questo è il log di combofix...
ComboFix 08-05-15.3 - Proprietario 2008-05-17 22.07.44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.390 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Proprietario.FRANCESCA.001\Desktop\download\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 36 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Edoardo.FRANCESCA\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Proprietario.FRANCESCA.001\Dati applicazioni\AntispywareBot
C:\Documents and Settings\Proprietario.FRANCESCA.001\Dati applicazioni\AntispywareBot\Log\2008 May 17 - 05_35_09 PM_843.log
C:\Documents and Settings\Proprietario.FRANCESCA.001\Dati applicazioni\AntispywareBot\Log\2008 May 17 - 07_54_17 AM_171.log
C:\Documents and Settings\Proprietario.FRANCESCA.001\Dati applicazioni\AntispywareBot\Log\2008 May 17 - 12_24_29 PM_156.log
C:\Documents and Settings\Proprietario.FRANCESCA.001\Dati applicazioni\AntispywareBot\rs.dat
C:\Documents and Settings\Proprietario.FRANCESCA.001\Dati applicazioni\AntispywareBot\Settings\IgnoreList.stg
C:\Programmi\Hotbar
C:\WINDOWS\Downloaded Program Files\eypa9iz
C:\WINDOWS\Downloaded Program Files\oc99ggk
C:\WINDOWS\Downloaded Program Files\oc99ggk\eey1ah3u.jar
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Creati Da 2008-04-17 al 2008-05-17 )))))))))))))))))))))))))))))))))))
.
2008-05-17 17:08 . 2008-05-17 17:19 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-17 15:18 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-07 07:31 . 2008-05-07 07:31 <DIR> d-------- C:\Documents and Settings\Proprietario.FRANCESCA.001\Dati applicazioni\Apple Computer
2008-04-28 07:50 . 2008-04-28 07:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-04-27 14:34 . 2008-05-10 16:24 <DIR> d-------- C:\Documents and Settings\Proprietario.FRANCESCA.001\Dati applicazioni\Nokia
2008-04-18 13:52 . 2008-04-18 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 16:00 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-16 11:47 --------- d-----w C:\Programmi\Spyware Doctor
2008-05-16 06:20 --------- d---a-w C:\Programmi\File comuni\Adobe
2008-05-16 06:15 --------- d-----w C:\Documents and Settings\Proprietario.FRANCESCA.001\Dati applicazioni\AdobeUM
2008-05-10 16:54 --------- d-----w C:\Programmi\iPod
2008-05-04 08:14 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-05-04 08:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-16 10:02 --------- d-----w C:\Programmi\NoAdware4
2008-04-09 05:48 --------- d-----w C:\Programmi\Windows Live
2008-04-09 05:31 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-04-09 05:19 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-04-08 10:16 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-08 10:16 560,672 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-08 10:16 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-06 14:30 --------- d-----w C:\Programmi\Scadenzario Pro 1.0 Demo
2008-04-06 14:14 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-04-06 14:06 --------- d-----w C:\Documents and Settings\Proprietario.FRANCESCA.001\Dati applicazioni\Template
2008-04-05 17:43 --------- d-----w C:\Programmi\Safari
2008-04-05 17:30 --------- d-----w C:\Programmi\iTunes
2008-04-05 17:24 --------- d-----w C:\Programmi\QuickTime
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-12-22 18:36 92,064 ----a-w C:\Documents and Settings\Proprietario.FRANCESCA.001\mqdmmdm.sys
2007-12-22 18:36 9,232 ----a-w C:\Documents and Settings\Proprietario.FRANCESCA.001\mqdmmdfl.sys
2007-12-22 18:36 79,328 ----a-w C:\Documents and Settings\Proprietario.FRANCESCA.001\mqdmserd.sys
2007-12-22 18:36 66,656 ----a-w C:\Documents and Settings\Proprietario.FRANCESCA.001\mqdmbus.sys
2007-12-22 18:36 6,208 ----a-w C:\Documents and Settings\Proprietario.FRANCESCA.001\mqdmcmnt.sys
2007-12-22 18:36 5,936 ----a-w C:\Documents and Settings\Proprietario.FRANCESCA.001\mqdmwhnt.sys
2007-12-22 18:36 4,048 ----a-w C:\Documents and Settings\Proprietario.FRANCESCA.001\mqdmcr.sys
2007-12-22 18:36 25,600 -c--a-w C:\Documents and Settings\Proprietario.FRANCESCA.001\usbsermptxp.sys
2007-12-22 18:36 22,768 -c--a-w C:\Documents and Settings\Proprietario.FRANCESCA.001\usbsermpt.sys
2006-11-24 11:29 30,816 -c--a-w C:\Documents and Settings\Proprietario.FRANCESCA.001\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-08-22 20:26 5,083,140 ----a-w C:\Programmi\zg602std.exe
2004-03-14 18:05 29,984 -c--a-w C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-03-14 18:05 29,984 ----a-w C:\Documents and Settings\edoardo\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-03-14 18:05 29,984 ----a-w C:\Documents and Settings\Edoardo.FRANCESCA\Dati applicazioni\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Programmi\Windows Live\Family Safety\fssbho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-10-16 14:05 114688]
"StorageGuard"="C:\Programmi\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 15:01 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 05:42 212992]
"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 21:43 7630848]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-08-11 21:43 86016]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
C:\Documents and Settings\Proprietario.FRANCESCA.001\Menu Avvio\Programmi\Esecuzione automatica\
Internet Explorer.lnk - C:\Programmi\Internet Explorer\iexplore.exe [2003-01-04 21:12:56 625664]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\StartupFaster
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 17:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-08-28 13:54]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Programmi\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-20 15:57]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 21:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 16:11]
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-06 20:37:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-17 15:38:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2006-03-13 17:06:36 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Programmi\XoftSpy\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 22:13:02
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Ora fine scansione: 2008-05-17 22.16.50
ComboFix-quarantined-files.txt 2008-05-17 20:15:44
22 Directory 11,760,631,808 byte disponibili
28 Directory 13,222,596,608 byte disponibili
164 --- E O F --- 2008-05-16 17:39:36
poi domani disinstallo avast, ma nn è proprio possibile accedere a quelle cartelle?