Grazie per la pronta risposta.
La scanzione con superantispyware ha dato esito negativo.
Ho fatto la scansione con conbofix, durante la quale mi ha cancellato tutto il programma fast mobile 3.
Sotto incollo il report.
Ho rinstallato fast mobile 3 e sembra che fino ad adesso non ho più aperture di siti strani.
Può essere che il programma che reindirizzava era all'interno di fast mobile creando una specie di dialer?
questo il report:
ComboFix 08-09-01.01 - mike 2008-09-02 10.01.35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.686 [GMT 2:00]
Eseguito da: E:\utility\Antivirus\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Programmi\3
C:\Programmi\3\FastMobileModem\configMMM.ini
C:\Programmi\3\FastMobileModem\DefaultMMM.ini
C:\Programmi\3\FastMobileModem\Driver.ini
C:\Programmi\3\FastMobileModem\eventMMM.log
C:\Programmi\3\FastMobileModem\MMMODEM.CNT
C:\Programmi\3\FastMobileModem\MMModem.exe
C:\Programmi\3\FastMobileModem\MMMODEM.HLP
C:\Programmi\3\FastMobileModem\MMModemcnt.0
C:\Programmi\3\FastMobileModem\MMModemcnt.1
C:\Programmi\3\FastMobileModem\MMModemhlp.0
C:\Programmi\3\FastMobileModem\MMModemhlp.1
C:\Programmi\3\FastMobileModem\phoneTemp.pbk.bad
.
((((((((((((((((((((((((( Files Creati Da 2008-08-02 al 2008-09-02 )))))))))))))))))))))))))))))))))))
.
2013-03-24 19:35 . 2008-03-25 11:15 <DIR> d-------- C:\Programmi\Symantec
2013-03-24 19:35 . 2008-04-17 00:48 <DIR> d-------- C:\Programmi\Norton AntiVirus
2013-03-24 19:35 . 2013-03-24 19:42 <DIR> d-------- C:\Documents and Settings\mike\Dati applicazioni\Symantec
2013-03-24 19:35 . 2006-09-15 23:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2012-03-24 12:26 . 2008-08-30 10:42 <DIR> d-------- C:\Programmi\File comuni\Symantec Shared
2012-03-24 12:26 . 2013-03-24 19:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Symantec
2008-09-02 09:30 . 2008-09-02 09:30 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-09-02 09:30 . 2008-09-02 09:30 <DIR> d-------- C:\Documents and Settings\mike\Dati applicazioni\SUPERAntiSpyware.com
2008-09-02 09:30 . 2008-09-02 09:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\SUPERAntiSpyware.com
2008-09-01 20:15 . 2008-09-01 20:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-30 11:37 . 2008-08-30 11:37 <DIR> d-------- C:\Programmi\Lavasoft
2008-08-30 11:37 . 2008-08-30 11:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Lavasoft
2008-08-30 11:36 . 2008-09-02 09:29 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-08-30 11:08 . 2008-08-30 11:12 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-08-28 11:31 . 2008-08-28 11:34 <DIR> d-------- C:\Programmi\File comuni\Macromedia
2008-08-28 11:30 . 2008-08-28 11:37 <DIR> d-------- C:\Programmi\Macromedia
2008-08-28 00:29 . 2008-09-01 21:15 28,672 --a-s---- C:\WINDOWS\system32\msvcrt32.dll
2008-08-28 00:26 . 2008-08-28 00:26 65,536 --a------ C:\cimt.exe
2008-08-27 21:14 . 2008-08-27 21:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Messenger Plus!
2008-08-26 16:02 . 2008-08-26 16:02 <DIR> d-------- C:\Programmi\Messenger Plus! Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-24 17:35 4,608 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-08-30 09:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2008-08-28 09:37 --------- d--h--w C:\Programmi\InstallShield Installation Information
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PmProxy"="C:\Programmi\Analog Devices\SoundMAX\PmProxy.exe" [2003-02-28 20:54 40960]
"TouchED"="C:\Programmi\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 19:00 126976]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2008-01-31 13:05 58728]
"Symantec NetDriver Monitor"="C:\PROGRA~2\SYMNET~1\SNDMon.exe" [2008-03-25 11:14 100056]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-07 01:19 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-07 01:07 114688]
"00THotkey"="C:\WINDOWS\system32\
00THotkey.exe" [2003-04-15 21:01 258048]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^PC Health.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\PC Health.lnk
backup=C:\WINDOWS\pss\PC Health.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-19 16:51 1667584 C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
--a------ 2005-11-16 17:14 344064 C:\WINDOWS\vsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\
000StTHK]
--a------ 2001-06-23 21:28 24576 C:\WINDOWS\system32\
000StTHK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RunDLL"=rundll32.exe "C:\WINDOWS\system32\msvcrt32.dll" getc
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PowerTranslator Pro OLR"=C:\PROGRA~2\BVRPSO~1\POWERT~1\BVRPOlr.exe /PowerTranslator Pro
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 18:45]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 19:29]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\mike\Dati applicazioni\Mozilla\Firefox\Profiles\fslalqxr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
FF -: plugin - C:\Programmi\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-02 10:04:05
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-09-02 10:06:14
ComboFix-quarantined-files.txt 2008-09-02 08:06:06
Pre-Run: 32,461,512,704 byte disponibili
Post-Run: 32,455,684,096 byte disponibili
131