Fatto!
ecco i risultati:
SDFix: Version 1.186 Run by Administrator on 29/05/2008 at 15.43
Microsoft Windows XP [Versione 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-29 15:55:32
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5009f5]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmi\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:44,5a,f0,fb,cd,67,76,95,6c,29,c1,98,d9,0f,62,7c,94,ee,fd,ee,e6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7a,ab,0f,f4,63,8c,3d,cd,0e,92,46,03,ca,7c,d0,ae,bc,..
"khjeh"=hex:a1,1c,f3,c2,b4,37,d6,56,3e,6b,2f,ad,9e,50,dd,0a,9a,e8,98,5d,f7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:82,f6,ad,10,35,da,7e,4b,a1,b4,46,ea,02,a0,8d,66,c2,b6,17,ba,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd5009f5]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmi\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:44,5a,f0,fb,cd,67,76,95,6c,29,c1,98,d9,0f,62,7c,94,ee,fd,ee,e6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7a,ab,0f,f4,63,8c,3d,cd,0e,92,46,03,ca,7c,d0,ae,bc,..
"khjeh"=hex:a1,1c,f3,c2,b4,37,d6,56,3e,6b,2f,ad,9e,50,dd,0a,9a,e8,98,5d,f7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:82,f6,ad,10,35,da,7e,4b,a1,b4,46,ea,02,a0,8d,66,c2,b6,17,ba,a3,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"="C:\\Programmi\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Modulo di esecuzione DLL come applicazioni"
"C:\\Programmi\\ooVoo\\ooVoo.exe"="C:\\Programmi\\ooVoo\\ooVoo.exe:*:Enabled:ooVoo"
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"="C:\\Programmi\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"="C:\\Programmi\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="C:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Programmi\\mIRC\\mirc.exe"="C:\\Programmi\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Programmi\\Skype\\Phone\\Skype.exe"="C:\\Programmi\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Programmi\\uTorrent\\uTorrent.exe"="C:\\Programmi\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe"
Finished!Che ne dici?