ComboFix 09-02-15.01 - utente 2009-02-17 11.29.48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.894.330 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\Files scaricati\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *enabled*
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-01-17 al 2009-02-17 )))))))))))))))))))))))))))))))))))
.
2009-01-19 13:57 . 2009-01-19 13:57 268 --ah----- C:\sqmdata06.sqm
2009-01-19 13:57 . 2009-01-19 13:57 244 --ah----- C:\sqmnoopt06.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 10:00 --------- d-----w c:\documents and settings\utente\Dati applicazioni\Spyware Terminator
2009-02-16 20:32 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic
2009-02-16 10:00 --------- d-----w c:\programmi\Spyware Terminator
2009-02-15 10:23 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-02-05 23:10 --------- d-----w c:\programmi\CCleaner
2009-01-24 12:07 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-24 12:07 --------- d-----w c:\programmi\Google
2009-01-16 17:00 --------- d-----w c:\documents and settings\utente\Dati applicazioni\dvdcss
2008-12-24 17:05 --------- d-----w c:\documents and settings\utente\Dati applicazioni\gtk-2.0
2008-12-20 01:00 --------- d-----w c:\programmi\eMule AdunanzA
2007-09-18 20:23 56 --sh--r c:\windows\system32\
0C6756218D.sys
2007-09-18 17:25 8 --sh--r c:\windows\system32\184C47551F.sys
2007-09-17 22:08 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2007-09-17 22:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
2007-09-17 22:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012007091820070919\index.dat
2007-09-17 22:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
2007-01-03 11:51 296960 f959d929a6a22d78e3a6851a9361ce18 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-05-29 1817600]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"COMODO Firewall Pro"="c:\programmi\Comodo\Firewall\CPF.exe" [2007-11-23 1115728]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-01-03 c:\windows\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AntiVir PersonalEdition Classic\\avcenter.exe"=
"c:\\Programmi\\Linksys Wireless-G PCI Wireless Network Monitor\\InvokeSvc2.exe"=
"c:\\Programmi\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-09-19 141312]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\documents and settings\utente\Desktop\Files scaricati\EverestHome\kerneld.wnt
c:\documents and settings\utente\Desktop\Files scaricati\EverestHome\kerneld.wnt
![[?]](http://www.megalab.it/forum/images/smilies/confused.gif "Confuso")
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [2007-10-19 91392]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - GTNDIS5
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.libero.ituInternet Connection Wizard,ShellNext = iexplore
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\macf5p9e.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-17 11:32:24
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\utente\Desktop\Files scaricati\EverestHome\kerneld.wnt"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\CLBCATQ.DLL
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\WLDAP32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\ipsecsvc.dll
- - - - - - - > 'explorer.exe'(3764)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\msi.dll
.
Ora fine scansione: 2009-02-17 11.34.15
ComboFix-quarantined-files.txt 2009-02-17 10:34:09
Pre-Run: 27.340.722.176 byte disponibili
Post-Run: 27,556,024,320 byte disponibili
125
Esegui 
da SupermanBogosse » lun feb 16, 2009 10:26 pm 
