Non riesco ad accedere ai siti degli antivirus

[Quikka]

Ciao!! Tutto sembra essere risolto!! Grazie mille!:DDD posto qui sotto i log.
p.s: ma che era successo? o_O

ComboFix 10-02-01.03 - Alessia 02/02/2010 13.39.36.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1023.684 [GMT 1:00]
Eseguito da: c:\documents and settings\Alessia\desktop\abc.exe
Opzioni usate :: /killall

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\9fo3ar0j.exe
D:\y.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-01-02 al 2010-02-02 )))))))))))))))))))))))))))))))))))
.

2047-12-31 23:00 . 2010-01-31 21:27 -------- d-----w- C:\! Lost & Found !
2010-02-01 22:58 . 2010-02-01 22:57 90624 --sh--r- C:\9d6tpg.exe
2010-02-01 11:17 . 2010-02-01 11:18 -------- d-----w- c:\programmi\FLAC
2010-01-30 10:25 . 2010-01-30 10:25 97280 --sh--r- C:\mvmdh.exe
2010-01-27 19:50 . 2010-02-02 10:42 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-27 19:50 . 2010-01-27 19:50 -------- d-----w- c:\programmi\Active Data Recovery Software
2010-01-27 19:10 . 2010-01-27 19:10 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Apple Computer
2010-01-26 20:16 . 2010-01-26 20:15 100864 --sh--r- C:\df.exe
2010-01-26 11:14 . 2010-01-26 11:16 -------- d-----w- c:\windows\ShellNew
2010-01-24 17:45 . 2010-01-24 18:06 126464 ----a-w- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\ss.exe
2010-01-24 17:22 . 2004-08-19 13:00 93184 ----a-w- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\server.exe
2010-01-21 13:07 . 2010-01-21 13:08 -------- d-----w- c:\programmi\VirtualDJ
2010-01-21 12:53 . 2010-01-21 12:53 57344 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{8FE3E922-C58B-4E18-A923-FC85530C23C5}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2010-01-21 12:53 . 2010-01-21 12:53 57344 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{8FE3E922-C58B-4E18-A923-FC85530C23C5}\NewShortcut1_B56E5B51EA954C948003CC703E2AFAD5.exe
2010-01-21 12:52 . 2010-01-21 12:52 -------- d-----w- c:\programmi\Serato
2010-01-18 23:21 . 2010-01-18 23:21 454838 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_7DA8B262C7C0B2B5E2561D.exe
2010-01-18 23:21 . 2010-01-18 23:21 454838 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_7D2C132C50CCB86BED182C.exe
2010-01-18 23:21 . 2010-01-18 23:21 -------- d-----w- c:\programmi\AutomationLabs
2010-01-18 01:05 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-18 01:03 . 2010-01-18 01:03 -------- d-----w- c:\windows\system32\it-IT
2010-01-18 01:00 . 2010-01-18 01:00 63904 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-01-18 01:00 . 2010-01-18 01:00 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-18 01:00 . 2010-01-18 01:00 -------- d-----w- c:\programmi\MSBuild
2010-01-18 00:59 . 2010-01-18 00:59 -------- d-----w- c:\programmi\Reference Assemblies
2010-01-18 00:59 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-18 00:58 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-18 00:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-18 00:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-18 00:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-18 00:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-18 00:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-18 00:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-18 00:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-18 00:44 . 2010-01-18 00:44 -------- d-----w- c:\programmi\MSXML 6.0
2010-01-11 23:04 . 2010-01-11 23:04 -------- d-----w- c:\windows\system32\LogFiles
2010-01-06 16:30 . 2010-01-08 13:47 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2010-01-06 16:29 . 2010-01-06 16:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-06 16:29 . 2010-01-06 16:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 18:57 . 2009-12-09 20:19 18496 ----a-w- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-24 17:43 . 2010-01-18 23:26 341 ----a-w- c:\documents and settings\Alessia\Dati applicazioni\settings.dat
2010-01-18 01:01 . 2004-09-16 14:31 79712 ----a-w- c:\windows\system32\perfc010.dat
2010-01-18 01:01 . 2004-09-16 14:31 479418 ----a-w- c:\windows\system32\perfh010.dat
2010-01-11 12:38 . 2009-12-09 21:47 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-01 17:15 . 2009-12-09 19:41 -------- d-----w- c:\programmi\Intel
2009-12-31 17:24 . 2009-12-31 17:24 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\SharePod
2009-12-31 01:35 . 2009-12-31 01:35 -------- d-----w- c:\programmi\Free Audio Pack
2009-12-31 01:35 . 2009-12-31 01:35 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\FreeAudioPack
2009-12-30 15:59 . 2009-12-30 15:59 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Toshiba
2009-12-30 15:54 . 2009-12-30 15:54 -------- d-----w- c:\programmi\Toshiba
2009-12-29 22:29 . 2009-12-29 22:29 -------- d-----w- c:\programmi\Panda Security
2009-12-29 20:13 . 2009-12-29 11:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-29 11:53 . 2009-12-29 11:51 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-27 17:51 . 2009-12-27 17:44 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\PhotoFiltre
2009-12-27 17:44 . 2009-12-27 17:44 -------- d-----w- c:\programmi\PhotoFiltre
2009-12-26 14:09 . 2009-12-26 14:06 175080 ------w- c:\windows\hpoins29.dat
2009-12-26 14:09 . 2009-12-26 14:09 -------- d-----w- c:\programmi\File comuni\HP
2009-12-26 14:09 . 2009-12-26 14:09 -------- d-----w- c:\programmi\Hewlett-Packard
2009-12-26 14:09 . 2009-12-26 14:09 -------- d-----w- c:\programmi\File comuni\Hewlett-Packard
2009-12-26 14:08 . 2009-12-26 14:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard
2009-12-26 14:07 . 2009-12-26 14:07 -------- d-----w- c:\programmi\HP
2009-12-24 00:31 . 2009-12-24 00:31 -------- d-----w- c:\programmi\Google
2009-12-10 10:47 . 2009-12-10 10:47 -------- d-----w- c:\programmi\QuickTime
2009-12-10 10:47 . 2009-12-10 10:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-12-10 10:46 . 2009-12-10 10:46 -------- d-----w- c:\programmi\File comuni\Apple
2009-12-10 10:46 . 2009-12-10 10:46 -------- d-----w- c:\programmi\Apple Software Update
2009-12-10 10:46 . 2009-12-10 10:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-12-09 23:11 . 2009-12-09 23:11 -------- d-----w- c:\programmi\MSN BackUp
2009-12-09 22:55 . 2009-12-09 22:55 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\vlc
2009-12-09 22:55 . 2009-12-09 22:55 -------- d-----w- c:\programmi\VideoLAN
2009-12-09 22:52 . 2009-12-09 22:52 69632 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{B358DA4D-0918-436E-A0E6-4813B1E5965A}\NewShortcut2_B358DA4D0918436EA0E64813B1E5965A.exe
2009-12-09 22:52 . 2009-12-09 22:52 69632 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{B358DA4D-0918-436E-A0E6-4813B1E5965A}\NewShortcut1_B358DA4D0918436EA0E64813B1E5965A.exe
2009-12-09 22:52 . 2009-12-09 22:52 10134 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{B358DA4D-0918-436E-A0E6-4813B1E5965A}\ARPPRODUCTICON.exe
2009-12-09 22:30 . 2009-12-09 22:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-12-09 22:29 . 2009-12-09 22:29 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\ACD Systems
2009-12-09 22:27 . 2009-12-09 22:27 -------- d-----w- c:\programmi\Yahoo!
2009-12-09 22:24 . 2009-12-09 22:24 -------- d-----w- c:\programmi\File comuni\ACD Systems
2009-12-09 22:24 . 2009-12-09 22:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ACD Systems
2009-12-09 22:24 . 2009-12-09 22:24 -------- d-----w- c:\programmi\ACD Systems
2009-12-09 22:23 . 2009-12-09 22:23 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-12-09 22:15 . 2009-12-09 22:10 -------- d-----w- c:\programmi\File comuni\Ahead
2009-12-09 22:14 . 2009-12-09 22:14 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Ahead
2009-12-09 22:10 . 2009-12-09 22:10 -------- d-----w- c:\programmi\Nero
2009-12-09 22:05 . 2009-12-09 22:05 -------- d-----w- c:\programmi\AC3Filter
2009-12-09 22:04 . 2009-12-09 22:04 -------- d-----w- c:\programmi\Xvid
2009-12-09 21:53 . 2009-12-09 21:53 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-09 21:46 . 2009-12-09 21:46 -------- d-----w- c:\programmi\Microsoft
2009-12-09 21:46 . 2009-12-09 21:45 -------- d-----w- c:\programmi\Windows Live
2009-12-09 21:46 . 2009-12-09 21:46 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-12-09 21:40 . 2009-12-09 21:40 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-12-09 20:48 . 2009-12-09 20:48 -------- d-----w- c:\programmi\eMule
2009-12-09 20:37 . 2009-12-09 20:37 0 ----a-w- c:\windows\nsreg.dat
2009-12-09 20:26 . 2009-12-09 19:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-12-09 20:25 . 2009-12-09 19:36 -------- d-----w- c:\programmi\ASUS
2009-12-09 20:04 . 2009-12-09 20:04 -------- d-----w- c:\programmi\CONEXANT
2009-12-09 20:00 . 2009-12-09 20:00 -------- d-----w- c:\programmi\ATI Technologies
2009-12-09 20:00 . 2009-12-09 19:34 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-09 19:44 . 2009-12-09 20:09 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Symantec
2009-12-09 19:39 . 2009-12-09 19:39 -------- d-----w- c:\programmi\Synaptics
2009-12-09 19:34 . 2009-12-09 19:34 -------- d-----w- c:\programmi\Realtek
2009-12-09 19:34 . 2009-12-09 19:34 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-09 19:32 . 2009-12-09 19:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SBSI
2009-12-09 19:32 . 2009-12-09 19:26 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-09 19:27 . 2009-12-09 19:27 -------- d-----w- c:\programmi\microsoft frontpage
2009-12-09 19:25 . 2009-12-09 19:25 -------- d-----w- c:\programmi\Servizi in linea
2009-12-09 19:24 . 2009-12-09 19:24 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-21 14:18 . 2004-09-16 14:31 162569 --sha-r- c:\windows\system32\lcebzg.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-12-09 133104]
"googletalk"="c:\programmi\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-05-11 102400]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-24 14477312]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 81920]
"Wireless Console"="c:\programmi\ASUS\Wireless Console\wcourier.exe" [2005-03-02 57344]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 688218]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\Msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"svchost.exe"= c:\windows\\svchost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2736:TCP"= 2736:TCP:ffncq

