Ok, ho i tre log:
Malwarebytes' Anti-Malware 1.31
Versione del database: 1550
Windows 5.1.2600 Service Pack 3
27/12/2008 21.54.41
mbam-log-2008-12-27 (21-54-37).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 89578
Tempo trascorso: 42 minute(s), 36 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 12/27/2008 at 10:32 PM
Application Version : 4.23.1006
Core Rules Database Version : 3686
Trace Rules Database Version: 1663
Scan type : Complete Scan
Total Scan Time : 00:31:43
Memory items scanned : 391
Memory threats detected : 0
Registry items scanned : 3709
Registry threats detected : 0
File items scanned : 24552
File threats detected : 2
Adware.Tracking Cookie
C:\Documents and Settings\ADELE\Cookies\adele@eas.apm.emediate[3].txt
C:\Documents and Settings\ADELE\Cookies\adele@eas.apm.emediate[2].txt
ComboFix 08-12-26.03 - ADELE 2008-12-27 22.39.20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.511.210 [GMT 1:00]
Eseguito da: c:\documents and settings\ADELE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((( Files Creati Da 2008-11-27 al 2008-12-27 )))))))))))))))))))))))))))))))))))
.
2008-12-27 12:56 . 2008-12-27 13:00 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-27 12:56 . 2008-12-27 12:56 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-27 12:56 . 2008-12-27 12:56 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-27 12:56 . 2008-12-27 12:56 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-27 12:14 . 2008-12-27 12:56 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avg8
2008-12-26 23:27 . 2007-12-21 01:54 20,454 --------- c:\windows\hpoins01.dat.temp
2008-12-26 23:27 . 2003-04-06 05:33 16,622 --------- c:\windows\hpomdl01.dat.temp
2008-12-26 22:59 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2008-12-26 22:58 . 2001-08-30 23:07 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
2008-12-26 22:57 . 2001-08-30 22:10 899,754 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2008-12-26 22:56 . 2001-08-17 22:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2008-12-26 22:55 . 2001-08-17 21:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2008-12-26 22:54 . 2008-04-14 03:13 254,464 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2008-12-26 22:53 . 2001-08-30 23:07 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2008-12-26 22:52 . 2001-08-30 21:33 634,166 --a--c--- c:\windows\system32\dllcache\el656ct5.sys
2008-12-26 22:51 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2008-12-26 22:50 . 2001-08-30 20:33 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2008-12-26 22:49 . 2001-08-17 21:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2008-12-26 22:47 . 2001-08-17 22:07 56,960 --a--c--- c:\windows\system32\dllcache\aic78xx.sys
2008-12-26 22:47 . 2002-08-28 22:59 36,224 --a--c--- c:\windows\system32\dllcache\an983.sys
2008-12-26 22:47 . 2001-08-17 20:11 27,678 --a--c--- c:\windows\system32\dllcache\ali5261.sys
2008-12-26 22:47 . 2001-08-17 21:49 26,624 --a--c--- c:\windows\system32\dllcache\alifir.sys
2008-12-26 22:47 . 2001-08-17 20:11 16,969 --a--c--- c:\windows\system32\dllcache\amb8002.sys
2008-12-26 22:47 . 2001-08-17 21:52 12,032 --a--c--- c:\windows\system32\dllcache\amsint.sys
2008-12-26 22:47 . 2001-08-17 21:47 6,272 --a--c--- c:\windows\system32\dllcache\apmbatt.sys
2008-12-26 22:47 . 2001-08-17 21:51 5,248 --a--c--- c:\windows\system32\dllcache\aliide.sys
2008-12-26 22:46 . 2001-08-17 22:07 55,168 --a--c--- c:\windows\system32\dllcache\aic78u2.sys
2008-12-26 22:46 . 2001-08-30 23:08 24,576 --a--c--- c:\windows\system32\dllcache\agcgauge.ax
