controllo log anche per me pls

[sono_alla_frutta]

ciao a tutti
potete controllare questo log
antivir mi trova il virus smsc.exe
grazie per l'aiuto

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.40.44, on 30/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WSSVC] C:\WINDOWS\system\smsc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5580 bytes

[shel]

ciao

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.

[sono_alla_frutta]

ok
stasera ti aggiorno
intanto grazie

[sono_alla_frutta]

ciao ecco il rapporto di combofix

ComboFix 09-06-29.07 - Proprietario 02/07/2009 18.59.54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.255.90 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-14EF-9D7C08000A00}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\smsc.exe
c:\windows\system32\drivers\sysdrv32.sys
c:\windows\system32\iAlmcoin.dll
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32
-------\Service_sysdrv32


((((((((((((((((((((((((( Files Creati Da 2009-06-02 al 2009-07-02 )))))))))))))))))))))))))))))))))))
.

2009-06-30 21:39 . 2009-06-30 21:39 -------- d-----w- c:\programmi\Trend Micro
2009-06-30 21:22 . 2009-06-30 21:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-06-30 20:28 . 2009-06-30 20:36 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\vlc
2009-06-30 20:27 . 2009-06-30 20:27 -------- d-----w- c:\programmi\VideoLAN
2009-06-30 19:51 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-30 19:40 . 2008-04-21 21:26 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-30 19:22 . 2008-10-03 10:15 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-06-30 17:56 . 2008-04-11 18:50 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-30 17:34 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-30 17:14 . 2009-04-06 09:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-06-30 17:14 . 2009-02-10 14:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-06-30 17:12 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-06-30 17:12 . 2009-06-30 17:12 -------- d-----w- c:\programmi\Agnitum
2009-06-30 17:12 . 2009-06-30 17:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2009-06-30 17:09 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-30 17:09 . 2008-05-01 14:31 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-06-28 21:09 . 2009-06-28 21:09 -------- d-----w- c:\windows\Sun
2009-06-28 21:06 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-28 21:06 . 2008-09-04 16:44 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-06-28 20:53 . 2009-06-28 20:53 -------- d-----w- c:\programmi\File comuni\xing shared
2009-06-28 20:52 . 2009-06-28 20:52 -------- d-----w- C:\Program Files
2009-06-28 20:52 . 2009-06-28 20:53 -------- d-----w- c:\programmi\File comuni\Real
2009-06-28 19:27 . 2008-02-06 13:16 24960 ----a-r- c:\windows\system32\drivers\sembnd5.sys
2009-06-28 19:26 . 2008-02-06 13:16 344064 ----a-r- c:\windows\system32\drivers\sembunic.sys
2009-06-28 19:26 . 2008-02-06 13:15 10752 ----a-r- c:\windows\system32\drivers\sembcr.sys
2009-06-28 19:26 . 2007-08-14 07:15 12672 ----a-r- c:\windows\system32\drivers\sesc.sys
2009-06-28 19:26 . 2008-02-06 13:14 337408 ----a-r- c:\windows\system32\drivers\sembcard.sys
2009-06-28 19:26 . 2008-02-06 13:16 337408 ----a-r- c:\windows\system32\drivers\sembwwan.sys
2009-06-28 19:26 . 2008-02-06 13:15 343680 ----a-r- c:\windows\system32\drivers\sembmgmt.sys
2009-06-28 19:26 . 2008-02-06 13:15 84992 ----a-r- c:\windows\system32\sembir32.dll
2009-06-28 19:26 . 2008-02-06 13:15 380672 ----a-r- c:\windows\system32\drivers\sembmdm2.sys
2009-06-28 19:26 . 2008-02-06 13:15 14976 ----a-r- c:\windows\system32\drivers\sembmdfl2.sys
2009-06-28 19:26 . 2008-02-06 13:14 12160 ----a-r- c:\windows\system32\drivers\sembcmnt.sys
2009-06-28 19:26 . 2008-02-06 13:14 12160 ----a-r- c:\windows\system32\drivers\sembcm.sys
2009-06-28 19:26 . 2008-02-15 16:04 17408 ----a-r- c:\windows\system32\drivers\semcreserved.sys
2009-06-28 19:25 . 2008-02-06 13:16 12160 ----a-r- c:\windows\system32\drivers\sembwhnt.sys
2009-06-28 19:25 . 2008-02-06 13:16 12160 ----a-r- c:\windows\system32\drivers\sembwh.sys
2009-06-28 19:25 . 2008-02-06 13:14 260992 ----a-r- c:\windows\system32\drivers\sembbus.sys
