Ciao Manatwork, grazie per il prontissimo supporto.
Ho fatto come tu mi hai detto.
L'unica cosa che non ho afferrato è stata l'ultima parte:
C:/ attacca al server il file txt di combofix.
Forse però mi volevi semplicemente dire: "fatta la scansione posta il report".
Questo è appunto il report di Combofix:
ComboFix 11-10-29.03 - Gerardo 29/10/2011 14.33.59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1320 [GMT 2:00]
Eseguito da: c:\documents and settings\Gerardo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\documents and settings\Gerardo\Dati applicazioni\inst.exe
c:\documents and settings\Gerardo\Dati applicazioni\vso_ts_preview.xml
c:\programmi\WinPCap
c:\programmi\WinPCap\daemon_mgm.exe
c:\programmi\WinPCap\npf_mgm.exe
c:\programmi\WinPCap\rpcapd.exe
c:\windows\ehome\medctrro.exe
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\iun6002.exe
c:\windows\system\BisonC27.dll
c:\windows\system32\Cache
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-28 al 2011-10-29 )))))))))))))))))))))))))))))))))))
.
.
2011-10-28 16:04 . 2011-10-28 16:04 388096 ----a-r- c:\documents and settings\Gerardo\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-28 16:04 . 2011-10-28 16:04 -------- d-----w- c:\programmi\Trend Micro
2011-10-24 19:43 . 2011-10-24 19:43 -------- d-----w- c:\programmi\File comuni\Java
2011-10-17 17:30 . 2011-10-17 17:30 -------- d-----w- c:\documents and settings\Gerardo\Dati applicazioni\Malwarebytes
2011-10-17 17:30 . 2011-10-17 17:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-10-17 12:17 . 2011-10-17 12:17 -------- d-----w- c:\documents and settings\Gerardo\Dati applicazioni\Avira
2011-10-17 12:16 . 2011-10-17 12:16 -------- d-----w- c:\documents and settings\NetworkService\Menu Avvio
2011-10-17 12:16 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-17 12:16 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-17 12:16 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-17 12:16 . 2011-10-17 12:16 -------- d-----w- c:\programmi\Avira
2011-10-17 12:16 . 2011-10-17 12:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2011-10-03 03:06 . 2010-04-28 14:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2009-03-28 19:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2008-07-29 18:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-30 19:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-30 19:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2004-08-30 19:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2004-08-30 19:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2004-08-30 19:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2004-08-30 19:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2004-08-30 19:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-30 19:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-30 19:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2009-03-28 18:34 . 2009-03-28 18:34 3369984 ----a-w- c:\programmi\PStory.msi
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\A zMixerSel.exe" [2005-06-12 53248]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPSt art.exe" [2007-09-07 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-06-13 138008]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin \ZCfgSvc.exe" [2007-04-16 819200]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\i frmewrk.exe" [2007-04-16 970752]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"UpdatePPShortCut"="c:\programmi\CyberLink\PowerPr oducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"PCMService"="c:\programmi\CyberLink\PowerCinema\P CMService.exe" [2006-11-08 151552]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.e xe" [2007-08-15 271672]
"PWRISOVM.EXE"="c:\programmi\PowerISO\PWRISOVM.EXE " [2010-04-12 180224]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Gerardo\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/07/2010 21.23.35 697328]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.s ys [17/10/2011 14.16.33 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [17/10/2011 14.16.35 86224]
R2 Iprip;Listener RIP;c:\windows\System32\svchost.exe -k netsvcs [30/08/2004 21.00.00 14336]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [28/03/2009 23.47.56 47360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-10-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-29 14:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
Ora fine scansione: 2011-10-29 14:40:55
ComboFix-quarantined-files.txt 2011-10-29 12:40
.
Pre-Run: 21.020.438.528 byte disponibili
Post-Run: 21.362.634.752 byte disponibili
.
- - End Of File - - D58B8E0DB8F133953282FAF5404453B4
Rispondi quotando