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [29/12/2009 23.31.19 28552]
R0 R592;R592;c:\windows\system32\drivers\R592.sys [09/12/2009 20.04.01 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [09/12/2009 20.04.01 27264]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/01/2010 17.29.31 691696]
S2 cfxgsqp;Update Network;c:\windows\system32\svchost.exe -k netsvcs [16/09/2004 15.31.20 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cfxgsqp
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-180221306-2647937500-2557348874-1005Core.job
- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-09 20:38]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-180221306-2647937500-2557348874-1005UA.job
- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-09 20:38]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: {F3BD2A21-8407-48C9-9E30-5549CEBE21F9} = 62.149.128.4,62.149.132.4
FF - ProfilePath - c:\documents and settings\Alessia\Dati applicazioni\Mozilla\Firefox\Profiles\y06ax6ns.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 13:44
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F6D1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75c0fc3
\Driver\ACPI -> ACPI.sys @ 0xf7328cb8
\Driver\atapi -> 0x86f6d1f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cfxgsqp]
"ServiceDll"="c:\windows\system32\lcebzg.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-02 13:47:28 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-02 12:47
ComboFix2.txt 2010-02-02 12:12

Pre-Run: 32.706.200.064 byte disponibili
Post-Run: 32.671.122.432 byte disponibili

- - End Of File - - 0B6CFC3D68CE6070217F06CE98932902

------------------------------------------------------------------------------------
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[gahan]

