Olimpo Informatico

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Il mio computer ultimamente si comporta in modo strano...
Programmi che si bloccano, programmi che rimangono aperti tra i processi del task manager anche dopo che li ho chiusi, errori fatali per operazioni semplicissime, impostazioni che cambiano da sole... quindi sospetto di aver beccato qualcosa!!

Questo è il risultato della scansione che ho fatto con HiJack: notate qualcosa che non dovrebbe esserci?? Grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.06.44, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Microsoft Office\Office\OSA.EXE
C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Documenti\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [FRYMXINS] "C:\Programmi\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://download.autodesk.com/esd/mapguide/SP1/ITA/mgaxctrl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam02.lugano.ch/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5328/mcfscan.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 10174 bytes

bdoriano

Ciao gwen77, Ciao

Fai queste operazioni:

Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Fai una scansione con Norman Malware Cleaner.
Riavvia il computer in modalità normale
Segui le istruzioni di questo topic per eseguire combofix.
Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di Norman Malware Cleaner su WikiSend e posta il Forum Link che ti viene assegnato
- Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio

PS: se vuoi, puoi presentarti qui

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Grazie dell'aiuto!!
Allora: ho seguito tutta la procedura.
Il Norman Malware Cleaner mi ha trovato 4 virus in 8 files, ma dopo aver lanciato il Combifix il computer si è riavviato e al riavvio mi diceva "Impossibile avviare windows poichè il file seguente manca o è danneggiato \windows\system32\config\system"
Alla fine sono riuscita comunque a farlo ripartire.

Scusate per la maleducazione, appena questo pc riparte corro a presentarmi!!

NFix_2008-07-01_16-23-56.log

ComboFix 08-06-20.4 - Administrator 2008-07-01 17.35.06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.570 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\Combo5Fix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-06-01 al 2008-07-01 )))))))))))))))))))))))))))))))))))
.

2008-07-01 10:30 . 2008-07-01 10:30 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-07-01 10:08 . 2008-07-01 10:10 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-06-30 09:41 . 2008-06-30 09:41 <DIR> d-------- C:\WINDOWS\system32\N360_BACKUP
2008-06-27 11:39 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-06-26 18:05 . 2008-06-26 18:05 244 --ah----- C:\sqmnoopt02.sqm
2008-06-26 18:05 . 2008-06-26 18:05 232 --ah----- C:\sqmdata02.sqm
2008-06-24 16:37 . 2008-06-24 16:37 268 --ah----- C:\sqmdata01.sqm
2008-06-24 16:37 . 2008-06-24 16:37 244 --ah----- C:\sqmnoopt01.sqm
2008-06-20 17:40 . 2008-06-20 17:40 <DIR> d-------- C:\Programmi\Windows Sidebar
2008-06-20 17:39 . 2008-06-20 18:05 <DIR> d-------- C:\Programmi\Symantec
2008-06-20 17:39 . 2008-06-20 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-06-20 17:39 . 2008-06-20 18:05 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-20 17:39 . 2008-06-20 18:05 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-20 17:39 . 2008-06-20 18:05 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-20 17:39 . 2008-06-20 18:05 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-20 16:53 . 2008-06-20 16:53 <DIR> d-------- C:\Programmi\Virtual Earth 3D
2008-06-20 16:34 . 2008-06-20 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\system32\it
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-20 15:49 . 2007-10-25 18:42 8,489,472 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-13 10:42 . 2008-06-13 10:42 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\RETScreen
2008-06-11 08:17 . 2008-05-08 14:28 202,752 --a------ C:\WINDOWS\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 15:54 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-07-01 14:57 --------- d-----w C:\Programmi\RichVideoCodec
2008-07-01 08:48 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\pdf995
2008-06-30 19:53 --------- d-----w C:\Programmi\Norton 360
2008-06-25 16:34 --------- d-----w C:\Programmi\eMule
2008-06-25 14:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Polysun4
2008-06-24 13:50 --------- d-----w C:\Programmi\Google
2008-06-20 15:26 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-23 13:12 --------- d-----w C:\Programmi\Paint.NET
2008-05-20 07:08 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-05-13 08:54 --------- d-----w C:\Programmi\Polysun4
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-02 10:12 85,848 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-06-17 14:23 349552 --a------ C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-20 17:41 116088 --a------ C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@={4433A54A-1AC8-432F-90FC-85F045CF383C}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@={F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@={476D0EA3-80F9-48B5-B70B-05E677C9C148}

