A voir également:
- Je suis infectè par WIN32:VB-EXC(wrm)
- Trojan win32 - Forum Virus
- Puabundler win32 rostpay ✓ - Forum Antivirus
- Puadimanager win32/offercore ✓ - Forum Virus
- PUADlManager:Win32/OfferCore ✓ - Forum Virus
- Win32 pup gen ✓ - Forum Linux / Unix
3 réponses
sue ce popic le problème a été résolu!
suis aussi les consignes !
http://www.commentcamarche.net/forum/affich 3981648 win32 vb bba
suis aussi les consignes !
http://www.commentcamarche.net/forum/affich 3981648 win32 vb bba
ComboFix 07-12-31.4 - utente 2007-12-31 14:24:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.91 [GMT 1:00]
Eseguito da: C:\Documents and Settings\utente\Documenti\rèsolution du probleme anti virus\ComboFix4.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system\svchost32.exe
C:\WINDOWS\system32\hghkj.ini
C:\WINDOWS\system32\hghkj.ini2
.
((((((((((((((((((((((((( Files Creati Da 2007-11-28 al 2007-12-31 )))))))))))))))))))))))))))))))))))
.
2007-12-31 14:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 22:37 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-12-30 22:37 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-30 22:37 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-30 22:37 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-30 22:36 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-30 22:28 . 2007-12-30 23:41 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-30 17:59 . 2007-12-30 17:59 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\skypePM
2007-12-30 17:59 . 2007-12-30 17:59 32 --a------ C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-12-30 17:56 . 2007-12-31 12:41 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\Skype
2007-12-30 17:51 . 2007-12-30 17:51 <DIR> d-------- C:\Programmi\Skype
2007-12-30 17:51 . 2007-12-30 17:51 <DIR> d-------- C:\Programmi\File comuni\Skype
2007-12-30 16:52 . 2007-12-30 16:53 103,424 --a------ C:\WINDOWS\system\cmd.exe
2007-12-30 13:11 . 2007-12-30 13:11 314,752 --a------ C:\WINDOWS\system32\jkhgh.dll
2007-12-30 13:06 . 2007-12-30 13:06 24,288 --a------ C:\WINDOWS\system32\hggefca.dll
2007-12-28 19:44 . 2007-12-28 19:44 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\Camfrog
2007-12-28 19:41 . 2007-12-28 19:41 <DIR> d-------- C:\WINDOWS\system32\svcd
2007-12-28 19:41 . 2007-12-28 19:41 34,304 --a------ C:\wndlscg.exe
2007-12-28 19:41 . 2007-12-28 19:41 23,552 --a------ C:\WINDOWS\system32\TmpX.exe
2007-12-28 19:41 . 2007-12-31 14:38 114 --a------ C:\WINDOWS\system32\url3
2007-12-28 19:41 . 2007-12-31 14:38 102 --a------ C:\WINDOWS\system32\url2
2007-12-28 19:41 . 2007-12-31 14:38 102 --a------ C:\WINDOWS\system32\url1
2007-12-28 19:41 . 2007-12-31 14:38 8 --a------ C:\WINDOWS\system32\CID
2007-12-28 19:41 . 2007-12-28 19:41 4 --a------ C:\WINDOWS\system32\SvcNm
2007-12-22 16:28 . 2007-12-22 16:28 <DIR> d-------- C:\Programmi\IVT Corporation
2007-12-20 10:51 . 2007-12-20 10:52 <DIR> d-------- C:\Programmi\CCleaner
2007-12-19 11:03 . 2007-12-20 11:25 <DIR> d-------- C:\Programmi\Com_Algerie
2007-12-15 12:23 . 2007-12-15 12:23 <DIR> d-------- C:\WINDOWS\Sun
2007-12-10 16:15 . 2004-08-19 14:39 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-07 18:27 . 2007-12-22 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Bluetooth
2007-12-07 18:18 . 2007-12-29 12:13 32 --a------ C:\WINDOWS\[u]0[/u]
2007-12-07 18:18 . 2007-12-07 18:18 0 --a------ C:\WINDOWS\system32\[u]0[/u]
2007-12-02 15:28 . 2007-12-02 15:28 <DIR> d-------- C:\Documents and Settings\utente\Phone Browser
2007-12-02 15:22 . 2007-12-02 15:22 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2007-12-02 10:43 . 2007-12-02 10:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft
2007-11-29 17:22 . 2007-11-29 17:22 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\Nokia
2007-11-29 17:22 . 2007-11-29 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2007-11-29 17:19 . 2007-11-29 17:19 <DIR> d-------- C:\Programmi\DIFX
2007-11-29 17:19 . 2007-11-29 17:19 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\PC Suite