2009-06-28 19:25 . 2009-06-28 19:25 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-28 19:24 . 2009-06-28 19:25 -------- d-----w- c:\programmi\Sony Ericsson
2009-06-28 19:24 . 2009-06-28 19:24 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Sony Ericsson
2009-06-28 19:22 . 2009-06-28 19:22 0 ----a-w- c:\windows\nsreg.dat
2009-06-28 19:22 . 2009-06-28 19:22 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Mozilla
2009-06-28 19:20 . 2005-08-25 17:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-06-28 19:20 . 2009-06-30 21:26 -------- d-----w- c:\programmi\SpywareBlaster
2009-06-28 19:14 . 2009-06-30 21:51 -------- d--h--w- c:\windows\$hf_mig$
2009-06-28 19:13 . 2009-06-30 21:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-06-28 19:13 . 2009-06-28 19:13 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-06-28 19:05 . 2009-06-28 19:05 17808 ----a-w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-28 19:04 . 2009-06-28 19:04 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2009-06-28 19:04 . 2009-06-28 19:10 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-06-28 18:34 . 2009-06-28 18:34 -------- d-s---w- c:\documents and settings\Proprietario\UserData
2009-06-28 15:03 . 2004-08-03 21:10 59648 ------w- c:\windows\system32\drivers\rfcomm.sys
2009-06-28 15:01 . 2009-06-28 15:01 -------- d-----w- c:\windows\ServicePackFiles
2009-06-28 14:57 . 2005-06-28 08:21 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-28 14:55 . 2009-06-28 14:55 -------- d-----w- c:\windows\EHome
2009-06-27 18:11 . 2009-06-27 18:12 -------- d-----w- C:\I386
2009-06-27 18:03 . 2009-07-02 17:02 -------- d--h--w- c:\windows\system32\config\systemprofile\Impostazioni locali
2009-06-27 18:03 . 2009-06-30 21:51 -------- dcsh--r- c:\windows\system32\dllcache
2009-06-27 18:03 . 2009-06-27 18:09 -------- d--h--r- c:\windows\system32\config\systemprofile\Dati applicazioni
2009-06-27 18:03 . 2009-06-27 18:09 -------- d-----r- c:\windows\system32\config\systemprofile\Menu Avvio
2009-06-27 15:38 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-27 15:38 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-27 15:38 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-27 15:38 . 2009-06-27 15:38 -------- d-----w- c:\programmi\Avira
2009-06-27 15:38 . 2009-06-27 15:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-06-27 15:21 . 2009-06-27 15:31 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-06-27 15:21 . 2009-06-27 15:31 -------- d-----w- c:\programmi\Symantec
2009-06-27 10:27 . 2003-01-01 22:37 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-06-27 10:26 . 2003-09-03 08:01 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-06-27 10:26 . 2003-04-03 09:09 81920 ----a-w- c:\windows\system32\mplaw7.dll
2009-06-27 10:26 . 2003-04-03 09:09 81920 ----a-w- c:\windows\system32\mplaa6.dll
2009-06-27 10:26 . 2003-04-03 09:09 69632 ----a-w- c:\windows\system32\mplapx.dll
2009-06-27 10:26 . 2003-04-03 09:09 69632 ----a-w- c:\windows\system32\mplam6.dll
2009-06-27 10:26 . 2003-04-03 09:09 1675264 ----a-w- c:\windows\system32\mplva6.dll
2009-06-27 10:26 . 2003-04-03 09:09 1630208 ----a-w- c:\windows\system32\mplvw7.dll
2009-06-27 10:26 . 2003-04-03 09:09 1581056 ----a-w- c:\windows\system32\mplvm6.dll
2009-06-27 10:26 . 2003-04-03 09:09 1150976 ----a-w- c:\windows\system32\mplvpx.dll
2009-06-27 10:26 . 2003-04-03 09:09 49152 ----a-w- c:\windows\system32\cpuinf32.dll
2009-06-27 10:25 . 1995-07-31 11:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-06-27 10:25 . 2009-06-27 10:25 -------- d-----w- c:\programmi\ArcSoft
2009-06-27 10:24 . 2009-06-27 10:24 -------- d-----w- c:\programmi\ATI Technologies
2009-06-27 10:23 . 2004-08-19 13:30 25088 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2009-06-27 10:23 . 2004-08-19 13:26 53632 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2009-06-27 10:23 . 2003-01-01 22:37 -------- d-----w- c:\documents and settings\Default User\WINDOWS