Ciao Quikka,

forse hai sbagliato a postare il log di Combofix in quanto è uguale a quello che avevi postato precedetemente

[Quikka]

scusa hai ragione

ComboFix 10-02-01.03 - Alessia 02/02/2010 16.22.03.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1023.764 [GMT 1:00]
Eseguito da: c:\documents and settings\Alessia\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\Alessia\Desktop\CFScript.txt

FILE ::
"C:\9d6tpg.exe"
"C:\df.exe"
"c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\server.exe"
"C:\mvmdh.exe"
"c:\windows\system32\emptyregdb.dat"
"c:\windows\system32\lcebzg.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\9d6tpg.exe
C:\df.exe
C:\mvmdh.exe
c:\windows\system32\emptyregdb.dat
c:\windows\system32\lcebzg.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CFXGSQP
-------\Service_cfxgsqp


((((((((((((((((((((((((( Files Creati Da 2010-01-02 al 2010-02-02 )))))))))))))))))))))))))))))))))))
.

2047-12-31 23:00 . 2010-01-31 21:27 -------- d-----w- C:\! Lost & Found !
2010-02-02 15:11 . 2010-02-02 15:11 77312 ----a-w- C:\mbr.exe
2010-02-01 11:17 . 2010-02-01 11:18 -------- d-----w- c:\programmi\FLAC
2010-01-27 19:50 . 2010-02-02 10:42 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-27 19:50 . 2010-01-27 19:50 -------- d-----w- c:\programmi\Active Data Recovery Software
2010-01-27 19:10 . 2010-01-27 19:10 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Apple Computer
2010-01-26 11:14 . 2010-01-26 11:16 -------- d-----w- c:\windows\ShellNew
2010-01-21 13:07 . 2010-01-21 13:08 -------- d-----w- c:\programmi\VirtualDJ
2010-01-18 23:21 . 2010-01-18 23:21 454838 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_7DA8B262C7C0B2B5E2561D.exe
2010-01-18 23:21 . 2010-01-18 23:21 454838 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_7D2C132C50CCB86BED182C.exe
2010-01-18 23:21 . 2010-01-18 23:21 -------- d-----w- c:\programmi\AutomationLabs
2010-01-18 01:05 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-18 01:03 . 2010-01-18 01:03 -------- d-----w- c:\windows\system32\it-IT
2010-01-18 01:00 . 2010-01-18 01:00 63904 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-01-18 01:00 . 2010-01-18 01:00 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-18 01:00 . 2010-01-18 01:00 -------- d-----w- c:\programmi\MSBuild
2010-01-18 00:59 . 2010-01-18 00:59 -------- d-----w- c:\programmi\Reference Assemblies
2010-01-18 00:59 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-18 00:58 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-18 00:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-18 00:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-18 00:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-18 00:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-18 00:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-18 00:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-18 00:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-18 00:44 . 2010-01-18 00:44 -------- d-----w- c:\programmi\MSXML 6.0
2010-01-11 23:04 . 2010-01-11 23:04 -------- d-----w- c:\windows\system32\LogFiles
2010-01-06 16:30 . 2010-01-08 13:47 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2010-01-06 16:29 . 2010-01-06 16:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-06 16:29 . 2010-01-06 16:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 13:12 . 2009-12-29 22:29 -------- d-----w- c:\programmi\Panda Security
2010-02-02 13:01 . 2009-12-09 19:36 -------- d-----w- c:\programmi\ASUS
2010-02-02 12:59 . 2009-12-09 19:34 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-02 12:51 . 2009-12-09 22:27 -------- d-----w- c:\programmi\Yahoo!
2010-01-27 18:57 . 2009-12-09 20:19 18496 ----a-w- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-24 17:43 . 2010-01-18 23:26 341 ----a-w- c:\documents and settings\Alessia\Dati applicazioni\settings.dat
2010-01-18 01:01 . 2004-09-16 14:31 79712 ----a-w- c:\windows\system32\perfc010.dat
2010-01-18 01:01 . 2004-09-16 14:31 479418 ----a-w- c:\windows\system32\perfh010.dat
2010-01-11 12:38 . 2009-12-09 21:47 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-01 17:15 . 2009-12-09 19:41 -------- d-----w- c:\programmi\Intel
2009-12-31 17:24 . 2009-12-31 17:24 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\SharePod
2009-12-31 01:35 . 2009-12-31 01:35 -------- d-----w- c:\programmi\Free Audio Pack
2009-12-31 01:35 . 2009-12-31 01:35 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\FreeAudioPack
2009-12-30 15:59 . 2009-12-30 15:59 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Toshiba
2009-12-30 15:54 . 2009-12-30 15:54 -------- d-----w- c:\programmi\Toshiba
2009-12-29 20:13 . 2009-12-29 11:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-29 11:53 . 2009-12-29 11:51 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-27 17:51 . 2009-12-27 17:44 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\PhotoFiltre
2009-12-27 17:44 . 2009-12-27 17:44 -------- d-----w- c:\programmi\PhotoFiltre
2009-12-26 14:09 . 2009-12-26 14:09 -------- d-----w- c:\programmi\File comuni\Hewlett-Packard
2009-12-26 14:08 . 2009-12-26 14:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard
2009-12-26 14:07 . 2009-12-26 14:07 -------- d-----w- c:\programmi\HP
2009-12-24 00:31 . 2009-12-24 00:31 -------- d-----w- c:\programmi\Google
2009-12-10 10:47 . 2009-12-10 10:47 -------- d-----w- c:\programmi\QuickTime
2009-12-10 10:47 . 2009-12-10 10:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-12-10 10:46 . 2009-12-10 10:46 -------- d-----w- c:\programmi\File comuni\Apple
2009-12-10 10:46 . 2009-12-10 10:46 -------- d-----w- c:\programmi\Apple Software Update
2009-12-10 10:46 . 2009-12-10 10:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-12-09 23:11 . 2009-12-09 23:11 -------- d-----w- c:\programmi\MSN BackUp
2009-12-09 22:55 . 2009-12-09 22:55 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\vlc
2009-12-09 22:55 . 2009-12-09 22:55 -------- d-----w- c:\programmi\VideoLAN
2009-12-09 22:52 . 2009-12-09 22:52 69632 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{B358DA4D-0918-436E-A0E6-4813B1E5965A}\NewShortcut2_B358DA4D0918436EA0E64813B1E5965A.exe
2009-12-09 22:52 . 2009-12-09 22:52 69632 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{B358DA4D-0918-436E-A0E6-4813B1E5965A}\NewShortcut1_B358DA4D0918436EA0E64813B1E5965A.exe
2009-12-09 22:52 . 2009-12-09 22:52 10134 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{B358DA4D-0918-436E-A0E6-4813B1E5965A}\ARPPRODUCTICON.exe
2009-12-09 22:29 . 2009-12-09 22:29 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\ACD Systems
2009-12-09 22:24 . 2009-12-09 22:24 -------- d-----w- c:\programmi\File comuni\ACD Systems
2009-12-09 22:24 . 2009-12-09 22:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ACD Systems
2009-12-09 22:24 . 2009-12-09 22:24 -------- d-----w- c:\programmi\ACD Systems
2009-12-09 22:23 . 2009-12-09 22:23 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-12-09 22:15 . 2009-12-09 22:10 -------- d-----w- c:\programmi\File comuni\Ahead
2009-12-09 22:14 . 2009-12-09 22:14 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Ahead
2009-12-09 22:10 . 2009-12-09 22:10 -------- d-----w- c:\programmi\Nero
2009-12-09 22:05 . 2009-12-09 22:05 -------- d-----w- c:\programmi\AC3Filter
2009-12-09 22:04 . 2009-12-09 22:04 -------- d-----w- c:\programmi\Xvid
2009-12-09 21:53 . 2009-12-09 21:53 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-09 21:46 . 2009-12-09 21:46 -------- d-----w- c:\programmi\Microsoft
2009-12-09 21:46 . 2009-12-09 21:45 -------- d-----w- c:\programmi\Windows Live
2009-12-09 21:46 . 2009-12-09 21:46 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-12-09 21:40 . 2009-12-09 21:40 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-12-09 20:48 . 2009-12-09 20:48 -------- d-----w- c:\programmi\eMule
2009-12-09 20:37 . 2009-12-09 20:37 0 ----a-w- c:\windows\nsreg.dat
2009-12-09 20:26 . 2009-12-09 19:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-12-09 20:04 . 2009-12-09 20:04 -------- d-----w- c:\programmi\CONEXANT
2009-12-09 20:00 . 2009-12-09 20:00 -------- d-----w- c:\programmi\ATI Technologies
2009-12-09 19:44 . 2009-12-09 20:09 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Symantec
2009-12-09 19:39 . 2009-12-09 19:39 -------- d-----w- c:\programmi\Synaptics
2009-12-09 19:34 . 2009-12-09 19:34 -------- d-----w- c:\programmi\Realtek
2009-12-09 19:34 . 2009-12-09 19:34 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-09 19:32 . 2009-12-09 19:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SBSI
2009-12-09 19:32 . 2009-12-09 19:26 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-09 19:27 . 2009-12-09 19:27 -------- d-----w- c:\programmi\microsoft frontpage
2009-12-09 19:25 . 2009-12-09 19:25 -------- d-----w- c:\programmi\Servizi in linea
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-12-09 133104]
"googletalk"="c:\programmi\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-05-11 102400]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-24 14477312]
"Wireless Console"="c:\programmi\ASUS\Wireless Console\wcourier.exe" [2005-03-02 57344]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 688218]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\Msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"svchost.exe"= c:\windows\\svchost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2736:TCP"= 2736:TCP:ffncq

