Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

Ecco il log!..Spero che sia meglio di prima! (Problema: dopo che ha finito di creare il nuovo log ho provato a riattivare l'antivirus, cioè Pc Tools Antivirus, ma non parte. Significa che lo devo cambiare giusto??Se si, mi consigliate un buon antivirus free??)

ComboFix 09-06-28.02 - Silvia 19/01/2010 19.59.37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.767.398 [GMT 1:00]
Eseguito da: c:\documents and settings\Silvia\Desktop\COMBOFIX.EXE
Opzioni usate :: c:\documents and settings\Silvia\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Digital Patrol *On-access scanning enabled* (Updated) {35237DD9-776F-4485-A7AF-729074E24B96}
AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -

FILE ::
"c:\windows\TEMP\H8SRTbee6.tmp"
.

((((((((((((((((((((((((( Files Creati Da 2009-12-19 al 2010-01-19 )))))))))))))))))))))))))))))))))))
.

2010-01-19 10:38 . 2010-01-19 10:38 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-19 10:05 . 2010-01-19 10:11 -------- d-s---w- C:\COMBO-FIX
2010-01-18 22:04 . 2010-01-18 22:04 -------- dc----w- c:\windows\system32\dllcache\cache
2010-01-18 21:58 . 2010-01-18 22:08 -------- d-s---w- C:\TOMBO-FIX
2010-01-18 15:52 . 2010-01-18 15:59 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-01-18 14:21 . 2010-01-18 14:21 -------- d-----w- c:\programmi\Crawler
2010-01-18 14:20 . 2010-01-19 15:28 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Spyware Terminator
2010-01-18 14:20 . 2010-01-18 14:20 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2010-01-18 14:20 . 2010-01-18 14:20 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2010-01-18 14:20 . 2010-01-18 14:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-18 14:20 . 2010-01-19 16:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2010-01-18 14:20 . 2010-01-19 16:04 -------- d-----w- c:\programmi\Spyware Terminator
2010-01-15 12:15 . 2010-01-15 12:15 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\URSoft
2010-01-15 12:15 . 2010-01-15 12:15 -------- d-----w- c:\programmi\Your Uninstaller 2010
2010-01-15 11:48 . 2010-01-15 11:44 185344 ----a-w- c:\windows\system32\framedyn.dll
2010-01-15 11:46 . 2010-01-15 11:44 5415 ----a-w- c:\windows\system32\Choice.com
2010-01-14 19:33 . 2010-01-14 19:33 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\PC Tools
2010-01-14 19:32 . 2009-08-24 13:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-14 19:32 . 2009-08-19 10:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-14 19:32 . 2010-01-14 19:32 -------- d-----w- c:\programmi\File comuni\PC Tools
2010-01-14 19:32 . 2009-02-10 09:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2010-01-14 19:32 . 2009-02-10 09:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2010-01-14 19:32 . 2009-02-10 09:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2010-01-14 19:31 . 2010-01-19 19:01 -------- d-----w- c:\programmi\PC Tools AntiVirus
2010-01-14 19:31 . 2010-01-14 19:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2010-01-14 16:41 . 2010-01-14 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-12-21 00:00 . 2009-12-21 00:00 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\.clamwin
2009-12-20 23:59 . 2009-12-20 23:59 -------- d-----w- c:\programmi\ClamWin
2009-12-20 23:59 . 2009-12-20 23:59 -------- d-----w- c:\documents and settings\All Users\.clamwin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 19:02 . 2008-01-21 10:46 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-18 16:05 . 2009-12-20 18:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-01-18 15:59 . 2007-10-06 16:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-18 11:27 . 2008-04-21 18:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 13:03 . 2007-10-07 08:22 -------- d-----w- c:\programmi\File comuni\eMule
2010-01-15 10:25 . 2007-10-07 08:30 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Azureus
2010-01-07 15:07 . 2009-12-19 23:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-19 23:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 16:41 . 2009-02-06 21:07 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Desktopicon
2009-12-19 23:29 . 2009-12-19 23:29 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Malwarebytes
2009-12-19 23:29 . 2009-12-19 23:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-18 08:12 . 2007-10-07 08:37 -------- d-----w- c:\programmi\Azureus
2009-12-11 10:06 . 2004-08-30 20:00 99302 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 10:06 . 2004-08-30 20:00 524698 ----a-w- c:\windows\system32\perfh010.dat
2009-12-06 10:49 . 2009-12-06 10:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\F-Secure
2009-11-20 13:35 . 2009-11-20 13:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 13:34 . 2009-11-20 13:34 152576 ----a-w- c:\documents and settings\Silvia\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-29 07:40 . 2004-08-30 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2004-07-22 09:51 . 2004-07-22 09:51 3432656 ----a-w- c:\programmi\ManagedDX.CAB
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\programmi\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\programmi\BDAXP.cab
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\programmi\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\programmi\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\programmi\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\programmi\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\programmi\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\programmi\DSETUP.dll
2009-03-05 16:08 . 2009-04-10 20:24 61440 ----a-w- c:\programmi\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[-] 2008-04-14 02:14 14336 BB8363ABEC09AA2F9B363484E282117C c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\svchost.exe
[-] 2004-08-30 20:00 14336 73955B04F209D8A1C633867841267A96 c:\windows\system32\svchost.exe
[-] 2004-08-30 20:00 14336 73955B04F209D8A1C633867841267A96 c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 02:13 82432 D34F635FF28F2AABEDC95BFEB891864C c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ws2_32.dll
[-] 2004-08-30 20:00 82944 12EAD983C875ED9BCC8B90E3F77F2E4A c:\windows\system32\ws2_32.dll
[-] 2004-08-30 20:00 82944 12EAD983C875ED9BCC8B90E3F77F2E4A c:\windows\system32\dllcache\ws2_32.dll

