io ho disattivato tea timer come tu mi hai detto, prima di usare combo fix ,poi ho fatto partire il programma, il pc si è riavviato da solo quindi c'è stata la scansione automatica, non sò ... penso vada bene. P.S :grazie per la disponibilità
ComboFix 08-09-20.05 - Ranieri 2008-09-22 3:53:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1065 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Ranieri\Documenti\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008.lnk
C:\Documents and Settings\Ranieri\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\Ranieri\Dati applicazioni\rhc9srj0ejfa
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\lphccsrj0ejfa.exe
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\phccsrj0ejfa.bmp
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780}
-------\Service_{DEF85C80-216A-43ab-AF70-1665EDBE2780}
((((((((((((((((((((((((( Files Creati Da 2008-08-22 al 2008-09-22 )))))))))))))))))))))))))))))))))))
.
2008-09-18 15:09 . 2008-09-20 12:56 <DIR> d-------- C:\Programmi\zlqenr
2008-09-18 15:09 . 2008-09-18 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\lytgtqji
2008-08-27 19:35 . 2008-08-28 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-08-22 19:35 . 2008-08-22 19:35 <DIR> d-------- C:\Programmi\DVD Shrink
2008-08-22 19:35 . 2008-08-22 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 14:31 --------- d-----w C:\Programmi\eMule
2008-09-17 14:12 21,088 ----a-w C:\Documents and Settings\Ranieri\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-09-03 21:59 --------- d-----w C:\Programmi\Notepad++
2008-09-03 21:59 --------- d-----w C:\Documents and Settings\Ranieri\Dati applicazioni\Notepad++
2008-08-23 18:18 --------- d-----w C:\Documents and Settings\Ranieri\Dati applicazioni\BitTorrent
2008-08-20 13:45 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-08-08 15:06 --------- d-----w C:\Programmi\Dolphin
2008-08-06 00:46 --------- d-----w C:\Programmi\Google
2008-07-25 11:41 --------- d-----w C:\Programmi\File comuni\Adobe
2008-07-23 17:35 --------- d-----w C:\Programmi\Riva
2008-07-23 17:35 --------- d-----w C:\Programmi\File comuni\SWF Studio
2008-07-23 17:12 --------- d-----w C:\Programmi\Uplink
2008-03-25 23:11 13,195 ----a-w C:\Documents and Settings\Ranieri\zguicfgw.dat
2003-08-16 17:56 579,584 --sha-r C:\WINDOWS\system32\cd.exe
2005-12-04 19:24 185,634 --sha-r C:\WINDOWS\system32\patcher.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\BitTorrent_DNA\\dna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 97408]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{258eee43-da82-11dc-993d-806d6172696f}]
\Shell\AutoRun\command - E:\ShelExec.exe wpi.hta
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÇOS REMOVIDOS - - - -
HKCU-Run-sysadm - C:\WINDOWS\system32\jidsfkrw.exe
HKLM-Run-lphccsrj0ejfa - C:\WINDOWS\system32\lphccsrj0ejfa.exe
HKLM-Run-SMrhc9srj0ejfa - C:\Programmi\rhc9srj0ejfa\rhc9srj0ejfa.exe
HKLM-Explorer_Run-4s5lMpWQH2 - C:\Documents and Settings\Ranieri\Documenti\AdobeFlashPlayerHD.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ranieri\Dati applicazioni\Mozilla\Firefox\Profiles\liq5fgrs.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=FF -: plugin - C:\Programmi\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-22 03:56:05
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Ora fine scansione: 2008-09-22 3:58:16 - machine was rebooted [Ranieri]
ComboFix-quarantined-files.txt 2008-09-22 01:58:13
Pre-Run: 102,770,835,456 byte disponibili
Post-Run: 103,657,246,720 byte disponibili
162 --- E O F --- 2008-09-20 01:40:40