fatto questo è il responso:
ComboFix 09-11-13.06 - Computer 13/11/2009 20.54.35.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2785 [GMT 1:00]
Eseguito da: c:\documents and settings\Computer\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((( Files Creati Da 2009-10-13 al 2009-11-13 )))))))))))))))))))))))))))))))))))
.
2009-10-29 12:11 . 2009-10-29 12:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HPSSUPPLY
2009-10-27 11:26 . 2009-10-27 11:35 -------- d-----w- c:\temp\lgfwauto
2009-10-18 19:51 . 1998-11-13 12:07 307712 ----a-w- c:\windows\IsUn0410.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 20:01 . 2009-06-30 20:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-11-13 20:01 . 2009-04-22 16:42 -------- d-----w- c:\programmi\lg_fwupdate
2009-11-13 19:59 . 2009-06-30 20:56 450592 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-13 19:59 . 2009-06-30 20:56 2620 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-13 19:59 . 2009-06-30 20:56 2064416 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-13 19:59 . 2009-06-30 20:56 17208 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-09 21:29 . 2009-04-22 16:50 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-27 11:36 . 2009-04-22 16:42 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2009-10-25 06:27 . 2001-08-31 12:00 47814 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 06:27 . 2001-08-31 12:00 345382 ----a-w- c:\windows\system32\perfh010.dat
2009-10-15 07:41 . 2009-06-30 20:57 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-15 07:41 . 2009-06-30 20:57 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-10 22:22 . 2009-10-10 22:22 -------- d-----w- c:\programmi\MIKSOFT
2009-10-10 22:12 . 2009-07-23 20:21 -------- d-----w- c:\programmi\Motorola Phone Tools
2009-09-11 14:17 . 2004-08-19 15:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-19 15:39 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 10:20 . 2009-08-31 10:20 20 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\ForDiff\dailyc.kdc.bat
2009-08-29 07:56 . 2004-08-19 15:39 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-19 15:39 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 13:09 . 2009-08-20 13:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"LGODDFU"="c:\programmi\lg_fwupdate\fwupdate.exe" [2009-10-27 557056]
"HDAudDeck"="c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-02-27 33599488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"CnxTrApp"="c:\programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll" [2004-04-20 247296]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-06-30 201992]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-6-30 212992]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PHOTOfunSTUDIO -viewer-.lnk - c:\programmi\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-6-30 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17.29.38 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 18.02.46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 19.07.10 24592]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [04/05/2009 22.33.08 1057024]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [22/07/2009 8.29.30 171264]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
2009-11-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.libero.it/IE: Aggiungi al banner Blocco pubblicità - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\8l58qhes.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-13 21:02
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1328)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(656)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programmi\HP\Digital Imaging\bin\hpqbam08.exe
c:\programmi\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-13 21:03 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-13 20:03
Pre-Run: 488.325.177.344 byte disponibili
Post-Run: 489.563.799.552 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 3C249DC79C6E4F8469E5153AE4966FC4