Ciao
allora ho eseguito scansione con Kaspersky : NADA DE NADA - Tutto OK
Il combofix ha generato questo txt
Se c'e' qualche operazione da eseguire ... dimmi passo passo cosa debbop fare ! GRZ
ComboFix 11-10-06.03 - PINO AL 06/10/2011 18.44.59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.445 [GMT 2:00]
Eseguito da: c:\documents and settings\PINO AL\Desktop\Docum pers\PROGRAMMI AIUTAMICI\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\PINO AL\Dati applicazioni\FFSJ
c:\documents and settings\PINO AL\Dati applicazioni\FFSJ\FFSJ.cfg
c:\documents and settings\PINO AL\Impostazioni locali\Dati applicazioni\ykpbex.dat
c:\documents and settings\PINO AL\Impostazioni locali\Dati applicazioni\ykpbex_nav.dat
c:\documents and settings\PINO AL\Impostazioni locali\Dati applicazioni\ykpbex_navps.dat
c:\documents and settings\PINO AL\WINDOWS
c:\programmi\Search Guard Plus
c:\programmi\Search Guard Plus\fbsProtection.xml
c:\programmi\Search Guard Plus\fbsSearchProvider.xml
c:\programmi\Search Guard PlusU
c:\programmi\Search Guard PlusU\sgpUpdater.xml
c:\windows\IsUn0410.exe
c:\windows\kb913800.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\spool\prtprocs\w32x86\pcldll6l.dll
c:\windows\system32\spool\prtprocs\w32x86\zpp.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-06 al 2011-10-06 )))))))))))))))))))))))))))))))))))
.
.
2011-09-26 06:48 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-26 06:48 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-09 09:12 . 2011-09-09 09:12 603136 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 06:49 . 2010-11-19 12:48 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-09 09:12 . 2004-10-25 19:38 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 15:00 . 2009-06-17 16:03 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-19 03:05 . 2011-04-12 19:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-19 00:40 . 2011-05-19 19:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2004-10-25 19:38 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2007-11-15 20:06 . 2008-02-17 11:59 745472 ----a-w- c:\programmi\Globe7.exe
2007-11-11 13:17 . 2008-02-17 11:59 40960 ----a-w- c:\programmi\Uninstallinfo.exe
2007-10-16 19:48 . 2008-02-17 11:59 253120 ----a-w- c:\programmi\appface.dll
2006-07-16 01:51 . 2008-02-17 11:59 1060864 ----a-w- c:\programmi\MFC71.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 08:15 2532680 ----a-w- c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Spamihilator"="c:\programmi\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-12-11 98304]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-09-26 2076512]
"AirPort Base Station Agent"="c:\programmi\AirPort\APAgent.exe" [2009-11-11 771360]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\PINO AL\Menu Avvio\Programmi\Esecuzione automatica\
Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [1997-1-10 16384]
Registrazione di Lotus SmartSuite 97.lnk - c:\lotus\register\remind32.exe [1995-11-6 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2011-06-05 20:14 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Spamihilator\\cdcc.exe"=
"c:\\Programmi\\Spamihilator\\dccproc.exe"=
"c:\\Programmi\\Spamihilator\\spamihilator.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Java\\jre1.5.0_16\\bin\\javaw.exe"=
"c:\\Programmi\\AirPort\\APAgent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\AirPort\\APUtil.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/11/2010 14.48.45 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19/11/2010 14.48.53 243152]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [05/06/2011 22.14.49 308136]
S2 gupdate1c9e667abcd1cc0;Google Update Service (gupdate1c9e667abcd1cc0);c:\programmi\Google\Update\GoogleUpdate.exe [06/06/2009 7.28.45 133104]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 20.19.58 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programmi\AVG\AVG9\Toolbar\ToolbarBroker.exe [05/06/2011 22.02.19 1025352]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [06/06/2009 7.28.45 133104]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 46280160
*Deregistered* - 46280160
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-06 05:28]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-06 05:28]
.
2011-09-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-10-05 c:\windows\Tasks\User_Feed_Synchronization-{ACA043C2-7F69-48FC-AD8A-6F994006E6E9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://news.google.it/nwshp?hl=it&tab=wn
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Ricerca - c:\programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
TCP: DhcpNameServer = 10.0.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-10-06 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1927553723-2818758206-392735008-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9AA662E6-4410-9D96-8511-8C3910A5964D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iappgddhoinegfigjj"=hex:6b,61,6e,67,70,69,65,6a,67,6b,6b,70,65,69,70,6d,63,6d,
65,66,62,61,00,00
"hajoaajjcaejjjfi"=hex:6b,61,6c,67,67,6f,6e,67,62,70,66,62,6a,69,6d,69,6f,69,
6c,6d,6d,61,00,00
"halepjadbnhiphpi"=hex:61,61,00,7e
"halepjadojcnafnn"=hex:61,61,00,7e
.
Ora fine scansione: 2011-10-06 19:07:08
ComboFix-quarantined-files.txt 2011-10-06 17:07
.
Pre-Run: 7.310.790.656 byte disponibili
Post-Run: 7.485.759.488 byte disponibili
.
- - End Of File - - 3F9E1E2BB4EFD70E3D68F0FE85EB3C1E