Ciao gahan, uso già di consuetudine CCleaner e con l'impostazione da te suggerita, il tutto allo spegnimento del pc. Il mio dubbio è sulla Service Pack 3 che prima non avevo e che ora sembra rallentare anche il mio pc che è un vecchio Pentium III 800 che a breve cambierò. Volevo anche disinstallare la SP3 ma da Installazion/Applicazioni...nessuna traccia; nemmeno IOBIT ne rileva l'esistenza. Colpa del S.O. non...conforme installatomi? Eppure in Proprietà del Sistema è rilevabile.
Ho fatto una scansione ieri con ComboFix ma dal log (lo allego alla fine) non vedo traccia di eventuali malware...!
Per una mia personale curiosità, mi dici se la variazione di impostazioni in Pannello di Controllo/Opzioni Internet valgono solo per I.E. o si estendono anche ad altri Browser installati?
_____________________________________________________________________________________________________
- Codice: Seleziona tutto
ComboFix 12-07-31.02 - xp 01/08/2012 16.29.10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.342 [GMT 2:00]
Eseguito da: c:\documents and settings\xp\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Creati Da 2012-07-01 al 2012-08-01 )))))))))))))))))))))))))))))))))))
.
.
2012-07-22 20:49 . 2012-07-22 20:49 -------- d-----w- C:\Local Disk D_72220122249
2012-07-22 20:21 . 2011-07-29 11:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-07-22 20:21 . 2012-05-17 15:36 2468520 ----a-w- c:\windows\system32\BootMan.exe
2012-07-22 20:21 . 2011-07-29 11:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-07-22 20:21 . 2011-07-29 11:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-07-22 20:21 . 2011-07-29 11:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2012-07-22 20:19 . 2012-07-22 20:19 -------- d-----w- c:\programmi\EaseUS
2012-07-20 19:57 . 2012-07-20 19:57 -------- d-----w- c:\documents and settings\xp\Impostazioni locali\Dati applicazioni\Mozilla
2012-07-14 19:59 . 2012-07-14 19:59 -------- d-----w- c:\documents and settings\xp\Dati applicazioni\IObit
2012-07-13 20:10 . 2012-07-13 20:10 -------- d-----w- c:\programmi\Microsoft.NET
2012-07-13 20:01 . 2012-07-22 17:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Freemake
2012-07-13 19:56 . 2012-07-13 19:57 -------- d-----w- c:\documents and settings\xp\Impostazioni locali\Dati applicazioni\CRE
2012-07-13 19:54 . 2012-07-22 17:10 -------- d-----w- c:\programmi\Freemake
2012-07-08 13:09 . 2012-07-08 13:09 -------- d-----w- c:\documents and settings\xp\Impostazioni locali\Dati applicazioni\Apple Computer
2012-07-08 13:09 . 2012-07-08 13:09 -------- d-----w- c:\documents and settings\xp\Dati applicazioni\Apple Computer
2012-07-08 13:03 . 2012-07-08 13:03 -------- d-----w- c:\documents and settings\xp\Impostazioni locali\Dati applicazioni\Apple
2012-07-03 14:41 . 2012-07-15 16:03 -------- d-----w- c:\documents and settings\xp\Impostazioni locali\Dati applicazioni\Google
2012-07-02 17:10 . 2011-09-21 08:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-07-02 17:10 . 2012-07-02 17:10 -------- d-----w- c:\programmi\CPUID
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 13:24 . 2012-06-12 16:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 13:24 . 2012-06-12 16:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 17:29 . 2012-06-12 16:59 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 17:29 . 2012-06-12 16:59 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-04 17:29 . 2012-06-12 16:59 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-14 00:15 . 2012-07-29 13:27 136672 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-11-24 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-11-24 . 3FCBFC8396D6FC311CA034A0091A489C . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-07-18_09.38.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-01 12:06 . 2012-08-01 12:06 16384 c:\windows\Temp\Perflib_Perfdata_618.dat
+ 2012-07-27 13:24 . 2012-07-27 13:24 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
+ 2012-06-12 16:24 . 2012-07-27 13:24 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-06-12 16:24 . 2012-07-17 12:50 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-27 13:24 . 2012-07-27 13:24 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
"AdslTaskBar"="stmctrl.dll" [2003-04-16 151552]
"SpywareTerminatorShield"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2012-03-28 2786480]
"SpywareTerminatorUpdater"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-03-28 3669680]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-11-24 123904]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check(2).lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check(2).lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Menu Avvio^Programmi^Esecuzione automatica^My 190.lnk]
path=c:\documents and settings\xp\Menu Avvio\Programmi\Esecuzione automatica\My 190.lnk
backup=c:\windows\pss\My 190.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/06/2012 13.38.34 36000]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [11/06/2012 21.29.30 32768]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [11/06/2012 13.38.39 86224]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [02/07/2012 19.10.29 21992]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\programmi\Spyware Terminator\st_rsser.exe [11/06/2012 21.29.12 482992]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [11/06/2012 21.09.32 59338]
R3 TaurusUsb;ADSL Modem USB Service 1.09a;c:\windows\system32\drivers\torususb.sys [11/06/2012 21.09.33 527980]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/06/2012 18.24.31 250056]
S3 cpuz134;cpuz134;\??\c:\docume~1\xp\IMPOST~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\xp\IMPOST~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [22/07/2012 22.21.33 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [22/07/2012 22.21.34 8456]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [29/07/2012 15.27.19 113120]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 13:24]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.dediche.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{BB34E6F4-F46F-4E50-A3AB-0B73054FA999}: NameServer = 193.70.152.15 212.52.97.15
FF - ProfilePath - c:\documents and settings\xp\Dati applicazioni\Mozilla\Firefox\Profiles\lxdyr3t0.default\
FF - prefs.js: browser.startup.homepage - http://www.libero.it
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-01 16:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2476)
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Ora fine scansione: 2012-08-01 16:49:07
ComboFix-quarantined-files.txt 2012-08-01 14:49
ComboFix2.txt 2012-07-18 09:48
.
Pre-Run: 10.208.194.560 byte disponibili
Post-Run: 10.197.811.200 byte disponibili
.
- - End Of File - - 81DC754D4AE6F2C33355B2E560DA531D
Due cose sono infinite: l’universo e la stupidità umana, ma riguardo l’universo ho ancora dei dubbi.
- Albert Einstein -
Registrazione