2008-12-26 22:46 . 2001-08-17 21:52 12,800 --a--c--- c:\windows\system32\dllcache\aha154x.sys
2008-12-26 19:49 . 2008-12-26 19:49 <DIR> d-------- c:\programmi\CCleaner
2008-12-26 19:43 . 2008-12-26 19:43 <DIR> d-------- c:\programmi\Trend Micro
2008-12-26 18:35 . 2008-12-26 18:35 <DIR> d-------- C:\VundoFix Backups
2008-12-25 21:51 . 2008-12-25 21:51 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\Malwarebytes
2008-12-25 21:49 . 2008-12-25 21:51 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-25 21:49 . 2008-12-25 21:49 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-25 21:49 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-25 21:49 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-25 21:15 . 2008-12-25 21:15 <DIR> d-------- c:\programmi\IObit
2008-12-25 21:15 . 2008-12-25 21:28 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\IObit
2008-12-25 00:59 . 2008-12-25 00:59 <DIR> d-------- c:\programmi\Google
2008-12-25 00:59 . 2008-12-25 00:59 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\Zylom
2008-12-25 00:59 . 2008-12-25 00:59 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\Ancient Quest of Saqqarah__gamehouse
2008-12-18 22:13 . 2008-12-18 22:13 <DIR> d-------- c:\windows\system32\it
2008-12-18 22:13 . 2008-12-18 22:13 <DIR> d-------- c:\windows\l2schemas
2008-12-14 14:41 . 2008-12-14 14:41 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\GameHouse
2008-12-14 14:30 . 2008-12-14 14:30 127 --a------ c:\windows\system32\MRT.INI
2008-12-14 01:30 . 2008-12-14 01:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-12-14 01:29 . 2008-12-14 01:29 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-12-14 01:29 . 2008-12-14 01:29 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\SUPERAntiSpyware.com
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2008-12-14 00:13 . 2007-12-20 23:40 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2008-12-14 00:13 . 2008-12-27 22:40 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2008-12-14 00:13 . 2007-12-20 23:34 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2008-12-14 00:13 . 2008-12-27 12:56 <DIR> d-------- c:\documents and settings\Administrator
2008-12-13 20:59 . 2008-12-14 02:12 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-13 20:58 . 2008-12-14 02:12 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-12-11 18:13 . 2008-12-11 18:13 <DIR> d-------- c:\documents and settings\ADELE\Dati applicazioni\Ancient Quest of Saqqarah__bfg
2008-12-11 18:12 . 2008-12-11 18:12 <DIR> d-------- c:\windows\Ancient Quest of Saqqarah
2008-12-11 18:06 . 2008-12-11 18:10 <DIR> d-------- c:\programmi\eToro
2008-12-11 17:59 . 2008-12-11 18:00 <DIR> d-------- C:\Virtual
2008-12-11 17:57 . 2008-12-11 17:57 <DIR> d-------- c:\windows\793CFFC9A72F431D9C742E9361E67D04.TMP
2008-12-11 17:57 . 2008-12-11 17:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\BufferZone
2008-12-04 12:56 . 2008-12-04 12:56 <DIR> d-------- c:\programmi\AVG
2008-12-04 11:02 . 2008-04-14 03:13 712,704 --------- c:\windows\system32\windowscodecs.dll
2008-12-04 11:02 . 2008-04-14 03:13 346,112 --------- c:\windows\system32\windowscodecsext.dll
2008-12-04 11:02 . 2008-04-14 03:13 276,992 --------- c:\windows\system32\wmphoto.dll
2008-12-04 11:02 . 2008-04-14 03:13 173,568 --a--c--- c:\windows\system32\dllcache\sysmoda.dll
2008-12-04 11:02 . 2008-04-14 03:13 69,120 --------- c:\windows\system32\wlanapi.dll
2008-12-04 11:02 . 2008-04-14 03:13 69,120 --a--c--- c:\windows\system32\dllcache\wlanapi.dll
2008-12-04 11:02 . 2008-04-14 03:13 53,248 --------- c:\windows\system32\tsgqec.dll
2008-12-04 11:02 . 2008-04-14 03:13 53,248 --a--c--- c:\windows\system32\dllcache\tsgqec.dll
