ragazzi vi ringrazio della tempestività con cui mi avete risposto...ecco il report di combofix:
ComboFix 10-04-06.04 - Administrator 07/04/2010 9.07.04.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.358 [GMT -6:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\a2h2.com
C:\autorun.inf
c:\documents and settings\All Users\Dati applicazioni\_VOIDmfeklnmal.dll
c:\documents and settings\All Users\Dati applicazioni\fiosejgfse.dll
c:\documents and settings\All Users\Preferiti\_favdata.dat
c:\recycler\S-1-5-21-6758523284-9822480507-325947362-4507
c:\windows\_VOIDwmcrecqfpy
c:\windows\_VOIDwmcrecqfpy\_VOIDd.sys
c:\windows\system32\_VOIDdiasxwjppt.dll
c:\windows\system32\_VOIDtqwrrjiepx.dll
c:\windows\system32\_VOIDxturwlrvsl.dll
c:\windows\system32\_VOIDyhktxklgqh.dat
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe
c:\windows\system32\Thumbs.db
D:\a2h2.com
D:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_KAVSYS
-------\Legacy__VOIDd.sys
-------\Legacy__VOIDWMCRECQFPY
-------\Service__VOIDd.sys
-------\Service__VOIDwmcrecqfpy
((((((((((((((((((((((((( Files Creati Da 2010-03-07 al 2010-04-07 )))))))))))))))))))))))))))))))))))
.
2010-04-06 22:31 . 2010-04-06 22:31 -------- d--h--w- c:\documents and settings\Administrator\Risorse di stampa
2010-04-06 21:32 . 2010-04-06 21:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-06 21:30 . 2008-11-07 16:11 86 ----a-w- c:\documents and settings\Administrator\Del9AC.bat
2010-04-06 21:30 . 2010-04-07 15:13 -------- d--h--w- c:\documents and settings\Administrator\Impostazioni locali
2010-04-06 21:30 . 2010-04-07 15:06 -------- d--h--r- c:\documents and settings\Administrator\Dati applicazioni
2010-04-06 21:30 . 2010-04-07 13:16 -------- d-s---w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft
2010-04-06 21:30 . 2010-04-06 22:31 -------- d--h--w- c:\documents and settings\Administrator\Modelli
2010-04-06 21:30 . 2008-11-07 16:15 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Adobe
2010-04-06 21:30 . 2010-04-07 14:44 -------- d-----w- c:\documents and settings\Administrator
2010-04-06 21:04 . 2010-04-06 21:04 -------- d-----w- c:\programmi\CCleaner
2010-04-06 16:25 . 2010-04-06 16:25 -------- d--h--w- c:\windows\PIF
2010-04-06 15:42 . 2010-04-07 10:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-06 15:42 . 2010-04-07 10:44 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-04-06 14:28 . 2010-04-06 15:46 -------- d--h--w- c:\documents and settings\TEMP.BLACKMODE\Impostazioni locali
2010-04-06 14:28 . 2010-04-06 15:46 -------- d-----w- c:\documents and settings\TEMP.BLACKMODE
2010-04-06 14:26 . 2010-04-06 14:26 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-04-06 14:21 . 2010-04-06 14:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo Downloader
2010-04-06 14:20 . 2010-04-06 20:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo
2010-04-06 14:20 . 2010-04-06 14:20 -------- d-----w- c:\programmi\COMODO
2010-04-04 01:42 . 2010-04-04 01:42 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-04 01:42 . 2009-05-27 23:31 584832 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
2010-04-04 01:42 . 2010-04-04 01:42 -------- d-----w- c:\programmi\Belkin
2010-04-04 01:38 . 2010-04-03 19:00 -------- d--h--w- c:\documents and settings\TEMP\Impostazioni locali
2010-04-04 01:38 . 2010-04-03 19:00 -------- d-----w- c:\documents and settings\TEMP
2010-04-03 18:31 . 2010-04-03 18:32 -------- d-----w- c:\programmi\Your Protection
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 15:18 . 2010-04-07 15:16 786432 ---ha-w- c:\documents and settings\TEMP.BLACKMODE.000\NTUSER.DAT
2010-04-07 15:17 . 2010-04-07 15:17 -------- d-----w- c:\documents and settings\TEMP.BLACKMODE.000\Dati applicazioni\Identities
2010-04-07 15:16 . 2010-04-07 15:16 -------- d-s---w- c:\documents and settings\TEMP.BLACKMODE.000\Dati applicazioni\Microsoft
