Ragazzi dopo tanto tempo sono riuscita a fare la scansione eccola:
ComboFix 08-10-02.04 - amministratore 2008-10-03 16:34:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.726 [GMT 2:00]
Command switches used :: /killall
* Resident AV is active
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\amministratore\Dati applicazioni\m
C:\Documents and Settings\amministratore\Dati applicazioni\m\flec006.exe
C:\InfoSat.txt
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\1029421.exe
C:\WINDOWS\system32\drivers\downld\1040437.exe
C:\WINDOWS\system32\drivers\downld\1042265.exe
C:\WINDOWS\system32\drivers\downld\104781.exe
C:\WINDOWS\system32\drivers\downld\105046.exe
C:\WINDOWS\system32\drivers\downld\1054562.exe
C:\WINDOWS\system32\drivers\downld\1061375.exe
C:\WINDOWS\system32\drivers\downld\1066953.exe
C:\WINDOWS\system32\drivers\downld\107234.exe
C:\WINDOWS\system32\drivers\downld\1074500.exe
C:\WINDOWS\system32\drivers\downld\107593.exe
C:\WINDOWS\system32\drivers\downld\1079531.exe
C:\WINDOWS\system32\drivers\downld\110421.exe
C:\WINDOWS\system32\drivers\downld\1122890.exe
C:\WINDOWS\system32\drivers\downld\112968.exe
C:\WINDOWS\system32\drivers\downld\1148546.exe
C:\WINDOWS\system32\drivers\downld\115046.exe
C:\WINDOWS\system32\drivers\downld\1166296.exe
C:\WINDOWS\system32\drivers\downld\124312.exe
C:\WINDOWS\system32\drivers\downld\128078.exe
C:\WINDOWS\system32\drivers\downld\130796.exe
C:\WINDOWS\system32\drivers\downld\136156.exe
C:\WINDOWS\system32\drivers\downld\137859.exe
C:\WINDOWS\system32\drivers\downld\185875.exe
C:\WINDOWS\system32\drivers\downld\189234.exe
C:\WINDOWS\system32\drivers\downld\210828.exe
C:\WINDOWS\system32\drivers\downld\214453.exe
C:\WINDOWS\system32\drivers\downld\223062.exe
C:\WINDOWS\system32\drivers\downld\2257281.exe
C:\WINDOWS\system32\drivers\downld\2272406.exe
C:\WINDOWS\system32\drivers\downld\2275765.exe
C:\WINDOWS\system32\drivers\downld\2299218.exe
C:\WINDOWS\system32\drivers\downld\2304750.exe
C:\WINDOWS\system32\drivers\downld\230531.exe
C:\WINDOWS\system32\drivers\downld\2309687.exe
C:\WINDOWS\system32\drivers\downld\2325296.exe
C:\WINDOWS\system32\drivers\downld\2331078.exe
C:\WINDOWS\system32\drivers\downld\2379234.exe
C:\WINDOWS\system32\drivers\downld\2466031.exe
C:\WINDOWS\system32\drivers\downld\2558046.exe
C:\WINDOWS\system32\drivers\downld\58562.exe
C:\WINDOWS\system32\drivers\downld\60359.exe
C:\WINDOWS\system32\drivers\downld\62546.exe
C:\WINDOWS\system32\drivers\downld\66734.exe
C:\WINDOWS\system32\drivers\downld\69218.exe
C:\WINDOWS\system32\drivers\downld\78578.exe
C:\WINDOWS\system32\drivers\downld\78890.exe
C:\WINDOWS\system32\drivers\downld\81015.exe
C:\WINDOWS\system32\drivers\downld\81562.exe
C:\WINDOWS\system32\drivers\downld\88453.exe
C:\WINDOWS\system32\drivers\downld\90500.exe
C:\WINDOWS\system32\drivers\downld\91328.exe
C:\WINDOWS\system32\drivers\downld\97031.exe
C:\WINDOWS\system32\drivers\downld\99687.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.