2009-06-27 10:16 . 2001-08-30 18:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-06-27 10:16 . 2004-08-19 13:39 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-27 10:16 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-06-27 10:16 . 2004-08-03 21:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-06-27 10:16 . 2004-08-03 21:15 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-06-27 10:16 . 2004-08-03 21:07 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-06-27 10:16 . 2001-08-17 20:00 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-06-27 10:16 . 2004-08-03 20:39 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2009-06-27 10:16 . 2004-08-03 21:07 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-06-27 10:16 . 2004-08-03 21:07 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2009-06-27 10:16 . 2004-08-03 21:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2009-06-27 10:15 . 2004-08-03 21:15 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-06-27 10:15 . 2004-08-03 21:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 19:27 . 2003-01-02 04:31 74926 ----a-w- c:\windows\system32\perfc010.dat
2009-06-28 19:27 . 2003-01-02 04:31 448752 ----a-w- c:\windows\system32\perfh010.dat
2009-06-28 15:06 . 2003-01-01 20:40 79695 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-06-27 15:31 . 2003-01-01 21:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-06-27 10:28 . 2009-06-27 10:28 3674 --sha-r- c:\windows\system32\drivers\HP_DT395A-ABZ a410.it_YC_Pavi_QCZB402_E41ITheBLF2_4_IKamet2_SASUSTek Computer INC._V2.01_B3.05_T031127_WXH1_L410_M256_J120_7AMD_8Athlon XP 2600+_91,91_111063044_N11063065_P_Z14F12F00_K_A11063059_U11063038_G10025964.MRK
2009-06-27 10:26 . 2003-01-01 22:35 -------- d-----w- c:\programmi\File comuni\InterVideo
2009-06-27 10:26 . 2003-01-01 22:33 -------- d-----w- c:\programmi\InterVideo
2009-06-27 10:26 . 2003-01-01 22:33 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-05-07 15:41 . 2003-01-03 21:41 346112 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:08 . 2003-01-02 04:31 1846656 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-08-19 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\programmi\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-01 335872]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-06-28 198160]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-08-19 323584]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2003-04-03 50176]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [27/06/2009 17.38.21 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [27/06/2009 17.38.21 45416]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [30/06/2009 19.14.30 704384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [30/06/2009 19.12.53 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [30/06/2009 19.14.19 257432]
R3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\drivers\sembbus.sys [28/06/2009 21.25.13 260992]
R3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\drivers\sembcard.sys [28/06/2009 21.26.51 337408]
R3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\drivers\sembmdfl2.sys [28/06/2009 21.26.40 14976]
R3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\drivers\sembmdm2.sys [28/06/2009 21.26.40 380672]
R3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\drivers\sembmgmt.sys [28/06/2009 21.26.45 343680]
R3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\drivers\sembnd5.sys [28/06/2009 21.27.01 24960]
R3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\drivers\sembunic.sys [28/06/2009 21.26.54 344064]
R3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\drivers\sembwwan.sys [28/06/2009 21.26.50 337408]
R3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\drivers\semcreserved.sys [28/06/2009 21.26.32 17408]
R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\drivers\sesc.sys [28/06/2009 21.26.52 12672]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [30/06/2009 19.12.49 1195008]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-27 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2009-06-27 08:27]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-RecordNow! - (no file)
HKLM-Run-HPHUPD05 - c:\programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HKLM-Run-WSSVC - c:\windows\system\smsc.exe
HKLM-Run-VTTimer - VTTimer.exe
SafeBoot-SVCWINSPOOL


