grazie ecco il contenuto, ma non ho saputo disattivare tea times di Spybot perché non so cos'è e dove si trova. E ora?
ComboFix 08-09-16.05 - rob 2008-09-18 0.52.49.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.570 [GMT 2:00]
Eseguito da: D:\Documents and Settings\rob\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Tasks\JkDefragCmd.exe
D:\Documents and Settings\rob\Dati applicazioni\inst.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-08-17 al 2008-09-17 )))))))))))))))))))))))))))))))))))
.
2008-09-17 16:37 . 2008-09-18 00:34 <DIR> d-a------ D:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-17 16:36 . 2008-09-17 16:42 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-09-09 12:35 . 2008-09-09 12:35 <DIR> d--h-c--- D:\Documents and Settings\All Users\Dati applicazioni\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-02 09:10 . 2008-09-02 09:10 <DIR> d-------- C:\Programmi\FriendFinder
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 22:41 --------- d-----w C:\Programmi\Mozilla Thunderbird
2008-09-17 17:30 --------- d-----w D:\Documents and Settings\rob\Dati applicazioni\Skype
2008-09-16 07:03 17,828,722 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-15 17:45 --------- d-----w C:\Programmi\File comuni\Real
2008-09-06 22:27 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-09-06 22:17 --------- d-----w D:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-08-29 04:53 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-21 11:10 60,712 ----a-w D:\Documents and Settings\rob\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-08-13 07:15 79,360 ----a-w C:\Programmi\1040.MST
2008-08-13 07:15 30,339,584 ----a-w C:\Programmi\NokiaPCSuite.msi
2008-08-13 07:14 --------- d-----w D:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2008-08-12 12:43 --------- d-----w D:\Documents and Settings\rob\Dati applicazioni\Apple Computer
2008-08-12 06:09 --------- d-----w C:\Programmi\File comuni\Adobe
2008-08-12 06:02 --------- d-----w C:\Programmi\eMule
2008-08-02 15:59 --------- d-----w C:\Programmi\Apple Software Update
2008-08-02 08:27 --------- d-----w C:\Programmi\Nokia
2008-07-21 19:53 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-07-07 12:57 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-22 12:11 10,752 ----a-w C:\WINDOWS\system32\dumprep.exe
2008-06-19 07:08 5,298,176 -c--a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-06-05 17:14 47,360 ----a-w D:\Documents and Settings\rob\Dati applicazioni\pcouffin.sys
.
------- Sigcheck -------
2004-09-07 14:00 14336 30b08704e17975eab783752b86b528b8 C:\WINDOWS\system32\svchost.exe
2005-03-02 20:20 578048 488019bfe2b0f9f8cd8394276d5b664a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 579072 bab4f995e526484a235a276e269aaf7f C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:37 578560 9daa2190a18739b657b58f794acf2e47 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 9daa2190a18739b657b58f794acf2e47 C:\WINDOWS\system32\dllcache\user32.dll
2004-09-07 14:00 82944 8a31728eee6c24eea44c1eae45af890e C:\WINDOWS\system32\ws2_32.dll
2008-03-01 14:34 827392 93db90be4a10ec784ddc9c8601a28aa6 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-02-16 11:31 668672 3cbcb268e9dcf7ac46b66559b3d7af97 C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-04-23 06:16 826368 c1089010bcc3fd01056d26e9a36bbb79 C:\WINDOWS\SoftwareDistribution\Download\d1fb45c2999e499ac8b2fb7e1364b29e\SP2GDR\wininet.dll
2008-04-23 06:19 827392 fe184a2b736f216ccc22abeebb40787d C:\WINDOWS\SoftwareDistribution\Download\d1fb45c2999e499ac8b2fb7e1364b29e\SP2QFE\wininet.dll
2008-03-01 14:58 826368 61d4f43d26ec9d21beb6f38f22b396ab C:\WINDOWS\system32\wininet.dll
2008-03-01 14:58 826368 61d4f43d26ec9d21beb6f38f22b396ab C:\WINDOWS\system32\dllcache\wininet.dll
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-07 14:00 504832 bd11ece6a5bd592fddcf9545b4296d17 C:\WINDOWS\system32\winlogon.exe
