Riuscito!!
Ecco il log
ComboFix 08-08-26.03 - Michele Codemo 2008-08-28 19.44.19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.664 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Michele Codemo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Michele Codemo\Cookies\michele_codemo@dezignus[1].txt
C:\Documents and Settings\Michele Codemo\Dati applicazioni\macromedia\Flash Player\#SharedObjects\R2VQZMAJ\bin.clearspring.com
C:\Documents and Settings\Michele Codemo\Dati applicazioni\macromedia\Flash Player\#SharedObjects\R2VQZMAJ\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Michele Codemo\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Michele Codemo\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Programmi\autorun.inf
.
((((((((((((((((((((((((( Files Creati Da 2008-07-28 al 2008-08-28 )))))))))))))))))))))))))))))))))))
.
2008-08-26 20:59 . 2008-08-26 20:59 <DIR> d-------- C:\Programmi\Trend Micro
2008-08-22 09:10 . 2008-08-23 20:40 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-06 00:13 . 2008-08-06 00:13 <DIR> d-------- C:\Documents and Settings\Michele Codemo\Dati applicazioni\DivX
2008-08-06 00:04 . 2008-08-06 00:04 22 --a------ C:\WINDOWS\VFO.INI
2008-08-05 23:50 . 2008-08-16 16:42 <DIR> d-------- C:\Programmi\SureThing Express Labeler
2008-08-05 23:50 . 2008-08-05 23:50 <DIR> d-------- C:\Programmi\File comuni\SureThing Shared
2008-08-05 23:48 . 2008-08-05 23:48 <DIR> d-------- C:\Programmi\File comuni\Pinnacle
2008-08-05 23:42 . 2008-08-05 23:42 <DIR> d-------- C:\Programmi\File comuni\Yahoo!
2008-08-05 23:42 . 2008-08-05 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Studio 12
2008-08-05 23:42 . 2008-08-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle Studio Plus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 10:27 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-08-28 09:09 --------- d-----w C:\Programmi\eMule
2008-08-25 19:40 --------- d-----w C:\Programmi\Adobe Photoshop CS2 v9.0_[ Completamente in Italiano ]_L' unico in circolazione
2008-08-21 21:44 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-21 20:28 --------- d-----w C:\Programmi\Google
2008-08-19 07:30 --------- d-----w C:\Programmi\Java
2008-08-05 22:09 --------- d-----w C:\Documents and Settings\Michele Codemo\Dati applicazioni\GetRightToGo
2008-08-05 22:07 --------- d-----w C:\Programmi\Pinnacle
2008-08-05 22:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
2008-08-05 21:53 --------- d-----w C:\Programmi\File comuni\Adobe
2008-07-19 07:24 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-07-19 07:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-07-19 06:59 --------- d-----w C:\Programmi\Lavalys
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-28 14:43 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\UDL
2008-06-28 14:42 --------- d-----w C:\Programmi\epson
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:15 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:36 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-02-22 19:08 925,696 ----a-w C:\Programmi\GSpot.exe
2007-02-19 14:28 117,974 ----a-r C:\Programmi\GSpot27.dat
2007-01-16 21:37 3,615 ----a-r C:\Programmi\license.txt
2007-01-16 21:37 10,684 ----a-r C:\Programmi\ExportFormat.txt
2006-04-29 17:46 179 ----a-w C:\Programmi\Free-Codecs.txt
2005-10-11 14:32 63,340,592 ----a-w C:\Programmi\Dreamweaver8-it.exe
2005-10-11 13:29 113,329,656 ----a-w C:\Programmi\Flash8-it.exe
2005-10-11 13:24 92,828,472 ----a-w C:\Programmi\Fireworks8-it.exe
2005-09-13 09:26 55,296 ----a-w C:\Programmi\keygen.exe
2004-08-10 21:09 126,976 ----a-w C:\Programmi\epic_eula.dll
2004-03-01 05:43 625 ----a-w C:\Programmi\Setup.exe.manifest
2003-04-20 18:39 245,408 ----a-w C:\Programmi\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"EPSON Stylus DX7000F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE" [2006-05-22 06:00 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 22:07 7110656]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-10-21 21:43 98304]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2005-07-20 22:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-08-18 15:38 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-26 17:54 2806784 C:\WINDOWS\ALCWZRD.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]
C:\Documents and Settings\Michele Codemo\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-05-14 22:25:03 124400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"vidc.mjpx"= Pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Programmi\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"C:\\Programmi\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"C:\\Programmi\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20891:TCP"= 20891:TCP:emule
"7711:UDP"= 7711:UDP:emule
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 14:00]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d909096-7291-11dc-aaff-0015f226411b}]
\Shell\Auto\command - jsucaswrt.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL jsucaswrt.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-08-27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{95C7F66C-50B7-442A-B471-33E2AB19FB26}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-Magentic - C:\PROGRA~1\Magentic\bin\Magentic.exe
HKCU-Run-IncrediMail - C:\Programmi\IncrediMail\bin\IncMail.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Michele Codemo\Dati applicazioni\Mozilla\Firefox\Profiles\r8mwsz8n.default\
FF -: plugin - C:\Programmi\Google\Google Updater\2.2.1202.1501\npCIDetect11.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-28 19:47:15
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-08-28 19:48:15
ComboFix-quarantined-files.txt 2008-08-28 17:48:11
Pre-Run: 151,343,386,624 byte disponibili
Post-Run: 159,063,396,352 byte disponibili
155 --- E O F --- 2008-08-15 11:42:11