2007-11-29 17:18 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-11-29 17:17 . 2007-11-29 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2007-11-25 15:45 . 2007-12-01 18:48 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\Camfrog
2007-11-25 15:44 . 2007-11-25 15:44 <DIR> d-------- C:\Programmi\Camfrog
2007-11-25 11:56 . 2007-11-25 11:56 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\AdobeUM
2007-11-23 21:35 . 2007-11-23 21:35 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-17 15:12 . 2007-12-17 21:14 244 --ah----- C:\sqmnoopt19.sqm
2007-11-16 14:22 . 2007-12-17 21:13 244 --ah----- C:\sqmnoopt18.sqm
2007-11-16 14:22 . 2007-12-17 21:13 244 --ah----- C:\sqmnoopt17.sqm
2007-11-16 14:22 . 2007-12-17 21:14 232 --ah----- C:\sqmdata19.sqm
2007-11-16 14:22 . 2007-12-17 21:13 232 --ah----- C:\sqmdata18.sqm
2007-11-16 14:00 . 2007-12-17 20:54 244 --ah----- C:\sqmnoopt11.sqm
2007-11-16 14:00 . 2007-12-17 20:54 232 --ah----- C:\sqmdata11.sqm
2007-11-16 13:59 . 2007-12-17 20:48 244 --ah----- C:\sqmnoopt10.sqm
2007-11-16 13:59 . 2007-12-17 20:48 232 --ah----- C:\sqmdata10.sqm
2007-11-16 13:58 . 2007-12-03 19:09 268 --ah----- C:\sqmdata09.sqm
2007-11-16 13:58 . 2007-12-02 20:18 268 --ah----- C:\sqmdata08.sqm
2007-11-16 13:58 . 2007-12-03 19:09 244 --ah----- C:\sqmnoopt09.sqm
2007-11-16 13:58 . 2007-12-02 20:18 244 --ah----- C:\sqmnoopt08.sqm
2007-11-16 13:02 . 2007-12-02 20:07 268 --ah----- C:\sqmdata07.sqm
2007-11-16 13:02 . 2007-12-02 20:07 244 --ah----- C:\sqmnoopt07.sqm
2007-11-13 12:33 . 2007-11-13 12:33 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-11 10:53 . 2007-11-11 10:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-11 10:53 . 2007-11-11 10:53 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-11 10:53 . 2007-12-06 18:41 184 --a------ C:\WINDOWS\cdplayer.ini
2007-11-11 10:31 . 2007-11-11 10:31 <DIR> d-------- C:\Programmi\Sony Ericsson
2007-11-11 10:08 . 2007-12-26 18:56 <DIR> d-------- C:\Programmi\LimeWire
2007-11-10 16:52 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2007-11-10 16:52 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2007-11-10 16:50 . 2004-08-19 15:39 153,600 --a------ C:\WINDOWS\system32\irftp.exe
2007-11-10 16:50 . 2004-08-19 15:39 153,600 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-11-10 16:50 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-11-10 16:50 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2007-11-10 16:50 . 2004-08-19 15:39 28,672 --a------ C:\WINDOWS\system32\irmon.dll
2007-11-10 16:50 . 2004-08-19 15:39 28,672 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-11-10 16:50 . 2004-08-19 15:39 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-11-10 16:50 . 2004-08-19 15:39 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-11-10 16:49 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-11-10 16:49 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2007-11-10 16:49 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\bthenum.sys
2007-11-10 16:49 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\bthenum.sys
2007-11-10 16:43 . 2004-08-19 15:25 274,944 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-11-10 16:43 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-11-10 16:18 . 2007-11-10 16:18 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Grisoft
2007-11-10 16:17 . 2007-10-31 17:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2007-11-10 16:17 . 2007-10-31 17:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2007-11-10 16:17 . 2007-10-31 17:16 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2007-11-10 16:17 . 2007-10-31 16:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2007-11-10 16:17 . 2007-10-31 17:16 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2007-11-10 16:17 . 2007-10-31 17:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2007-11-10 16:17 . 2007-10-31 17:16 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2007-11-10 16:17 . 2007-11-10 16:18 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2007-11-08 17:01 . 2007-12-30 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2007-11-07 23:04 . 2007-11-07 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2007-11-06 09:46 . 2007-11-06 09:46 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\ScanSoft