[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2004-08-30 20:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\winlogon.exe
[-] 2004-08-30 20:00 544256 E6F62282EBAA63BA07FA2DC7198B8D0D c:\windows\system32\winlogon.exe
[-] 2004-08-30 20:00 544256 E6F62282EBAA63BA07FA2DC7198B8D0D c:\windows\system32\dllcache\winlogon.exe
[-] 2004-08-30 20:00 504832 4166454E2BCFCC20D1B8A5AC9FEAB243 c:\windows\VistaMizer\old\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ndis.sys
[-] 2004-08-30 20:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-30 20:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ip6fw.sys
[-] 2004-08-30 20:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-30 20:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2007-06-13 13:22 1554432 21B69AA06FCE941009A3C58DC8E94A5E c:\windows\explorer.exe
[7] 2007-06-13 13:10 1035776 B4E85805BE6D23DE697F7B3BA7492D0B c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-30 20:00 1034752 178D42BD8FC34A9837417A6CE1D6BB7B c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 02:14 1036288 70D7F99D95615C3C278367756287DB71 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\explorer.exe
[-] 2007-06-13 13:22 1554432 21B69AA06FCE941009A3C58DC8E94A5E c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 13:22 1035776 7E2817A623E16F830B660F81C0FD63DA c:\windows\VistaMizer\old\explorer.exe

[-] 2009-02-09 09:50 111104 BCF1770A35BDA3BD13A9E2054F15F37E c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2009-02-09 11:22 111104 26845F272435302E0F3322E660A24F7D c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 11:14 111104 C79FEAE2F68982259907AB52B0F2676F c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-30 20:00 108544 E77F6FA2A15390F1727F4C1C55B69DA6 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 02:14 109056 DAC0440C89B1EA4E35684896D5BF856E c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\services.exe
[-] 2009-02-09 10:05 111104 AA6602EA22899E57D4661DDA87C3EE21 c:\windows\system32\services.exe
[-] 2009-02-09 10:05 111104 AA6602EA22899E57D4661DDA87C3EE21 c:\windows\system32\dllcache\services.exe

[-] 2008-04-14 02:14 13312 0FBA335727905DE8E4CB5A2CF438ABF5 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\lsass.exe
[-] 2004-08-30 20:00 13312 0815E8DA286775FA432C7C9EE5E10BA1 c:\windows\system32\lsass.exe
[-] 2004-08-30 20:00 13312 0815E8DA286775FA432C7C9EE5E10BA1 c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 02:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ctfmon.exe
[-] 2004-08-30 20:00 25088 40DE117B6CCFC031D2DC8B73D82020CF c:\windows\system32\ctfmon.exe
[-] 2004-08-30 20:00 25088 40DE117B6CCFC031D2DC8B73D82020CF c:\windows\system32\dllcache\ctfmon.exe
[-] 2004-08-30 20:00 15360 5B33B4265966EE063C7FBEA28958D9C2 c:\windows\VistaMizer\old\ctfmon.exe

[-] 2008-04-14 02:14 26624 DF69726907357C3ADD243F48902B0331 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\userinit.exe
[-] 2004-08-30 20:00 25088 C1E7FE19F98A877BF8F941BF48148695 c:\windows\system32\userinit.exe
[-] 2004-08-30 20:00 25088 C1E7FE19F98A877BF8F941BF48148695 c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 02:13 296960 FE5A5329CCFC33D645C33077FF04F052 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\termsrv.dll
[-] 2004-08-30 20:00 296960 C06CD1890279603E15020757E02DE56B c:\windows\system32\termsrv.dll
[-] 2004-08-30 20:00 296960 C06CD1890279603E15020757E02DE56B c:\windows\system32\dllcache\termsrv.dll

