Olimpo Informatico

gr00v3 · Mortale pio Registrato: 16/04/07 14:24 Messaggi: 18

ciao a tutti spero mi possiate essere d'aiuto cm sempre
il problema riguarda svchost.exe so ke è un file di sistema ma a qnt ho capito si instaura accanto al filedisistema il programma ke mi apre le porte... a dire il vero ho letto diverse cose molto discordanti tra loroe cn soluzioni alrtettanto discordanti e spesso inutili..ho fatto degli scandisk cn i vari download di windows per trovare dei malware..alcuni pensano sia il worm 32.blaster..ke non è stato trovato sul mio pc..

fatt sta ke il pc continua a portare le prestazioni al 100 % pur se i processi utilizzati nn sn i svchost vari ma è il ciclo idle del sistema e ogni tanto NMIndex ke è nero burning rom...
ho fatto una pulizia cn uniblue registry booster2 in modo da togliere gli errori nel registro e niente...ccleaner....nada..tutto inutile....a volte il pc arriva al punti di spegnersi da solo perke sovraccarico

ho provato a terminare i processi svchost a uno a uno qnd arrivavo al svchost.exe servizio di rete appare la cara vekkia finestra ke mi aveva infettato gia tempo fa cn isass.exe ke mi dice ke ho 30 secondi perke poi il pc si kiude da se grazie al NT AUTHORITY SYSTEM

aiuto. Shocked

dimenticavo...spesso...sempre piu spesso..nn mi visualizza la pagina web di internet explorer pur essendo connesso correttemente

bdoriano · Inviato: 25 Mar 2008 16:00 Oggetto:

Disabilita il ripristino di sistema.
Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Scarica Norman Malware Cleaner e NOD32 Scanner.
Avvia il pc in modalità provvisoria.
Avvia NOD32 e fagli fare la scansione completa.
Avvia Norman Malware Cleaner e fagli fare la scansione completa.
Viene generato un log sul desktop chiamandolo NFix_2008-03-gg_hh-mm-ss.log, alla fine della scansione caricalo su FreeFileHosting come indicato qui e posta il link che ti viene assegnato.
Segui le istruzioni di questo topic per postare il log di combofix.

gr00v3 · Mortale pio Registrato: 16/04/07 14:24 Messaggi: 18

http://www.freefilehosting.net/download/3e9fi

ecco il link...senti ancora...
startup monitor cos'è? mi si apre ogni volta k emi connetto e mi kiede sei permetto di aprire determinati file...

grazie per la risp esaudiente...spero mi sarai ancora di aiuto Embarassed

bdoriano · Inviato: 28 Mar 2008 21:00 Oggetto:

Manca il log di combofix.
Startup monitor dovrebbe essere un'applicazione che ti informa di nuovi programmi inseriti nell'avvio automatico.
Saprò dirti di più dopo aver visto il log di combofix.

Un'altra cosa, quando si fanno le scansioni, è necessario chiudere tutti gli altri programmi (emule, per esempio)

gr00v3 · Mortale pio Registrato: 16/04/07 14:24 Messaggi: 18

ecco..scusa la scarsa precisione precedente

ComboFix 08-03-30.3 - Utente 2008-03-31 14:15:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.186 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-02-28 al 2008-03-31 )))))))))))))))))))))))))))))))))))
.