[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 03:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 09:13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-01-08 15:02 344064]
"FRYMXINS"="C:\Programmi\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 22:08 16050688 C:\WINDOWS\RTHDCPL.exe]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 12:50 1138688]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 14:44 761856]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-07-10 11:53 872448]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51 233472]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-05-28 15:40 185896]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2008-02-18 13:37 51048]
"osCheck"="C:\Programmi\Norton 360\osCheck.exe" [2008-02-26 16:50 988512]
"RegistryMechanic"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 03:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio Office.lnk - C:\Programmi\Microsoft Office\Office\OSA.EXE [1997-11-20 51984]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Ricerca rapida.lnk - C:\Programmi\Microsoft Office\Office\FINDFAST.EXE [1997-11-20 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2003-05-21 18:37 229437 C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2003-09-01 13:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWH myPrintMileage Agent]
--a------ 2003-11-19 02:10 102400 C:\Programmi\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-28 15:40 185896 C:\Programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2006-12-13 12:10]
R2 cpwnt;cpwnt;C:\WINDOWS\system32\drivers\cpwnt.sys [1997-05-30 00:00]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 CPUSB;CPUsb.Sys driver;C:\WINDOWS\system32\Drivers\CPUSB.sys [2002-10-24 02:00]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2008-02-21 16:02]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46d16d3d-0384-11dc-aac1-001a4bc4ea4c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b733658-3e6c-11dc-ab15-001a4bc4ea4c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a41b44d8-1cd6-11dd-ac33-001a4bc4ea4c}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce0a35dd-1fed-11dd-ac37-001a4bc4ea4c}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-01 07:14:00 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-07-01 15:54:07 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 17:54:40
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-01 17:59:24
ComboFix-quarantined-files.txt 2008-07-01 15:59:19

20 Directory 108,392,259,584 byte disponibili
23 Directory 108,267,147,264 byte disponibili

189 --- E O F --- 2008-06-20 12:34:54

bdoriano

Segui le istruzioni di questo topic per usare MBAM e posta il log generato

Al termine, rifai la scansione con ComboFix e posta il nuovo log.

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Buongiorno!! Ho eseguito le nuove istruzioni ed effettivamente MBAM mi ha trovato altri virus. Stavolta durante le operazione non ho riscontrato problemi.
Posto i due log:

MBAM
Malwarebytes' Anti-Malware 1.19
Versione del database: 913
Windows 5.1.2600 Service Pack 2

9.31.10 02/07/2008
mbam-log-7-2-2008 (09-31-10).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 39476
Tempo trascorso: 4 minute(s), 16 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 1
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

File infetti:
C:\Programmi\RichVideoCodec\install.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.

COMBOFIX
ComboFix 08-06-30.2 - Administrator 2008-07-02 9.45.24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.578 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\EcGDLL.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-06-02 al 2008-07-02 )))))))))))))))))))))))))))))))))))
.