2008-10-03 16:13 . 2008-10-03 16:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-03 15:26 . 2008-10-03 15:26 <DIR> d-------- C:\Muestras
2008-10-03 15:05 . 2008-10-03 15:04 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-10-03 15:05 . 2008-10-03 15:05 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-10-03 15:05 . 2008-10-03 15:04 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-10-03 14:54 . 2008-10-03 14:54 <DIR> d-------- C:\Programmi\XP TCPIP Repair
2008-10-03 14:04 . 2008-10-03 14:04 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-03 14:04 . 2008-10-03 14:04 <DIR> d-------- C:\Documents and Settings\amministratore\Dati applicazioni\Malwarebytes
2008-10-03 14:04 . 2008-10-03 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-03 14:04 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-03 14:04 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-30 15:01 . 2008-09-30 15:01 <DIR> d-------- C:\Programmi\MSN BackUp
2008-09-30 11:41 . 2008-09-30 11:41 <DIR> d-------- C:\Programmi\CCleaner
2008-09-18 10:21 . 2008-09-18 10:25 <DIR> d-------- C:\Programmi\Bible live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 13:05 --------- d-----w C:\Programmi\Eset
2008-10-03 11:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-10-03 11:24 --------- d-----w C:\Programmi\File comuni\Adobe
2008-10-03 11:03 --------- d-----w C:\Programmi\CleanUp!
2008-10-03 10:47 --------- d-----w C:\Programmi\eMule
2008-09-30 07:24 40,960 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-09-26 07:01 --------- d-----w C:\Programmi\SUPERAntiSpyware
2008-08-04 13:58 --------- d-----w C:\Programmi\NoAdware5.0
2007-09-21 14:33 120,286 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\firstlsp.reg.dat
2007-07-26 12:39 24,192 ----a-w C:\Documents and Settings\amministratore\usbsermptxp.sys
2007-07-26 12:39 22,768 ----a-w C:\Documents and Settings\amministratore\usbsermpt.sys
2007-02-22 09:25 206,032 ----a-w C:\Documents and Settings\amministratore\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-07-27 10:44 54 ----a-w C:\Programmi\inc1.bat
2006-07-27 10:44 50 ----a-w C:\Programmi\bit3.bat
2006-07-27 10:44 50 ----a-w C:\Programmi\bit2.bat
2006-07-27 10:44 50 ----a-w C:\Programmi\bit.bat
2006-07-27 10:44 41 ----a-w C:\Programmi\sleep.bat
2006-07-27 10:44 401 ----a-w C:\Programmi\temp3.exe.txt
2006-07-27 10:44 401 ----a-w C:\Programmi\temp2.exe.txt
2006-07-27 10:44 401 ----a-w C:\Programmi\temp1.exe.txt
2004-08-19 13:39 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
- Codice: Seleziona tutto
<pre>
------w 1,750,016 2006-03-02 03:41:46 C:\WINDOWS\zbianche\tuttomio\vari programmi utili\programmi ok\VirIT eXplorer Pro v5.2.55 + crack\VirIT eXplorer Pro 5.2.55 .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 1937408]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-26 1576176]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CDWCheckRubrica"="C:\SEAT\CDItalia\Chkrub_cdi" [X]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"bwprnmon.exe"="C:\BITWARE\NT\bwprnmon.exe" [2006-06-14 54272]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-08-28 282624]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-10-03 249856]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-10-03 949376]
"AGRSMMSG"="AGRSMMSG.exe" [2003-08-20 C:\WINDOWS\AGRSMMSG.exe]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 C:\WINDOWS\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-09-15 49254]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-06-24 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-26 09:01 352256 C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2005-03-11 17:33 147456 C:\WINDOWS\system32\VTTrayp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\PAGINE BIANCHE 2005-06\\CD\\ServerCDItalia.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\UTORRENT\\utorrent.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-09-30 40960]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service;C:\WINDOWS\system32\DRIVERS\Rockey4.sys [2008-03-05 22016]
S0 xpdjhenv;xpdjhenv;C:\WINDOWS\system32\drivers\lkrndibo.sys [ ]
S2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-10-03 57344]
S3 pwalker;Process Walker Driver;C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp\nse26B.tmp\pwalker.sys [ ]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;C:\WINDOWS\system32\DRIVERS\Rockey4USB.sys [2008-03-05 12928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\njwxh4r6.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-03 16:38:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntvdm.exe
.
**************************************************************************
.
Completion time: 2008-10-03 16:41:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-03 14:41:12
Pre-Run: 108,595,806,208 byte disponibili
Post-Run: 108,514,963,456 byte disponibili
218 --- E O F --- 2007-07-12 06:53:53