2008-03-30 02:20 . 2008-03-30 13:15 632 --a------ C:\WINDOWS\CoD.INI
2008-03-28 18:42 . 2008-03-28 18:53 <DIR> d-------- C:\Programmi\Direct MIDI to MP3 Converter
2008-03-26 19:03 . 2008-03-26 19:03 253,952 --------- C:\WINDOWS\Setup1.exe
2008-03-26 19:02 . 2008-03-26 19:02 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-03-22 11:44 . 2008-03-22 12:07 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-03-21 14:59 . 2008-03-21 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\NFS Underground
2008-03-21 14:58 . 2008-03-21 14:58 <DIR> d-------- C:\Programmi\File comuni\DirectX
2008-03-20 01:03 . 2008-03-20 01:03 250 --a------ C:\WINDOWS\gmer.ini
2008-03-18 17:40 . 2003-08-29 01:55 423,424 --a------ C:\WINDOWS\system32\WMAVDS32.ax
2008-03-18 17:40 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-03-18 17:40 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-03-18 17:11 . 2008-03-18 17:11 221,184 --a------ C:\WINDOWS\system32\UAService7.exe
2008-03-18 17:11 . 2008-03-18 17:11 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-18 16:58 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-17 12:02 . 2008-03-20 01:11 <DIR> d-------- C:\Programmi\Uniblue
2008-03-17 12:02 . 2008-03-17 12:02 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 12:12 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\MSN Pictures Displayer
2008-03-26 16:05 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\uTorrent
2008-03-19 22:41 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-07 22:38 --------- d-----w C:\Programmi\ESET
2007-12-07 02:04 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:40 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"Uniblue RegistryBooster 2"="C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 17:06 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-06-19 11:19 949376]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-07 00:19 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-07 00:07 114688]
"GSICONEXE"="GSICON.EXE" [2001-09-10 22:10 90112 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2001-10-02 15:42 16384 C:\WINDOWS\system32\dslagent.exe]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 18:23 86016 C:\WINDOWS\StartupMonitor.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Digisoft AntiDialer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MioSync.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^MSN Pictures Displayer.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerNotebookManager]
--a------ 2003-05-16 17:09 509952 C:\Programmi\Acer\Notebook Manager\almxptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-02-14 11:59 88107 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AUDIO SOFT]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a------ 2003-05-12 15:05 167936 C:\Programmi\Launch Manager\CtrlVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2003-05-12 14:28 32768 C:\Programmi\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2003-05-19 11:51 45056 C:\Programmi\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-08 01:12 488984 C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 01:13 774168 C:\Programmi\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2007-02-06 17:43 252704 C:\Programmi\File comuni\LogiShrd\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Programmi\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
--a------ 2002-08-30 15:02 94208 C:\Programmi\Launch Manager\PowerKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Proc Deaf Delete Peak]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-02 12:19 68856 C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-04-24 16:44 610304 C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-04-24 16:51 110592 C:\Programmi\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-12-05 17:06 1885464 C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2008-03-19 00:19 219952 C:\Documents and Settings\Utente\Desktop\programmi\utorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2003-05-28 10:02 53248 C:\Programmi\Launch Manager\Wbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
--a------ 2008-03-19 00:19 219952 C:\Documents and Settings\Utente\Desktop\programmi\utorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Utente\\Desktop\\programmi\\utorrent.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R2 acernbm;acernbm;C:\WINDOWS\system32\drivers\acernbm.sys [2003-03-05 10:01]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S2 gafwload;Modem ADSL B-QUICK Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2001-09-28 18:07]
S3 POWERKEY;POWERKEY;C:\Programmi\Launch Manager\POWERKEY.sys [2000-12-19 18:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a3d73f4-5497-11dc-9667-000ae404caf4}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a35a51c1-fcb0-11dc-977d-000ae404caf4}]
\Shell\AutoRun\command - H:\setupSNK.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-31 11:58:01 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 14:18:52
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-03-31 14:20:12
ComboFix-quarantined-files.txt 2008-03-31 12:19:55
7 Directory 3,629,420,544 byte disponibili
10 Directory 3,618,000,896 byte disponibili
.
2008-03-21 02:02:04 --- E O F ---

gr00v3 · Mortale pio Registrato: 16/04/07 14:24 Messaggi: 18

ecco..scusa la scarsa precisione precedente

ComboFix 08-03-30.3 - Utente 2008-03-31 14:15:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.186 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-02-28 al 2008-03-31 )))))))))))))))))))))))))))))))))))
.