2008-07-02 09:41 . 2008-07-02 09:41 <DIR> d-------- C:\Combo5Fix
2008-07-02 09:25 . 2008-07-02 09:25 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-02 09:25 . 2008-07-02 09:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-07-02 09:25 . 2008-07-02 09:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
2008-07-02 09:25 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-02 09:25 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 10:30 . 2008-07-01 10:30 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-07-01 10:08 . 2008-07-01 10:10 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-06-30 09:41 . 2008-06-30 09:41 <DIR> d-------- C:\WINDOWS\system32\N360_BACKUP
2008-06-27 11:39 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-06-26 18:05 . 2008-06-26 18:05 244 --ah----- C:\sqmnoopt02.sqm
2008-06-26 18:05 . 2008-06-26 18:05 232 --ah----- C:\sqmdata02.sqm
2008-06-24 16:37 . 2008-06-24 16:37 268 --ah----- C:\sqmdata01.sqm
2008-06-24 16:37 . 2008-06-24 16:37 244 --ah----- C:\sqmnoopt01.sqm
2008-06-20 17:40 . 2008-06-20 17:40 <DIR> d-------- C:\Programmi\Windows Sidebar
2008-06-20 17:39 . 2008-06-20 18:05 <DIR> d-------- C:\Programmi\Symantec
2008-06-20 17:39 . 2008-06-20 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-06-20 17:39 . 2008-06-20 18:05 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-20 17:39 . 2008-06-20 18:05 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-20 17:39 . 2008-06-20 18:05 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-20 17:39 . 2008-06-20 18:05 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-20 16:53 . 2008-06-20 16:53 <DIR> d-------- C:\Programmi\Virtual Earth 3D
2008-06-20 16:34 . 2008-06-20 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\system32\it
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-20 15:49 . 2007-10-25 18:42 8,489,472 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-13 10:42 . 2008-06-13 10:42 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\RETScreen
2008-06-11 08:17 . 2008-05-08 14:28 202,752 --a------ C:\WINDOWS\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 07:44 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-07-01 08:48 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\pdf995
2008-06-30 19:53 --------- d-----w C:\Programmi\Norton 360
2008-06-25 16:34 --------- d-----w C:\Programmi\eMule
2008-06-25 14:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Polysun4
2008-06-24 13:50 --------- d-----w C:\Programmi\Google
2008-06-20 15:26 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-23 13:12 --------- d-----w C:\Programmi\Paint.NET
2008-05-20 07:08 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-05-13 08:54 --------- d-----w C:\Programmi\Polysun4
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-13 17:14 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2008-04-10 08:00 2,220,544 ------w C:\WINDOWS\system32\ECArch20.dll
2008-04-04 14:20 221,184 ------w C:\WINDOWS\system32\DbcOpenDWG.dll
2008-04-02 10:12 85,848 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-07-01_17.59.12.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 15:53:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-02 07:39:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-01 15:30:07 71,444 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-02 07:43:54 71,444 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-01 15:30:07 84,552 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-07-02 07:43:54 84,552 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-07-01 15:30:07 441,760 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-02 07:43:54 441,760 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-01 15:30:07 489,970 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-07-02 07:43:54 489,970 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-07-01 16:20:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-06-30 13:44 349552 --a------ C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-20 17:41 116088 --a------ C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 03:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 09:13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-01-08 15:02 344064]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 12:50 1138688]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 14:44 761856]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-07-10 11:53 872448]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-05-28 15:40 185896]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2008-02-18 13:37 51048]
"osCheck"="C:\Programmi\Norton 360\osCheck.exe" [2008-02-26 16:50 988512]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 22:08 16050688 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 03:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio Office.lnk - C:\Programmi\Microsoft Office\Office\OSA.EXE [1997-11-20 51984]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Ricerca rapida.lnk - C:\Programmi\Microsoft Office\Office\FINDFAST.EXE [1997-11-20 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2003-05-21 18:37 229437 C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2003-09-01 13:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWH myPrintMileage Agent]
--a------ 2003-11-19 02:10 102400 C:\Programmi\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-28 15:40 185896 C:\Programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2006-12-13 12:10]
R2 cpwnt;cpwnt;C:\WINDOWS\system32\drivers\cpwnt.sys [1997-05-30 00:00]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 CPUSB;CPUsb.Sys driver;C:\WINDOWS\system32\Drivers\CPUSB.sys [2002-10-24 02:00]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2008-02-21 16:02]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46d16d3d-0384-11dc-aac1-001a4bc4ea4c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b733658-3e6c-11dc-ab15-001a4bc4ea4c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a41b44d8-1cd6-11dd-ac33-001a4bc4ea4c}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce0a35dd-1fed-11dd-ac37-001a4bc4ea4c}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-02 07:14:00 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-07-02 07:39:54 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-FRYMXINS - C:\Programmi\ATI Technologies\Fire GL 3D Studio Max\atiimxgl
HKLM-Run-RegistryMechanic - (no file)
Notify-dimsntfy - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 09:48:00
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-02 9.49.59
ComboFix-quarantined-files.txt 2008-07-02 07:49:51
ComboFix2.txt 2008-07-01 15:59:24

21 Directory 114,465,759,232 byte disponibili
24 Directory 114,543,616,000 byte disponibili

225 --- E O F --- 2008-06-20 12:34:54

bdoriano

Apri il Blocco note e crea un file di testo con le seguenti istruzioni:

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Eccomi!
Premetto che devo ancora eseguire le scansioni sulle periferiche USB (a proposito: devo scansionare anche le chiavette USB relative al funzionamento di programmi o solo le chiavette dove copio dati?).