R0 R592;R592;c:\windows\system32\drivers\R592.sys [09/12/2009 20.04.01 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [09/12/2009 20.04.01 27264]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/01/2010 17.29.31 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-180221306-2647937500-2557348874-1005Core.job
- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-09 20:38]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-180221306-2647937500-2557348874-1005UA.job
- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-09 20:38]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: {F3BD2A21-8407-48C9-9E30-5549CEBE21F9} = 62.149.128.4,62.149.132.4
FF - ProfilePath - c:\documents and settings\Alessia\Dati applicazioni\Mozilla\Firefox\Profiles\y06ax6ns.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 16:27
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F6D1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75d9fc3
\Driver\ACPI -> ACPI.sys @ 0xf7341cb8
\Driver\atapi -> 0x86f6d1f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1244)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3580)
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-02 16:31:13 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-02 15:31
ComboFix2.txt 2010-02-02 12:47
ComboFix3.txt 2010-02-02 12:12

Pre-Run: 32.765.797.888 byte disponibili
Post-Run: 32.664.599.040 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 427A637859B4DBF28BE8C342A9EE5128

[gahan]

ok...appena ho un po di tempo controllo questo nuovo log di Combofix...

nel frattempo scarica ed installa malwarebytes dal link sottostante:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

- aggiornalo
- disattiva il tuo antivirus
- chiudi tutte le applicazioni in esecuzione (se ne hai di aperte)
- esegui una "scansione completa"

A scansione completata, posta il rapporto.

[Quikka]

L'avevo già fatto... cmq l'ho rifatto

Malwarebytes' Anti-Malware 1.44
Versione del database: 3679
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

02/02/2010 19.16.10
mbam-log-2010-02-02 (19-16-10).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 117346
Tempo trascorso: 6 minute(s), 13 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

[Luke57]

Ciao, anche il report di combofix è a posto.

[gahan]

Perfetto

Per il momento, concludi con una pulizia completa con CCleaner:

scaricalo da questo link:

http://www.ccleaner.com/download/downloading

installalo, avvialo --> vai in opzioni sulla sinistra --> avanzate --> togli la spunta da cancella file in windows temp se più vecchi di 48 ore.
Ritorna in "pulizia" e clicca su avvia pulizia.

[gahan]

Ciao, anche il report di combofix è a posto.

Grazie mille Luke

sono al lavoro e mi era difficile analizzare il log

[Quikka]

Grazie mille ragazzi!!!
Siete favolosi!!!