2008-03-30 02:20 . 2008-03-30 13:15 632 --a------ C:\WINDOWS\CoD.INI
2008-03-28 18:42 . 2008-03-28 18:53 <DIR> d-------- C:\Programmi\Direct MIDI to MP3 Converter
2008-03-26 19:03 . 2008-03-26 19:03 253,952 --------- C:\WINDOWS\Setup1.exe
2008-03-26 19:02 . 2008-03-26 19:02 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-03-22 11:44 . 2008-03-22 12:07 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-03-21 14:59 . 2008-03-21 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\NFS Underground
2008-03-21 14:58 . 2008-03-21 14:58 <DIR> d-------- C:\Programmi\File comuni\DirectX
2008-03-20 01:03 . 2008-03-20 01:03 250 --a------ C:\WINDOWS\gmer.ini
2008-03-18 17:40 . 2003-08-29 01:55 423,424 --a------ C:\WINDOWS\system32\WMAVDS32.ax
2008-03-18 17:40 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-03-18 17:40 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-03-18 17:11 . 2008-03-18 17:11 221,184 --a------ C:\WINDOWS\system32\UAService7.exe
2008-03-18 17:11 . 2008-03-18 17:11 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-18 16:58 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-17 12:02 . 2008-03-20 01:11 <DIR> d-------- C:\Programmi\Uniblue
2008-03-17 12:02 . 2008-03-17 12:02 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 12:12 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\MSN Pictures Displayer
2008-03-26 16:05 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\uTorrent
2008-03-19 22:41 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-07 22:38 --------- d-----w C:\Programmi\ESET
2007-12-07 02:04 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:40 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"Uniblue RegistryBooster 2"="C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 17:06 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-06-19 11:19 949376]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-07 00:19 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-07 00:07 114688]
"GSICONEXE"="GSICON.EXE" [2001-09-10 22:10 90112 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2001-10-02 15:42 16384 C:\WINDOWS\system32\dslagent.exe]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 18:23 86016 C:\WINDOWS\StartupMonitor.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Digisoft AntiDialer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MioSync.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^MSN Pictures Displayer.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerNotebookManager]
--a------ 2003-05-16 17:09 509952 C:\Programmi\Acer\Notebook Manager\almxptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-02-14 11:59 88107 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AUDIO SOFT]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a------ 2003-05-12 15:05 167936 C:\Programmi\Launch Manager\CtrlVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2003-05-12 14:28 32768 C:\Programmi\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2003-05-19 11:51 45056 C:\Programmi\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-08 01:12 488984 C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 01:13 774168 C:\Programmi\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2007-02-06 17:43 252704 C:\Programmi\File comuni\LogiShrd\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Programmi\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
--a------ 2002-08-30 15:02 94208 C:\Programmi\Launch Manager\PowerKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Proc Deaf Delete Peak]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-02 12:19 68856 C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-04-24 16:44 610304 C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-04-24 16:51 110592 C:\Programmi\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-12-05 17:06 1885464 C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2008-03-19 00:19 219952 C:\Documents and Settings\Utente\Desktop\programmi\utorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2003-05-28 10:02 53248 C:\Programmi\Launch Manager\Wbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
--a------ 2008-03-19 00:19 219952 C:\Documents and Settings\Utente\Desktop\programmi\utorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Utente\\Desktop\\programmi\\utorrent.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R2 acernbm;acernbm;C:\WINDOWS\system32\drivers\acernbm.sys [2003-03-05 10:01]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S2 gafwload;Modem ADSL B-QUICK Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2001-09-28 18:07]
S3 POWERKEY;POWERKEY;C:\Programmi\Launch Manager\POWERKEY.sys [2000-12-19 18:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a3d73f4-5497-11dc-9667-000ae404caf4}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a35a51c1-fcb0-11dc-977d-000ae404caf4}]
\Shell\AutoRun\command - H:\setupSNK.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-31 11:58:01 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 14:18:52
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-03-31 14:20:12
ComboFix-quarantined-files.txt 2008-03-31 12:19:55
7 Directory 3,629,420,544 byte disponibili
10 Directory 3,618,000,896 byte disponibili
.
2008-03-21 02:02:04 --- E O F ---