LOG DEL COMBOFIX:

ComboFix 08-06-30.2 - Administrator 2008-07-02 11.27.37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.685 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-06-02 al 2008-07-02 )))))))))))))))))))))))))))))))))))
.

2008-07-02 09:41 . 2008-07-02 09:41 <DIR> d-------- C:\Combo5Fix
2008-07-02 09:25 . 2008-07-02 09:25 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-02 09:25 . 2008-07-02 09:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-07-02 09:25 . 2008-07-02 09:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
2008-07-02 09:25 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-02 09:25 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 10:30 . 2008-07-01 10:30 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-07-01 10:08 . 2008-07-01 10:10 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-06-30 09:41 . 2008-06-30 09:41 <DIR> d-------- C:\WINDOWS\system32\N360_BACKUP
2008-06-27 11:39 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-06-26 18:05 . 2008-06-26 18:05 244 --ah----- C:\sqmnoopt02.sqm
2008-06-26 18:05 . 2008-06-26 18:05 232 --ah----- C:\sqmdata02.sqm
2008-06-24 16:37 . 2008-06-24 16:37 268 --ah----- C:\sqmdata01.sqm
2008-06-24 16:37 . 2008-06-24 16:37 244 --ah----- C:\sqmnoopt01.sqm
2008-06-20 17:40 . 2008-06-20 17:40 <DIR> d-------- C:\Programmi\Windows Sidebar
2008-06-20 17:39 . 2008-06-20 18:05 <DIR> d-------- C:\Programmi\Symantec
2008-06-20 17:39 . 2008-06-20 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-06-20 17:39 . 2008-06-20 18:05 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-20 17:39 . 2008-06-20 18:05 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-20 17:39 . 2008-06-20 18:05 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-20 17:39 . 2008-06-20 18:05 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-20 16:53 . 2008-06-20 16:53 <DIR> d-------- C:\Programmi\Virtual Earth 3D
2008-06-20 16:34 . 2008-06-20 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\system32\it
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-20 15:49 . 2007-10-25 18:42 8,489,472 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-13 10:42 . 2008-06-13 10:42 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\RETScreen
2008-06-11 08:17 . 2008-05-08 14:28 202,752 --a------ C:\WINDOWS\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 09:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\pdf995
2008-07-02 08:44 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-06-30 19:53 --------- d-----w C:\Programmi\Norton 360
2008-06-25 16:34 --------- d-----w C:\Programmi\eMule
2008-06-25 14:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Polysun4
2008-06-24 13:50 --------- d-----w C:\Programmi\Google
2008-06-20 15:26 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-23 13:12 --------- d-----w C:\Programmi\Paint.NET
2008-05-20 07:08 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-05-13 08:54 --------- d-----w C:\Programmi\Polysun4
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-13 17:14 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2008-04-10 08:00 2,220,544 ------w C:\WINDOWS\system32\ECArch20.dll
2008-04-04 14:20 221,184 ------w C:\WINDOWS\system32\DbcOpenDWG.dll
2008-04-02 10:12 85,848 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-07-01_17.59.12.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 15:53:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-02 08:13:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-01 15:30:07 71,444 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-02 08:17:58 71,444 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-01 15:30:07 84,552 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-07-02 08:17:58 84,552 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-07-01 15:30:07 441,760 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-02 08:17:58 441,760 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-01 15:30:07 489,970 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-07-02 08:17:58 489,970 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-07-02 08:13:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_784.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-06-30 13:44 349552 --a------ C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-20 17:41 116088 --a------ C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 03:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 09:13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-01-08 15:02 344064]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 12:50 1138688]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 14:44 761856]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-07-10 11:53 872448]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-05-28 15:40 185896]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2008-02-18 13:37 51048]
"osCheck"="C:\Programmi\Norton 360\osCheck.exe" [2008-02-26 16:50 988512]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 22:08 16050688 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 03:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio Office.lnk - C:\Programmi\Microsoft Office\Office\OSA.EXE [1997-11-20 51984]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Ricerca rapida.lnk - C:\Programmi\Microsoft Office\Office\FINDFAST.EXE [1997-11-20 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2003-05-21 18:37 229437 C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2003-09-01 13:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWH myPrintMileage Agent]
--a------ 2003-11-19 02:10 102400 C:\Programmi\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-28 15:40 185896 C:\Programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2006-12-13 12:10]
R2 cpwnt;cpwnt;C:\WINDOWS\system32\drivers\cpwnt.sys [1997-05-30 00:00]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 CPUSB;CPUsb.Sys driver;C:\WINDOWS\system32\Drivers\CPUSB.sys [2002-10-24 02:00]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2008-02-21 16:02]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46d16d3d-0384-11dc-aac1-001a4bc4ea4c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b733658-3e6c-11dc-ab15-001a4bc4ea4c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a41b44d8-1cd6-11dd-ac33-001a4bc4ea4c}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce0a35dd-1fed-11dd-ac37-001a4bc4ea4c}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-02 07:14:00 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-07-02 08:13:41 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 11:30:55
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-02 11.32.48
ComboFix-quarantined-files.txt 2008-07-02 09:32:41
ComboFix2.txt 2008-07-02 07:50:00
ComboFix3.txt 2008-07-01 15:59:24