[gahan]

Grazie mille ragazzi!!!
Siete favolosi!!!

Di niente

[Mersia]

Ciao ragazzi sono un'amica di Quikka scusate se ne approfitto ma anche io ho lo stesso problema dato che ho letto la procedura posto il log di combofix e attendo fiduciosa, grazie in anticipo :

ComboFix 10-02-02.02 - Administrator 02/02/2010 23.29.04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1014.655 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\desktop\abc.exe
Opzioni usate :: /killall

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\restore
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
c:\windows\msa.exe
c:\windows\svchost.exe
c:\windows\system32\explorer.exe
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SSHNAS


((((((((((((((((((((((((( Files Creati Da 2010-01-02 al 2010-02-02 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 20:52 . 2008-09-16 12:08 -------- d-----w- c:\programmi\eMule
2009-11-07 09:48 . 2001-08-31 11:00 70138 ----a-w- c:\windows\system32\perfc010.dat
2009-11-07 09:48 . 2001-08-31 11:00 437976 ----a-w- c:\windows\system32\perfh010.dat
2009-11-06 12:32 . 2008-09-12 18:07 22328 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-04-14 02:13 . 2001-08-31 11:00 172649 --sha-r- c:\windows\system32\iuzwzds.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-01-01 133104]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-09-16 180269]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-09-08 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 17:51 39792 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-08 19:09 305440 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27 144784 ----a-w- c:\programmi\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"svchost.exe"= c:\windows\\svchost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1760:TCP"= 1760:TCP:pkonqat

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/11/2009 12.50.02 54752]
S2 mzzhy;ruuoa;c:\windows\system32\svchost.exe -k netsvcs [31/08/2001 12.00.00 14336]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mzzhy
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-413027322-725345543-500Core.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-01-01 14:25]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-413027322-725345543-500UA.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-01-01 14:25]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Scarica con FlashGet - c:\programmi\FlashGet\jc_link.htm
IE: Scarica tutto con FlashGet - c:\programmi\FlashGet\jc_all.htm
TCP: {2B94F3F1-9240-40C3-8008-864CA18377FE} = 62.149.128.4,62.149.132.4
TCP: {8D8D6176-C41F-4297-8726-F227A6F79B91} = 62.149.128.4,62.149.132.4
TCP: {B7BDE3D9-960E-4EA8-8DD1-545948B93913} = 62.149.128.4,62.149.132.4
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\nam2a6v7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\nam2a6v7.default\extensions\StreamingPlugin@conviva.com\platform\WINNT_x86-msvc\plugins\npconviva.4.dll
FF - plugin: c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Codecs\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\programmi\Codecs\DivX\DivX Web Player\npdivx32.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-wsctf.exe - wsctf.exe
HKLM-Run-svchost services - c:\windows\svchost.exe
ActiveSetup-{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
AddRemove-eMule - c:\programmi\eMule\incoming\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 23:35
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mzzhy]
"ServiceDll"="c:\windows\system32\iuzwzds.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3384)
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\programmi\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\RTHDCPL.EXE
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-02 23:39:34 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-02 22:39

Pre-Run: 45.668.003.840 byte disponibili
Post-Run: 46.679.236.608 byte disponibili

- - End Of File - - 03AFF7F8A3AD45763730598569FB4402

[gahan]

Ciao, apri un file di testo (dal blocco note), ed inserisci il seguente script:

Codice: Seleziona tutto

Driver::
mzzhy

NetSvcs::
mzzhy

File::
c:\windows\system32\iuzwzds.dll

Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mzzhy]

salva il file nella stessa directory dove hai salvato combofix chiamandolo

obbligatoriamente CFScript.txt
quindi con il puntatore del mouse trascina il file sull'icona di combofix.

Il programma effettuerà una nuova scansione....attendi la fine senza fare nulla e al termine

riavvia il PC (dovrebbe farlo in automatico).
Posta sul forum il nuovo log situato sempre in c:\combofix.txt.

[Mersia]

eccolo

ComboFix 10-02-02.02 - Administrator 03/02/2010 0.04.19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1014.637 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\iuzwzds.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\iuzwzds.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MZZHY
-------\Service_mzzhy


((((((((((((((((((((((((( Files Creati Da 2010-01-02 al 2010-02-02 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 22:42 . 2010-02-02 22:50 77312 ----a-w- C:\mbr.exe
2010-01-29 20:52 . 2008-09-16 12:08 -------- d-----w- c:\programmi\eMule
2009-11-07 09:48 . 2001-08-31 11:00 70138 ----a-w- c:\windows\system32\perfc010.dat
2009-11-07 09:48 . 2001-08-31 11:00 437976 ----a-w- c:\windows\system32\perfh010.dat
2009-11-06 12:32 . 2008-09-12 18:07 22328 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-01-01 133104]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-09-16 180269]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-09-08 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 17:51 39792 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-08 19:09 305440 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27 144784 ----a-w- c:\programmi\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"svchost.exe"= c:\windows\\svchost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1760:TCP"= 1760:TCP:pkonqat

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/11/2009 12.50.02 54752]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-413027322-725345543-500Core.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-01-01 14:25]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-413027322-725345543-500UA.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-01-01 14:25]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Scarica con FlashGet - c:\programmi\FlashGet\jc_link.htm
IE: Scarica tutto con FlashGet - c:\programmi\FlashGet\jc_all.htm
TCP: {2B94F3F1-9240-40C3-8008-864CA18377FE} = 62.149.128.4,62.149.132.4
TCP: {8D8D6176-C41F-4297-8726-F227A6F79B91} = 62.149.128.4,62.149.132.4
TCP: {B7BDE3D9-960E-4EA8-8DD1-545948B93913} = 62.149.128.4,62.149.132.4
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\nam2a6v7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\nam2a6v7.default\extensions\StreamingPlugin@conviva.com\platform\WINNT_x86-msvc\plugins\npconviva.4.dll
FF - plugin: c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Codecs\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\programmi\Codecs\DivX\DivX Web Player\npdivx32.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 00:08
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3296)
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\WgaTray.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\programmi\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\control.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-03 00:11:20 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-02 23:11
ComboFix2.txt 2010-02-02 22:39

Pre-Run: 46.678.228.992 byte disponibili
Post-Run: 46.642.069.504 byte disponibili

- - End Of File - - F9592BB183EEE173B8B6228E276F8D69

[gahan]

bene...esegui quanto segue per un ulteriore controllo:

- scarica ed installa malwarebytes dal link sottostante:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- aggiornalo
- disattiva il tuo antivirus
- chiudi tutte le applicazioni in esecuzione (se ne hai di aperte)
- esegui una "scansione completa"
A scansione completata, posta il rapporto.


