Salve
ecco quanto ottenuto dopo aver lanciato Combofix.
grazie per l'aiuto.
<code>
ComboFix 10-02-12.01 - Administrator 15/02/2010 12.56.34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.661 [GMT 1:00]
Eseguito da: h:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 100210-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
h:\docume~1\ADMINI~1\IMPOST~1\Temp\eifpgfg.tmp
h:\documents and settings\Administrator\Desktop\Videos.url
h:\documents and settings\Administrator\Impostazioni locali\Temp\eifpgfg.tmp
h:\documents and settings\Administrator\Menu Avvio\Programmi\Videos.url
h:\documents and settings\Administrator\Preferiti\Videos.url
h:\windows\system32\ctfmon .exe
h:\windows\system32\NeroCheck .exe
.
((((((((((((((((((((((((( Files Creati Da 2010-01-15 al 2010-02-15 )))))))))))))))))))))))))))))))))))
.
2010-02-15 11:55 . 2010-02-15 12:21 -------- d-----w- \ComboFix
2010-02-15 11:52 . 2010-02-15 12:21 -------- d-----w- \Qoobox
2010-02-13 11:39 . 2010-02-13 11:39 5632 ----a-w- h:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2010-02-13 11:39 . 2010-02-13 11:39 5632 ----a-w- h:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2010-02-13 11:39 . 2010-02-13 12:51 -------- d-----w- h:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2010-02-13 11:38 . 2010-02-13 15:02 -------- d-----w- h:\programmi\Spyware Terminator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 12:00 . 2008-11-11 20:54 -------- d-----w- h:\documents and settings\Administrator\Dati applicazioni\dvdcss
2009-10-27 12:00 . 2009-10-27 12:00 1511064 ----a-w- h:\programmi\VodeiSetup210.exe
2008-11-10 11:22 . 2008-11-10 11:22 14622342 ----a-w- h:\programmi\vlc-0.9.6-win32.exe
2008-10-06 11:12 . 2008-10-06 11:12 1234120 ----a-w- h:\programmi\winrar.exe
2007-10-20 05:27 . 2006-10-16 18:59 66408 ----a-w- h:\programmi\mozilla firefox\components\jar50.dll
2007-10-20 05:27 . 2006-10-16 18:59 54112 ----a-w- h:\programmi\mozilla firefox\components\jsd3250.dll
2007-10-20 05:27 . 2006-10-16 19:19 34688 ----a-w- h:\programmi\mozilla firefox\components\myspell.dll
2007-10-20 05:27 . 2006-10-16 19:19 46456 ----a-w- h:\programmi\mozilla firefox\components\spellchk.dll
2007-10-20 05:27 . 2006-10-16 18:59 171880 ----a-w- h:\programmi\mozilla firefox\components\xpinstal.dll
.
[code]<pre>
h:\programmi\Alwil Software\Avast4\ashDisp .exe
h:\programmi\Hewlett-Packard\Toolbox\hpbpsttp .exe
</pre>[/code]
------- Sigcheck -------
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . h:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\sfcfiles.dll
[-] 2007-10-14 . 744BE027C16680791A6AC13E0EF35F8F . 1548288 . . [5.1.2600.2180] . . h:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "h:\programmi\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="h:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient 2.6"="h:\programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-11 61440]
"HP Software Update"="h:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="h:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
h:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - h:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=h:\docume~1\ADMINI~1\IMPOST~1\Temp\eifpgfg.tmp 2yGBEBNEED
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Programmi\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"h:\\Programmi\\eMule\\emule.exe"=
"h:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [28/09/2008 12.28.10 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;h:\windows\system32\drivers\sp_rsdrv2.sys [13/02/2010 12.39.39 138752]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [28/09/2008 12.28.10 20560]
.
.
------- Scansione supplementare -------
.
uLocal Page = h:\windows\system32\blank.htm
uStart Page =
hxxp://www.virgilio.it/uInternet Settings,ProxyOverride = <local>
IE: &Winamp Search - h:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&sporta in Microsoft Excel - h:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - h:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\u0ufjd89.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://slirsredirect.search.aol.com/sli ... ie7&query=FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL -
hxxp://slirsredirect.search.aol.com/sli ... pab&query=FF - component: h:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\u0ufjd89.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: h:\programmi\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-15 13:21
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
h:\windows\System32\smss.exe
h:\windows\system32\csrss.exe
h:\windows\system32\winlogon.exe
h:\windows\system32\services.exe
h:\windows\system32\lsass.exe
h:\windows\system32\svchost.exe
h:\windows\system32\svchost.exe
h:\windows\System32\svchost.exe
h:\windows\system32\svchost.exe
h:\windows\system32\svchost.exe
h:\programmi\Alwil Software\Avast4\aswUpdSv.exe
h:\programmi\Alwil Software\Avast4\ashServ.exe
h:\windows\system32\spoolsv.exe
h:\windows\system32\svchost.exe
h:\programmi\Spyware Terminator\sp_rsser.exe
h:\windows\system32\svchost.exe
h:\programmi\Alwil Software\Avast4\ashMaiSv.exe
h:\programmi\Alwil Software\Avast4\ashWebSv.exe
h:\windows\System32\alg.exe
h:\windows\system32\wscntfy.exe
h:\windows\system32\WgaTray.exe
h:\windows\AGRSMMSG.exe
h:\windows\system32\wbem\wmiprvse.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-15 13:25:11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-15 12:24
Pre-Run: 209.463.967.744 byte disponibili
Post-Run: 212.809.785.344 byte disponibili
- - End Of File - - 91775CB1FC69423A709CDBF0DDB17AB8
</code>