ho fatto come mi hai suggerito....ti allego il rapporto di combofix...
ComboFix 09-11-20.05 - HP_Proprietario 2009-11-21 22:38.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.959.519 [GMT 1:00]
Eseguito da: c:\documents and settings\HP_Proprietario\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091121-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Creati Da 2009-10-21 al 2009-11-21 )))))))))))))))))))))))))))))))))))
.
2009-11-21 17:31 . 2009-11-21 17:31 4045528 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-21 16:27 . 2009-11-21 16:28 -------- d-----w- C:\ComboFix2
2009-11-21 16:27 . 2009-11-21 16:26 398336 ----a-w- c:\windows\system32\CF763.exe
2009-11-21 15:35 . 2009-11-21 15:35 43008 ----a-w- c:\windows\system32\ltnjumga.dll
2009-11-04 08:46 . 2009-11-04 08:46 152576 ----a-w- c:\documents and settings\HP_Proprietario\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 08:38 . 2009-11-04 08:38 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 17:31 . 2009-09-07 19:46 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-11-21 16:59 . 2009-04-24 14:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-21 16:24 . 2009-04-24 14:37 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-21 15:35 . 2009-02-21 09:53 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\uTorrent
2009-11-21 15:30 . 2009-07-21 08:29 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\vlc
2009-11-15 16:09 . 2009-02-17 09:01 -------- d-----w- c:\programmi\eMule
2009-11-08 09:25 . 2009-02-16 22:43 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-04 08:46 . 2006-08-24 07:49 -------- d-----w- c:\programmi\Java
2009-10-25 07:53 . 2004-12-10 14:24 64872 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 07:53 . 2004-12-10 14:24 429538 ----a-w- c:\windows\system32\perfh010.dat
2009-10-11 03:17 . 2009-02-17 22:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-02 13:39 . 2009-10-02 13:39 -------- d-----w- c:\programmi\Microsoft
2009-09-15 10:59 . 2009-02-16 23:01 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-02-16 23:01 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-02-16 23:01 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-02-16 23:01 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-02-16 23:01 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-02-16 23:02 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-02-16 23:02 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-02-16 23:02 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-02-16 23:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-10 13:54 . 2009-09-07 19:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-09-07 19:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-29 14:52 . 2009-02-16 22:33 67816 ----a-w- c:\documents and settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-29 09:12 . 2009-08-29 09:12 75040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2006-11-08 01:38 . 2009-02-17 05:01 22 -csha-w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((( SnapShot_2009-11-21_16.35.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-21 20:31 . 2009-11-21 20:31 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
+ 2009-11-21 20:31 . 2009-11-21 20:31 16384 c:\windows\Temp\Perflib_Perfdata_434.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\programmi\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Proprietario^Menu Avvio^Programmi^Esecuzione automatica^C6 Messenger.lnk]
path=c:\documents and settings\HP_Proprietario\Menu Avvio\Programmi\Esecuzione automatica\C6 Messenger.lnk
backup=c:\windows\pss\C6 Messenger.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Spooler"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-17 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-17 20560]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-05-29 12672]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7CA86431-BD73-440B-B5CE-B02A4DC6D393}]
rundll32 ltnjumga.dll,laspi
.
Contenuto della cartella 'Scheduled Tasks'
2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.libero.it/uDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopmSearch Bar =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopuInternet Settings,ProxyOverride = local
IE: &Cerca con Google - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Traduci parola in italiano - c:\programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Link a ritroso - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Pagine simili - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Versione cache della pagina - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} -
hxxp://c6.community.virgilio.it/downloa ... ctiveX.cab.
- - - - CHIAVI ORFANE RIMOSSE - - - -
BHO-{5BB5E88B-7AD7-475D-9729-CF04952B533D} - (no file)
AddRemove-HijackThis - c:\docume~1\HP_PRO~1\IMPOST~1\Temp\Rar$EX00.125\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-21 22:44
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2696)
c:\windows\system32\WININET.dll
c:\programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2009-11-21 22:46
ComboFix-quarantined-files.txt 2009-11-21 21:46
ComboFix2.txt 2009-08-30 08:34
ComboFix3.txt 2009-08-30 08:22
ComboFix4.txt 2009-03-28 13:33
Pre-Run: 131,944,140,800 byte disponibili
Post-Run: 131,935,432,704 byte disponibili
- - End Of File - - 3B1A7BDB1F33E7033FDC4649E2C11C84