www.MegaLab.it

[adara]

Ciao a tutti,
faccio riferimento alla conclusione del mio precedente post "inesperta chiede aiuto", per chiedervi di nuovo aiuto...
Ho eseguito il ripristino del sistema da vecchi dischi di backup, ho scaricato gli aggiornamenti di Windows, Office, Java, Flash, ho reinstallato il mio antivirus Avira internet security 2012 ed ho seguito le istruzioni del vostro post su come eliminare un'infezione:
ho fatto girare in modalità provvisoria la suite di Avira (senza disinstallarla e reinstallarla in mod. provv., avevo già tribolato a ripristinarla normalmente...) e
sempre in modalità provvisoria, ho installato e fatto girare anche Malwarebytes e Combofix; con Combofix ho avuto qualche problema perché continuava a segnalarmi che Avira desktopo era attivo, mentre a me risultava tutto disattivato... questo può aver generato dei problemi?
Posso postarvi i log per una verifica che il pc sia a posto?

[nix87]

Posso postarvi i log per una verifica che il pc sia a posto?

Certo, se puoi posta anche il log di Hijackthis

[adara]

grazie, ecco i log:

Avira (modalità provvisoria):

Fine della scansione: venerdì 10 febbraio 2012 23:47
Tempo impiegato: 46:48 Minuto(i)

La scansione è stata completamente eseguita.

6203 Directory scansionate
231388 I file sono stati scansionati
0 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
0 File spostati in quarantena
0 File rinominati
33 Impossibile scansionare i file
231355 File non infetti
6588 Archivi scansionati
55 Avvisi
71 Note
406878 Oggetti scansionati durante la scansione dei rootkit
0 Sono stati rilevati oggetti nascosti

Malwarebytes (modalità provvisoria):

Malwarebytes Anti-Malware 1.60.1.1000
http://www.malwarebytes.org

Versione database: v2012.01.13.04

Windows XP Service Pack 3 x86 FAT32 (Modalità provvisoria con rete)
Internet Explorer 8.0.6001.18702
Administrator :: ACER-2D60536D59 [amministratore]

10/02/2012 21.59.42
mbam-log-2012-02-10 (21-59-42).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM | P2P
Opzioni di scansione disattivate:
Elementi esaminati: 228425
Tempo impiegato: 12 minuti, 39 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 1
C:\Programmi\Unlocker\eBay_shortcuts_1016.exe (Adware.Clicker) -> Spostato in quarantena ed eliminato con successo.

(fine)

Combofix (mod. provvisoria):