- concludi con una pulizia completa con CCleaner:

scaricalo da questo link:

http://www.ccleaner.com/download/downloading

installalo, avvialo --> vai in opzioni sulla sinistra --> avanzate --> togli la spunta da cancella file in windows temp se più vecchi di 48 ore.
Ritorna in "pulizia" e clicca su avvia pulizia.


Noti miglioramenti?

[Mersia]

Tutto fatto grazieeee ))))
Buona notte

[gahan]

di niente, e buona notte

[ciottinga]

Ciao, anche io ho il medesimo problema ma non riesco a risolverlo.
Ho provato a leggere alcune delle vostre soluzioni ma niente da fare...
Vi prego di darmi una mano e vi ringrazio per la vostra attenzione.
Dalla scansione con Combofix esce fuori il seguente testo


ComboFix 10-02-09.03 - luigi 10/02/2010 8.51.00.8.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.502.237 [GMT 1:00]
Eseguito da: c:\documents and settings\luigi\Desktop\combofix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Creati Da 2010-01-10 al 2010-02-10 )))))))))))))))))))))))))))))))))))
.

2010-02-10 00:10 . 2010-02-10 00:10 -------- d-----w- c:\documents and settings\luigi\Impostazioni locali\Dati applicazioni\Adobe
2010-02-09 22:26 . 2010-02-09 22:26 -------- d-----w- c:\windows\system32\CatRoot2
2010-02-09 20:01 . 2010-02-09 20:01 -------- d-----w- c:\documents and settings\luigi\Impostazioni locali\Dati applicazioni\ESET
2010-02-09 19:27 . 2010-02-09 19:27 0 ----a-w- c:\windows\nsreg.dat
2010-02-09 19:27 . 2010-02-09 19:27 -------- d-----w- c:\documents and settings\luigi\Impostazioni locali\Dati applicazioni\Mozilla
2010-02-09 18:48 . 2010-02-09 18:48 -------- d-s---w- c:\documents and settings\luigi\UserData
2010-02-09 18:42 . 2010-02-09 18:42 39368 ----a-w- c:\documents and settings\luigi\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-09 18:40 . 2010-02-09 18:40 -------- d-----w- c:\programmi\GPLGS
2010-02-09 18:38 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-02-09 18:38 . 2010-02-09 18:38 -------- d-----w- c:\programmi\Acro Software
2010-02-09 18:37 . 2010-02-09 18:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-09 18:37 . 2010-02-09 18:37 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-02-09 18:36 . 2010-02-09 18:36 -------- d-----w- c:\documents and settings\luigi\Dati applicazioni\DAEMON Tools Lite
2010-02-09 18:36 . 2010-02-09 18:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-02-09 17:52 . 2003-06-19 00:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-02-09 17:52 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-02-09 17:52 . 2010-02-09 17:52 -------- d-----w- c:\windows\SHELLNEW
2010-02-09 17:52 . 2010-02-09 17:52 -------- d-----w- c:\programmi\Microsoft.NET
2010-02-09 17:25 . 2008-03-03 17:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2010-02-09 17:25 . 2008-03-03 13:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2010-02-09 17:22 . 2010-02-09 17:22 -------- d-----w- c:\programmi\ESET
2010-02-09 17:22 . 2010-02-09 17:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2010-02-09 17:06 . 2010-02-09 17:06 -------- d--h--w- c:\windows\$hf_mig$
2010-02-09 17:03 . 2010-02-09 17:03 -------- d-----w- c:\documents and settings\luigi\Dati applicazioni\Acer
2010-02-09 17:03 . 2010-02-09 17:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Acer
2010-02-09 17:03 . 2005-09-13 14:34 4392 ----a-w- c:\windows\system32\drivers\NdisFilt.sys
2010-02-09 17:03 . 2005-10-15 17:20 12106 ----a-w- c:\windows\system32\drivers\OsaFsLoc.sys
2010-02-09 17:03 . 2005-01-14 14:57 4010 ----a-w- c:\windows\system32\drivers\osanbm.sys
2010-02-09 17:03 . 2005-06-30 15:58 7296 ----a-w- c:\windows\system32\drivers\osaio.sys
2010-02-09 17:01 . 2005-09-26 15:40 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2010-02-09 17:00 . 2010-02-09 17:00 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-02-09 17:00 . 2010-02-09 17:00 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Intel
2010-02-09 17:00 . 2010-02-09 17:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Intel
2010-02-09 17:00 . 2005-12-05 19:07 61440 ----a-w- c:\windows\system32\acerGina.dll
2010-02-09 16:59 . 2010-02-09 16:59 -------- d-----w- c:\programmi\Launch Manager
2010-02-09 16:59 . 2004-12-09 11:04 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2010-02-09 16:59 . 2004-12-08 13:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-02-09 16:59 . 2002-12-19 14:58 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2010-02-09 16:57 . 2010-02-09 16:57 -------- d-----w- c:\windows\Acer
2010-02-09 16:50 . 2006-02-23 20:00 5015280 ----a-w- c:\windows\KB912945.EXE
2010-02-09 16:50 . 2004-08-26 01:23 163840 ----a-w- c:\windows\AExec.exe
2010-02-09 16:50 . 2004-08-24 20:48 589824 ----a-w- c:\windows\AntiV.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 17:13 . 2006-01-03 17:17 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-09 17:06 . 2010-02-09 16:57 134 ----a-w- c:\documents and settings\luigi\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-02-09 16:50 . 2004-06-25 01:13 940 ----a-w- c:\windows\HotFix.bat
2010-02-09 16:50 . 2005-03-09 20:12 757 ----a-w- c:\windows\CLEANUP.CMD
2004-08-19 04:00 . 2004-08-19 04:00 168371 --sh--r- c:\windows\system32\adszj.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-09_20.05.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-09 23:52 . 2010-02-09 23:52 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 15600128]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-17 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-17 114688]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 458752]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3453:TCP"= 3453:TCP:huxutzgk

