e visto che è riuscito a partire anche il combofix allego il log:
ComboFix 08-09-26.06 - Windows 2008-09-27 16:41:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.89 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Windows\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CLBDRIVER
((((((((((((((((((((((((( Files Creati Da 2008-08-27 al 2008-09-27 )))))))))))))))))))))))))))))))))))
.
2008-09-19 12:32 . 2008-09-19 12:32 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\AdobeUM
2008-09-17 15:53 . 2008-09-17 15:53 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2008-09-17 15:17 . 2008-09-17 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-09-17 15:16 . 2008-09-17 15:16 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-09-17 15:16 . 2008-09-17 15:16 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-09-17 15:16 . 2008-09-17 15:16 <DIR> d-------- C:\Documents and Settings\Windows\Dati applicazioni\SUPERAntiSpyware.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 19:39 --------- d-----w C:\Documents and Settings\Windows\Dati applicazioni\Skype
2008-09-17 14:11 360,849 --sha-w C:\WINDOWS\system32\bayHPXyb.ini2
2008-09-09 23:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 11:11 40,960 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-08-10 12:49 --------- d-----w C:\Programmi\Java
2008-08-10 12:36 --------- d-----w C:\Programmi\Navilog1
2008-08-10 12:24 --------- d-----w C:\Programmi\Wise Registry Cleaner 3
2008-08-10 12:13 --------- d-----w C:\Programmi\CCleaner
2008-08-09 19:37 --------- d-----w C:\Programmi\Windows Live Safety Center
2007-06-17 21:30 0 ------w C:\Documents and Settings\Windows\ICUpdater.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Caffe-ICHelper"="C:\Antamedia\Caffe\ICHelper.exe" [2007-08-25 458752]
"Caffe-Client"="C:\Antamedia\Caffe\Client.exe" [2007-08-25 2772992]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2000-01-02 249856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-20 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"= 1 (0x1)
"NoLogoff"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2007-10-25 15:28 65536 C:\WINDOWS\system32\LogonDll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kiuptq.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwe28.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BTTray.lnk]
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Windows^Menu Avvio^Programmi^Esecuzione automatica^C6 Messenger.lnk]
backup=C:\WINDOWS\pss\C6 Messenger.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PoivY
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Caffe-PrinterTracker]
--------- 2007-08-25 13:25 737792 C:\Antamedia\Caffe\PrinterTracker.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-20 00:39 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--------- 2003-10-07 11:02 1711195 C:\Programmi\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 07:31 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--------- 2007-01-19 12:54 5674352 C:\Programmi\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2002-09-10 14:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2002-09-10 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2002-09-10 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2007-01-13 14:32 98304 C:\Programmi\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--------- 2006-12-18 18:32 25365032 C:\Programmi\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 2007-01-13 14:34 185896 C:\Programmi\File comuni\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
--------- 2006-12-14 16:18 7513656 C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--------- 2006-11-30 22:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--------- 2004-08-20 00:39 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--------- 2003-07-29 19:06 515584 C:\WINDOWS\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
--------- 2003-09-19 10:09 36864 C:\WINDOWS\ShowWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
--------- 2007-08-25 13:25 106544 C:\WINDOWS\system32\TWEAKUI.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 DeepFrz;DeepFrz;C:\WINDOWS\system32\drivers\DeepFrz.sys [2007-10-25 131472]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-08-30 40960]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2000-01-02 57344]
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [ ]
.
- - - - ORFÇOS REMOVIDOS - - - -
HKCU-Run-InternetCaffeHelper - ICHelper.exe
MSConfigStartUp-Antivirus - C:\Programmi\VAV\vav.exe
MSConfigStartUp-f8b7b90f - C:\WINDOWS\system32\rtlhmmbl.dll
MSConfigStartUp-Sys6 - C:\Windows\Sys6.exe
MSConfigStartUp-InternetCaffeHelper - ICHelper.exe
MSConfigStartUp-InternetCaffeUpdater - ICUpdater.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Windows\Dati applicazioni\Mozilla\Firefox\Profiles\kqlkbd7g.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://www.google.it/.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-27 16:45:24
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
C:\WINDOWS\system32\wuauclt.exe.wusetup.308359.bak 53080 bytes executable
C:\WINDOWS\system32\wuaueng.dll.wusetup.316281.bak 1712984 bytes executable
Scansione completata con successo
Files nascosti: 2
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execu‡Æo ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\LogonDll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\Programmi\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Programmi\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-27 16:51:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-27 14:51:48
Pre-Run: 22,286,548,992 byte disponibili
Post-Run: 22,217,891,840 byte disponibili
171 --- E O F --- 2007-10-27 10:54:45