Rieccomi, ti posto il report di combofix, comunque già conla rimozionetramite MALWERBITES, va molto meglio : :
ComboFix 10-01-02.03 - GIORDI 03/01/2010 11.28.41.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1015.623 [GMT 1:00]
Eseguito da: c:\documents and settings\GIORDI\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\WinPCap
c:\programmi\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-2025429265-527237240-1417001333-1003
c:\recycler\S-1-5-21-2092624404-4041999043-2465034123-1003
c:\windows\system32\config\systemprofile\Menu Avvio\Programmi\Security Tool.lnk
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Creati Da 2009-12-03 al 2010-01-03 )))))))))))))))))))))))))))))))))))
.
2010-04-21 03:04 . 2007-06-13 20:39 1162 -c--a-w- c:\windows\sr.VBS
2010-04-21 01:45 . 2010-04-21 01:45 -------- d-----w- c:\programmi\Elantech
2010-01-02 20:02 . 2010-01-02 20:02 -------- d-----w- c:\documents and settings\GIORDI\Dati applicazioni\Malwarebytes
2010-01-02 20:00 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-02 20:00 . 2010-01-02 20:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-02 20:00 . 2010-01-02 21:59 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-02 20:00 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 16:44 . 2010-01-02 16:44 -------- d-----w- c:\documents and settings\GIORDI\Impostazioni locali\Dati applicazioni\Mozilla
2010-01-01 23:49 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-01 23:49 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-01 23:49 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-01 23:49 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-01 23:49 . 2010-01-01 23:49 -------- d-----w- c:\programmi\Avira
2010-01-01 23:49 . 2010-01-01 23:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-01-01 22:37 . 2010-01-01 22:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2010-01-01 22:17 . 2010-01-01 22:17 -------- d-----w- c:\programmi\VS Revo Group
2010-01-01 21:38 . 2010-01-01 21:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2010-01-01 21:38 . 2010-01-01 21:38 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Yahoo!
2010-01-01 21:38 . 2010-01-01 21:38 -------- d-----w- c:\programmi\Yahoo!
2010-01-01 21:38 . 2010-01-01 21:38 -------- d-----w- c:\programmi\CCleaner
2009-12-28 13:13 . 2009-12-28 13:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-27 16:45 . 2010-01-03 10:40 763904 ----a-w- c:\windows\system32\drivers\xdsxm.sys
2009-12-27 16:45 . 2009-12-27 16:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 10:39 . 2008-08-12 14:25 -------- d-----w- c:\documents and settings\GIORDI\Dati applicazioni\StarOffice8
2010-01-02 00:01 . 2008-08-22 16:04 -------- d-----w- c:\documents and settings\ARIANNA\Dati applicazioni\StarOffice8
2009-12-28 00:25 . 2009-03-06 20:42 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-12 21:56 . 2008-03-24 20:18 63600 ----a-w- c:\windows\system32\perfc010.dat
2009-12-12 21:56 . 2008-03-24 20:18 426042 ----a-w- c:\windows\system32\perfh010.dat
2009-11-15 20:06 . 2008-08-12 14:40 4138 ----a-w- c:\documents and settings\GIORDI\Dati applicazioni\wklnhst.dat
2009-11-15 16:41 . 2008-08-12 14:27 1 ----a-w- c:\documents and settings\GIORDI\Dati applicazioni\StarOffice8\user\uno_packages\cache\stamp.sys
2009-10-29 07:40 . 2008-03-24 20:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-23 14:17 . 2009-10-23 14:17 64088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\Italian\setup.exe
2009-10-21 06:00 . 2008-03-24 20:17 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2008-03-24 20:16 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 23:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:51 . 2008-03-24 20:17 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:51 . 2008-03-24 20:17 112640 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:51 . 2008-03-24 20:17 69632 ----a-w- c:\windows\system32\raschap.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-09 39408]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 104984]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 121368]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 100888]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"ETDWare"="c:\programmi\Elantech\ETDCtrl.exe" [2008-04-16 335872]
"AsusTray"="c:\programmi\EeePC\ACPI\AsTray.exe" [2008-03-27 102400]
"AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2008-03-20 544768]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
c:\documents and settings\ARIANNA\Menu Avvio\Programmi\Esecuzione automatica\
StarOffice 8.lnk - d:\programmi\Sun\StarOffice 8\program\quickstart.exe [2007-8-17 122880]
c:\documents and settings\GIORDI\Menu Avvio\Programmi\Esecuzione automatica\
StarOffice 8.lnk - d:\programmi\Sun\StarOffice 8\program\quickstart.exe [2007-8-17 122880]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-8-26 217088]
AutoRun OSCleaner.lnk - c:\programmi\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2008-4-17 118784]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo
S2 gupdate1ca29906bdd031a;Servizio di Google Update (gupdate1ca29906bdd031a);c:\programmi\Google\Update\GoogleUpdate.exe [30/08/2009 17.39.16 133104]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - xdsxm
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-30 16:38]
2010-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-30 16:38]
2010-01-03 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://virgilio.alice.it/index.htmluInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {713D187C-8D41-4041-805B-46E1A2EA3CF3} = 85.37.17.16 85.38.28.68
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\GIORDI\Dati applicazioni\Mozilla\Firefox\Profiles\tqg388q8.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.alice.it/FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\programmi\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
AddRemove-HijackThis - c:\docume~1\GIORDI\IMPOST~1\Temp\Directory temporanea 1 per HiJackThis.zip\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-03 11:39
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xdsxm]
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(1600)
c:\windows\system32\WININET.dll
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
d:\programmi\Sun\StarOffice 8\program\soffice.exe
d:\programmi\Sun\StarOffice 8\program\soffice.BIN
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-03 11:44:23 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-03 10:44
Pre-Run: 554.569.728 byte disponibili
Post-Run: 455.700.480 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - DC99C9087F4641647E98ADD107CD1C5E