[7] 2007-04-16 16:09 1030144 6D9421A648F26B8640C63D0F8F2B7D48 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 13:54 1033216 98993B11907E932A7ED121AAEEC2F3E0 c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-03-21 14:06 1033728 5576C1D7AF026D18240ED6A624FD01A2 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 13:59 1035776 A3A365C46057532F6638D57E4C0B66B8 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2004-08-30 20:00 1027584 FEB3CC200749FF119BB8B08224A1A594 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:54 1028608 EB1428078E1D10FDEC060857AA526A9F c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 02:13 1033728 06157539EBB8B87D47B9B6C5DA44B62F c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\kernel32.dll
[-] 2009-03-21 14:18 1030144 C71A4010BBA2B2998FDF28130E8A0173 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:18 1030144 C71A4010BBA2B2998FDF28130E8A0173 c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-14 02:13 17408 2F331374433E3FE176BEE155D9BE83E1 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\powrprof.dll
[-] 2004-08-30 20:00 17408 41FF9D663219A1DD0397FE2C5B09436C c:\windows\system32\powrprof.dll
[-] 2004-08-30 20:00 17408 41FF9D663219A1DD0397FE2C5B09436C c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 02:13 110080 3F970150C170A38FCE423994341205B4 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\imm32.dll
[-] 2004-08-30 20:00 110080 CA38A6091ECAC2668EC99AFD4B6C0615 c:\windows\system32\imm32.dll
[-] 2004-08-30 20:00 110080 CA38A6091ECAC2668EC99AFD4B6C0615 c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 02:13 1571840 CE7DB8EE1C9BD8A40F84529DDC28B0D8 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\sfcfiles.dll
[-] 2004-08-30 20:00 1548288 0F9AAB130D89786A59F8F93A9E23C658 c:\windows\system32\sfcfiles.dll
[-] 2004-08-30 20:00 1548288 0F9AAB130D89786A59F8F93A9E23C658 c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 02:13 175104 9062ED05B7519324FD7F0D6AFB9D1147 c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\appmgmts.dll
[-] 2004-08-30 20:00 175104 00E50CD4D9247CB56EFC1360C32AB755 c:\windows\system32\appmgmts.dll
[-] 2004-08-30 20:00 175104 00E50CD4D9247CB56EFC1360C32AB755 c:\windows\system32\dllcache\appmgmts.dll

[-] 2008-04-14 01:53 25088 28B6EACE513CA7EABA3B809AD4BC274D c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\kbdclass.sys
[-] 2004-08-30 20:00 25088 E883AE6EA0B313E659225AA32E449CE9 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-18_22.04.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-19 19:01 . 2010-01-19 19:01 16384 c:\windows\temp\Perflib_Perfdata_1cc.dat
+ 2010-01-18 22:04 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2010-01-18 22:04 . 2005-06-10 23:53 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
- 2007-10-06 15:36 . 2010-01-18 16:07 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-06 15:36 . 2010-01-19 09:57 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-06 15:36 . 2010-01-18 16:07 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2007-10-06 15:36 . 2010-01-19 09:57 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2007-10-06 15:36 . 2010-01-18 16:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-06 15:36 . 2010-01-19 09:57 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-18 22:04 . 2009-10-29 07:40 916480 c:\windows\system32\dllcache\cache\wininet.dll
+ 2010-01-18 22:04 . 2007-03-08 15:37 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-11-19 16:48 . 2010-01-19 09:57 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-11-19 16:48 . 2010-01-18 16:07 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-01-18 22:04 . 2009-08-04 17:03 2184064 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2010-01-18 22:04 . 2009-08-04 17:03 2061440 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-30 25088]
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-18 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"PCTAVApp"="c:\programmi\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-18 2166784]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ICO.EXE [2004-07-14 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 25088]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Azureus\\Azureus.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\File comuni\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [14/01/2010 20.32.19 206256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [18/01/2010 15.20.57 142592]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [26/05/2009 16.01.37 16512]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBlf.SYS [26/05/2009 16.01.37 13824]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\programmi\Anti Trojan Elite\ATEPMon.sys --> c:\programmi\Anti Trojan Elite\ATEPMon.sys [?]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [27/06/2009 17.55.17 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [27/06/2009 17.55.17 105216]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a1a7c2-aff4-11dc-b4b9-00115b33e8b4}]
\Shell\AutoRun\command - G:\AutoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-19 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-19 c:\windows\Tasks\User_Feed_Synchronization-{D69F225C-ECC7-421E-836B-8FD887739AF2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-01-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-27 21:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\programmi\File comuni\PC Tools\LSP\PCTLsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 20:02
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,23,4d,0d,1d,49,
ea,88,06,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,43,58,0b,47,e2,
29,45,62,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,8c,47,bb,22,5e,
d6,d0,d9,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,4d,87,8a,88,66,
d1,e3,97,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,4c,f2,49,91,35,
45,ec,88,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,42,4a,53,d9,a5,
04,dd,8e,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,6d,c0,74,de,1d,
9b,59,61,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4d,e7,65,4e,cd,
e8,db,78,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,93,6c,f1,b2,e0,
68,1d,0c,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e3,c2,29,b3,dc,
21,f8,a5,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,7d,75,74,b5,0f,
e3,16,62,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a5,9e,03,85,c4,
60,97,52,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(636)
c:\windows\system32\SETUPAPI.dll
c:\programmi\File comuni\PC Tools\LSP\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3980)
c:\windows\system32\WININET.dll
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\windows\system32\WGATray.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\system32\PELMICED.EXE
.
**************************************************************************
.
Ora fine scansione: 2010-01-19 20.05.32 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-19 19:05
ComboFix2.txt 2010-01-19 10:10
ComboFix3.txt 2010-01-18 22:08

