Invio come richiesto (r16) i log di combofix e hijackthis

ComboFix 08-10-30.12 - Dera 2008-10-31 16.36.14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.93 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Dera\Desktop\percorso salvataggio\04_COMBOFIX\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-09-28 al 2008-10-31 )))))))))))))))))))))))))))))))))))
.

2008-10-30 10:10 . 2008-10-30 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-10-30 10:09 . 2008-10-31 14:33 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-10-30 10:09 . 2008-10-30 10:09 <DIR> d-------- C:\Documents and Settings\Dera\Dati applicazioni\SUPERAntiSpyware.com
2008-10-30 10:08 . 2008-10-30 10:08 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-10-30 10:05 . 2008-10-30 10:07 <DIR> d-------- C:\Programmi\RogueRemover FREE
2008-10-30 00:39 . 2008-10-30 00:39 216 --a------ C:\WINDOWS\EurekaLog.ini
2008-10-30 00:35 . 2008-10-30 00:35 <DIR> d-------- C:\Programmi\AntiDialer
2008-10-29 20:38 . 2008-10-29 20:56 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-10-29 20:38 . 2008-10-30 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-29 15:27 . 2008-08-30 12:11 40,960 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-10-29 13:41 . 2008-07-06 14:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-10-29 13:41 . 2008-07-06 14:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-10-29 13:41 . 2008-07-06 14:49 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-10-29 13:41 . 2008-07-06 13:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-10-29 13:41 . 2008-07-06 14:49 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-10-29 13:41 . 2008-10-31 16:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-10-29 13:41 . 2008-07-06 14:49 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-10-29 13:41 . 2008-07-06 14:49 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-10-29 13:41 . 2008-10-29 13:41 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-27 20:06 . 2008-10-27 20:12 <DIR> d-------- C:\Documents and Settings\Dera\Dati applicazioni\vlc
2008-10-27 18:37 . 2001-09-04 07:51 370,176 --a------ C:\WINDOWS\system32\Dav3_32.dll
2008-10-27 18:37 . 2001-09-04 07:51 143,360 --a------ C:\WINDOWS\system32\leon3_32.dll
2008-10-27 18:15 . 2008-10-27 18:15 <DIR> d-------- C:\Programmi\VideoLAN
2008-10-13 18:49 . 2008-10-13 18:49 <DIR> d-------- C:\Programmi\Avery Dennison
2008-10-13 18:49 . 2008-10-13 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avery
2008-10-12 15:53 . 2008-10-29 16:24 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-10-03 09:04 . 2008-10-03 09:04 <DIR> d-------- C:\WINDOWS\Sun
2008-09-29 16:38 . 2008-09-29 18:09 <DIR> d-------- C:\UnicoOnLine
2008-09-29 16:38 . 2008-09-29 16:38 <DIR> d--h----- C:\Programmi\Zero G Registry
2008-09-29 16:37 . 2008-09-29 16:37 <DIR> d--h----- C:\Documents and Settings\Dera\InstallAnywhere
2008-09-29 16:37 . 2008-05-28 02:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-09-29 16:36 . 2008-09-29 16:37 <DIR> d-------- C:\Programmi\Java
2008-09-29 16:36 . 2008-09-29 16:36 <DIR> d-------- C:\Programmi\File comuni\Java
2008-09-13 10:24 . 1997-06-27 05:33 64,512 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS
2008-09-13 10:24 . 1997-06-27 05:33 39,424 --------- C:\WINDOWS\system32\SNTI386.DLL
2008-09-13 10:24 . 1997-06-27 05:33 17,408 --a------ C:\WINDOWS\system32\RNBOVDD.DLL
2008-09-13 10:24 . 1997-06-27 05:33 14,321 --------- C:\WINDOWS\system32\SENTINEL.HLP
2008-09-13 10:19 . 2008-09-13 10:19 <DIR> d-------- C:\Documents and Settings\Dera\WINDOWS
2008-09-13 10:19 . 2008-09-15 19:32 <DIR> d-------- C:\ArchiCAD 6.0
2008-09-13 10:19 . 1998-01-23 11:20 305,152 --a------ C:\WINDOWS\IsUn0410.exe
2008-09-07 19:26 . 2008-09-07 19:26 0 --a------ C:\WINDOWS\ulead32.ini
2008-09-07 19:17 . 1998-08-19 01:30 168,960 --a------ C:\WINDOWS\system32\Xcdzip35.ocx
2008-09-07 19:17 . 1998-08-19 01:30 109,578 --a------ C:\WINDOWS\system32\Xcdsfx32.bin
2008-09-07 19:17 . 1998-08-19 01:30 1,024 --a------ C:\WINDOWS\system32\Xcdzpsfx.lic
2008-09-07 19:17 . 1998-08-19 01:30 1,024 --a------ C:\WINDOWS\system32\Xcdzpocx.lic
2008-09-07 19:16 . 1995-07-31 12:44 212,480 --a------ C:\WINDOWS\system32\Pcdlib32.dll
2008-09-07 19:16 . 2000-06-01 15:11 176,128 --a------ C:\WINDOWS\system32\PuzzSaver.scr
2008-09-07 19:16 . 2000-06-01 15:10 172,032 --a------ C:\WINDOWS\system32\SpotSaver.scr
2008-09-07 19:16 . 1999-12-26 18:35 135,168 --a------ C:\WINDOWS\system32\ParaSaver.scr
2008-09-07 19:16 . 2002-12-17 21:54 110,592 --a------ C:\WINDOWS\system32\MKCoInstaller.dll
2008-09-07 19:16 . 2002-07-30 18:40 16,384 --a------ C:\WINDOWS\system32\dext533.ax
2008-09-07 19:13 . 2008-09-07 19:13 <DIR> d-------- C:\WINDOWS\system32\color
2008-09-07 19:12 . 2008-09-07 19:12 <DIR> d-------- C:\Programmi\File comuni\Kodak
2008-09-07 19:12 . 2008-10-04 17:36 <DIR> d-------- C:\KPCMS
2008-09-07 19:11 . 2008-09-07 19:14 <DIR> d-------- C:\WINDOWS\BWKDLogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 15:28 --------- d-----w C:\Documents and Settings\Dera\Dati applicazioni\BitTorrent
2008-10-31 08:25 --------- d-----w C:\Documents and Settings\Dera\Dati applicazioni\Spyware Terminator
2008-10-30 18:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-10-29 16:26 --------- d-----w C:\Documents and Settings\Dera\Dati applicazioni\DNA
2008-10-29 12:32 --------- d-----w C:\Programmi\Spyware Terminator
2008-10-27 19:10 --------- d-----w C:\Documents and Settings\Dera\Dati applicazioni\dvdcss
2008-10-23 15:58 --------- d-----w C:\Programmi\eMule
2008-10-17 16:47 --------- d-----w C:\Documents and Settings\Dera\Dati applicazioni\ZipGenius
2008-10-13 17:50 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-10-13 17:48 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-08-29 16:42 --------- d-----w C:\Programmi\QuickTime
2008-08-29 16:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\QuickTime
2008-08-29 16:24 --------- d-----w C:\Programmi\CE Soft srl
2008-08-29 14:14 --------- d-----w C:\Programmi\Smart Projects
2008-07-27 16:11 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-07-27 16:11 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2006-03-02 12:00 933,888 --sh--r C:\WINDOWS\system32\sdehost.exe
.