2007-11-06 09:46 . 2007-11-06 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SSScanWizard
2007-11-06 09:46 . 2007-11-06 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SSScanAppDataDir
2007-11-06 09:46 . 2007-11-06 09:46 516 --a------ C:\WINDOWS\MAXLINK.INI
2007-11-06 09:45 . 2007-11-06 09:45 <DIR> d-------- C:\Programmi\ScanSoft
2007-11-06 09:45 . 2007-11-06 09:46 <DIR> d-------- C:\Programmi\File comuni\ScanSoft Shared
2007-11-06 09:37 . 2007-11-06 09:37 <DIR> d-------- C:\Programmi\Canon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 13:41 6,576 --sha-w C:\WINDOWS\system32\hghkj.ini2
2007-12-30 16:56 --------- d-----w C:\Programmi\Google
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-10-31 21:33 --------- d-----w C:\Programmi\File comuni\xing shared
2007-10-31 21:33 --------- d-----w C:\Programmi\File comuni\Real
2007-10-31 21:25 --------- d-----w C:\Programmi\MSN Messenger
2007-10-31 21:22 --------- d-----w C:\Programmi\Real
2007-10-31 16:16 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-10-31 16:16 --------- d-----w C:\Programmi\File comuni\ODBC
2007-10-31 16:00 --------- d-----w C:\Programmi\VideoLAN
2007-10-31 15:59 --------- d-----w C:\Programmi\File comuni\Adobe
2007-10-31 15:57 --------- d-----w C:\Programmi\Alwil Software
2007-10-31 15:31 --------- d-----w C:\Programmi\microsoft frontpage
2007-10-31 15:28 --------- d-----w C:\Programmi\Servizi in linea
2007-10-31 15:27 --------- d-----w C:\Programmi\File comuni\MSSoap
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-12-30 13:06 24288 --a------ C:\WINDOWS\system32\hggefca.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5DB81F4-3D60-4E14-9D91-5AD636266B5A}]
2007-12-30 13:11 314752 --a------ C:\WINDOWS\system32\jkhgh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="C:\Programmi\Creative\Shared Files\CamTray.exe" [2005-10-27 11:00 299008]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Camfrog"="C:\Programmi\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 07:22 36352]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-10-31 22:32 180269]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"OPSE reminder"="C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" [2003-07-07 10:30 729088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 14:39 110592 C:\WINDOWS\system32\bthprops.cpl]
"Yahoo Messenger"="C:\WINDOWS\system\svchost32.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\hggefca.dll [2007-12-30 13:06 24288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggefca]
hggefca.dll 2007-12-30 13:06 24288 C:\WINDOWS\system32\hggefca.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau C:\WINDOWS\system32\jkhgh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 11:00 299008 --------- C:\Programmi\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-19 14:39 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
C:\Programmi\FreeCall.com\FreeCall\FreeCall.exe -nosplash -minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Programmi\MSN Messenger\MsnMsgr.Exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programmi\File comuni\Real\Update_OB\realsched.exe -osboot
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-19 16:23]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
S3 BTNetFilter;Bluetooth Network Filter;C:\Programmi\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-11-21 22:41]
S3 NtApm;Driver interfaccia NT Apm/Legacy;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-30 22:30]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 15:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6b4bb0-87f5-11dc-9ef6-0040f4ea255f}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4c9ec50-87f6-11dc-9ef8-0040f4ea255f}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 14:42:05
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\hggefca.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\jkhgh.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\jkhgh.dll
-> C:\WINDOWS\system32\hggefca.dll
.
