ciao. allora ho eseguito quanto tu mi hai detto e dopo la scansione di avast (che mi ha indivuduato un virus,prontamente cancellato, il cui nome non ricordo ma non del tipo come in precedenza) ho eseguito scansione con malware e poi sempre con HD inserito ho fatto partire i due programmini Hijackthis e combo. di seguito ti riporto il risultato delle tre predette operazioni. aspetto tua risposta prima di riattivare autopartenza usb e quindi di prendere materiale dall HD
Malwarebytes' Anti-Malware 1.30
Versione del database: 1310
Windows 5.1.2600 Service Pack 2
26/10/2008 20.27.41
mbam-log-2008-10-26 (20-27-41).txt
Tipo di scansione: Scansione rapida
Elementi scansionati: 32135
Tempo trascorso: 31 minute(s), 31 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.28.29, on 26/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\NVC\BIN\ZLH.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\arcafant\impostazioni locali\dati applicazioni\ubockyn.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ACCA\PriMus\PriMus.EXE
C:\Programmi\File comuni\Ahead\lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.libero.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\NVC\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ubockyn] "c:\documents and settings\arcafant\impostazioni locali\dati applicazioni\ubockyn.exe" ubockyn
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 6924 bytes
ComboFix 08-10-24.01 - ARCAFANT 2008-10-26 20.30.51.15 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.640 [GMT 1:00]
Eseguito da: C:\Documents and Settings\ARCAFANT\Desktop\ComboFix.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\ARCAFANT\Impostazioni locali\Dati applicazioni\ubockyn.dat
C:\Documents and Settings\ARCAFANT\Impostazioni locali\Dati applicazioni\ubockyn.exe
C:\Documents and Settings\ARCAFANT\Impostazioni locali\Dati applicazioni\ubockyn_nav.dat
C:\Documents and Settings\ARCAFANT\Impostazioni locali\Dati applicazioni\ubockyn_navps.dat
.
((((((((((((((((((((((((( Files Creati Da 2008-09-26 al 2008-10-26 )))))))))))))))))))))))))))))))))))
.
2008-10-25 20:44 . 2008-10-19 15:23 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-10-25 20:44 . 2008-10-19 15:23 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-10-25 20:44 . 2008-10-19 15:23 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-10-25 20:44 . 2008-10-19 13:30 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-10-25 20:44 . 2008-10-19 15:23 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-10-25 20:44 . 2008-10-26 20:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-10-25 20:44 . 2008-10-19 15:23 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-10-25 20:44 . 2008-10-19 13:36 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-10-25 20:44 . 2008-10-25 20:45 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-25 00:13 . 2008-10-25 00:13 <DIR> d-------- C:\Programmi\Sun
2008-10-25 00:13 . 2008-06-10 01:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-25 00:12 . 2008-10-25 00:13 <DIR> d-------- C:\Programmi\Java
2008-10-25 00:12 . 2008-10-25 00:12 <DIR> d-------- C:\Programmi\File comuni\Java
2008-10-24 02:03 . 2008-10-24 02:03 <DIR> d-------- C:\Programmi\MSXML 4.0
2008-10-23 23:21 . 2003-06-25 15:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-10-23 23:21 . 2002-06-21 14:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-10-23 22:48 . 2008-10-23 22:48 <DIR> d-------- C:\Programmi\CCleaner
2008-10-23 21:53 . 2008-10-23 21:53 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-23 21:53 . 2008-10-23 21:53 <DIR> d-------- C:\Documents and Settings\ARCAFANT\Dati applicazioni\Malwarebytes
2008-10-23 21:53 . 2008-10-23 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-23 21:53 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 21:53 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 23:16 . 2008-10-22 23:16 <DIR> d-------- C:\Documents and Settings\ARCAFANT\Dati applicazioni\Samsung
2008-10-22 23:12 . 2006-05-03 21:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-10-22 23:11 . 2006-07-24 15:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-10-22 23:10 . 2008-10-22 23:12 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-10-22 23:10 . 2008-10-22 23:10 <DIR> d-------- C:\Programmi\Samsung
2008-10-22 23:10 . 2005-12-22 11:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-10-22 23:10 . 2005-12-22 11:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-10-22 23:10 . 2005-12-22 11:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-10-22 23:10 . 2005-12-22 11:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-10-22 23:10 . 2005-12-22 11:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-10-22 23:10 . 2005-12-22 11:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-10-22 23:10 . 2005-12-22 11:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-10-22 23:10 . 2005-08-28 19:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-10-22 19:52 . 2008-10-22 19:52 <DIR> d-------- C:\Programmi\Trend Micro