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://srch-it10.hpwis.com/
mSearch Bar = hxxp://srch-it10.hpwis.com/
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\vkv2qx7q.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 19:06
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3636)
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-02 19.09.52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-02 17:09

Pre-Run: 98.346.426.368 byte disponibili
Post-Run: 98.454.482.944 byte disponibili

243 --- E O F --- 2009-06-30 21:51

[shel]

combofix ha eliminato anche l'infezione da te citata

apri il registro

start\esegui\regedit

segui il percorso di questa chiave

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

vai su run - esportala sul desktop e caricala qui ====> www.wikisend.com

[sono_alla_frutta]

ti ringrazio

fatto

run.reg

* File ID: 894396
* File size: 316 B
* Time to live: 7 days

Download link: http://wikisend.com/download/894396/run.reg
Forum link: run.reg

nel frattempo antivir ha rilevato un trojan

TR \ hacktool.tcpz.a

[shel]

fai una scansione completa con malwarebytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

per ora non rimuovere nulla

[sono_alla_frutta]

eccolo

Malwarebytes' Anti-Malware 1.38
Versione del database: 2371
Windows 5.1.2600 Service Pack 2

04/07/2009 14.24.50
mbam-log-2009-07-04 (14-24-50).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 91702
Tempo trascorso: 6 minute(s), 36 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

[shel]

dovresti eseguire la scansione completa, quella che hai fatto e' la scansione rapida

[sono_alla_frutta]

Malwarebytes' Anti-Malware 1.38
Versione del database: 2371
Windows 5.1.2600 Service Pack 2

05/07/2009 13.52.51
mbam-log-2009-07-05 (13-52-42).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|H:\|)
Elementi scansionati: 150541
Tempo trascorso: 6 hour(s), 18 minute(s), 14 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 10

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
c:\Qoobox\quarantine\C\WINDOWS\system\smsc.exe.vir (Backdoor.Sdbot) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\sysdrv32.sys.vir (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{8c71f177-3010-448e-a67a-584b5054e86a}\RP11\A0004177.sys (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{8c71f177-3010-448e-a67a-584b5054e86a}\RP11\A0004190.sys (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{8c71f177-3010-448e-a67a-584b5054e86a}\RP11\A0004200.sys (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{8c71f177-3010-448e-a67a-584b5054e86a}\RP13\A0004265.sys (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{8c71f177-3010-448e-a67a-584b5054e86a}\RP14\A0004414.sys (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{8c71f177-3010-448e-a67a-584b5054e86a}\RP15\A0004442.exe (Backdoor.Sdbot) -> No action taken.
c:\system volume information\_restore{8c71f177-3010-448e-a67a-584b5054e86a}\RP15\A0004443.sys (Backdoor.Bot) -> No action taken.
h:\p.exe (Backdoor.Sdbot) -> No action taken.

in H ho la chiavetta sony per navigare (anche antivir trova il virus p.exe)
grazie per l'aiuto

[sono_alla_frutta]

Avira AntiVir Personal
Data del file di report: domenica 5 luglio 2009 14:07

Ricerca di 1444983 virus e programmi indesiderati.

Concesso in licenza a : Avira AntiVir Personal - FREE Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows XP
Versione di Windows : (Service Pack 2) [5.1.2600]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : Proprietario
Nome computer : FABIOANGELA

