Ecco il log di combofix:
ComboFix 08-10-25.01 - Manlio 2008-10-27 11.31.12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1433 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Manlio.PC-HOME\Appoggio\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS.0\Downloaded Program Files\setup.inf
C:\WINDOWS.0\system32\ban_list.txt
C:\WINDOWS.0\winhelp.ini
.
((((((((((((((((((((((((( Files Creati Da 2008-09-27 al 2008-10-27 )))))))))))))))))))))))))))))))))))
.
2008-10-25 20:09 . 2008-10-25 23:18 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-25 20:09 . 2008-10-25 20:09 <DIR> d-------- C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\Malwarebytes
2008-10-25 20:09 . 2008-10-25 20:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Malwarebytes
2008-10-25 20:09 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2008-10-25 20:09 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-10-24 21:13 . 2008-10-15 17:36 337,408 -----c--- C:\WINDOWS.0\system32\dllcache\netapi32.dll
2008-10-18 20:34 . 2008-10-18 20:34 <DIR> d-------- C:\Programmi\VstPlugins
2008-10-16 17:28 . 2008-10-16 17:28 <DIR> d-------- C:\Programmi\Alien Connections
2008-10-16 17:28 . 1997-01-18 10:40 299,520 --a------ C:\WINDOWS.0\uninst.exe
2008-10-16 17:28 . 2008-10-16 17:28 0 --a------ C:\WINDOWS.0\PROTOCOL.INI
2008-10-16 14:07 . 2008-10-16 17:26 <DIR> d-------- C:\Audio
2008-10-16 11:17 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS.0\system32\dllcache\srv.sys
2008-10-16 11:16 . 2008-08-14 14:22 2,192,896 -----c--- C:\WINDOWS.0\system32\dllcache\ntoskrnl.exe
2008-10-16 11:16 . 2008-08-14 14:22 2,148,864 -----c--- C:\WINDOWS.0\system32\dllcache\ntkrnlmp.exe
2008-10-16 11:16 . 2008-08-14 14:22 2,069,760 -----c--- C:\WINDOWS.0\system32\dllcache\ntkrnlpa.exe
2008-10-16 11:16 . 2008-08-14 14:22 2,027,520 -----c--- C:\WINDOWS.0\system32\dllcache\ntkrpamp.exe
2008-10-16 11:16 . 2008-09-15 16:24 1,846,400 -----c--- C:\WINDOWS.0\system32\dllcache\win32k.sys
2008-10-12 17:52 . 2008-10-12 17:52 <DIR> d-------- C:\Documents and Settings\Manlio.PC-HOME\.GalleryRemote
2008-10-11 22:51 . 2008-10-11 22:51 <DIR> d-------- C:\WINDOWS.0\USB Vibration
2008-10-10 20:33 . 2008-10-10 20:33 <DIR> d-------- C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\SlySoft
2008-10-10 19:56 . 2008-10-10 19:56 <DIR> d-------- C:\Programmi\Guitar Pro 5
2008-10-10 18:40 . 2008-10-10 18:40 <DIR> d-------- C:\Guitar Pro 4 full +serial
2008-10-09 20:08 . 2008-10-13 13:40 <DIR> d-------- C:\Programmi\Guitar Calculator Pro
2008-10-09 20:04 . 2008-10-13 13:40 249,856 --------- C:\WINDOWS.0\Setup1.exe
2008-10-09 20:04 . 2008-10-13 13:40 73,216 --a------ C:\WINDOWS.0\ST6UNST.EXE
2008-10-09 17:49 . 2008-10-13 18:23 <DIR> d-------- C:\Gitune
2008-10-04 20:10 . 2008-10-04 20:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 20:28 . 2008-10-03 20:28 <DIR> d-------- C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\Sibelius Software
2008-10-03 20:27 . 2008-10-03 20:27 <DIR> d-------- C:\Programmi\Musicnotes
2008-10-02 18:17 . 2008-10-02 18:17 <DIR> d-------- C:\Programmi\BitTorrent Fastest Tool
2008-09-28 14:08 . 2008-10-10 20:15 <DIR> d-------- C:\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 18:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Google Updater
2008-10-26 17:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Lavasoft