2008-10-22 19:07 . 2008-10-22 21:43 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-20 21:17 . 2008-10-20 22:52 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-20 20:42 . 2008-08-14 14:42 2,184,064 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-20 20:42 . 2008-08-14 14:42 2,139,648 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-20 20:42 . 2008-08-14 14:42 2,061,440 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-20 20:42 . 2008-08-14 14:42 2,019,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-20 20:03 . 2008-06-14 18:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-20 20:03 . 2008-06-14 18:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-20 15:48 . 2001-08-17 20:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-10-20 15:48 . 2001-08-17 20:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-10-19 23:13 . 2008-10-19 23:13 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-10-19 23:11 . 2008-10-19 23:11 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-19 23:11 . 2008-10-19 23:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-10-19 23:11 . 2006-09-25 16:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-19 23:00 . 2008-10-24 02:03 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-19 22:58 . 2008-02-26 12:59 294,912 --a------ C:\WINDOWS\system32\SET289.tmp
2008-10-19 22:05 . 2008-10-19 22:05 <DIR> d-------- C:\WINDOWS\Sun
2008-10-19 20:33 . 2008-10-19 20:33 <DIR> d-------- C:\Documents and Settings\ARCAFANT\Dati applicazioni\skypePM
2008-10-19 20:33 . 2008-10-19 20:33 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-19 20:31 . 2008-10-19 20:48 <DIR> d-------- C:\Documents and Settings\ARCAFANT\Dati applicazioni\Skype
2008-10-19 20:25 . 2008-10-19 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Prism
2008-10-19 20:25 . 2004-07-19 23:00 454,742 --a------ C:\WINDOWS\system32\PRISMNDI.dll
2008-10-19 20:25 . 2004-07-19 23:00 393,280 --a------ C:\WINDOWS\system32\drivers\PRISMA00.sys
2008-10-19 20:25 . 2004-07-19 23:00 385,113 --a------ C:\WINDOWS\system32\PRISMAPI.dll
2008-10-19 20:25 . 2004-07-19 23:00 295,001 --a------ C:\WINDOWS\system32\PRISMSVR.exe
2008-10-19 20:24 . 2008-10-19 20:24 <DIR> d-------- C:\Programmi\Google
2008-10-19 20:23 . 2008-10-19 20:23 <DIR> d-------- C:\Programmi\Skype
2008-10-19 20:23 . 2008-10-19 20:23 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-10-19 20:23 . 2008-10-19 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-10-19 20:15 . 2008-10-19 20:15 <DIR> d-------- C:\bbbbb
2008-10-19 20:14 . 2008-10-19 20:14 <DIR> d-------- C:\aaa
2008-10-19 19:15 . 2007-07-30 18:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-10-19 19:15 . 2007-07-30 18:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-10-19 19:15 . 2007-07-30 18:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-10-19 18:17 . 2008-10-19 18:17 <DIR> d-------- C:\Programmi\Windows Live Toolbar
2008-10-19 18:17 . 2008-10-19 18:17 <DIR> d-------- C:\Programmi\Windows Live Favorites
2008-10-19 17:56 . 2008-10-23 20:57 <DIR> d-------- C:\Documents and Settings\ARCAFANT\Contacts
2008-10-19 17:55 . 2008-10-19 17:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-19 17:29 . 2008-10-19 18:13 <DIR> d-------- C:\Programmi\Windows Live
2008-10-19 17:29 . 2008-10-19 17:55 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-10-19 17:29 . 2008-10-19 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-10-19 17:14 . 2008-10-26 18:33 13,030 --a------ C:\PDOXUSRS.NET
2008-10-19 17:12 . 2008-10-19 17:12 <DIR> d-------- C:\Programmi\File comuni\Adobe Systems Shared
2008-10-19 17:12 . 2008-10-19 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Macrovision
2008-10-19 17:08 . 2008-10-19 17:08 <DIR> d-------- C:\Programmi\Illustrate
2008-10-19 17:08 . 2008-10-19 17:08 167,936 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-10-19 17:08 . 2008-10-19 17:08 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-10-19 17:08 . 2008-10-19 17:08 17,867 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-10-19 16:58 . 2008-10-19 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\UDL
2008-10-19 16:56 . 2008-10-19 16:57 <DIR> d-------- C:\Programmi\ABBYY FineReader 6.0 Sprint
2008-10-19 16:53 . 2006-04-05 02:05 73,216 --a------ C:\WINDOWS\system32\E_FLBBIE.DLL
2008-10-19 16:53 . 2005-04-11 02:01 62,976 --a------ C:\WINDOWS\system32\E_FD4BBIE.DLL
2008-10-19 16:53 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-10-19 16:53 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-19 16:53 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-19 16:52 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-19 16:52 . 2004-08-03 22:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-19 16:52 . 2004-08-03 21:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-19 16:52 . 2004-08-03 21:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-19 16:51 . 2008-10-19 16:58 <DIR> d-------- C:\Programmi\epson
2008-10-19 16:51 . 2006-03-19 23:00 63,488 --a------ C:\WINDOWS\system32\escwiad.dll
2008-10-19 16:50 . 2008-10-19 16:50 25 --a------ C:\WINDOWS\CDE DX6000EIPS.ini
2008-10-19 16:47 . 2008-10-25 12:57 <DIR> d-------- C:\Programmi\eMule
2008-10-19 16:45 . 1999-11-12 03:11 183,808 --a------ C:\WINDOWS\system32\bdeadmin.cpl
2008-10-19 16:44 . 2008-10-19 17:01 <DIR> d-------- C:\ACCA
2008-10-19 16:44 . 1997-05-29 23:00 21,824 --a------ C:\WINDOWS\system32\drivers\Cpwnt.sys
2008-10-19 16:44 . 2002-05-20 23:05 16,948 --a------ C:\WINDOWS\system32\Cpwin32.dll
2008-10-19 16:41 . 2008-10-19 16:41 <DIR> d-------- C:\Programmi\Codice Fiscale
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 22:11 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-10-19 16:12 --------- d-----w C:\Programmi\File comuni\Adobe
2008-10-19 15:54 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-10-19 14:40 --------- d-----w C:\Programmi\Alwil Software
