ecco il log:
ComboFix 08-12-05.01 - Fra 2008-12-05 18.11.53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.159 [GMT 1:00]
Eseguito da: c:\documents and settings\Fra\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Fra\Dati applicazioni\.#
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_VFILT
((((((((((((((((((((((((( Files Creati Da 2008-11-05 al 2008-12-05 )))))))))))))))))))))))))))))))))))
.
2008-12-05 18:10 . 2008-12-05 18:10 <DIR> d-------- C:\32788R22FWJFW
2008-12-05 16:29 . 2008-12-05 16:42 <DIR> d-------- c:\programmi\File comuni\Real
2008-12-05 12:54 . 2008-12-05 17:39 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-12-05 12:54 . 2008-12-05 12:54 <DIR> d-------- c:\documents and settings\Fra\Dati applicazioni\SUPERAntiSpyware.com
2008-12-05 12:54 . 2008-12-05 12:54 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\SUPERAntiSpyware.com
2008-12-05 12:50 . 2008-12-05 12:50 <DIR> d-------- c:\documents and settings\Fra\Dati applicazioni\Malwarebytes
2008-12-05 12:50 . 2008-12-05 12:50 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes
2008-12-04 21:15 . 2008-12-04 21:17 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2008-12-04 19:05 . 2008-12-04 21:13 <DIR> d-------- c:\documents and settings\Fra\.housecall6.6
2008-12-01 17:58 . 2008-12-05 11:23 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-01 17:58 . 2008-12-01 17:58 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-01 17:58 . 2008-12-01 17:58 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-01 17:01 . 2008-12-01 17:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Kaspersky Lab Setup Files
2008-12-01 16:52 . 2008-12-01 16:55 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-01 16:52 . 2008-12-01 16:52 <DIR> d-------- c:\programmi\Reference Assemblies
2008-12-01 16:52 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-01 16:46 . 2008-12-01 16:46 <DIR> d-------- c:\programmi\MSXML 6.0
2008-11-30 22:01 . 2008-11-30 22:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\SiteAdvisor
2008-11-30 22:01 . 2008-11-30 22:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\McAfee
2008-11-30 21:25 . 2008-11-30 21:25 <DIR> d-------- c:\programmi\AVG
2008-11-29 17:29 . 2008-11-29 17:29 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Avira
2008-11-29 16:49 . 2008-11-29 16:49 <DIR> d-------- c:\programmi\TechSmith
2008-11-29 16:49 . 2008-11-29 16:49 <DIR> d-------- c:\programmi\File comuni\TechSmith Shared
2008-11-29 16:49 . 2008-11-29 16:49 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\TechSmith
2008-11-29 12:39 . 2008-11-29 12:39 <DIR> d-------- c:\documents and settings\Fra\Dati applicazioni\WNR
2008-11-29 12:21 . 2008-11-29 14:34 <DIR> d-------- c:\programmi\RemoteObserver
2008-11-28 20:22 . 2008-12-04 20:18 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-28 18:55 . 2008-11-28 18:55 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\ESET
2008-11-25 14:48 . 2008-12-01 17:58 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\avg8
2008-11-18 11:38 . 2008-11-18 11:38 <DIR> d-------- c:\documents and settings\Fra\Dati applicazioni\vlc
2008-11-15 15:03 . 2008-11-15 15:04 <DIR> d-------- c:\programmi\iTunes
2008-11-15 15:03 . 2008-11-15 15:03 <DIR> d-------- c:\programmi\iPod
2008-11-15 15:03 . 2008-11-15 15:04 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-15 15:02 . 2008-11-15 15:02 <DIR> d-------- c:\programmi\Bonjour
2008-11-15 14:56 . 2008-11-29 11:01 <DIR> d-------- c:\programmi\QuickTime
2008-11-15 14:20 . 2008-11-15 14:20 <DIR> d-------- c:\programmi\filehippo.com
2008-11-12 18:35 . 2008-11-12 18:35 <DIR> d-------- c:\documents and settings\Fra\Dati applicazioni\ATI
2008-11-11 23:24 . 2008-11-11 23:24 410,976 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 17:03 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\SiteAdvisor
2008-12-05 17:02 --------- d-----w c:\programmi\ScreenShot Wizard
2008-12-05 16:39 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-12-05 16:01 --------- d-----w c:\programmi\PokerStars
2008-12-04 20:22 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2008-12-03 13:00 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Microsoft Help
2008-12-03 12:59 --------- d-----w c:\programmi\Microsoft.NET
2008-12-03 12:58 --------- d-----w c:\programmi\MSBuild
2008-12-02 21:36 --------- d-----w c:\programmi\eMule AdunanzA
2008-12-01 21:25 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\Babylon
2008-12-01 21:25 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Babylon
2008-11-30 19:40 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\Kaspersky_Key_Finder_(KKF
2008-11-29 10:01 --------- d-----w c:\programmi\LimeWire
2008-11-29 10:01 --------- d-----w c:\programmi\File comuni\Apple
2008-11-29 09:59 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\GlarySoft
2008-11-28 17:51 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\LimeWire
2008-11-26 14:03 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\Skype
2008-11-26 13:55 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\skypePM
2008-11-25 13:53 --------- d-----w c:\programmi\Glary Utilities
2008-11-15 13:55 --------- d-----w c:\programmi\Apple Software Update
2008-11-15 13:47 --------- d-----w c:\programmi\File comuni\Adobe