2004-09-07 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-09-07 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 10:12 2060672 de16030e8209fd96eeb06d9e3d8c84a8 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
md5deep: C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe: Permission denied
2007-02-28 18:06 2020864 7eddc44bfacb2cdc0ae4d555d7ffdf8e C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:06 2063104 f89d8e24fbe047506d60b850d00bdee3 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 20:12 2183296 c120a33c71e706545cf26d6276bc0344 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
md5deep: C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe: Permission denied
2007-02-28 18:06 2141184 342e4c3b30464acbe454693fc8a099a0 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:06 2185856 763ea08993b467a3af048ef185b1f805 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 15:22 1035776 7e2817a623e16f830b660f81c0fd63da C:\WINDOWS\explorer.exe
2007-06-13 15:10 1035776 b4e85805be6d23de697f7b3ba7492d0b C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 1035776 7e2817a623e16f830b660f81c0fd63da C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-07 14:00 108544 1a58ca8f695b31e800ae6ddfc02814b0 C:\WINDOWS\system32\services.exe
2004-09-07 14:00 13312 4e4d7fa847a3fa5a67d56e57c8d238e8 C:\WINDOWS\system32\lsass.exe
2004-09-07 14:00 15360 33f14c55448ffa3e9dae4854cc632d33 C:\WINDOWS\system32\ctfmon.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2004-09-07 14:00 25088 48f56fff2406ac5301522aa4de699114 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]
"DSLAGENTEXE"="dslagent.exe" [2003-04-01 C:\WINDOWS\system32\dslagent.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailChecker
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" /background
"SmpcSys"=C:\APPS\SMP\SmpSys.exe
"SpybotSD TeaTimer"=C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
"FAST Defrag"=C:\PROGRA~1\FDF\FAST2.EXE -tray
"IMC"=C:\Programmi\FriendFinder\FriendFinder Messenger 4\imc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
"DetectorApp"=C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
"SunJavaUpdateSched"=C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"ATICCC"="c:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"RTHDCPL"=RTHDCPL.EXE
"OmniPass"=C:\Apps\Softex\OmniPass\scureapp.exe
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe"
"SMSERIAL"=sm56hlpr.exe
"Logitech Utility"=Logi_MwX.Exe
"SDFix"=C:\SDFix\RunThis.bat /second
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
"DSLSTATEXE"=C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-07 76040]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-17 825600]
R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys [2005-09-16 149504]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 7040]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-09-07 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ffa703e-db96-11dc-85f2-00024f300101}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ffa703f-db96-11dc-85f2-00024f300101}]
\Shell\AutoRun\command - ek.com
\Shell\explore\Command - ek.com
\Shell\open\Command - ek.com
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÃOS REMOVIDOS - - - -
Notify-AtiExtEvent - (no file)
Notify-crypt32chain - (no file)
Notify-cryptnet - (no file)
Notify-cscdll - (no file)
Notify-OPXPGina - (no file)
Notify-ScCertProp - (no file)
Notify-sclgntfy - (no file)
Notify-SensLogn - (no file)
Notify-termsrv - (no file)
Notify-WgaLogon - (no file)
Notify-wlballoon - (no file)
Notify-WRNotifier - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\rob\Dati applicazioni\Mozilla\Firefox\Profiles\tt8262qo.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=FireFox -: prefs.js - STARTUP.HOMEPAGE -
www.google.it.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-18 00:55:19
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-09-18 0:56:46
ComboFix-quarantined-files.txt 2008-09-17 22:56:37
ComboFix2.txt 2008-05-09 21:29:59
Pre-Run: 5,152,796,672 byte disponibili
Post-Run: 5,123,944,448 byte disponibili
194 --- E O F --- 2008-08-12 05:51:09