ho esegito il tutto come indicato.
Prima di postare il log volevo informarti che ad ogni accesso ad internet tramite google, vengo continuamente reindirizzato ad altri siti tipo "monstermarket": cosa posso fare?
Grazie.
ComboFix 08-01-18.5 - mm 2008-01-19 12.52.10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1040.18.209 [GMT 1:00]
Eseguito da: C:\Documents and Settings\mm\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Programmi\Helper
C:\Programmi\Helper\superfindout.dll
C:\WINDOWS\system32\kdewc.exe
C:\WINDOWS\system32\lr.exe
C:\WINDOWS\system32\msnmanegrs.exe
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\Temp\1.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SYMAVC32
-------\symavc32
-------\xpdx
((((((((((((((((((((((((( Files Creati Da 2007-12-19 al 2008-01-19 )))))))))))))))))))))))))))))))))))
.
2008-01-19 12:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-01-15 19:04 . 2007-11-07 20:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-01-14 12:17 . 2002-08-29 01:27 33,792 --a------ C:\WINDOWS\system32\drivers\disk.sys
2008-01-14 12:17 . 2002-08-29 01:27 33,792 --a--c--- C:\WINDOWS\system32\dllcache\disk.sys
2008-01-11 19:45 . 2008-01-11 19:45 <DIR> d-------- C:\Programmi\ahead
2008-01-11 19:44 . 2008-01-11 19:44 <DIR> d-------- C:\Programmi\File comuni\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 17:39 --------- d-----w C:\Programmi\Google
2007-12-09 15:47 696,320 ----a-w C:\WINDOWS\system32\Srb0ty.exe
2007-12-09 11:55 --------- d-----w C:\Programmi\File comuni\Adobe
2007-12-09 11:54 --------- d-----w C:\Documents and Settings\mm\Dati applicazioni\InterTrust
2007-12-09 10:00 402,944 ----a-w C:\WINDOWS\system32\mo.exe
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-26 20:12 1,256,118 ----a-w C:\Documents and Settings\mm\sdikfog.exe
2007-11-25 17:50 48,776 ----a-w C:\Documents and Settings\mm\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-11-23 18:32 --------- d-----w C:\Programmi\Lexmark X1100 Series
2007-11-21 08:24 16,384 ----a-w C:\WINDOWS\system32\mkdate.exe
2007-11-07 19:29 558,142 ----a-w C:\WINDOWS\java\Packages\bbb5fbd7.zip
2007-11-07 19:29 155,995 ----a-w C:\WINDOWS\java\Packages\hjrbnhff.zip
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 12:51 13312]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-29 02:55 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Lexmark X1100 Series"="C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 11:01 57344]
"DSLSTATEXE"="C:\Program Files\GlobespanVirata\Adsl\dslstat.exe" [2003-06-10 07:54 299008]
"DSLAGENTEXE"="C:\Program Files\GlobespanVirata\Adsl\dslagent.exe" [2003-08-19 05:47 16384]
"Zone Labs Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 10:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 12:51 13312]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-12-09 12:55:56]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2003-02-21 17:00:00]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2007-11-20 19:43:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ivn4reg]
C:\Documents and Settings\All Users\Documenti\Settings\ivn4.dll 2007-11-29 02:52 14050 C:\Documents and Settings\All Users\Documenti\Settings\ivn4.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOW
S2 SSDPSR;SSDP Discovery Service;"C:\WINDOWS\system32\ssdpsr.exe" []
S2 TrkWksRemoteRegistry;Manutenzione collegamenti distribuiti client TrkWksRemoteRegistry;C:\WINDOWS\System32\accessf.exe srv []
S4 MSN RAV;MSN RAV;"C:\WINDOWS\system\msnrav.exe" [2007-11-28 20:03]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-19 13:02:39
Windows 5.1.2600 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Documents and Settings\All Users\Documenti\Settings\ivn4.dll
.
Ora fine scansione: 2008-01-19 13:04:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-19 12:04:05