Informazioni sulla versione:
BUILD.DAT : 9.0.0.12 17960 Bytes 22/04/2009 12:24:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 21/04/2009 12:21:31
AVSCAN.DLL : 9.0.3.0 47873 Bytes 03/03/2009 10:14:29
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:56
LUKERES.DLL : 9.0.2.0 12545 Bytes 03/03/2009 10:15:14
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 18:42:58
ANTIVIR2.VDF : 7.1.4.173 306688 Bytes 02/07/2009 20:33:21
ANTIVIR3.VDF : 7.1.4.174 2048 Bytes 02/07/2009 20:33:23
Motore : 8.2.0.204
AEVDF.DLL : 8.1.1.1 106868 Bytes 28/06/2009 18:48:02
AESCRIPT.DLL : 8.1.2.13 426362 Bytes 02/07/2009 20:35:26
AESCN.DLL : 8.1.2.3 127347 Bytes 28/06/2009 18:47:27
AERDL.DLL : 8.1.2.2 438642 Bytes 02/07/2009 20:34:43
AEPACK.DLL : 8.1.3.18 401783 Bytes 28/06/2009 18:47:16
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 28/06/2009 18:46:38
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 28/06/2009 18:46:22
AEHELP.DLL : 8.1.3.6 205174 Bytes 28/06/2009 18:44:05
AEGEN.DLL : 8.1.1.48 348532 Bytes 02/07/2009 20:33:55
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 28/06/2009 18:43:26
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:48:02
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:40:03
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:25:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:45
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:12
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:38
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:41:28
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 11/02/2009 15:08:20
RCTEXT.DLL : 9.0.37.1 87809 Bytes 22/04/2009 10:24:43

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: ShlExt
File di configurazione......................: C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\9e05ee11.avp
Report......................................: basso
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: H:,
Scansione dei programmi attivi..............: Non attivo
Scansiona la registrazione..................: Non attivo
Cerca Rootkits..............................: Non attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Selezione intelligente dei file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: medio

Avvio della scansione: domenica 5 luglio 2009 14:07

Avvio della scansione del file selezionati:

Inizia con la scansione di 'H:\' <MD300>
H:\p.exe
[RILEVAMENTO] Contiene il modello di rilevamento del worm WORM/IrcBot.23552.11

Avvio della disinfezione:
H:\p.exe
[RILEVAMENTO] Contiene il modello di rilevamento del worm WORM/IrcBot.23552.11
[AVVISO] Il file è stato ignorato.


Fine della scansione: domenica 5 luglio 2009 14:23
Tempo impiegato: 01:09 Minuto(i)

La scansione è stata completamente eseguita.

38 Directory scansionate
6106 I file sono stati scansionati
1 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
0 File spostati in quarantena
0 File rinominati
0 Impossibile scansionare i file
6105 File non infetti
24 Archivi scansionati
1 Avvisi
0 Note

[shel]

disattiva il ripristino

Start/tasto destro del mouse su risorse del computer/proprietà/Ripristino configurazione del sistema/e metti la spunta su "disattiva ripristino configurazione del sistema"

riavvia malwarebytes ed elimina tutto

riesegui combofix con la chiavetta inserita, avendo cura di tenere premuto il tasto shift quando la inserisci(shift e' in basso a sinistra della tastiera, la freccia cicciottella) e rilasciare il tasto qualche secondo dopo

Quando hai finito, riattiva il ripristino e posta il log

[sono_alla_frutta]

ComboFix 09-06-29.07 - Proprietario 05/07/2009 17.55.10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.255.83 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\doos.sys

.
((((((((((((((((((((((((( Files Creati Da 2009-06-05 al 2009-07-05 )))))))))))))))))))))))))))))))))))
.