21 Directory 113,522,352,128 byte disponibili
24 Directory 113,517,056,000 byte disponibili

218 --- E O F --- 2008-06-20 12:34:54

LOG DI BITDEFENDER

BitDefender Online Scanner - Real Time Virus Report
Generated at: Wed, Jul 02, 2008 - 14:23:57
--------------------------------------------------------------------------------
Scan Info

Scanned Files
511641

Infected Files
0

Virus Detected

No virus found.

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

KASPERSKY

Kaspersky.txt

bdoriano

Tutte le chiavette (e HD esterni) vanno scansionate. Razz

Purtroppo, le voci che dovevano sparire dal log di ComboFix sono ancora dove non devono essere. Think

Fai questa scansione con SystemScan, carica il log su WikiSend e posta il Forum Link che ti viene assegnato.

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Ho scansionato tutte le mie chiavette e risultano pulite: ora chiederò se qualcuno ha usato altre chiavette usb sul mio pc.

Per la scansione che mi consigli di fare, non riesco a scaricare il file di systemscan: arriva al 99% di sys9217.exe e mi dice:

Errore durante la copia del file o della cartella
---------------------------
Impossibile copiare sys9217[1]: Accesso negato.

Controllare che il disco non sia pieno o protetto da scrittura e che il file non sia attualmente in uso.

Che faccio?

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Lo so che hai controllato, ma te lo chiedo lo stesso....c'è spazio sul disco?

Non si sa mai; comunque riprova a scaricarlo e non dimenticare di tenere premuto il tasto CTRL mentre clicchi per scaricarlo...e disattiva il tuo antivirus ed eventuali altri moduli in tempo reale di protezione...

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Sono riuscita a fare la scansione: non era un problema di spazio ma il firewall che bloccava l'operazione Wink

.

Ecco il risultato:

report.txt

Datemi buone notizie, please!!!

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Non vedo nulla di strano nel log...
Fai nuovamente queste operazioni, però col PC alla modalità provvisoria

[quote="bdoriano"]Apri il Blocco note e crea un file di testo con le seguenti istruzioni:

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Fatto!!

Ci sono ancora brutte cose?? Rolling Eyes

ComboFix 08-06-30.2 - Administrator 2008-07-02 18.00.21.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.795 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-06-02 al 2008-07-02 )))))))))))))))))))))))))))))))))))
.