Pre-Run: 3.872.780.288 byte disponibili
Post-Run: 4.104.478.720 byte disponibili

389 --- E O F --- 2010-01-18 10:04

Tieni presente, Silvietta, che AntiVir FREE non effettua alcuna specifica scansione delle email in entrata o dei loro allegati (la tua sola difesa, in questo campo, consisterebbe nella pura e semplice "protezione residente"; tutti gli altri antivirus FREE, invece, scansionano le email [o, quantomeno, gli allegati] PRIMA che esse giungano sul PC). Per questa ragione, io tendo a sconsigliare l'utilizzo di AntiVir FREE. Un valido antivirus gratuito è AVG 9.0 (scaricabile da Aiutamici). Ma anche altri (incluso quello che hai adesso e Microsoft Security Essentials [scaricabile anch'esso da Aiutamici]) ti offrono anche il controllo specifico delle email in entrata.

Ciao silvietta, se vuoi un consiglio, in questa sezione ascolta solo r16 che è il vero esperto, ignora gli altri interventi perchè altrimenti finisci nel pallone.
Ciao e buon lavoro.

Bene.
Ha rilevato i file infetti che si trovavano nella cartella di Combofix.
Come funziona il pc?

Platform: Windows XP SP2 (WinNT 5.01.2600)


Aggiorna al SP3!!!

Il fatto è che io ho un problema con gli aggiornamenti...(ma credevo che non fossero importanti e comunque non mi davano problemi diretti al pc)
Tutte le volte che certo di installarli (ho gli aggiornamenti automatici che mi sbucano sembre tutti i giorni), per tutti i componenti dell'aggiornamento leggo sempre "aggiornamento non riuscito". E infatti quando spengo e riaccendo, mi compare sempre in basso a destra il segno degli aggiornamenti (gli stessi del giorno prima) disponibili.. e quindi non cerco di installarli più.... (Ok, sono pronta a essere uccisa.... )

edit* Provo a installare il service pack3 di Windows XP......ma ho un brutto presentimento

Silvietta, permetti una domanda, il tuo Sistema Operativo è originale ?

... Ma come ti permetti, Busto?
Un conto è dire che r16 è uno dei tre (non il solo) competenti per l'analisi dei LOGs, ma un conto diverso è affermare che non si debba dare, su qualsivoglia altro argomento differente dalla mera analisi del LOG, retta anche ad altre voci... Ti ricorso che Aiutamici NON è un forum in cui "l'Esperto risponde", ma un forum fatto da Utenti che, in spirito di amicizia e in piena onestà d'intenti, cercan di porre la propria esperienza al servizio di chi ha dei problemi col PC.

Per Silvietta: libera, ovviamente, di optar per quel che vuoi (e di dar retta a chiunque vuoi). Ti invito, comunque, a riflettere bene sulla "falla difensiva" (perché di vera mancanza si tratta) costituita dall'assenza di una specifica scansione delle emails, prima di scegliere quale antivirus residente intendi installare.

EDIT: noto che hai già optato per installare AntiVir FREE. Benissimo, è tuo diritto: t'auguro funzioni al meglio.

Da quanto tempo l'hai lanciata, Silvietta, l'installazione del SP3? (che possa metterci anche 40-50 minuti può esser considerato ancora normale).