2009-07-05 12:08 . 2009-07-05 12:22 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-07-04 11:52 . 2009-07-04 11:52 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Malwarebytes
2009-07-04 11:52 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 11:52 . 2009-07-04 11:52 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-04 11:52 . 2009-07-04 11:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-07-04 11:52 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-04 11:51 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-07-02 21:59 . 2009-07-02 21:59 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Identities
2009-07-02 17:56 . 2009-07-02 17:57 -------- d-----w- c:\documents and settings\Administrator
2009-07-02 17:25 . 2009-07-02 17:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-06-30 21:39 . 2009-06-30 21:39 -------- d-----w- c:\programmi\Trend Micro
2009-06-30 21:22 . 2009-06-30 21:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-06-30 20:28 . 2009-06-30 20:36 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\vlc
2009-06-30 20:27 . 2009-06-30 20:27 -------- d-----w- c:\programmi\VideoLAN
2009-06-30 19:51 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-30 19:40 . 2008-04-21 21:26 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-30 19:22 . 2008-10-03 10:15 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-06-30 17:56 . 2008-04-11 18:50 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-30 17:34 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-30 17:14 . 2009-04-06 09:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-06-30 17:14 . 2009-02-10 14:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-06-30 17:12 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-06-30 17:12 . 2009-06-30 17:12 -------- d-----w- c:\programmi\Agnitum
2009-06-30 17:12 . 2009-06-30 17:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2009-06-30 17:09 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-30 17:09 . 2008-05-01 14:31 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-06-28 21:09 . 2009-06-28 21:09 -------- d-----w- c:\windows\Sun
2009-06-28 21:06 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-28 21:06 . 2008-09-04 16:44 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-06-28 20:53 . 2009-06-28 20:53 -------- d-----w- c:\programmi\File comuni\xing shared
2009-06-28 20:52 . 2009-06-28 20:52 -------- d-----w- C:\Program Files
2009-06-28 20:52 . 2009-06-28 20:53 -------- d-----w- c:\programmi\File comuni\Real
2009-06-28 19:27 . 2008-02-06 13:16 24960 ----a-r- c:\windows\system32\drivers\sembnd5.sys
2009-06-28 19:26 . 2008-02-06 13:16 344064 ----a-r- c:\windows\system32\drivers\sembunic.sys
2009-06-28 19:26 . 2008-02-06 13:15 10752 ----a-r- c:\windows\system32\drivers\sembcr.sys
2009-06-28 19:26 . 2007-08-14 07:15 12672 ----a-r- c:\windows\system32\drivers\sesc.sys
2009-06-28 19:26 . 2008-02-06 13:14 337408 ----a-r- c:\windows\system32\drivers\sembcard.sys
2009-06-28 19:26 . 2008-02-06 13:16 337408 ----a-r- c:\windows\system32\drivers\sembwwan.sys
2009-06-28 19:26 . 2008-02-06 13:15 343680 ----a-r- c:\windows\system32\drivers\sembmgmt.sys
2009-06-28 19:26 . 2008-02-06 13:15 84992 ----a-r- c:\windows\system32\sembir32.dll
2009-06-28 19:26 . 2008-02-06 13:15 380672 ----a-r- c:\windows\system32\drivers\sembmdm2.sys
2009-06-28 19:26 . 2008-02-06 13:15 14976 ----a-r- c:\windows\system32\drivers\sembmdfl2.sys
2009-06-28 19:26 . 2008-02-06 13:14 12160 ----a-r- c:\windows\system32\drivers\sembcmnt.sys
2009-06-28 19:26 . 2008-02-06 13:14 12160 ----a-r- c:\windows\system32\drivers\sembcm.sys
2009-06-28 19:26 . 2008-02-15 16:04 17408 ----a-r- c:\windows\system32\drivers\semcreserved.sys
2009-06-28 19:25 . 2008-02-06 13:16 12160 ----a-r- c:\windows\system32\drivers\sembwhnt.sys
2009-06-28 19:25 . 2008-02-06 13:16 12160 ----a-r- c:\windows\system32\drivers\sembwh.sys
2009-06-28 19:25 . 2008-02-06 13:14 260992 ----a-r- c:\windows\system32\drivers\sembbus.sys
2009-06-28 19:25 . 2009-06-28 19:25 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-28 19:24 . 2009-06-28 19:25 -------- d-----w- c:\programmi\Sony Ericsson
2009-06-28 19:24 . 2009-06-28 19:24 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Sony Ericsson
2009-06-28 19:22 . 2009-06-28 19:22 0 ----a-w- c:\windows\nsreg.dat
2009-06-28 19:22 . 2009-06-28 19:22 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Mozilla