2008-07-02 15:24 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-07-02 15:24 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-07-02 11:37 . 2008-07-02 14:23 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-02 09:41 . 2008-07-02 09:41 <DIR> d-------- C:\Combo5Fix
2008-07-02 09:25 . 2008-07-02 09:25 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-02 09:25 . 2008-07-02 09:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-07-02 09:25 . 2008-07-02 09:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
2008-07-02 09:25 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-02 09:25 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 10:30 . 2008-07-01 10:30 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-07-01 10:08 . 2008-07-01 10:10 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-06-30 09:41 . 2008-06-30 09:41 <DIR> d-------- C:\WINDOWS\system32\N360_BACKUP
2008-06-27 11:39 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-06-26 18:05 . 2008-06-26 18:05 244 --ah----- C:\sqmnoopt02.sqm
2008-06-26 18:05 . 2008-06-26 18:05 232 --ah----- C:\sqmdata02.sqm
2008-06-24 16:37 . 2008-06-24 16:37 268 --ah----- C:\sqmdata01.sqm
2008-06-24 16:37 . 2008-06-24 16:37 244 --ah----- C:\sqmnoopt01.sqm
2008-06-20 17:40 . 2008-06-20 17:40 <DIR> d-------- C:\Programmi\Windows Sidebar
2008-06-20 17:39 . 2008-06-20 18:05 <DIR> d-------- C:\Programmi\Symantec
2008-06-20 17:39 . 2008-06-20 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-06-20 17:39 . 2008-06-20 18:05 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-20 17:39 . 2008-06-20 18:05 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-20 17:39 . 2008-06-20 18:05 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-20 17:39 . 2008-06-20 18:05 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-20 16:53 . 2008-06-20 16:53 <DIR> d-------- C:\Programmi\Virtual Earth 3D
2008-06-20 16:34 . 2008-06-20 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\system32\it
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-20 15:49 . 2007-10-25 18:42 8,489,472 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-13 10:42 . 2008-06-13 10:42 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\RETScreen
2008-06-11 08:17 . 2008-05-08 14:28 202,752 --a------ C:\WINDOWS\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 14:36 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-07-02 09:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\pdf995
2008-06-30 19:53 --------- d-----w C:\Programmi\Norton 360
2008-06-25 16:34 --------- d-----w C:\Programmi\eMule
2008-06-25 14:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Polysun4
2008-06-24 13:50 --------- d-----w C:\Programmi\Google
2008-06-20 15:26 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-23 13:12 --------- d-----w C:\Programmi\Paint.NET
2008-05-20 07:08 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-05-13 08:54 --------- d-----w C:\Programmi\Polysun4
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-13 17:14 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2008-04-10 08:00 2,220,544 ------w C:\WINDOWS\system32\ECArch20.dll
2008-04-04 14:20 221,184 ------w C:\WINDOWS\system32\DbcOpenDWG.dll
2008-04-02 10:12 85,848 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-07-01_17.59.12.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-02 09:37:15 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-07-02 09:37:15 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-07-02 09:37:16 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-07-02 09:37:24 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-07-02 09:37:28 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-07-02 09:37:17 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-07-01 15:53:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-02 15:59:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2008-07-01 15:30:07 71,444 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-02 13:12:05 71,444 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-01 15:30:07 84,552 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-07-02 13:12:05 84,552 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-07-01 15:30:07 441,760 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-02 13:12:05 441,760 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-01 15:30:07 489,970 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-07-02 13:12:05 489,970 ----a-w C:\WINDOWS\system32\perfh010.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-06-30 13:44 349552 --a------ C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-20 17:41 116088 --a------ C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 03:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 09:13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-01-08 15:02 344064]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 12:50 1138688]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 14:44 761856]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-07-10 11:53 872448]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-05-28 15:40 185896]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2008-02-18 13:37 51048]
"osCheck"="C:\Programmi\Norton 360\osCheck.exe" [2008-02-26 16:50 988512]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 22:08 16050688 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 03:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio Office.lnk - C:\Programmi\Microsoft Office\Office\OSA.EXE [1997-11-20 51984]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Ricerca rapida.lnk - C:\Programmi\Microsoft Office\Office\FINDFAST.EXE [1997-11-20 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2003-05-21 18:37 229437 C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2003-09-01 13:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWH myPrintMileage Agent]
--a------ 2003-11-19 02:10 102400 C:\Programmi\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-28 15:40 185896 C:\Programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