Ora fine scansione: 2007-12-31 14:47:27 - machine was rebooted [utente]
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 13:47:13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.91 [GMT 1:00]
Eseguito da: C:\Documents and Settings\utente\Documenti\rèsolution du probleme anti virus\ComboFix4.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system\svchost32.exe
C:\WINDOWS\system32\hghkj.ini
C:\WINDOWS\system32\hghkj.ini2
.
((((((((((((((((((((((((( Files Creati Da 2007-11-28 al 2007-12-31 )))))))))))))))))))))))))))))))))))
.
2007-12-31 14:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 22:37 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-12-30 22:37 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-30 22:37 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-30 22:37 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-30 22:36 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-30 22:28 . 2007-12-30 23:41 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-30 17:59 . 2007-12-30 17:59 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\skypePM
2007-12-30 17:59 . 2007-12-30 17:59 32 --a------ C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-12-30 17:56 . 2007-12-31 12:41 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\Skype
2007-12-30 17:51 . 2007-12-30 17:51 <DIR> d-------- C:\Programmi\Skype
2007-12-30 17:51 . 2007-12-30 17:51 <DIR> d-------- C:\Programmi\File comuni\Skype
2007-12-30 16:52 . 2007-12-30 16:53 103,424 --a------ C:\WINDOWS\system\cmd.exe
2007-12-30 13:11 . 2007-12-30 13:11 314,752 --a------ C:\WINDOWS\system32\jkhgh.dll
2007-12-30 13:06 . 2007-12-30 13:06 24,288 --a------ C:\WINDOWS\system32\hggefca.dll
2007-12-28 19:44 . 2007-12-28 19:44 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\Camfrog
2007-12-28 19:41 . 2007-12-28 19:41 <DIR> d-------- C:\WINDOWS\system32\svcd
2007-12-28 19:41 . 2007-12-28 19:41 34,304 --a------ C:\wndlscg.exe
2007-12-28 19:41 . 2007-12-28 19:41 23,552 --a------ C:\WINDOWS\system32\TmpX.exe
2007-12-28 19:41 . 2007-12-31 14:38 114 --a------ C:\WINDOWS\system32\url3
2007-12-28 19:41 . 2007-12-31 14:38 102 --a------ C:\WINDOWS\system32\url2
2007-12-28 19:41 . 2007-12-31 14:38 102 --a------ C:\WINDOWS\system32\url1
2007-12-28 19:41 . 2007-12-31 14:38 8 --a------ C:\WINDOWS\system32\CID
2007-12-28 19:41 . 2007-12-28 19:41 4 --a------ C:\WINDOWS\system32\SvcNm
2007-12-22 16:28 . 2007-12-22 16:28 <DIR> d-------- C:\Programmi\IVT Corporation
2007-12-20 10:51 . 2007-12-20 10:52 <DIR> d-------- C:\Programmi\CCleaner
2007-12-19 11:03 . 2007-12-20 11:25 <DIR> d-------- C:\Programmi\Com_Algerie
2007-12-15 12:23 . 2007-12-15 12:23 <DIR> d-------- C:\WINDOWS\Sun
2007-12-10 16:15 . 2004-08-19 14:39 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-07 18:27 . 2007-12-22 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Bluetooth
2007-12-07 18:18 . 2007-12-29 12:13 32 --a------ C:\WINDOWS\[u]0[/u]
2007-12-07 18:18 . 2007-12-07 18:18 0 --a------ C:\WINDOWS\system32\[u]0[/u]
2007-12-02 15:28 . 2007-12-02 15:28 <DIR> d-------- C:\Documents and Settings\utente\Phone Browser
2007-12-02 15:22 . 2007-12-02 15:22 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2007-12-02 10:43 . 2007-12-02 10:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft
2007-11-29 17:22 . 2007-11-29 17:22 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\Nokia
2007-11-29 17:22 . 2007-11-29 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2007-11-29 17:19 . 2007-11-29 17:19 <DIR> d-------- C:\Programmi\DIFX
2007-11-29 17:19 . 2007-11-29 17:19 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\PC Suite
2007-11-29 17:18 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-11-29 17:17 . 2007-11-29 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2007-11-25 15:45 . 2007-12-01 18:48 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\Camfrog
2007-11-25 15:44 . 2007-11-25 15:44 <DIR> d-------- C:\Programmi\Camfrog
2007-11-25 11:56 . 2007-11-25 11:56 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\AdobeUM