2009-06-28 19:20 . 2005-08-25 17:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-06-28 19:20 . 2009-06-30 21:26 -------- d-----w- c:\programmi\SpywareBlaster
2009-06-28 19:14 . 2009-06-30 21:51 -------- d--h--w- c:\windows\$hf_mig$
2009-06-28 19:13 . 2009-06-30 21:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-06-28 19:13 . 2009-06-28 19:13 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-06-28 19:05 . 2009-06-28 19:05 17808 ----a-w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-28 19:04 . 2009-06-28 19:04 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2009-06-28 19:04 . 2009-06-28 19:10 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-06-28 15:03 . 2004-08-03 21:10 59648 ------w- c:\windows\system32\drivers\rfcomm.sys
2009-06-28 15:01 . 2009-06-28 15:01 -------- d-----w- c:\windows\ServicePackFiles
2009-06-28 14:57 . 2005-06-28 08:21 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-28 14:55 . 2009-06-28 14:55 -------- d-----w- c:\windows\EHome
2009-06-27 18:11 . 2009-06-27 18:12 -------- d-----w- C:\I386
2009-06-27 18:03 . 2009-07-05 15:58 -------- d--h--w- c:\windows\system32\config\systemprofile\Impostazioni locali
2009-06-27 18:03 . 2009-07-02 22:28 -------- dcsh--r- c:\windows\system32\dllcache
2009-06-27 18:03 . 2009-06-27 18:09 -------- d--h--r- c:\windows\system32\config\systemprofile\Dati applicazioni
2009-06-27 18:03 . 2009-06-27 18:09 -------- d-----r- c:\windows\system32\config\systemprofile\Menu Avvio
2009-06-27 15:38 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-27 15:38 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-27 15:38 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-27 15:38 . 2009-06-27 15:38 -------- d-----w- c:\programmi\Avira
2009-06-27 15:38 . 2009-06-27 15:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-06-27 15:21 . 2009-06-27 15:31 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-06-27 15:21 . 2009-06-27 15:31 -------- d-----w- c:\programmi\Symantec
2009-06-27 10:27 . 2003-01-01 22:37 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-06-27 10:26 . 2003-09-03 08:01 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-06-27 10:26 . 2003-04-03 09:09 81920 ----a-w- c:\windows\system32\mplaw7.dll
2009-06-27 10:26 . 2003-04-03 09:09 81920 ----a-w- c:\windows\system32\mplaa6.dll
2009-06-27 10:26 . 2003-04-03 09:09 69632 ----a-w- c:\windows\system32\mplapx.dll
2009-06-27 10:26 . 2003-04-03 09:09 69632 ----a-w- c:\windows\system32\mplam6.dll
2009-06-27 10:26 . 2003-04-03 09:09 1675264 ----a-w- c:\windows\system32\mplva6.dll
2009-06-27 10:26 . 2003-04-03 09:09 1630208 ----a-w- c:\windows\system32\mplvw7.dll
2009-06-27 10:26 . 2003-04-03 09:09 1581056 ----a-w- c:\windows\system32\mplvm6.dll
2009-06-27 10:26 . 2003-04-03 09:09 1150976 ----a-w- c:\windows\system32\mplvpx.dll
2009-06-27 10:26 . 2003-04-03 09:09 49152 ----a-w- c:\windows\system32\cpuinf32.dll
2009-06-27 10:25 . 1995-07-31 11:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-06-27 10:25 . 2009-06-27 10:25 -------- d-----w- c:\programmi\ArcSoft
2009-06-27 10:24 . 2009-06-27 10:24 -------- d-----w- c:\programmi\ATI Technologies
2009-06-27 10:23 . 2004-08-19 13:30 25088 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2009-06-27 10:23 . 2004-08-19 13:26 53632 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2009-06-27 10:23 . 2003-01-01 22:37 -------- d-----w- c:\documents and settings\Default User\WINDOWS
2009-06-27 10:16 . 2001-08-30 18:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-06-27 10:16 . 2004-08-19 13:39 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-27 10:16 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-06-27 10:16 . 2004-08-03 21:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-06-27 10:16 . 2004-08-03 21:15 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-06-27 10:16 . 2004-08-03 21:07 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-06-27 10:16 . 2001-08-17 20:00 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-06-27 10:16 . 2004-08-03 20:39 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2009-06-27 10:16 . 2004-08-03 21:07 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-06-27 10:16 . 2004-08-03 21:07 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2009-06-27 10:16 . 2004-08-03 21:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2009-06-27 10:15 . 2004-08-03 21:15 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-06-27 10:15 . 2004-08-03 21:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 19:27 . 2003-01-02 04:31 74926 ----a-w- c:\windows\system32\perfc010.dat