S1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2006-12-13 12:10]
S2 CPUSB;CPUsb.Sys driver;C:\WINDOWS\system32\Drivers\CPUSB.sys [2002-10-24 02:00]
S2 cpwnt;cpwnt;C:\WINDOWS\system32\drivers\cpwnt.sys [1997-05-30 00:00]
S2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2008-02-21 16:02]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46d16d3d-0384-11dc-aac1-001a4bc4ea4c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b733658-3e6c-11dc-ab15-001a4bc4ea4c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a41b44d8-1cd6-11dd-ac33-001a4bc4ea4c}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce0a35dd-1fed-11dd-ac37-001a4bc4ea4c}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-02 07:14:00 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-07-02 13:08:07 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 18:03:03
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-02 18.05.23
ComboFix-quarantined-files.txt 2008-07-02 16:05:21
ComboFix2.txt 2008-07-02 09:32:49
ComboFix3.txt 2008-07-02 07:50:00
ComboFix4.txt 2008-07-01 15:59:24

21 Directory 115,501,252,608 byte disponibili
24 Directory 115,538,137,088 byte disponibili

229 --- E O F --- 2008-06-20 12:34:54

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

...comunque adesso ho notato che quando apro un programma e poi lo chiudo, mi rimane ancora attivo tra i processi del Task Manager..

Crying or Very sad

Mi sa che c'è ancora qualcosa da eliminare qui!!

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Purtroppo ci sono ancora;

proviamo con Systemscan, quindi avvialo
Clicca su "Removal Script".
All'interno del box bianco copia ed incolla i valori riportati qui sotto in rosso:

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Ho provato a fare questa operazione ma, dopo aver copiato il comando nel box bianco, mi dice "please copy and past a valid script file!".

Non posso andare da regedit e cancellarle manualmente ?? Wink

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

oops, c'è una stringa di troppo....

le puoi cancellare anche manualmente però attenzione a non sbagliare chiave perchè ne troverai molte, altrimenti riprova con systemscan togliendo però l'ultima riga che non c'entra nulla...

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Allora: ho riprovato ma mi da sempre lo stesso errore...
Proverei a cancellarle manualmente.

Quindi devo cancellare le prime quattro stringhe (quelle che finiscono con tutti i numeri) o anche quella che finisce con "....\mountpoints2\D" ?

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Scusami, c'è un altro errore commesso da me, sarà il caldo....
C'è una parentesi quadra di troppo...
Riprova ancora con systemscan che è più semplice...

gwen77 · Mortale adepto Registrato: 01/07/08 10:43 Messaggi: 39

Non ti preoccupare, anche qui è un gran caldo Wink

Anzi, sono io che non so come ringraziarvi per tutto l'aiuto che mi state dando!!

Dunque: le chiavi le ho cancellate manualmente perchè systemscan mi dava sempre quell'errore.

Ti posto il log di Combofix:

ComboFix 08-06-30.2 - Administrator 2008-07-03 10.37.36.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.551 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-06-03 al 2008-07-03 )))))))))))))))))))))))))))))))))))
.

