ecco...ho fatto...
però nn ci capisco granché..
Allego la copia del risultato...
Beh..vorrei sapere e qualcuno mi spia e se c'è qualcosa che nn va...
MA per caso questo programma mi ha eliminato files importanti??
spero di no...
ComboFix 08-08-29.02 - Administrator 2008-08-30 16:52:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.543 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Dati applicazioni\macromedia\Flash Player\#SharedObjects\KU9RS7MP\bin.clearspring.com
C:\Documents and Settings\Administrator\Dati applicazioni\macromedia\Flash Player\#SharedObjects\KU9RS7MP\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Administrator\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Administrator\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\WINDOWS\system32\auto.exe
C:\WINDOWS\system32\mdm.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-07-28 al 2008-08-30 )))))))))))))))))))))))))))))))))))
.
2008-08-27 21:16 . 2008-08-30 16:03 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-21 19:59 . 2008-08-21 19:59 <DIR> d-------- C:\Programmi\Ghostgum
2008-08-21 19:58 . 2008-08-21 20:00 <DIR> d-------- C:\Documents and Settings\Administrator\.scribus
2008-08-21 19:57 . 2008-08-21 19:57 <DIR> d-------- C:\Programmi\Scribus 1.3.3.8
2008-08-21 19:56 . 2008-08-21 19:56 <DIR> d-------- C:\Programmi\Notepad++
2008-08-21 19:56 . 2008-08-21 19:56 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Notepad++
2008-08-07 22:03 . 2008-08-07 22:03 <DIR> d-------- C:\Programmi\Bonjour
2008-08-07 22:00 . 2008-08-07 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-08-07 15:56 . 2008-08-07 22:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-07 15:56 . 2008-08-07 15:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-30 23:15 . 2008-07-30 23:15 <DIR> d-------- C:\Programmi\MSECache
2008-07-24 21:52 . 2008-07-24 21:52 <DIR> d-------- C:\Programmi\Sun
2008-07-18 20:38 . 2008-07-18 20:38 586,752 --a------ C:\WINDOWS\WLXPGSS.SCR
2008-07-12 18:09 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.OCX
2008-07-12 18:09 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx
2008-07-07 22:31 . 2008-07-07 22:31 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 21:27 --------- d-----w C:\Programmi\eMule
2008-08-27 20:45 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\.purple
2008-08-27 15:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-08-23 16:00 --------- d-----w C:\Programmi\Norton Security Scan
2008-08-23 16:00 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-08-22 19:53 --------- d-----w C:\Programmi\File comuni\Adobe
2008-08-16 10:41 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-08-15 20:01 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-08-07 20:04 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Apple Computer
2008-08-07 20:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-08-07 20:02 --------- d-----w C:\Programmi\QuickTime
2008-08-02 18:26 --------- d-----w C:\Programmi\Pinnacle
2008-07-24 19:52 --------- d-----w C:\Programmi\Java
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-28 17:00 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Skype
2008-06-26 16:04 2,394 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\SAS7_000.DAT
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:15 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-24 20:36 1,512 -c--a-w C:\Programmi\CCleaner.lnk
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-02-02 16:59 20 -c-h--w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLec.DAT
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 13:06 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 21:06 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 21:06 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"CnxDslTaskBar"="C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 15:11 462848]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00 155648]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"anvshell"="anvshell.exe" [2004-06-24 15:28 393216 C:\WINDOWS\anvshell.exe]
"nwiz"="nwiz.exe" [2005-12-09 21:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"Tweak UI"="TWEAKUI.CPL" [2000-10-09 18:55 108744 C:\WINDOWS\system32\TWEAKUI.CPL]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-04-04 18:00:29 352256]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
--a--c--- 2004-02-27 03:06 241664 C:\WINDOWS\system32\Keyhook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a--c--- 2002-07-12 12:15 106496 C:\WINDOWS\SiSUSBrg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Pando Networks\\Pando\\pando.exe"=
"C:\\Programmi\\JavaSoft\\JRE\\1.3.1_13\\bin\\javaw.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Java\\jre1.5.0_14\\bin\\javaw.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6891:TCP"= 6891:TCP:MSN
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 - Servizio Gestione licenze;C:\Programmi\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 19:11]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-09-12 10:26]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-09-12 10:26]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-10-29 15:02]
S1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2004-07-08 15:44]
S3 ALI5261;Driver NT Ethernet basato su ALi;C:\WINDOWS\system32\DRIVERS\ALI5261.SYS [2001-08-17 21:11]
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH-820.sys [2004-09-09 20:42]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06cca802-edcb-11db-a91f-0015f229583a}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63456c1a-792c-11d9-9336-806d6172696f}]
\Shell\AutoRun\command - D:\MSsetup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-08-23 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Programmi\Norton Security Scan\Nss.exe [2008-01-09 04:08]
2008-08-30 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-PinnacleDriverCheck - C:\WINDOWS\system32\PSDrvCheck.exe
HKLM-Run-MISAggregator - (no file)
HKLM-Run-WMC_AutoUpdate - (no file)
Notify-AtiExtEvent - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.it/R0 -: HKCU-Main,SearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/search?q=%s
O8 -: &Windows Live Search - C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{8888250C-426E-4F47-8A83-31DB1E4A3335}: NameServer = 85.37.17.9 85.38.28.75
O17 -: HKLM\CCS\Interface\{A2ABF362-ABCD-4A4D-A6B5-17CDE7A57E2C}: NameServer = 151.99.125.2,151.99.125.3
O17 -: HKLM\CCS\Interface\{B636506A-814F-4B0B-8441-50A46E5A4A62}: NameServer = 212.48.4.15,62.211.69.150
O16 -: Microsoft XML Parser for Java -
file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} -
hxxp://www.myheritage.it/Genoogle/Compo ... eQuery.dllC:\WINDOWS\Downloaded Program Files\SearchEngineQuery.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-30 16:57:34
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-08-30 16:59:59
ComboFix-quarantined-files.txt 2008-08-30 14:59:08
Pre-Run: 48,553,717,760 byte disponibili
Post-Run: 49,046,458,368 byte disponibili
179 --- E O F --- 2008-08-30 14:05:36