Ho fatto le operazioni del precedente post, ed ecco di seguito il log di combofix, adeso provo la scansione "alternativa":
ComboFix 08-11-27.07 - Daniele 2008-11-28 18.30.51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.449 [GMT 1:00]
Eseguito da: c:\documents and settings\Daniele\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((( Files Creati Da 2008-10-28 al 2008-11-28 )))))))))))))))))))))))))))))))))))
.
2008-11-26 19:19 . 2008-11-26 19:19 <DIR> d-------- c:\programmi\Panda Security
2008-11-26 19:19 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-24 19:24 . 2008-11-24 19:27 27,114,552 --a------ C:\Norman_Malware_Cleaner.exe
2008-11-19 00:00 . 2008-11-19 00:00 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-11-19 00:00 . 2008-11-19 00:00 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-11-19 00:00 . 2008-11-19 00:00 <DIR> d-------- c:\documents and settings\Daniele\Dati applicazioni\SUPERAntiSpyware.com
2008-11-19 00:00 . 2008-11-19 00:00 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-11-18 15:05 . 2008-11-18 15:05 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-18 15:05 . 2008-11-18 15:05 <DIR> d-------- c:\documents and settings\Daniele\Dati applicazioni\Malwarebytes
2008-11-18 15:05 . 2008-11-18 15:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-18 15:05 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-18 15:05 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-18 14:57 . 2008-11-18 14:56 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-18 14:57 . 2008-11-18 14:56 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-18 14:29 . 2008-11-18 14:29 <DIR> d-------- c:\programmi\Trend Micro
2008-11-11 21:30 . 2008-11-11 21:30 <DIR> d-------- c:\documents and settings\Daniele\Dati applicazioni\skypePM
2008-11-11 21:30 . 2008-11-11 21:30 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-11 21:29 . 2008-11-11 21:29 <DIR> d-------- c:\programmi\File comuni\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 21:21 --------- d-----w c:\programmi\dbMaster
2008-11-19 21:42 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-18 20:50 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-18 13:56 --------- d-----w c:\programmi\Java
2008-11-14 11:05 --------- d-----w c:\programmi\eMule
2008-11-12 22:10 --------- d-----w c:\documents and settings\Daniele\Dati applicazioni\Skype
2008-11-08 17:11 --------- d-----w c:\documents and settings\Daniele\Dati applicazioni\BitTorrent
2008-10-28 20:34 --------- d-----w c:\programmi\Conference
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-10 16:08 --------- d-----w c:\programmi\Biliardo
2008-10-03 16:58 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-01 16:22 --------- d-----w c:\programmi\File comuni\Adobe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-19 19:58 47,360 ----a-w c:\documents and settings\Daniele\Dati applicazioni\pcouffin.sys
2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-14 16:01 9,203 ----a-w c:\documents and settings\Daniele\Dati applicazioni\arts.dat
2008-09-13 16:40 5,642 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-04 16:44 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:44 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
2007-02-06 22:10 7,990 -c--a-w c:\documents and settings\Daniele\Dati applicazioni\unins000.dat
2006-12-29 19:08 612 -c--a-w c:\documents and settings\Daniele\Dati applicazioni\wklnhst.dat
.
(((((((((((((((((((((((((((((
snapshot@2008-11-18_16.18.45.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-30 09:39:58 128,256 ----a-w c:\windows\Downloaded Program Files\as2stubie.dll
+ 2008-11-18 23:00:51 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-11-18 23:00:52 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-11-18 16:12:01 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-11-28 17:09:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f8.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-07 15360]
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1211176]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-18 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.CSCD"= camcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"odserv"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Conference\\Conference.dll"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"46283:TCP"= 46283:TCP:emule
"33532:UDP"= 33532:UDP:Emule2
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-26 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-22 97928]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-22 76040]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 13824]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\DRIVERS\wsp_pkt.sys [2006-07-14 13696]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-28 18:33:46
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
c:\windows\explorer.exe [1844] 0x84E2D020
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(828)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(1776)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2008-11-28 18.35.03
ComboFix-quarantined-files.txt 2008-11-28 17:34:53
ComboFix2.txt 2008-11-20 18:31:04
ComboFix3.txt 2008-11-18 15:19:25
Pre-Run: 37.056.245.760 byte disponibili
Post-Run: 37,087,526,912 byte disponibili
168 --- E O F --- 2008-11-17 20:36:32
