Trend Micro
2009-01-26 15:09 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\05898136.sys
2009-01-13 01:27 . 2009-01-13 01:27 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-11 23:45 . 2009-01-11 23:45 <DIR> d-------- c:\programmi\File comuni\PCSuite
2009-01-11 23:45 . 2009-01-11 23:45 <DIR> d-------- c:\programmi\File comuni\Nokia
2009-01-11 23:43 . 2009-01-11 23:43 <DIR> d-------- c:\programmi\PC Connectivity Solution
2009-01-11 23:43 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 00:27 --------- d-----w c:\documents and settings\Claudio\Dati applicazioni\mIRC
2009-02-04 00:07 --------- d-----w c:\documents and settings\Claudio\Dati applicazioni\HPAppData
2009-02-03 23:52 --------- d-----w c:\programmi\mIRC
2009-02-03 20:34 --------- d-----w c:\programmi\PokerStars
2009-01-23 07:40 --------- d-----w c:\programmi\TeamViewer3
2009-01-19 16:19 --------- d-----w c:\programmi\Full Tilt Poker
2009-01-15 02:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-13 00:27 --------- d-----w c:\programmi\Java
2009-01-11 22:45 --------- d-----w c:\programmi\Nokia
2009-01-11 22:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2009-01-01 17:18 --------- d-----w c:\programmi\bwin
2008-12-25 14:49 --------- d-----w c:\programmi\ASUS WiFi-AP Solo
2008-12-19 20:30 --------- d-----w c:\programmi\ATI
2008-12-19 17:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ATI
2008-12-19 17:54 --------- d-----w c:\programmi\ATI Technologies
2008-12-16 13:59 --------- d-----w c:\programmi\SuperScan
2008-12-12 15:40 --------- d-----w c:\documents and settings\Claudio\Dati applicazioni\Microgaming
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 19:24 --------- d-----w c:\programmi\Microsoft Games for Windows - LIVE
2008-12-08 19:07 --------- d--h--r c:\documents and settings\Claudio\Dati applicazioni\SecuROM
2008-12-08 19:05 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-08 18:44 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 13:35 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-10-03 13:43 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008100320081004\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"HM3 Agent"="c:\programmi\KWorld Multimedia\HyperMedia\DTVR\Scheduled3.exe" [2008-04-11 965632]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Ai Gear Help"="c:\program files\ASUS\Ai Gear\GearHelp.exe" [2006-07-27 415744]
"Ai Nap"="c:\program files\ASUS\Ai Nap\AiNap.exe" [2006-11-30 1419776]
"Launch Ai Booster"="c:\programmi\ASUS\AI Booster\OverClk.exe" [2006-12-08 3714048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-13 136600]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-09-06 413696]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Claudio\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
is-9NPND.lnk - c:\documents and settings\Claudio\Desktop\Virus Removal Tool\is-9NPND\startup.exe [2009-01-26 65536]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ASUS WiFi-AP Solo.lnk - c:\programmi\ASUS WiFi-AP Solo\RtWLan.exe [2008-05-07 995328]
Remote Control.lnk - c:\programmi\HiVision Multimedia\DVB-T 210 Utilities\HMP3XCtl.exe [2008-05-07 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-05-23 01:22 5724184 c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-19 18:28 306088 d:\programmi\Rockstar Games Social Club\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-30 16:33 22058792 c:\programmi\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"d:\\backup\\mIRC\\mirc.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\TeamViewer3\\TeamViewer.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\SecondLife\\SLVoice.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"d:\\Programmi\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-07 111184]
R1 is-9NPNDdrv;is-9NPNDdrv;c:\windows\system32\drivers\05898136.sys [2009-01-26 15:09:36 148496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-07 20560]
R2 TeamViewer;TeamViewer 3;c:\programmi\TeamViewer3\TeamViewer_Service.exe [2008-09-25 181544]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2008-06-19 6852]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2008-05-07 584960]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Claudio\Desktop\Setup\kerneld.wnt [2008-12-08 20856]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-05-07 176128]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys
c:\windows\System32\Drivers\SjyPkt.sys ![[?]](http://www.megalab.it/forum/images/smilies/confused.gif "Confuso")