2008-07-02 18:23 . 2008-07-02 18:27 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-02 15:24 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-07-02 15:24 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-07-02 11:37 . 2008-07-02 14:23 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-02 09:41 . 2008-07-02 09:41 <DIR> d-------- C:\Combo5Fix
2008-07-02 09:25 . 2008-07-02 09:25 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-02 09:25 . 2008-07-02 09:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-07-02 09:25 . 2008-07-02 09:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
2008-07-02 09:25 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-02 09:25 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 10:30 . 2008-07-01 10:30 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-07-01 10:08 . 2008-07-01 10:10 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-06-30 09:41 . 2008-06-30 09:41 <DIR> d-------- C:\WINDOWS\system32\N360_BACKUP
2008-06-27 11:39 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-06-26 18:05 . 2008-06-26 18:05 244 --ah----- C:\sqmnoopt02.sqm
2008-06-26 18:05 . 2008-06-26 18:05 232 --ah----- C:\sqmdata02.sqm
2008-06-24 16:37 . 2008-06-24 16:37 268 --ah----- C:\sqmdata01.sqm
2008-06-24 16:37 . 2008-06-24 16:37 244 --ah----- C:\sqmnoopt01.sqm
2008-06-20 17:40 . 2008-06-20 17:40 <DIR> d-------- C:\Programmi\Windows Sidebar
2008-06-20 17:39 . 2008-06-20 18:05 <DIR> d-------- C:\Programmi\Symantec
2008-06-20 17:39 . 2008-06-20 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-06-20 17:39 . 2008-06-20 18:05 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-20 17:39 . 2008-06-20 18:05 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-20 17:39 . 2008-06-20 18:05 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-20 17:39 . 2008-06-20 18:05 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-20 16:53 . 2008-06-20 16:53 <DIR> d-------- C:\Programmi\Virtual Earth 3D
2008-06-20 16:34 . 2008-06-20 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\system32\it
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-20 15:56 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-20 15:49 . 2007-10-25 18:42 8,489,472 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-13 10:42 . 2008-06-13 10:42 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\RETScreen
2008-06-11 08:17 . 2008-05-08 14:28 202,752 --a------ C:\WINDOWS\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 08:37 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-07-02 09:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\pdf995
2008-06-30 19:53 --------- d-----w C:\Programmi\Norton 360
2008-06-25 16:34 --------- d-----w C:\Programmi\eMule
2008-06-25 14:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Polysun4
2008-06-24 13:50 --------- d-----w C:\Programmi\Google
2008-06-20 15:26 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-23 13:12 --------- d-----w C:\Programmi\Paint.NET
2008-05-20 07:08 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-05-13 08:54 --------- d-----w C:\Programmi\Polysun4
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-13 17:14 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2008-04-10 08:00 2,220,544 ------w C:\WINDOWS\system32\ECArch20.dll
2008-04-04 14:20 221,184 ------w C:\WINDOWS\system32\DbcOpenDWG.dll
2008-04-02 10:12 85,848 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-07-01_17.59.12.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-02 09:37:15 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-07-02 09:37:15 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-07-02 09:37:16 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-07-02 09:37:24 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-07-02 09:37:28 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-07-02 09:37:17 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-07-01 15:53:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-03 08:35:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2008-07-01 15:30:07 71,444 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-03 08:40:27 71,444 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-01 15:30:07 84,552 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-07-03 08:40:27 84,552 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-07-01 15:30:07 441,760 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-03 08:40:27 441,760 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-01 15:30:07 489,970 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-07-03 08:40:27 489,970 ----a-w C:\WINDOWS\system32\perfh010.dat
- 2008-07-01 15:26:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_684.dat
+ 2008-07-03 08:35:50 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_684.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-06-30 13:44 349552 --a------ C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-20 17:41 116088 --a------ C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Programmi\File comuni\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 03:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 09:13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-01-08 15:02 344064]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 12:50 1138688]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 14:44 761856]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-07-10 11:53 872448]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-05-28 15:40 185896]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2008-02-18 13:37 51048]
"osCheck"="C:\Programmi\Norton 360\osCheck.exe" [2008-02-26 16:50 988512]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 22:08 16050688 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 03:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio Office.lnk - C:\Programmi\Microsoft Office\Office\OSA.EXE [1997-11-20 51984]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Ricerca rapida.lnk - C:\Programmi\Microsoft Office\Office\FINDFAST.EXE [1997-11-20 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2003-05-21 18:37 229437 C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2003-09-01 13:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWH myPrintMileage Agent]
--a------ 2003-11-19 02:10 102400 C:\Programmi\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-28 15:40 185896 C:\Programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2006-12-13 12:10]
R2 cpwnt;cpwnt;C:\WINDOWS\system32\drivers\cpwnt.sys [1997-05-30 00:00]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 CPUSB;CPUsb.Sys driver;C:\WINDOWS\system32\Drivers\CPUSB.sys [2002-10-24 02:00]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2008-02-21 16:02]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-03 07:14:00 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-07-03 08:35:50 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 10:40:32
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-03 10.42.32
ComboFix-quarantined-files.txt 2008-07-03 08:42:25
ComboFix2.txt 2008-07-02 16:05:24
ComboFix3.txt 2008-07-02 09:32:49
ComboFix4.txt 2008-07-02 07:50:00
ComboFix5.txt 2008-07-01 15:59:24

21 Directory 114,362,232,832 byte disponibili
23 Directory 114,425,704,448 byte disponibili

216 --- E O F --- 2008-06-20 12:34:54