ciao Shel, ho fatto tutto e questo è di seguito il report:
(2 domande:la scansione l'ho fatta senza connessione, ma di solito non è necessaria per esempio con Avira?!?!; mi dice te quando posso riattivare Avira?)
ComboFix 09-10-13.01 - elena 13/10/2009 23.05.53.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.416 [GMT 2:00]
Eseguito da: d:\documents and settings\elena\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cleanup.exe
c:\programmi\Search Settings
c:\programmi\Search Settings\kb128\SeARchsettings.dll
c:\programmi\Search Settings\kb128\SearchSettingsRes409.dll
c:\programmi\Search Settings\SearchSettings.exe
c:\recycler\S-1-5-21-1613130643-2853886440-2512024518-500
c:\recycler\S-1-5-21-519248355-1707108783-2238449572-500
c:\windows\Installer\WMEncoder.msi
c:\windows\kb913800.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-09-13 al 2009-10-13 )))))))))))))))))))))))))))))))))))
.
2009-10-04 06:38 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 13:59 . 2009-10-02 13:59 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-10-02 13:59 . 2009-10-02 13:59 -------- d-----w- c:\programmi\File comuni\Nokia
2009-09-15 17:07 . 2007-10-04 15:42 48128 ----a-w- c:\windows\system32\Remove.exe
2009-09-15 17:07 . 2008-02-13 11:17 618112 ----a-w- c:\windows\system32\drivers\PFC027.SYS
2009-09-15 17:07 . 2009-09-15 17:07 -------- d-----w- c:\programmi\Trust
2009-09-15 17:07 . 2006-10-12 09:57 14336 ----a-w- c:\windows\system32\P207USD.dll
2009-09-15 17:07 . 2009-09-15 17:07 -------- d-----w- c:\programmi\File comuni\PAC207
2009-09-15 17:07 . 2009-09-15 17:07 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 16:42 . 2007-07-22 13:17 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-10-10 13:48 . 2007-02-15 15:40 -------- d-----w- c:\programmi\eMule
2009-10-04 07:17 . 2008-11-20 16:59 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\dvdcss
2009-10-02 17:13 . 2009-09-13 19:02 921632 ----a-w- C:\PA207.DAT
2009-10-02 13:58 . 2008-01-15 10:28 -------- d-----w- c:\programmi\Nokia
2009-10-02 13:58 . 2008-01-14 14:09 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Installations
2009-09-15 17:07 . 2006-11-09 20:45 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-09-15 14:40 . 2008-02-26 22:00 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\DivX
2009-09-13 17:36 . 2008-01-29 10:33 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\ArcSoft
2009-09-13 17:32 . 2009-09-13 17:32 -------- d-----w- c:\programmi\File comuni\ArcSoft
2009-09-13 17:31 . 2007-01-23 20:30 -------- d-----w- c:\programmi\ArcSoft
2009-09-11 22:24 . 2008-02-26 19:46 -------- d-----w- c:\programmi\DivX
2009-09-11 22:24 . 2009-08-02 06:58 -------- d-----w- c:\programmi\vso
2009-09-11 22:08 . 2009-09-11 22:08 -------- d-----w- d:\documents and settings\elena\Dati applicazioni\Media Player Classic
2009-09-10 21:59 . 2009-09-10 21:58 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-09-07 07:17 . 2009-03-29 07:09 -------- d-----w- c:\programmi\CDBurnerXP
2009-09-06 12:39 . 2006-11-09 20:45 -------- d-----w- c:\programmi\Sonic
2009-09-06 12:35 . 2009-09-06 12:35 -------- d-----w- c:\programmi\CCleaner
2009-09-05 18:45 . 2009-09-05 18:45 -------- d-----w- c:\programmi\VS Revo Group
2009-09-05 18:33 . 2008-03-16 21:37 -------- d-----w- c:\programmi\Lavasoft
2009-09-01 13:41 . 2009-09-01 13:41 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2009-08-29 12:30 . 2009-08-29 12:30 -------- d-----w- d:\documents and settings\gaia\Dati applicazioni\vlc
2009-08-29 09:16 . 2009-08-29 09:16 -------- d-----w- c:\programmi\Microsoft
2009-08-29 09:09 . 2009-08-29 08:50 133 ----a-w- d:\documents and settings\gaia\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-08-29 08:53 . 2009-08-29 08:53 -------- d-----w- d:\documents and settings\gaia\Dati applicazioni\Search Settings
2009-08-29 08:51 . 2009-08-29 08:51 -------- d-----w- d:\documents and settings\gaia\Dati applicazioni\PC Suite
2009-08-26 13:51 . 2009-08-02 20:59 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-08 14:04 . 2009-08-08 14:04 574 ----a-w- C:\cleanup.bat
2009-08-08 14:04 . 2009-08-08 14:04 135168 ----a-w- C:\zip.exe
2009-08-07 13:14 . 2009-08-07 13:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-07 08:22 . 2004-10-25 18:40 84048 ----a-w- c:\windows\system32\perfc010.dat
2009-08-07 08:22 . 2004-10-25 18:40 489396 ----a-w- c:\windows\system32\perfh010.dat
2009-08-05 08:59 . 2004-10-25 18:38 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-08-08 14:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-08-08 14:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2004-10-25 18:37 58880 ----a-w- c:\windows\system32\atl.dll
