Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2554 [GMT -4:0
0]
Running from: c:\documents and settings\Hong01.micrium01\Desktop\CF.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB0644
8E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB
6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\documents and settings\Hong01.micrium01\g2mdlhlpx.exe
c:\windows\system32\spool\prtprocs\w32x86\o1o9oC79.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\zlibwapi.dll
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-09-20 11:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1100)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'lsass.exe'(1156)
c:\program files\Bonjour\mdnsNSP.dll
- - - - - - - > 'explorer.exe'(9536)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6
967989\MSVCR80.dll
c:\documents and settings\Hong01.micrium01\Application Data\Dropbox\bin\DropboxE
xt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec AntiVirus\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\crypserv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-09-20 11:53:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-20 15:53
Pre-Run: 230,190,784,512 bytes free
Post-Run: 238,754,385,920 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
- - End Of File - - 2555BB606F3AE02D9E8DD8DDAD2DC2E4