2009-06-28 19:27 . 2003-01-02 04:31 448752 ----a-w- c:\windows\system32\perfh010.dat
2009-06-28 15:06 . 2003-01-01 20:40 79695 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-06-27 15:31 . 2003-01-01 21:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-06-27 10:28 . 2009-06-27 10:28 3674 --sha-r- c:\windows\system32\drivers\HP_DT395A-ABZ a410.it_YC_Pavi_QCZB402_E41ITheBLF2_4_IKamet2_SASUSTek Computer INC._V2.01_B3.05_T031127_WXH1_L410_M256_J120_7AMD_8Athlon XP 2600+_91,91_111063044_N11063065_P_Z14F12F00_K_A11063059_U11063038_G10025964.MRK
2009-06-27 10:26 . 2003-01-01 22:35 -------- d-----w- c:\programmi\File comuni\InterVideo
2009-06-27 10:26 . 2003-01-01 22:33 -------- d-----w- c:\programmi\InterVideo
2009-06-27 10:26 . 2003-01-01 22:33 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-05-07 15:41 . 2003-01-03 21:41 346112 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:08 . 2003-01-02 04:31 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:16 . 2003-01-01 22:27 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-02_17.06.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-01-01 22:09 . 2007-11-30 12:39 18808 c:\windows\system32\spmsg.dll
- 2003-01-01 22:09 . 2007-11-30 11:19 18808 c:\windows\system32\spmsg.dll
+ 2008-02-17 02:33 . 2009-04-15 09:56 367104 c:\windows\system32\xpsp3res.dll
- 2008-02-17 02:33 . 2008-02-17 02:33 367104 c:\windows\system32\xpsp3res.dll
+ 2009-07-02 18:01 . 2008-03-30 07:06 332672 c:\windows\system32\WgaTray.exe
+ 2009-07-02 18:01 . 2008-03-30 07:06 200064 c:\windows\system32\WgaLogon.dll
+ 2009-04-15 15:16 . 2009-04-15 15:16 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-03-20 16:06 . 2008-03-30 07:05 1488688 c:\windows\system32\LegitCheckControl.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-08-19 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\programmi\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-01 335872]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-06-28 198160]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-08-19 323584]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2003-04-03 50176]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [27/06/2009 17.38.21 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [27/06/2009 17.38.21 45416]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [30/06/2009 19.14.30 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [30/06/2009 19.12.49 1195008]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [30/06/2009 19.12.53 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [30/06/2009 19.14.19 257432]
R3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\drivers\sembbus.sys [28/06/2009 21.25.13 260992]
R3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\drivers\sembcard.sys [28/06/2009 21.26.51 337408]
R3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\drivers\sembmdfl2.sys [28/06/2009 21.26.40 14976]
R3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\drivers\sembmdm2.sys [28/06/2009 21.26.40 380672]
R3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\drivers\sembmgmt.sys [28/06/2009 21.26.45 343680]
R3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\drivers\sembnd5.sys [28/06/2009 21.27.01 24960]
R3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\drivers\sembunic.sys [28/06/2009 21.26.54 344064]
R3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\drivers\sembwwan.sys [28/06/2009 21.26.50 337408]
R3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\drivers\semcreserved.sys [28/06/2009 21.26.32 17408]
R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\drivers\sesc.sys [28/06/2009 21.26.52 12672]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-27 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2009-06-27 08:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://srch-it10.hpwis.com/
mSearch Bar = hxxp://srch-it10.hpwis.com/
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\vkv2qx7q.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\programmi\Java\j2re1.4.2\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 17:58
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-07-05 18.00.50
ComboFix-quarantined-files.txt 2009-07-05 16:00
ComboFix2.txt 2009-07-02 17:09

Pre-Run: 98.809.683.968 byte disponibili
Post-Run: 98.802.946.048 byte disponibili

238 --- E O F --- 2009-07-02 22:28