ComboFix 12-02-10.03 - Administrator 10/02/2012 22.44.04.1.1 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.502.250 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CC9-7C92-0300-000100000000}
AV: Avira Desktop *Enabled/Updated* {00000000-0715-0000-08F2-12001494807C}
AV: Avira Desktop *Enabled/Updated* {00000000-0715-0000-08F2-12003094807C}
AV: Avira Desktop *Enabled/Updated* {00000001-000D-0000-0400-000050555348}
AV: Avira Desktop *Enabled/Updated* {00000004-5550-4853-0000-000000000000}
AV: Avira Desktop *Enabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: FireWall *Enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\alcrmv.exe
c:\windows\system32\abefeeecea1_r.dll
c:\windows\system32\autorun.ini
c:\windows\system32\bedbfaffbf_s.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2012-01-10 al 2012-02-10 )))))))))))))))))))))))))))))))))))
.
.
2012-02-10 20:58 . 2012-02-10 20:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-02-10 20:58 . 2012-02-10 20:58 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-02-10 20:58 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-10 20:09 . 2012-02-10 20:09 -------- d-----w- c:\documents and settings\Administrator
2012-02-09 21:17 . 2012-02-09 21:17 -------- d-----w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\ApplicationHistory
2012-02-09 20:46 . 2012-02-09 20:46 -------- d-----w- c:\documents and settings\utente\Tracing
2012-02-09 20:45 . 2012-02-09 20:45 -------- d-----w- c:\programmi\Microsoft Silverlight
2012-02-09 20:45 . 2010-04-28 06:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-02-09 20:43 . 2012-02-09 20:43 -------- d-----w- c:\programmi\Microsoft
2012-02-09 20:42 . 2012-02-09 20:43 -------- d-----w- c:\programmi\Windows Live SkyDrive
2012-02-09 20:42 . 2012-02-09 20:42 -------- d-----w- c:\programmi\Windows Live
2012-02-09 20:37 . 2012-02-09 20:37 -------- d-----w- c:\programmi\File comuni\Windows Live
2012-02-09 20:36 . 2012-02-09 20:36 -------- d-----w- c:\windows\system32\winrm
2012-02-09 20:36 . 2012-02-09 20:36 -------- d--h--w- c:\windows\$968930Uinstall_KB968930$
2012-02-09 20:35 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-02-09 20:33 . 2012-02-09 20:33 -------- d-----w- c:\windows\system32\URTTEMP
2012-02-08 21:19 . 2012-02-08 21:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-08 21:10 . 2012-02-08 21:10 -------- d-sh--w- c:\documents and settings\utente\IETldCache
2012-02-08 21:03 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-02-08 21:03 . 2011-11-04 19:13 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-08 21:03 . 2011-11-04 19:13 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-08 21:03 . 2011-11-04 19:13 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-08 21:00 . 2012-02-08 21:00 -------- d--h--w- c:\windows\ie8
2012-02-08 20:40 . 2012-02-08 20:40 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Avira
2012-02-08 20:27 . 2012-02-08 20:27 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Avira
2012-02-08 20:25 . 2011-12-16 08:44 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-08 20:25 . 2011-12-16 08:44 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-08 20:25 . 2011-12-16 08:44 111160 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-02-08 20:25 . 2011-12-16 08:44 91096 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-02-08 20:25 . 2012-02-08 20:25 -------- d-----w- c:\programmi\Avira
2012-02-08 20:25 . 2012-02-08 20:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2012-02-07 22:35 . 2012-02-07 22:35 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2012-02-07 22:31 . 2012-02-07 22:31 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2012-02-07 22:15 . 2012-02-07 22:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CPA_VA
2012-02-07 22:11 . 2012-02-07 22:11 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-02-07 22:04 . 2012-02-07 22:04 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-02-07 21:07 . 2004-08-19 19:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-02-07 20:59 . 2012-02-07 20:59 -------- d-----w- c:\programmi\MSXML 4.0
2012-02-07 20:33 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-07 20:30 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-02-07 20:30 . 2011-03-11 14:10 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2012-02-07 20:28 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-07 20:21 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-07 20:21 . 2009-10-15 16:29 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-02-07 20:21 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-02-07 20:20 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2012-02-07 20:19 . 2009-03-06 14:19 286208 ------w- c:\windows\system32\dllcache\pdh.dll
2012-02-07 20:19 . 2009-02-09 11:22 111104 ------w- c:\windows\system32\dllcache\services.exe
2012-02-07 20:19 . 2009-02-09 10:51 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2012-02-07 20:19 . 2009-02-09 10:51 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2012-02-07 20:19 . 2009-02-09 10:51 683520 ------w- c:\windows\system32\dllcache\advapi32.dll
2012-02-07 20:19 . 2009-02-09 10:51 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-02-07 20:19 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2012-02-07 20:17 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-07 20:16 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-02-07 20:16 . 2012-02-07 20:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 20:14 . 2012-02-07 20:14 -------- d-----w- c:\windows\Sun
2012-02-07 20:14 . 2012-02-07 20:14 -------- d-----w- c:\programmi\File comuni\Java
2012-02-07 20:13 . 2012-02-07 20:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-07 20:13 . 2012-02-07 20:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-07 20:12 . 2012-02-07 20:12 -------- d-----w- c:\programmi\Java
2012-02-07 20:08 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-02-07 19:52 . 2012-02-07 19:52 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\CheckPoint
2012-02-07 19:52 . 2012-02-07 19:52 -------- d-----w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\Temp
2012-02-07 19:51 . 2012-02-07 19:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CheckPoint
2012-02-07 19:49 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2012-02-07 19:42 . 2010-12-09 15:15 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2012-02-07 19:39 . 2010-07-16 12:02 221696 ------w- c:\windows\system32\dllcache\wordpad.exe
2012-02-07 19:38 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-07 19:38 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-02-07 19:38 . 2010-08-16 08:44 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-07 19:28 . 2012-02-07 19:28 -------- d-----w- c:\programmi\CheckPoint
2012-02-06 23:38 . 2011-12-16 08:44 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2008-04-14 03:13 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-09-15 16:24 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-14 03:14 60928 ------w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2008-04-14 03:13 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2008-04-14 03:13 152064 ----a-w- c:\windows\system32\schannel.dll
2012-01-29 16:26 . 2012-02-07 19:45 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 212992]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-10-26 2889728]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"LaunchAp"="c:\programmi\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\programmi\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\programmi\Launch Manager\HotkeyApp.exe" [2005-06-06 69632]
"CtrlVol"="c:\programmi\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\programmi\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\programmi\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 385024]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-01-13 1081416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-05-17 16:42 933888 ------w- c:\programmi\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-11 00:28 40960 ----a-w- c:\programmi\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-11 00:01 57393 ----a-w- c:\programmi\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-03-09 17:59 49152 ------w- c:\program files\Arcade\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 09:50 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 17:02 49152 ------w- c:\programmi\Brother\Brmfl05a\BrStDvPt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 09:22 155648 ----a-r- c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-12-26 16:19 185896 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [08/02/2012 21.25.28 111160]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [08/02/2012 21.25.28 91096]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [07/02/2012 0.38.32 36000]
S1 mailKmd;mailKmd; [x]
S2 AntiVirFirewallService;Avira FireWall;c:\programmi\Avira\AntiVir Desktop\avfwsvc.exe [08/02/2012 21.25.28 616400]
S2 AntiVirMailService;Avira Mail Protection;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [08/02/2012 21.25.28 342480]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [08/02/2012 21.25.31 86224]
S2 AntiVirWebService;Avira Web Protection;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [08/02/2012 21.25.28 463824]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [07/02/2012 23.30.39 136176]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [18/04/2003 18.06.26 8192]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [07/02/2012 23.30.39 136176]
S3 PAC7311;Trust Webcam 14839;c:\windows\system32\drivers\PA707UCM.SYS [18/10/2005 11.48.38 154752]
S3 POWERKEY;POWERKEY;c:\programmi\Launch Manager\POWERKEY.SYS [19/12/2000 18.29.52 2343]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 4.14.22 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2012-02-07 22:30]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2012-02-07 22:30]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://global.acer.com/
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{E7DE8C1A-6A68-48F2-910D-DB10CC9375BC}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{F6D4F57A-F25A-4C9F-84AB-6656A40F5505}: NameServer = 8.26.56.26,156.154.70.22
DPF: Microsoft XML Parser for Java
DPF: {E460C525-1FB6-40C8-A309-669BF787DDB3} - hxxp://aiuto.alice.it/ata/static/instal ... _4-1-5.cab
FF - ProfilePath -
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AliceRE_McciTrayApp - c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe
MSConfigStartUp-Motive SmartBridge - c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-10 22:49
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2012-02-10 22:51:36
ComboFix-quarantined-files.txt 2012-02-10 21:51
.
Pre-Run: 42.197.876.736 byte disponibili
Post-Run: 42.177.757.184 byte disponibili
.
- - End Of File - - 4650106FCC38750D9B14E930D6DCB905

