ecco il log di combofix.....ti ringrazio anticipatamente per l'interesse...te ne sono molto grato:
ComboFix 08-12-16.03 - DARIO 2008-12-17 16.06.20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.2046.1535 [GMT 1:00]
Eseguito da: d:\documents and settings\DARIO\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\FTPx.dll
c:\windows\system32\MabryObj.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
d:\documents and settings\DARIO\Dati applicazioni\inst.exe
d:\documents and settings\DARIO\Preferiti\plug&play.lnk
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NNSERV
-------\Service_NNServ
((((((((((((((((((((((((( Files Creati Da 2008-11-17 al 2008-12-17 )))))))))))))))))))))))))))))))))))
.
2008-12-16 22:59 . 2008-12-16 22:59 <DIR> d-------- c:\programmi\MSXML 4.0
2008-12-16 22:59 . 2008-12-16 23:03 1,393 --a------ c:\windows\imsins.BAK
2008-12-14 11:31 . 2008-12-14 11:31 <DIR> d-------- d:\documents and settings\DARIO\Dati applicazioni\Malwarebytes
2008-12-14 11:31 . 2008-12-14 11:31 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-14 11:31 . 2008-12-14 11:31 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-14 11:31 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 11:31 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 19:49 . 2008-12-12 20:52 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-27 19:49 . 2008-11-27 19:53 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 15:11 --------- d-----w c:\programmi\eMule
2008-12-17 15:10 3,924,512 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-17 15:10 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2008-12-17 15:08 630,816 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-17 15:08 4,284 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-17 15:08 32,760 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-16 22:01 --------- d-----w c:\programmi\Microsoft Works
2008-12-14 11:06 --------- d-----w d:\documents and settings\DARIO\Dati applicazioni\Image Zone Express
2008-12-13 13:20 --------- d-----w c:\programmi\Uniblue
2008-12-13 13:12 --------- d---a-w d:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-13 13:12 --------- d-----w d:\documents and settings\DARIO\Dati applicazioni\Uniblue
2008-12-07 13:07 --------- d-----w c:\programmi\dvdSanta
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-04-28 19:07 47,360 ----a-w d:\documents and settings\DARIO\Dati applicazioni\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-04-28 692224]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-09-07 15360]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"eMuleAutoStart"="c:\programmi\eMule\emule.exe" [2007-05-13 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-04-27 282624]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2007-06-01 257088]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DetectorApp"="c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 c:\windows\sm56hlpr.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]
d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-05-27 127488]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\FILECO~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=2 (0x2)
"USBDeviceService"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"ose"=3 (0x3)
"omniserv"=2 (0x2)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"d:\\tmp\\setup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Italian\\setup.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-08-28 825600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-08-28 7040]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9169c8ea-7aa1-11dd-9dd2-001617aa71b6}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\programmi\Uniblue\RegistryBooster\RegistryBooster.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-WgaLogon - (no file)
.
------- Supplementare di scansione -------
.
uStart Page =
hxxp://www.google.it/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - d:\documents and settings\DARIO\Dati applicazioni\Mozilla\Firefox\Profiles\yg6i57ko.default\
FF - user.js: general.useragent.extra.zencast - FF - prefs.js: browser.startup.homepage -
www.google.com.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-17 16:10:26
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\klogon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\apps\ABOARD\AOSD.EXE
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-12-17 16:13:29 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-17 15:13:26
Pre-Run: 8.918.536.192 byte disponibili
Post-Run: 8,796,905,472 byte disponibili
212 --- E O F --- 2008-12-16 22:03:42
-----
apetto tue notizie!!!!