2008-10-25 14:42 --------- d-----w C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\stickies
2008-10-25 14:26 --------- d-----w C:\Programmi\eMule
2008-10-25 14:26 --------- d-----w C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\uTorrent
2008-10-25 12:19 --------- d-----w C:\Programmi\FlatOut 2
2008-10-22 19:37 --------- d-----w C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\Audacity
2008-10-16 13:49 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-10-16 13:07 --------- d-----w C:\Programmi\Steinberg
2008-10-15 17:39 --------- d-----w C:\Programmi\10-Strike SearchMyDiscs
2008-10-11 21:51 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-10-10 19:34 --------- d-----w C:\Programmi\SlySoft
2008-10-10 19:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\SecTaskMan
2008-10-06 21:46 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Spybot - Search & Destroy
2008-10-06 21:43 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-10-04 19:10 --------- d-----w C:\Programmi\iTunes
2008-10-04 19:10 --------- d-----w C:\Programmi\iPod
2008-10-04 11:05 --------- d-----w C:\Programmi\Java
2008-09-27 10:19 --------- d-----w C:\Programmi\MediaCoder
2008-09-23 22:04 --------- d-----w C:\Programmi\DVDx
2008-09-21 17:41 --------- d-----w C:\Programmi\Formosoft
2008-09-20 13:57 --------- d-----w C:\Programmi\LimeWire
2008-09-17 12:55 --------- d-----w C:\Programmi\QuickTime
2008-09-17 12:54 --------- d-----w C:\Programmi\File comuni\Apple
2008-09-17 12:48 --------- d-----w C:\Programmi\Bonjour
2008-09-15 15:24 1,846,400 ----a-w C:\WINDOWS.0\system32\win32k.sys
2008-09-14 14:44 82,380 ----a-w C:\WINDOWS.0\system32\drivers\AFS2K.SYS
2008-09-14 13:49 0 ---ha-w C:\Documents and Settings\LocalService.NT AUTHORITY\hpothb07.dat
2008-09-12 11:48 --------- d-----w C:\Programmi\ffdshow
2008-09-11 09:27 --------- d-----w C:\Programmi\uTorrent
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS.0\system32\drivers\srv.sys
2008-09-01 22:16 --------- d-----w C:\Programmi\Apple Software Update
2008-09-01 15:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS.0\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS.0\system32\dnssd.dll
2008-08-26 07:57 826,368 ----a-w C:\WINDOWS.0\system32\wininet.dll
2008-08-14 13:22 2,192,896 ----a-w C:\WINDOWS.0\system32\ntoskrnl.exe
2008-08-14 13:22 2,069,760 ----a-w C:\WINDOWS.0\system32\ntkrnlpa.exe
2008-04-17 10:02 103,776 ----a-w C:\Documents and Settings\Manlio.PC-HOME\System_Restore.exe
2008-02-26 14:48 357,768 ----a-w C:\Documents and Settings\Manlio.PC-HOME\SymXPep2.dll
2008-02-26 14:03 251,216 ----a-w C:\Documents and Settings\Manlio.PC-HOME\IView.exe
2007-12-01 11:56 32 ----a-w C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\ezsid.dat
2007-01-28 17:38 87,608 ----a-w C:\Documents and Settings\Manlio\Dati applicazioni\ezpinst.exe
2007-01-28 17:38 87,608 ----a-w C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\ezpinst.exe
2007-01-28 17:38 47,360 ----a-w C:\Documents and Settings\Manlio\Dati applicazioni\pcouffin.sys
2007-01-28 17:38 47,360 ----a-w C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\pcouffin.sys
2008-03-27 17:15 2 --shatr C:\WINDOWS.0\winstart.bat
2002-09-10 11:00 4,952 --sha-r C:\WINDOWS.0\system32\AsBackup\AllUser\Bootfont.bin
2008-05-11 18:42 32,768 --sha-w C:\WINDOWS.0\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008051120080512\index.dat
.