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/02/2008 11.11.16 33800]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [20/02/2008 11.08.46 472320]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/02/2010 19.37.30 691696]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/08/2004 5.00.00 3584]
S2 yclxj;Support Manager;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 5.00.00 14336]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - INT15.SYS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yclxj
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\luigi\Dati applicazioni\Mozilla\Firefox\Profiles\p54ifla9.default\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 08:53
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yclxj]
"ServiceDll"="c:\windows\system32\adszj.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-02-10 08:54:11
ComboFix-quarantined-files.txt 2010-02-10 07:54
ComboFix2.txt 2010-02-09 23:01
ComboFix3.txt 2010-02-09 22:20
ComboFix4.txt 2010-02-09 20:06

Pre-Run: 29.002.956.800 byte disponibili
Post-Run: 28.967.075.840 byte disponibili

- - End Of File - - 5365A3FF968159EA96174250DBD9C438

[-> EleKtrA <-]

Ciao ciottinga, ho preparato uno script per eliminare i servizi caricati dal Conficker, dopo di che eseguiremo una manutenzione del sistema.

Apri un file di testo sul Desktop
Start > esegui, digita: notepad.exe e poi clicca Ok
Incolla il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente
con il nome CFScript

Codice: Seleziona tutto

Killall::
File::
c:\windows\system32\adszj.dll

NetSvcs::
yclxj

Driver::
huxutzgk
yclxj

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3453:TCP"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_yclxj]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_yclxj]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_yclxj]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_yclxj]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_yclxj]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yclxj]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yclxj]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\yclxj]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\yclxj]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\yclxj]

Con il mouse trascina il file CFScript.txt sull'icona rossa di Combofix

Lascia lavorare il programma
Verrà creato un nuovo log combofix.txt
Allega il rapporto per un controllo.

Dopo Il riavvio scarica ed esegui questo tool
Eset’s Win32/Conficker Worm Removal Tool

Riavvia ed installa questa patch
Aggiornamento della protezione per Windows XP (KB958644)

Attendo il secondo rapporto di combofix per proseguire.

[ciottinga]

Credo che nulla abbia mai funzionato così bene. Sei stata veramente gentilissima oltre che preparatissima.
Ti invio come richiesto il rapporto combofix e attendo tue ulteriori indicazioni se fossero necessarie.

Grazie

ComboFix 10-02-10.01 - luigi 10/02/2010 21.50.34.9.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.502.235 [GMT 1:00]
Eseguito da: c:\documents and settings\luigi\Desktop\combofix.exe
Opzioni usate :: c:\documents and settings\luigi\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


FILE ::
"c:\windows\system32\adszj.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\adszj.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YCLXJ
-------\Service_yclxj


((((((((((((((((((((((((( Files Creati Da 2010-01-10 al 2010-02-10 )))))))))))))))))))))))))))))))))))
.

2010-02-10 20:55 . 2010-02-10 20:55 -------- d-----w- c:\windows\LastGood
2010-02-10 00:10 . 2010-02-10 00:10 -------- d-----w- c:\documents and settings\luigi\Impostazioni locali\Dati applicazioni\Adobe
2010-02-09 22:26 . 2010-02-09 22:26 -------- d-----w- c:\windows\system32\CatRoot2
2010-02-09 20:01 . 2010-02-09 20:01 -------- d-----w- c:\documents and settings\luigi\Impostazioni locali\Dati applicazioni\ESET
2010-02-09 19:27 . 2010-02-09 19:27 0 ----a-w- c:\windows\nsreg.dat
2010-02-09 19:27 . 2010-02-09 19:27 -------- d-----w- c:\documents and settings\luigi\Impostazioni locali\Dati applicazioni\Mozilla
2010-02-09 18:48 . 2010-02-09 18:48 -------- d-s---w- c:\documents and settings\luigi\UserData
2010-02-09 18:42 . 2010-02-09 18:42 39368 ----a-w- c:\documents and settings\luigi\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-09 18:40 . 2010-02-09 18:40 -------- d-----w- c:\programmi\GPLGS
2010-02-09 18:38 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-02-09 18:38 . 2010-02-09 18:38 -------- d-----w- c:\programmi\Acro Software
2010-02-09 18:37 . 2010-02-09 18:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-09 18:37 . 2010-02-09 18:37 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-02-09 18:36 . 2010-02-09 18:36 -------- d-----w- c:\documents and settings\luigi\Dati applicazioni\DAEMON Tools Lite
2010-02-09 18:36 . 2010-02-09 18:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-02-09 17:52 . 2003-06-19 00:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-02-09 17:52 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-02-09 17:52 . 2010-02-09 17:52 -------- d-----w- c:\windows\SHELLNEW
2010-02-09 17:52 . 2010-02-09 17:52 -------- d-----w- c:\programmi\Microsoft.NET
2010-02-09 17:25 . 2008-03-03 17:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2010-02-09 17:25 . 2008-03-03 13:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2010-02-09 17:22 . 2010-02-09 17:22 -------- d-----w- c:\programmi\ESET
2010-02-09 17:22 . 2010-02-09 17:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2010-02-09 17:06 . 2010-02-09 17:06 -------- d--h--w- c:\windows\$hf_mig$
2010-02-09 17:03 . 2010-02-09 17:03 -------- d-----w- c:\documents and settings\luigi\Dati applicazioni\Acer
2010-02-09 17:03 . 2010-02-09 17:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Acer
2010-02-09 17:03 . 2005-09-13 14:34 4392 ----a-w- c:\windows\system32\drivers\NdisFilt.sys
2010-02-09 17:03 . 2005-10-15 17:20 12106 ----a-w- c:\windows\system32\drivers\OsaFsLoc.sys
2010-02-09 17:03 . 2005-01-14 14:57 4010 ----a-w- c:\windows\system32\drivers\osanbm.sys
2010-02-09 17:03 . 2005-06-30 15:58 7296 ----a-w- c:\windows\system32\drivers\osaio.sys
2010-02-09 17:01 . 2005-09-26 15:40 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2010-02-09 17:00 . 2010-02-09 17:00 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-02-09 17:00 . 2010-02-09 17:00 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Intel
2010-02-09 17:00 . 2010-02-09 17:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Intel
2010-02-09 17:00 . 2005-12-05 19:07 61440 ----a-w- c:\windows\system32\acerGina.dll
2010-02-09 16:59 . 2010-02-09 16:59 -------- d-----w- c:\programmi\Launch Manager
2010-02-09 16:59 . 2004-12-09 11:04 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2010-02-09 16:59 . 2004-12-08 13:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-02-09 16:59 . 2002-12-19 14:58 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2010-02-09 16:57 . 2010-02-09 16:57 -------- d-----w- c:\windows\Acer
2010-02-09 16:50 . 2006-02-23 20:00 5015280 ----a-w- c:\windows\KB912945.EXE
2010-02-09 16:50 . 2004-08-26 01:23 163840 ----a-w- c:\windows\AExec.exe
2010-02-09 16:50 . 2004-08-24 20:48 589824 ----a-w- c:\windows\AntiV.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 17:13 . 2006-01-03 17:17 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-09 17:06 . 2010-02-09 16:57 134 ----a-w- c:\documents and settings\luigi\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-02-09 16:50 . 2004-06-25 01:13 940 ----a-w- c:\windows\HotFix.bat
2010-02-09 16:50 . 2005-03-09 20:12 757 ----a-w- c:\windows\CLEANUP.CMD
.