------- Sigcheck -------

2008-07-06 16:11 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-07-06 16:11 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-10-31 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-12 1783808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-10-31 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-10-31 14:33 352256 C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-07-06 141312]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]
R3 banshee;banshee;C:\WINDOWS\system32\DRIVERS\banshee.sys [2001-08-17 36128]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f23f5f1-6911-11dd-aa21-000e2ef087d3}]
\Shell\AutoRun\command - E:\wd_windows_tools\WDEULA.exe
.
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
O8 -: Crawler Search - tbr:iemenu
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 16:39:04
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-10-31 16.40.58
ComboFix-quarantined-files.txt 2008-10-31 15:40:48
ComboFix2.txt 2008-10-30 11:41:31

Pre-Run: 9.166.643.200 byte disponibili
Post-Run: 9,203,949,568 byte disponibili

148


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.46.41, on 31/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dera\Desktop\percorso salvataggio\03_HIJACKTHIS\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_16\bin\ssv.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_16\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_16\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programmi\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 4766 bytes

Ciao.
Era meglio se continuavi a postare nello stesso topic, almeno non perdevo il filo del problema.
E non hai eseguito "attentamente" tutte le operazioni che ti avevo indicato nell'altro topic. (eliminare le Java vecchie e installare la nuova versione)
I 2 log sono puliti.
Ho visto che hai SuperAntispyware, non rileva niente neanche lui?
Proviamo a fare una scansione con Norman Malware Cleaner :
Scarica Norman Malware Cleaner :
http://download.norman.no/public/Norman_Malware_Cleaner.exe
e salvalo sul desktop
Avvia in MODALITA PROVVISORIA

Si avvia
si accetta la licenza
si clicca Start Scan
si attende la fine della scansione
Viene generato un log sul desktop, postalo qui.
In alcuni casi Norman Malware Cleaner potrebbe richiedere il riavvio del computer per rimuovere completamente l'infezione, in
questo caso è raccomandata una seconda esecuzione del programma dopo aver riavviato il PC per garantire la completa rimozione di tutti i files infetti.

Prova poi a fare una scansione on-line con con kaspersky


http://www.kaspersky.com/virusscanner

Clicca su Kaspersky Online Scanner
Clicca su Accept
Si avvierà un Update
Vai nella colonna di sinistra dove c'è scritto Scan e scegli my computer
Finita la scansione in fondo a destra, clicca sulla la voce View Scan Report, e poi clicca su Save "Save Report As" e salvalo sul desktop, per poi postarlo qui. (intendo dire, sempre in questo topic)

Ok.
Disattiva il Ripristino configurazione sistema, e RIAVVIA il pc.
Cerca e trova questo file scritto in rosso:
C:\WINDOWS\system32\sdehost.exe
Hai questa ToolBar ( Crawler) che io eliminerei, poi vedi tu......
Dai una pulita (registro compreso)con CCleaner.
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Vedi se hai risolto.