Hijackthis (modalità NORMALE):

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19.47.57, on 12/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\brss01a.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Avira\AntiVir Desktop\avfwsvc.exe
C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\acer\epm\epm-dm.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\PowerKey.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\OSDCtrl.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\utente\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirector ... r&lang=ita
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmi\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmi\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmi\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmi\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmi\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - http://aiuto.alice.it/ata/static/instal ... _4-1-5.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://phobos.apple.com/detection/ITDetector.cab
O16 - DPF: {E460C525-1FB6-40C8-A309-669BF787DDB3} (McciMTEvent Class) - http://aiuto.alice.it/ata/static/instal ... _4-1-5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7DE8C1A-6A68-48F2-910D-DB10CC9375BC}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D4F57A-F25A-4C9F-84AB-6656A40F5505}: NameServer = 8.26.56.26,156.154.70.22
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 10083 bytes

[nix87]

Ti ho consigliato di postare anche il log di Hijackthis perché è il primo generalmente richiesto dagli esperti.
Tuttavia non sono molto pratico nell'analisi dei log di Combofix e Hijackthis.
Posso solo dirti che i primi due sono apposto (Malwarebytes ha solo tolto di mezzo un adware).

Per gli altri due log aspetterei il parere di qualcuno che se ne intenda di più...

[Uomo_Senza_Sonno]

Il log di HJT è pulito, come tutti gli altri (compreso combofix), tuttavia puoi, se vuoi un minimo incremento prestazionale all'avvio, disabilitare queste due voci:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

e disabilitare i seguenti servizi digitando in esegui il comando msconfig, che ti aprirà il pannello di utilità di configurazione sistema; da qui vai al flag servizi e togli la spunta ai seguenti

O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

riavvi il pc come richiesto e sei a posto

[adara]

servizi disabilitati, vi ringrazio per l'aiuto