2008-10-19 14:17 --------- d-----w C:\Programmi\AutoCAD 2004
2008-10-19 14:17 --------- d-----w C:\Documents and Settings\ARCAFANT\Dati applicazioni\Autodesk
2008-10-19 14:15 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-10-19 14:15 12,464 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2008-10-19 14:15 --------- d-----w C:\Programmi\File comuni\Macrovision Shared
2008-10-19 14:15 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-10-19 14:15 --------- d-----w C:\Programmi\Autodesk
2008-10-19 14:14 --------- d-----w C:\Programmi\AnswerWorks 4.0
2008-10-19 14:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-10-19 14:03 --------- d-----w C:\Programmi\Microsoft.NET
2008-10-19 14:02 --------- d-----w C:\Programmi\Alice ti aiuta
2008-10-19 14:01 --------- d-----w C:\Programmi\File comuni\Ahead
2008-10-19 14:00 --------- d-----w C:\Documents and Settings\ARCAFANT\Dati applicazioni\Ahead
2008-10-19 13:59 --------- d-----w C:\Programmi\Nero
2008-10-19 13:46 --------- d-----w C:\Documents and Settings\ARCAFANT\Dati applicazioni\AdobeUM
2008-10-19 13:43 --------- d-----w C:\Programmi\activePDF
2008-10-19 13:41 --------- d-----w C:\Programmi\InterVideo
2008-10-19 13:08 --------- d-----w C:\Programmi\File comuni\Motive
2008-10-19 13:08 --------- d-----w C:\Programmi\Common Files
2008-10-19 13:07 155,995 ----a-w C:\WINDOWS\java\Packages\CCVD75Z7.ZIP
2008-10-19 13:06 --------- d-----w C:\Programmi\Telecom Italia
2008-10-19 12:51 --------- d-----w C:\Programmi\Realtek Sound Manager
2008-10-19 12:51 --------- d-----w C:\Programmi\AvRack
2008-10-19 12:50 --------- d-----w C:\Programmi\ATI Technologies
2008-10-19 12:36 --------- d-----w C:\Programmi\microsoft frontpage
2008-10-19 12:32 --------- d-----w C:\Programmi\Servizi in linea
2008-09-15 15:38 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:35 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:42 2,139,648 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:42 2,019,328 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-24_ 0.02.39,21 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-10-24 01:03:03 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
+ 2000-08-31 07:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
- 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
+ 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
- 2004-08-19 12:00:00 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:30 332,800 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2008-10-19 12:36:34 45,161 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-10-19 12:36:34 45,163 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2003-04-18 14:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2004-08-19 12:00:00 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:57:30 332,800 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2008-10-23 21:44:49 53,942 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 11:46:37 53,942 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-23 21:44:49 64,576 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-10-26 11:46:37 64,576 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-10-23 21:44:49 383,588 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 11:46:37 383,588 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-10-23 21:44:49 428,898 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-10-26 11:46:37 428,898 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-10-26 11:42:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6d8.dat
+ 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2007-04-18 08:36:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-22 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"Norman ZANDA"="C:\Norman\NVC\BIN\ZLH.EXE" [2003-11-27 90112]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-19 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 cpwnt;cpwnt;C:\WINDOWS\system32\drivers\cpwnt.sys [1997-05-29 21824]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-10-27 190465]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-08-26 5817]
R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-19 393280]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dd22bf9-9ead-11dd-b107-00030d29989b}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe wa6.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dd22bfa-9ead-11dd-b107-00030d29989b}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe wa6.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae9df306-a1a2-11dd-b11a-00030d29989b}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe wa6.vbs
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-26 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-ubockyn - c:\documents and settings\arcafant\impostazioni locali\dati applicazioni\ubockyn.exe
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.libero.it/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Windows Live Search - C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-26 20:32:56
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
PROCESSO: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Ora fine scansione: 2008-10-26 20.33.53
ComboFix-quarantined-files.txt 2008-10-26 19:33:50
ComboFix2.txt 2008-10-25 20:56:53
ComboFix3.txt 2008-10-24 23:03:18
ComboFix4.txt 2008-10-24 22:42:01
ComboFix5.txt 2008-10-26 19:30:30
Pre-Run: 38.839.758.848 byte disponibili
Post-Run: 38,847,811,584 byte disponibili
271 --- E O F --- 2008-10-24 01:03:25