Velmi pekne dakujem za pomoc.
Neviem, ci som to urobil spravne. Posielam co mi vypisalo.
VDAKA.
ComboFix 08-07-11.1 - adm 2008-07-12 13.47.43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.242 [GMT 2:00]
Eseguito da: C:\Documents and Settings\adm\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Creati Da 2008-06-12 al 2008-07-12 )))))))))))))))))))))))))))))))))))
.
2008-07-11 16:54 . 2008-07-11 16:54 <DIR> d-------- C:\Programmi\Trend Micro
2008-07-11 15:14 . 2008-07-11 15:14 <DIR> d-------- C:\Programmi\IObit
2008-07-11 15:09 . 2008-07-11 15:09 <DIR> d-------- C:\Programmi\CCleaner
2008-07-11 14:32 . 2006-07-31 21:43 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-07-11 14:32 . 2006-07-31 21:43 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-07-11 14:32 . 2006-07-31 21:43 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-07-11 14:32 . 2006-07-31 19:50 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-07-11 14:32 . 2006-07-31 21:43 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-07-11 14:32 . 2008-07-12 13:48 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-07-11 14:32 . 2006-07-31 21:43 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-07-11 14:32 . 2008-07-12 13:44 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-07-11 14:32 . 2008-07-11 14:32 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-11 14:17 . 2008-07-11 14:25 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-11 13:48 . 2008-07-11 13:48 <DIR> d-------- C:\Documents and Settings\adm\Dati applicazioni\ESET
2008-07-11 13:47 . 2008-07-11 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ESET
2008-07-01 20:57 . 2008-07-01 20:57 <DIR> d-------- C:\Programmi\JustVoip.com
2008-07-01 20:57 . 2008-07-01 20:59 <DIR> d-------- C:\Documents and Settings\adm\Dati applicazioni\JustVoip
2008-07-01 13:51 . 2008-07-01 13:51 <DIR> d-------- C:\Programmi\Internet Download Manager
2008-07-01 13:51 . 2008-07-01 13:53 <DIR> d-------- C:\Documents and Settings\adm\Dati applicazioni\IDM
2008-07-01 13:51 . 2008-07-02 21:06 <DIR> d-------- C:\Documents and Settings\adm\Dati applicazioni\DMCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 20:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo!
2008-05-21 20:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-05-21 20:09 --------- d-----w C:\Documents and Settings\adm\Dati applicazioni\Yahoo!
2008-05-21 20:05 --------- d-----w C:\Programmi\Yahoo!
2008-05-21 11:12 --------- d-----w C:\Programmi\Real
2008-05-21 11:12 --------- d-----w C:\Programmi\File comuni\xing shared
2008-05-21 11:12 --------- d-----w C:\Programmi\File comuni\Real
2008-04-13 08:37 73,216 -c--a-w C:\WINDOWS\ST6UNST.EXE
2008-04-13 08:37 249,856 -c----w C:\WINDOWS\Setup1.exe
2004-10-01 13:00 40,960 -c--a-w C:\Programmi\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-30 22:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-05 18:55 68856]
"Yahoo! Pager"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-12 21:05 339968]
"RemoteControl"="C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-05-21 13:12 185632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 22:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^adm^Menu Avvio^Programmi^Esecuzione automatica^Registrazione Corel.lnk]
path=C:\Documents and Settings\adm\Menu Avvio\Programmi\Esecuzione automatica\Registrazione Corel.lnk
backup=C:\WINDOWS\pss\Registrazione Corel.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\JustVoip.com\\JustVoip\\JustVoip.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0054be54-3467-11dd-bc38-000b6a8f5874}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17860e56-0934-11dd-bb83-000b6a8f5874}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe779c69-0476-11dd-bb77-000b6a8f5874}]
\shell\Auto\command - hvNrtID.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-12 13:48:20
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-07-12 13:48:53
ComboFix-quarantined-files.txt 2008-07-12 11:48:47
ComboFix2.txt 2008-07-12 11:46:15
11 Directory 77,847,511,040 byte disponibili
12 Directory 77,839,585,280 byte disponibili
101
fix.reg
