Ccbusto, beh..si, ci sono diversi programmi all'avvio e sinceramente di alcuni non sono sicuro della funzione e cosa succede se li elimino all'avvio. Ad es. cosa suceede se disabilito dall'esecuzione automatica:
O4 - Global Startup: EPSON Status Monitor 3 Environment...;
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\...
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 ....... [E consimili...]
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar --- Questa voce credo riguardi il modem adsl...Mi conviene proprio eliminarla?
Comunque ho fatto una scansione con Combofix (Grande!!!) che mi ha avvertito di aver trovato dei Rootkit e ha eliminato in automatico qualche cosuccia...! Devo dire che il pc va già meglio, Scansioni fatte con Avira, Prevx, Runscanner, Spywareterminator e Malwarebytes...avevano dato tutte esito negativo!!! Comunque allego il log di Combofix per sentire il tuo parere...
______________________________________________________________________________________________________________
ComboFix 12-07-16.01 - xp 18/07/2012 11.17.26.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.211 [GMT 2:00]
Eseguito da: c:\documents and settings\xp\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\xp\WINDOWS
c:\windows\host32.exe
c:\windows\system32\ntos.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\sqlite3.dll
c:\windows\system32\twext.exe
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EPSONSTATUSAGENT2
-------\Service_EPSONStatusAgent2
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-18 al 2012-07-18 )))))))))))))))))))))))))))))))))))
.
.
2012-07-18 08:17 . 2012-07-18 08:17 -------- d-----w- c:\documents and settings\xp\Impostazioni locali\Dati applicazioni\Mozilla
2012-07-14 19:59 . 2012-07-14 19:59 -------- d-----w- c:\documents and settings\xp\Dati applicazioni\IObit
2012-07-13 20:10 . 2012-07-13 20:10 -------- d-----w- c:\programmi\Microsoft.NET
2012-07-13 20:01 . 2012-07-14 20:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Freemake
2012-07-13 19:56 . 2012-07-13 19:57 -------- d-----w- c:\documents and settings\xp\Impostazioni locali\Dati applicazioni\CRE
2012-07-13 19:54 . 2012-07-14 20:32 -------- d-----w- c:\programmi\Freemake
2012-07-08 13:09 . 2012-07-08 13:09 -------- d-----w- c:\documents and settings\xp\Impostazioni locali\Dati applicazioni\Apple Computer
2012-07-08 13:09 . 2012-07-08 13:09 -------- d-----w- c:\documents and settings\xp\Dati applicazioni\Apple Computer
2012-07-08 13:03 . 2012-07-08 13:03 -------- d-----w- c:\documents and settings\xp\Impostazioni locali\Dati applicazioni\Apple
2012-07-03 14:41 . 2012-07-15 16:03 -------- d-----w- c:\documents and settings\xp\Impostazioni locali\Dati applicazioni\Google
2012-07-02 17:10 . 2011-09-21 08:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-07-02 17:10 . 2012-07-02 17:10 -------- d-----w- c:\programmi\CPUID
2012-06-28 13:52 . 2012-06-28 13:54 -------- d-----w- c:\windows\system32\NtmsData
2012-06-28 12:48 . 2008-04-13 09:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-06-28 12:48 . 2008-04-13 09:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-06-28 12:48 . 2008-04-13 09:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-06-28 12:48 . 2008-04-13 09:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-24 10:26 . 2012-06-24 10:26 -------- d-----w- c:\programmi\Sandboxie
2012-06-21 13:49 . 2012-06-21 13:49 -------- d-----w- c:\documents and settings\xp\Dati applicazioni\it.vodafone.desktopwidget
2012-06-21 13:49 . 2012-06-21 13:49 -------- d-----w- c:\programmi\My 190
2012-06-21 13:47 . 2012-06-21 13:47 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2012-06-20 12:40 . 2012-07-14 20:24 -------- d-----w- c:\documents and settings\xp\Dati applicazioni\emesene
2012-06-19 17:40 . 2012-06-19 17:40 71880 ----a-w- c:\windows\system32\PxSecure.dll
2012-06-19 17:40 . 2012-06-19 17:40 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2012-06-19 17:40 . 2012-06-19 17:40 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-06-19 17:40 . 2012-06-19 17:40 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2012-06-19 17:40 . 2012-06-19 17:40 -------- d-----w- c:\programmi\Prevx
2012-06-19 17:39 . 2012-07-15 16:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2012-06-19 17:09 . 2012-06-19 17:09 -------- d-----w- c:\documents and settings\xp\Impostazioni locali\Dati applicazioni\webkit
2012-06-19 16:48 . 2012-06-19 16:48 -------- d-----w- c:\documents and settings\xp\.config
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 12:50 . 2012-06-12 16:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 12:50 . 2012-06-12 16:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 17:29 . 2012-06-12 16:59 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 17:29 . 2012-06-12 16:59 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-04 17:29 . 2012-06-12 16:59 687504 ----a-w- c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-11-24 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
.
[-] 2008-11-24 . 3FCBFC8396D6FC311CA034A0091A489C . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
c:\windows\System32\wscntfy.exe ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
"AdslTaskBar"="stmctrl.dll" [2003-04-16 151552]
"SpywareTerminatorShield"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2012-03-28 2786480]
"SpywareTerminatorUpdater"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-03-28 3669680]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-11-24 123904]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2012-6-11 135680]
.
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Menu Avvio^Programmi^Esecuzione automatica^My 190.lnk]
path=c:\documents and settings\xp\Menu Avvio\Programmi\Esecuzione automatica\My 190.lnk
backup=c:\windows\pss\My 190.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [19/06/2012 19.40.25 32008]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/06/2012 13.38.34 36000]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [19/06/2012 19.40.24 76696]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [11/06/2012 21.29.30 32768]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [11/06/2012 13.38.39 86224]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [02/07/2012 19.10.29 21992]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [19/06/2012 19.40.22 6416120]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [19/06/2012 19.40.23 26096]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [11/06/2012 21.09.32 59338]
R3 TaurusUsb;ADSL Modem USB Service 1.09a;c:\windows\system32\drivers\torususb.sys [11/06/2012 21.09.33 527980]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/06/2012 18.24.31 250056]
S3 cpuz134;cpuz134;\??\c:\docume~1\xp\IMPOST~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\xp\IMPOST~1\Temp\cpuz134\cpuz134_x32.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 12:50]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.dediche.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-HijackThis - g:\provvisorio_sett.2011\DATI_02.2011\AAA.Programmi_2009\Hijackthis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-07-18 11:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(4712)
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\programmi\Sandboxie\SbieSvc.exe
c:\programmi\Spyware Terminator\st_rsser.exe
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-18 11:48:34 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-18 09:48
.
Pre-Run: 2.495.508.480 byte disponibili
Post-Run: 2.471.710.720 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5960C2A296F53219A81FCCF602D56750
_________________________________________________________________________________________________________________