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - EVERESTDRIVER
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{379d6f29-332c-11dd-a780-001d6000c8a6}]
\Shell\AutoRun\command - L:\iqosrtk.bat
\Shell\explore\Command - L:\iqosrtk.bat
\Shell\open\Command - L:\iqosrtk.bat
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Notify-WgaLogon - (no file)
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{3063c161-2f7e-4225-ba73-08bc8f64c67e} - c:\programmi\Betway\Casino\casinogame.exe
IE: {{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - c:\programmi\Betway\Poker\MPPoker.exe
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: {5205EC22-5EC2-4A12-A3B0-EEC4324B4E8B} = 208.67.222.222,208.67.220.220
TCP: {6C4DAE7F-92D9-4F0B-8F78-8D7870E6688A} = 208.67.222.222,208.67.220.220
DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} - hxxp://activex.camfrogweb.com/basic/cfw ... module.exe
FF - ProfilePath - c:\documents and settings\Claudio\Dati applicazioni\Mozilla\Firefox\Profiles\z0qiykis.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - component: c:\documents and settings\Claudio\Dati applicazioni\Mozilla\Firefox\Profiles\z0qiykis.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 03:02:43
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Claudio\Desktop\Setup\kerneld.wnt"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-861567501-1123561945-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:6f,ef,8f,78,d6,79,0a,fa,bd,14,51,4a,dd,40,40,f8,8f,1c,4c,96,0b,
f1,ed,dd,88,d1,76,92,10,12,ec,f4,f2,32,6b,cb,d7,e8,f2,b4,dd,eb,2d,d3,dd,41,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1248)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1304)
c:\windows\system32\nvappfilter.dll
.
Ora fine scansione: 2009-02-04 3.05.47
ComboFix-quarantined-files.txt 2009-02-04 02:04:44
Pre-Run: 180.704.952.320 byte disponibili
Post-Run: 180,998,905,856 byte disponibili
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
222 --- E O F --- 2009-01-15 02:22:52
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2046.1402 [GMT 1:00]
Eseguito da: L:\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
L:\autorun.inf
.
((((((((((((((((((((((((( Files Creati Da 2009-01-04 al 2009-02-04 )))))))))))))))))))))))))))))))))))
.
2009-02-03 21:23 . 2009-02-03 21:24 <DIR> d-------- c:\programmi\RegCleaner
2009-01-26 23:58 . 2009-02-04 01:50 6,524,960 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-26 23:58 . 2009-02-03 03:06 31,808 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-26 15:18 . 2009-01-26 15:18 <DIR> d-------- c:\programmi\Trend Micro
2009-01-26 15:09 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\05898136.sys
2009-01-13 01:27 . 2009-01-13 01:27 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-11 23:45 . 2009-01-11 23:45 <DIR> d-------- c:\programmi\File comuni\PCSuite
2009-01-11 23:45 . 2009-01-11 23:45 <DIR> d-------- c:\programmi\File comuni\Nokia
2009-01-11 23:43 . 2009-01-11 23:43 <DIR> d-------- c:\programmi\PC Connectivity Solution
2009-01-11 23:43 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 00:27 --------- d-----w c:\documents and settings\Claudio\Dati applicazioni\mIRC
2009-02-04 00:07 --------- d-----w c:\documents and settings\Claudio\Dati applicazioni\HPAppData
2009-02-03 23:52 --------- d-----w c:\programmi\mIRC
2009-02-03 20:34 --------- d-----w c:\programmi\PokerStars
2009-01-23 07:40 --------- d-----w c:\programmi\TeamViewer3
2009-01-19 16:19 --------- d-----w c:\programmi\Full Tilt Poker
2009-01-15 02:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-13 00:27 --------- d-----w c:\programmi\Java
2009-01-11 22:45 --------- d-----w c:\programmi\Nokia
2009-01-11 22:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2009-01-01 17:18 --------- d-----w c:\programmi\bwin
2008-12-25 14:49 --------- d-----w c:\programmi\ASUS WiFi-AP Solo
2008-12-19 20:30 --------- d-----w c:\programmi\ATI
2008-12-19 17:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ATI
2008-12-19 17:54 --------- d-----w c:\programmi\ATI Technologies
2008-12-16 13:59 --------- d-----w c:\programmi\SuperScan
2008-12-12 15:40 --------- d-----w c:\documents and settings\Claudio\Dati applicazioni\Microgaming
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 19:24 --------- d-----w c:\programmi\Microsoft Games for Windows - LIVE
2008-12-08 19:07 --------- d--h--r c:\documents and settings\Claudio\Dati applicazioni\SecuROM