2010-04-07 15:16 . 2010-04-07 15:16 -------- d-----w- c:\programmi\microsoft frontpage
2010-04-07 14:29 . 2010-04-07 14:26 -------- d-----w- c:\programmi\FindyKill
2010-04-06 22:31 . 2010-04-06 21:32 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-06 22:05 . 2010-04-06 22:05 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-04-06 21:32 . 2010-04-06 21:32 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-04-06 21:09 . 2008-11-07 16:43 -------- d-----w- c:\programmi\ESET
2010-04-04 01:42 . 2008-11-07 17:04 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-03 18:02 . 2008-11-07 16:50 -------- d-----w- c:\programmi\eMule
2010-03-06 19:13 . 2009-12-14 23:35 30 ----a-w- c:\windows\popcinfo.dat
2010-02-10 21:18 . 2001-08-31 15:00 85306 ----a-w- c:\windows\system32\perfc010.dat
2010-02-10 21:18 . 2001-08-31 15:00 492454 ----a-w- c:\windows\system32\perfh010.dat
2006-07-30 22:20 . 2008-11-07 16:36 959 --sha-r- c:\windows\system32\autorun.bin
.
------- Sigcheck -------
[-] 2008-05-24 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-05-24 . 4CD9F9B9AA78E3C24630B90DA79CBCDE . 3927552 . . [7.00.6000.20772] . . c:\windows\system32\mshtml.dll
[-] 2008-05-24 . 94A1A243EF6861D230F31C86CDFDE756 . 486912 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-05-24 . D7CEC456BF1B9279DA99C1ACE30D3686 . 893952 . . [7.00.6000.20772] . . c:\windows\system32\wininet.dll
[-] 2008-05-24 . 12F0333CC7253C3C8FB1DB2DA4E24C95 . 1504256 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-05-19 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-05-24 . 7F4C43F75EBF781352DB3B5EF6BF8230 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
c:\windows\System32\drivers\beep.sys ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-05-24 40448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-05-19 124928]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
Utility di rete wireless Belkin.lnk - c:\programmi\Belkin\F5D8053\v6\Belkinwcui.exe [2010-4-3 1232896]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 07:06 40048 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
2002-11-02 06:33 45056 ----a-w- c:\programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2002-12-02 14:17 73728 ----a-w- c:\programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 17:07 1828136 ----a-w- c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 10:09 49152 ----a-w- c:\programmi\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 16:29 2221352 ----a-w- c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-04-28 16:14 570664 ----a-w- c:\programmi\File comuni\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 21:57 30208 ------w- c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPatch]
2004-09-03 10:31 484864 ----a-w- c:\programmi\VIAudioi\SBADeck\VPatch.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [25/02/2004 6.19.10 138118]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [25/02/2004 6.19.08 46773]
R2 Belkin Wifi Service;Belkin Wifi Service;c:\programmi\Belkin\F5D8053\v6\WifiSvc.exe [03/04/2010 19.42.07 274432]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 3.12.34 25088]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [03/04/2010 19.42.09 584832]
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-07 09:16
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1160)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\System32\GEARSec.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\slserv.exe
c:\programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\programmi\File comuni\Nero\Lib\NMFirstStart.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-07 09:20:15 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-07 15:20
Pre-Run: 41.172.295.680 byte disponibili
Post-Run: 41.043.128.320 byte disponibili
- - End Of File - - 9C314364F7306C4F84948AC324341705