2008-01-17 13:15 . 2008-01-17 10:55 48 --sh--w- c:\windows\S9A0A7A22.tmp
2008-03-29 12:46 . 2008-03-27 16:26 2756640 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-12-08 14:39 . 2005-12-08 14:39 975360 c:\apps\SMP\bak\SmpSys.exe
2006-03-30 15:45 . 2006-03-30 15:45 313472 c:\programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
2007-02-06 11:38 . 2003-10-29 14:11 462848 c:\programmi\digicomt\Michelangelo USB ADSL\bak\CnxDslTb.exe
2008-01-06 18:01 . 2007-11-01 09:30 1201664 c:\programmi\FeedReader30\bak\feedreader.exe
2005-02-16 15:15 . 2005-02-16 15:15 81920 c:\programmi\File comuni\InstallShield\UpdateService\bak\issch.exe
2003-09-29 23:14 . 2003-09-29 23:14 155648 c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
2006-10-09 10:56 . 2004-10-04 11:03 310272 c:\programmi\Goto Software\Vade Retro\bak\Vaderetro_oe.exe
2007-04-23 20:51 . 2007-12-21 12:21 579072 c:\programmi\Grisoft\AVG7\bak\avgcc.exe
2007-08-01 20:59 . 2007-08-01 20:59 77824 c:\programmi\Java\jre1.6.0\bin\bak\jusched.exe
2007-12-10 09:12 . 2007-12-10 09:12 695808 c:\programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe
2006-10-09 11:02 . 2006-10-09 11:02 98304 c:\programmi\QuickTime\bak\qttask.exe
2007-01-29 17:04 . 2002-02-04 21:32 53248 c:\programmi\REGSHAVE\bak\REGSHAVE.EXE
2006-03-21 12:19 . 2006-03-21 12:19 69632 c:\programmi\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe
2006-11-03 18:20 . 2006-11-03 18:20 866584 c:\programmi\Windows Defender\bak\MSASCui.exe
2006-11-03 18:20 . 2006-11-03 18:20 866584 c:\programmi\Windows Defender\MSASCui.exe
2006-10-09 10:35 . 2005-09-29 12:01 67584 c:\windows\ehome\bak\ehtray.exe
2006-10-09 10:35 . 2005-08-17 20:40 64512 c:\windows\ehome\ehtray.exe
2004-10-25 18:53 . 2004-09-07 12:00 208952 c:\windows\ime\IMJP8_1\bak\IMJPMIG.EXE
2004-10-25 18:53 . 2004-09-07 12:00 208952 c:\windows\ime\IMJP8_1\imjpmig.exe
2004-10-25 18:39 . 2004-09-07 12:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-10-25 18:39 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe
2004-10-25 18:53 . 2004-09-07 12:00 455168 c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE
2004-10-25 18:53 . 2004-09-07 12:00 455168 c:\windows\system32\IME\TINTLGNT\tintsetp.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"feedreader.exe"="c:\programmi\FeedReader30\feedreader.exe" [N/A]
"Rainlendar2"="c:\programmi\Rainlendar2\Rainlendar2.exe" [N/A]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [N/A]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Nokia FastStart"="c:\programmi\Nokia\Nokia Music\NokiaMusic.exe" [N/A]
"SearchSettings"="c:\programmi\Search Settings\SearchSettings.exe" [N/A]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2004-06-29 569344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:127.0.0.1
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 20.19.58 13592]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [06/02/2007 13.38.28 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [06/02/2007 13.38.28 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [06/02/2007 13.38.28 108675]
S1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys --> c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [15/09/2009 19.07.49 618112]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-10-13 c:\windows\Tasks\Configura il mio PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 08:03]
2009-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-22 19:33]
2009-10-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2009-10-11 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-10-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-10-13 c:\windows\Tasks\User_Feed_Synchronization-{6AFA8E2B-55E2-4B55-BDFE-B9562D22A3B1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.libero.it/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = "c:\programmi\Outlook Express\msimn.exe"
IE: Add to AMV Converter... - c:\programmi\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - d:\documents and settings\elena\Dati applicazioni\Mozilla\Firefox\Profiles\2g4m2snj.default\
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\programmi\DivX\DivXWebPlayerUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-13 23:10
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2009-10-13 23.13.03
ComboFix-quarantined-files.txt 2009-10-13 21:13
Pre-Run: 12.870.221.824 byte disponibili
Post-Run: 12.838.326.272 byte disponibili
213 --- E O F --- 2009-10-12 15:46