((((((((((((((((((((((((((((( SnapShot@2010-02-09_20.05.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2004-08-19 04:00 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-02-10 20:55 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2010-02-09 23:52 . 2010-02-09 23:52 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-19 04:00 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-19 04:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-19 04:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-02-10 20:55 . 2004-08-19 04:00 36864 c:\windows\LastGood\system32\wups.dll
+ 2010-02-10 20:55 . 2004-08-19 04:00 66560 c:\windows\LastGood\system32\cdm.dll
+ 2004-08-19 04:00 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2004-08-19 04:00 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2004-08-19 04:00 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-19 04:00 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-19 04:00 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-19 04:00 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-02-10 20:55 . 2004-08-19 04:00 120320 c:\windows\LastGood\system32\wuweb.dll
+ 2010-02-10 20:55 . 2004-08-19 04:00 114176 c:\windows\LastGood\system32\wucltui.dll
+ 2010-02-10 20:55 . 2004-08-19 04:00 111616 c:\windows\LastGood\system32\wuauclt.exe
+ 2010-02-10 20:55 . 2004-08-19 04:00 432128 c:\windows\LastGood\system32\wuapi.dll
+ 2004-08-19 04:00 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2004-08-19 04:00 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-02-10 20:55 . 2004-08-19 04:00 1134592 c:\windows\LastGood\system32\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 15600128]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-17 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-17 114688]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 458752]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/02/2010 19.37.30 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/02/2008 11.11.16 33800]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [20/02/2008 11.08.46 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/08/2004 5.00.00 3584]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\luigi\Dati applicazioni\Mozilla\Firefox\Profiles\p54ifla9.default\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 21:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x823DD1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8539fc3
\Driver\ACPI -> ACPI.sys @ 0xf8241cb8
\Driver\atapi -> 0x823dd1f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
SecurityProcedure -> ntkrnlpa.exe @ 0x80577f2a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
SecurityProcedure -> ntkrnlpa.exe @ 0x80577f2a
NDIS: Intel(R) PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf810dba0
PacketIndicateHandler -> NDIS.sys @ 0xf811ab21
SendHandler -> NDIS.sys @ 0xf80f887b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3152)
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\acer\Empowering Technology\admServ.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-10 21:57:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-10 20:57
ComboFix2.txt 2010-02-09 23:01
ComboFix3.txt 2010-02-09 22:20
ComboFix4.txt 2010-02-09 20:06

Pre-Run: 28.968.747.008 byte disponibili
Post-Run: 28.885.417.984 byte disponibili

- - End Of File - - 9D34CD49362F532CB4D722C24C70F4CA

[-> EleKtrA <-]

Ciao ciottinga , lo script ha funzionato, ora facciamo alcune operazioni di verifica e di ottimizzazione.

Scarica Stealth MBR rootkit detector
Inseriscilo nella Directory C:\
Riavvia il Pc in modalità provvisoria F8
Start > Esegui - digita C:\mbr.exe e clicca su OK
Salva il rapporto MBR1 ed allegatelo per il controllo.

Scarica TFC by OldTimer sul desktop
Chiudi tutti i programmi
Avvia TFC con un doppio clic
Clicca su "STAR"
Al termine della scansione ti chiederà il riavvio, clicca su "OK".

Dopo il ravvio collegati a Windows Live OneCare ed esegui un analisi completa.

Scarica e installa l'ultima versione di Adobe Reader
Scarica e installa l'ultima versione di Java Sun
Aggiorna Adobe FlashPlayer:
1. Scarica il programma di disinstallazione di FlashPlayer
2. Scarica l'ultima versione di FlashPlayer per IE
3. Scarica l'ultima versione di FlashPlayer non per IE
4. Chiudi tutti i browser (IE, Opera, Firefox, Chrome, etc)
5. Esegui il programma di disinstallazione scaricato al punto 1.
6. Esegui il programma di installazione scaricato al punto 2.
7. Esegui il programma di installazione scaricato al punto 3.

Al termine di queste operazioni allega un log di Hijackthis. | Tutorial
Una volta installato, cliccare sulla icona Hijackthis sul Desktop
Premere il pulsante: Do System scan and save a logfile
Al termine della scansione si aprirà il file Hijackthis.log
Con Bocco Note eseguire:
Modifica > Seleziona tutto > Tasto Destro del mouse > copia
Postarlo nel Topic inserendo il log nel tag "code". (CLICCA)