2007-11-23 21:35 . 2007-11-23 21:35 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-17 15:12 . 2007-12-17 21:14 244 --ah----- C:\sqmnoopt19.sqm
2007-11-16 14:22 . 2007-12-17 21:13 244 --ah----- C:\sqmnoopt18.sqm
2007-11-16 14:22 . 2007-12-17 21:13 244 --ah----- C:\sqmnoopt17.sqm
2007-11-16 14:22 . 2007-12-17 21:14 232 --ah----- C:\sqmdata19.sqm
2007-11-16 14:22 . 2007-12-17 21:13 232 --ah----- C:\sqmdata18.sqm
2007-11-16 14:00 . 2007-12-17 20:54 244 --ah----- C:\sqmnoopt11.sqm
2007-11-16 14:00 . 2007-12-17 20:54 232 --ah----- C:\sqmdata11.sqm
2007-11-16 13:59 . 2007-12-17 20:48 244 --ah----- C:\sqmnoopt10.sqm
2007-11-16 13:59 . 2007-12-17 20:48 232 --ah----- C:\sqmdata10.sqm
2007-11-16 13:58 . 2007-12-03 19:09 268 --ah----- C:\sqmdata09.sqm
2007-11-16 13:58 . 2007-12-02 20:18 268 --ah----- C:\sqmdata08.sqm
2007-11-16 13:58 . 2007-12-03 19:09 244 --ah----- C:\sqmnoopt09.sqm
2007-11-16 13:58 . 2007-12-02 20:18 244 --ah----- C:\sqmnoopt08.sqm
2007-11-16 13:02 . 2007-12-02 20:07 268 --ah----- C:\sqmdata07.sqm
2007-11-16 13:02 . 2007-12-02 20:07 244 --ah----- C:\sqmnoopt07.sqm
2007-11-13 12:33 . 2007-11-13 12:33 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-11 10:53 . 2007-11-11 10:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-11 10:53 . 2007-11-11 10:53 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-11 10:53 . 2007-12-06 18:41 184 --a------ C:\WINDOWS\cdplayer.ini
2007-11-11 10:31 . 2007-11-11 10:31 <DIR> d-------- C:\Programmi\Sony Ericsson
2007-11-11 10:08 . 2007-12-26 18:56 <DIR> d-------- C:\Programmi\LimeWire
2007-11-10 16:52 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2007-11-10 16:52 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2007-11-10 16:50 . 2004-08-19 15:39 153,600 --a------ C:\WINDOWS\system32\irftp.exe
2007-11-10 16:50 . 2004-08-19 15:39 153,600 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-11-10 16:50 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-11-10 16:50 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2007-11-10 16:50 . 2004-08-19 15:39 28,672 --a------ C:\WINDOWS\system32\irmon.dll
2007-11-10 16:50 . 2004-08-19 15:39 28,672 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-11-10 16:50 . 2004-08-19 15:39 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-11-10 16:50 . 2004-08-19 15:39 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-11-10 16:49 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-11-10 16:49 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2007-11-10 16:49 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\bthenum.sys
2007-11-10 16:49 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\bthenum.sys
2007-11-10 16:43 . 2004-08-19 15:25 274,944 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-11-10 16:43 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-11-10 16:18 . 2007-11-10 16:18 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Grisoft
2007-11-10 16:17 . 2007-10-31 17:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2007-11-10 16:17 . 2007-10-31 17:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2007-11-10 16:17 . 2007-10-31 17:16 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2007-11-10 16:17 . 2007-10-31 16:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2007-11-10 16:17 . 2007-10-31 17:16 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2007-11-10 16:17 . 2007-10-31 17:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2007-11-10 16:17 . 2007-10-31 17:16 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2007-11-10 16:17 . 2007-11-10 16:18 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2007-11-08 17:01 . 2007-12-30 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2007-11-07 23:04 . 2007-11-07 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2007-11-06 09:46 . 2007-11-06 09:46 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\ScanSoft
2007-11-06 09:46 . 2007-11-06 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SSScanWizard