2008-12-08 19:05 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-08 18:44 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 13:35 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-10-03 13:43 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008100320081004\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"HM3 Agent"="c:\programmi\KWorld Multimedia\HyperMedia\DTVR\Scheduled3.exe" [2008-04-11 965632]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Ai Gear Help"="c:\program files\ASUS\Ai Gear\GearHelp.exe" [2006-07-27 415744]
"Ai Nap"="c:\program files\ASUS\Ai Nap\AiNap.exe" [2006-11-30 1419776]
"Launch Ai Booster"="c:\programmi\ASUS\AI Booster\OverClk.exe" [2006-12-08 3714048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-13 136600]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-09-06 413696]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Claudio\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
is-9NPND.lnk - c:\documents and settings\Claudio\Desktop\Virus Removal Tool\is-9NPND\startup.exe [2009-01-26 65536]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ASUS WiFi-AP Solo.lnk - c:\programmi\ASUS WiFi-AP Solo\RtWLan.exe [2008-05-07 995328]
Remote Control.lnk - c:\programmi\HiVision Multimedia\DVB-T 210 Utilities\HMP3XCtl.exe [2008-05-07 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-05-23 01:22 5724184 c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-19 18:28 306088 d:\programmi\Rockstar Games Social Club\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-30 16:33 22058792 c:\programmi\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"d:\\backup\\mIRC\\mirc.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\TeamViewer3\\TeamViewer.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\SecondLife\\SLVoice.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"d:\\Programmi\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-07 111184]
R1 is-9NPNDdrv;is-9NPNDdrv;c:\windows\system32\drivers\05898136.sys [2009-01-26 15:09:36 148496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-07 20560]
R2 TeamViewer;TeamViewer 3;c:\programmi\TeamViewer3\TeamViewer_Service.exe [2008-09-25 181544]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2008-06-19 6852]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2008-05-07 584960]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Claudio\Desktop\Setup\kerneld.wnt [2008-12-08 20856]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-05-07 176128]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys
c:\windows\System32\Drivers\SjyPkt.sys --- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - EVERESTDRIVER
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{379d6f29-332c-11dd-a780-001d6000c8a6}]
\Shell\AutoRun\command - L:\iqosrtk.bat
\Shell\explore\Command - L:\iqosrtk.bat
\Shell\open\Command - L:\iqosrtk.bat
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Notify-WgaLogon - (no file)
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{3063c161-2f7e-4225-ba73-08bc8f64c67e} - c:\programmi\Betway\Casino\casinogame.exe
IE: {{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - c:\programmi\Betway\Poker\MPPoker.exe
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: {5205EC22-5EC2-4A12-A3B0-EEC4324B4E8B} = 208.67.222.222,208.67.220.220
TCP: {6C4DAE7F-92D9-4F0B-8F78-8D7870E6688A} = 208.67.222.222,208.67.220.220
DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} - hxxp://activex.camfrogweb.com/basic/cfw ... module.exe
FF - ProfilePath - c:\documents and settings\Claudio\Dati applicazioni\Mozilla\Firefox\Profiles\z0qiykis.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - component: c:\documents and settings\Claudio\Dati applicazioni\Mozilla\Firefox\Profiles\z0qiykis.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 03:02:43
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Claudio\Desktop\Setup\kerneld.wnt"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-861567501-1123561945-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:6f,ef,8f,78,d6,79,0a,fa,bd,14,51,4a,dd,40,40,f8,8f,1c,4c,96,0b,
f1,ed,dd,88,d1,76,92,10,12,ec,f4,f2,32,6b,cb,d7,e8,f2,b4,dd,eb,2d,d3,dd,41,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1248)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1304)
c:\windows\system32\nvappfilter.dll
.
Ora fine scansione: 2009-02-04 3.05.47
ComboFix-quarantined-files.txt 2009-02-04 02:04:44
Pre-Run: 180.704.952.320 byte disponibili
Post-Run: 180,998,905,856 byte disponibili
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
222 --- E O F --- 2009-01-15 02:22:52