2008-12-04 11:02 . 2008-04-14 03:13 50,688 --------- c:\windows\system32\tspkg.dll
2008-12-04 11:02 . 2008-04-14 03:13 50,688 --a--c--- c:\windows\system32\dllcache\tspkg.dll
2008-12-04 11:00 . 2008-04-14 03:13 651,264 --------- c:\windows\system32\dot3ui.dll
2008-12-04 10:59 . 2008-04-14 03:13 233,472 --a--c--- c:\windows\system32\dllcache\azroles.dll
2008-12-04 10:44 . 2008-08-14 14:22 2,148,864 --a--c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-04 10:44 . 2008-08-14 14:22 2,027,520 --a--c--- c:\windows\system32\dllcache\ntkrpamp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 20:22 --------- d-----w c:\programmi\PopCap Games
2008-12-25 20:22 --------- d-----w c:\programmi\Motorola Phone Tools
2008-12-25 20:22 --------- d-----w c:\documents and settings\ADELE\Dati applicazioni\uTorrent
2008-12-25 20:18 --------- d-----w c:\programmi\Zylom Games
2008-12-13 15:53 --------- d-----w c:\documents and settings\ADELE\Dati applicazioni\Lavasoft
2008-12-11 15:50 --------- d-----w c:\programmi\VS Revo Group
2008-12-11 15:50 --------- d-----w c:\programmi\Crystal Player
2008-12-11 15:47 --------- d-----w c:\programmi\Oberon Media
2008-12-11 15:47 --------- d-----w c:\programmi\File comuni\Oberon Media
2008-12-11 15:46 --------- d-----w c:\programmi\Gamenext
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-03-30 16:43 92,064 ----a-w c:\documents and settings\ADELE\mqdmmdm.sys
2008-03-30 16:43 9,232 ----a-w c:\documents and settings\ADELE\mqdmmdfl.sys
2008-03-30 16:43 79,328 ----a-w c:\documents and settings\ADELE\mqdmserd.sys
2008-03-30 16:43 66,656 ----a-w c:\documents and settings\ADELE\mqdmbus.sys
2008-03-30 16:43 6,208 ----a-w c:\documents and settings\ADELE\mqdmcmnt.sys
2008-03-30 16:43 5,936 ----a-w c:\documents and settings\ADELE\mqdmwhnt.sys
2008-03-30 16:43 4,048 ----a-w c:\documents and settings\ADELE\mqdmcr.sys
2008-03-30 16:43 25,600 ----a-w c:\documents and settings\ADELE\usbsermptxp.sys
2008-03-30 16:43 22,768 ----a-w c:\documents and settings\ADELE\usbsermpt.sys
.
(((((((((((((((((((((((((((((
snapshot@2008-12-27_12.22.26.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-27 11:56:40 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\MSMSGS.EXE" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-25 171448]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2008-12-21 2250256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-27 1261336]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\ADELE\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 1.0.1.lnk - c:\programmi\OpenOffice.org1.0.1\program\quickstart.exe [2002-07-04 61440]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
hp psc 1000 series.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-27 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-27 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-27 76040]
R3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 CommDrv;CommDrv;\??\c:\windows\system32\CommDrv.sys []
.
Contenuto della cartella 'Scheduled Tasks'
2008-03-25 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1198198448.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.lifegate.it/gaatle
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game10.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-27 22:41:05
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
.
Ora fine scansione: 2008-12-27 22.42.10
ComboFix-quarantined-files.txt 2008-12-27 21:42:00
ComboFix2.txt 2008-12-27 11:22:53
Pre-Run: 37.510.017.024 byte disponibili
Post-Run: 37,506,793,472 byte disponibili
211 --- E O F --- 2008-12-20 21:59:35