2007-11-06 09:46 . 2007-11-06 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SSScanAppDataDir
2007-11-06 09:46 . 2007-11-06 09:46 516 --a------ C:\WINDOWS\MAXLINK.INI
2007-11-06 09:45 . 2007-11-06 09:45 <DIR> d-------- C:\Programmi\ScanSoft
2007-11-06 09:45 . 2007-11-06 09:46 <DIR> d-------- C:\Programmi\File comuni\ScanSoft Shared
2007-11-06 09:37 . 2007-11-06 09:37 <DIR> d-------- C:\Programmi\Canon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 13:41 6,576 --sha-w C:\WINDOWS\system32\hghkj.ini2
2007-12-30 16:56 --------- d-----w C:\Programmi\Google
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-10-31 21:33 --------- d-----w C:\Programmi\File comuni\xing shared
2007-10-31 21:33 --------- d-----w C:\Programmi\File comuni\Real
2007-10-31 21:25 --------- d-----w C:\Programmi\MSN Messenger
2007-10-31 21:22 --------- d-----w C:\Programmi\Real
2007-10-31 16:16 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-10-31 16:16 --------- d-----w C:\Programmi\File comuni\ODBC
2007-10-31 16:00 --------- d-----w C:\Programmi\VideoLAN
2007-10-31 15:59 --------- d-----w C:\Programmi\File comuni\Adobe
2007-10-31 15:57 --------- d-----w C:\Programmi\Alwil Software
2007-10-31 15:31 --------- d-----w C:\Programmi\microsoft frontpage
2007-10-31 15:28 --------- d-----w C:\Programmi\Servizi in linea
2007-10-31 15:27 --------- d-----w C:\Programmi\File comuni\MSSoap
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-12-30 13:06 24288 --a------ C:\WINDOWS\system32\hggefca.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5DB81F4-3D60-4E14-9D91-5AD636266B5A}]
2007-12-30 13:11 314752 --a------ C:\WINDOWS\system32\jkhgh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="C:\Programmi\Creative\Shared Files\CamTray.exe" [2005-10-27 11:00 299008]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Camfrog"="C:\Programmi\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 07:22 36352]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-10-31 22:32 180269]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"OPSE reminder"="C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" [2003-07-07 10:30 729088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 14:39 110592 C:\WINDOWS\system32\bthprops.cpl]
"Yahoo Messenger"="C:\WINDOWS\system\svchost32.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\hggefca.dll [2007-12-30 13:06 24288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggefca]
hggefca.dll 2007-12-30 13:06 24288 C:\WINDOWS\system32\hggefca.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau C:\WINDOWS\system32\jkhgh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 11:00 299008 --------- C:\Programmi\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-19 14:39 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
C:\Programmi\FreeCall.com\FreeCall\FreeCall.exe -nosplash -minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Programmi\MSN Messenger\MsnMsgr.Exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programmi\File comuni\Real\Update_OB\realsched.exe -osboot
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-19 16:23]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
S3 BTNetFilter;Bluetooth Network Filter;C:\Programmi\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-11-21 22:41]
S3 NtApm;Driver interfaccia NT Apm/Legacy;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-30 22:30]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 15:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6b4bb0-87f5-11dc-9ef6-0040f4ea255f}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4c9ec50-87f6-11dc-9ef8-0040f4ea255f}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 14:42:05
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\hggefca.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\jkhgh.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\jkhgh.dll
-> C:\WINDOWS\system32\hggefca.dll
.
Ora fine scansione: 2007-12-31 14:47:27 - machine was rebooted [utente]
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 13:47:13