2008-11-11 22:27 --------- d-----w c:\programmi\Java
2008-11-09 10:33 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\dvdcss
2008-10-31 22:27 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-10-31 22:27 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-31 22:27 --------- d-----w c:\programmi\NSS
2008-10-31 22:27 --------- d-----w c:\programmi\Microsoft Visual Studio 8
2008-10-31 22:27 --------- d-----w c:\programmi\Messenger Plus! Live
2008-10-31 22:27 --------- d-----w c:\programmi\DivX
2008-10-28 12:24 --------- d-----w c:\programmi\Veoh Networks
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 17:00 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\OpenOffice.org2
2008-10-20 17:17 --------- d-----w c:\programmi\Graffiti Studio 2.0
2008-10-16 21:21 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\gtk-2.0
2008-10-16 21:09 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Ulead Systems
2008-10-16 21:03 --------- d-----w c:\programmi\Ulead Systems
2008-10-16 20:01 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-16 20:01 249,856 ------w c:\windows\Setup1.exe
2008-10-16 13:22 --------- d-----w c:\programmi\CCleaner
2008-10-15 12:31 --------- d-----w c:\programmi\DAEMON Tools Lite
2008-10-14 14:45 --------- d-----w c:\programmi\VideoLAN
2008-10-13 20:49 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\Ulead Systems
2008-10-10 08:07 --------- d-----w c:\programmi\Auslogics
2008-10-08 13:37 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-08 12:14 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\Orbit
2008-10-08 12:09 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\Winamp
2008-10-08 12:07 --------- d-----w c:\programmi\Winamp
2008-10-07 12:05 --------- d-----w c:\programmi\Teorex
2008-10-05 10:07 --------- d-----w c:\documents and settings\Fra\Dati applicazioni\Screaming Bee
2008-07-24 09:40 47,360 ----a-w c:\documents and settings\Fra\Dati applicazioni\pcouffin.sys
2008-07-07 09:56 2,114 ----a-w c:\documents and settings\Fra\Dati applicazioni\SAS7_000.DAT
2008-01-06 16:24 102 -csh--w c:\programmi\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-02 1261336]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Controllo del Calendario di Ulead Photo Express.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Orbit.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Privoxy.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Fra^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Fra^Menu Avvio^Programmi^Esecuzione automatica^Styler.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Shutdown Genius
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flockbox
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderCommander
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 09:37 2321600 c:\programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
--a------ 2007-10-04 17:38 307200 c:\programmi\ATI\ATICustomerCare\ATICustomerCare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2008-09-07 17:36 3117568 c:\programmi\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
--a------ 2005-08-05 14:15 61440 c:\windows\VM305_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\programmi\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2006-02-19 01:41 49152 c:\programmi\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\programmi\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-11-29 19:13 5724184 c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-23 14:17 21755688 c:\programmi\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 11:17 61440 c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-11 23:24 136600 c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--a--c--- 2005-07-28 08:32 94208 c:\programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 05:15 15872 c:\programmi\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-09-26 19:14 3660848 c:\programmi\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 00:02 36352 c:\programmi\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"iPod Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-01 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-01 231704]
R3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2008-10-02 391099]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys []
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-05 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2008-10-29 17:58]
.
.
------- Supplementare di scansione -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FireFox -: Profile - c:\documents and settings\Fra\Dati applicazioni\Mozilla\Firefox\Profiles\rsa0eop5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF -: plugin - c:\programmi\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\programmi\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - c:\programmi\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-05 18:16:55
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-05 18:18:39 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-05 17:18:35
Pre-Run: 227.262.918.656 byte disponibili
Post-Run: 227,202,510,848 byte disponibili
255 --- E O F --- 2008-12-01 18:18:14
EDIT: ORA MI SI DISATTIVA SEMPRE "RESIDENT SHIELD" IN AVG