- Codice: Seleziona tutto
<pre>
----a-w 438,359 2006-04-21 13:41:20 C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB .exe
----a-w 936,960 2006-11-21 14:26:22 C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp .exe
----a-w 40,960 2002-03-06 00:31:00 C:\Programmi\Creative\WebCam Monitor\TrayMon .exe
----a-w 153,136 2007-03-01 14:57:24 C:\Programmi\File comuni\Nero\Lib\NeroCheck .exe
----a-w 68,856 2008-04-10 12:34:05 C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 90,112 2002-10-06 23:23:20 C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
----a-w 69,632 2002-04-17 09:42:56 C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
----a-w 88,024 2007-08-08 13:53:16 C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray .exe
--sha-r 2,097,488 2008-01-28 10:43:40 C:\Programmi\Spybot - Search & Destroy\TeaTimer .exe
----a-w 28,160 2002-12-12 05:45:00 C:\Programmi\Symantec\WinFax\WFXSWTCH .exe
----a-w 307,200 2007-12-11 02:59:40 C:\Programmi\Syncrosoft\POS\H2O\cledx .exe
----a-w 41,984 2000-12-26 13:35:00 C:\WINDOWS.0\CTRegRun .exe
----a-w 15,360 2004-08-19 13:39:36 C:\WINDOWS.0\system32\ctfmon .exe
----a-w 406,016 2004-03-10 23:26:10 C:\WINDOWS.0\system32\PSDrvCheck .exe
----a-w 14,348 2008-03-17 22:35:22 C:\WINDOWS.0\system32\drivers\hldrrr .exe
</pre>
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"FreeMem Pro"="C:\Programmi\FreeMem Professional\Fmempro.exe" [2000-03-27 428544]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-16 68856]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2008-04-14 15360]
"DriverMax"="C:\Programmi\Innovative Solutions\DriverMax\devices.exe" [2008-07-25 5057368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCam Monitor"="C:\Programmi\Creative\WebCam Monitor\TrayMon.exe" [N/A]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Share-to-Web Namespace Daemon"="C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [N/A]
"CamMonitor"="C:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe" [2006-11-21 936960]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2008-02-14 51048]
"osCheck"="C:\Programmi\Norton AntiVirus\osCheck.exe" [2007-08-24 714608]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [N/A]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"PwrUpTweakMe"="C:\WINDOWS.0\system32\PuXpTwks.exe" [N/A]
"AAWTray"="C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe" [N/A]
"PinnacleDriverCheck"="C:\WINDOWS.0\system32\\PSDrvCheck.exe" [N/A]
"CTRegRun"="C:\WINDOWS.0\CTRegRun.EXE" [N/A]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WFXSwtch"="C:\PROGRA~1\Symantec\WinFax\WFXSWTCH.exe" [N/A]
"H2O"="C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-12-12 C:\WINDOWS.0\system32\WFXSNT40.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="rundll32 advpack.dll" [N/A]
"nltide2"="rundll32 advpack.dll" [N/A]
C:\Documents and Settings\Manlio.PC-HOME\Menu Avvio\Programmi\Esecuzione automatica\
Scheduler.lnk - C:\Programmi\3B Software\Common\Scheduler\wcomschd.exe [2008-04-08 464240]
Stickies.lnk - C:\Programmi\stickies\stickies.exe [2006-03-29 348160]
C:\Documents and Settings\All Users.WINDOWS.0\Menu Avvio\Programmi\Inicio\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-04-15 217088]
Controller.LNK - C:\Programmi\Symantec\WinFax\WFXCTL32.EXE [2008-04-28 565760]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "C:\PROGRA~1\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.ffds"= C:\Programmi\ffdshow\ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\stickies\\stickies.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\WINDOWS.0\\system32\\ftp.exe"=
"C:\\Programmi\\File comuni\\Symantec Shared\\NPC\\npcLUStb.exe"=
"C:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4758:TCP"= 4758:TCP:messenger
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
R2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]
R2 wfxsvc;WinFax PRO;C:\WINDOWS.0\system32\WFXSVC.EXE [2000-09-28 129536]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS.0\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS.0\system32\DRIVERS\fetnd5bv.sys [2008-01-02 43520]
R3 PD1030VID;Creative WebCam Pro;C:\WINDOWS.0\system32\DRIVERS\p1030vid.sys [2006-12-18 167661]
S2 rend32;Microsoft Rendezvous Control;rundll32.exe C:\WINDOWS.0\system32\rend32.dll,ileb [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS.0\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-09-01 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-10-13 C:\WINDOWS.0\Tasks\Norton AntiVirus - Scansione completa sistema - Manlio.job
- C:\Programmi\Norton AntiVirus\Navw32.exe [2007-08-26 18:19]
.
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.alice.it/R0 -: HKLM-Main,Start Page = about:blank
.
.
------- Associazioni di file -------
.
txtfile=Notepad.exe "%1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-27 11:35:54
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
.
Ora fine scansione: 2008-10-27 11.40.24
ComboFix-quarantined-files.txt 2008-10-27 10:39:18
Pre-Run: 24.240.312.320 byte disponibili
Post-Run: 24,396,718,080 byte disponibili
235 --- E O F --- 2008-10-26 22:23:50