Ciao,
ho fatto passare combofix, ma il problema persiste.
Ti allego il log:
ComboFix 10-04-14.04 - Administrator 15/04/2010 20.10.51.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.758.383 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100415-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\mswins.dll
c:\windows\system32\mswins.sys
c:\windows\system32\pwdmon.dll
.
((((((((((((((((((((((((( Files Creati Da 2010-03-15 al 2010-04-15 )))))))))))))))))))))))))))))))))))
.
2010-04-12 08:58 . 2010-04-12 16:42 -------- d-----w- c:\programmi\DEI_TariffaRegioneLazio2007_EDILE
2010-04-11 14:49 . 2010-04-12 08:04 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-11 11:54 . 2010-04-11 11:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-11 10:38 . 2010-04-11 10:38 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Windows Search
2010-04-11 10:24 . 2010-04-11 10:24 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-04-11 10:23 . 2010-04-11 10:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-04-11 10:20 . 2010-04-11 10:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-11 10:19 . 2010-04-11 10:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-11 10:07 . 2010-02-25 06:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-11 10:07 . 2010-02-25 06:16 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-11 10:07 . 2010-04-14 13:58 -------- d-----w- c:\windows\ie8updates
2010-04-11 10:07 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-11 10:02 . 2010-04-11 10:06 -------- dc-h--w- c:\windows\ie8
2010-04-11 09:54 . 2010-04-11 09:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Windows Desktop Search
2010-04-11 09:53 . 2010-04-11 10:34 -------- d-----w- c:\programmi\Windows Desktop Search
2010-04-11 07:37 . 2010-04-11 07:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-04-11 07:37 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-11 07:37 . 2010-04-11 07:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-11 07:37 . 2010-04-11 07:37 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-11 07:37 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 20:36 . 2010-04-07 20:36 -------- d-----w- c:\programmi\IZArc
2010-03-20 19:54 . 2010-03-20 19:56 -------- d-----w- c:\windows\SHELLNEW
2010-03-20 19:53 . 2010-03-20 19:53 -------- d-----w- c:\programmi\Microsoft.NET
2010-03-20 19:51 . 2010-03-20 19:51 -------- d-----r- C:\MSOCache
2010-03-19 08:02 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 08:58 . 2008-08-07 20:56 290816 ------w- c:\windows\Setup1.exe
2010-04-12 08:58 . 2008-08-07 20:53 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-04-11 14:50 . 2006-01-09 21:11 -------- d-----w- c:\programmi\Lavasoft
2010-04-11 14:50 . 2008-04-22 19:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-04-11 10:14 . 1980-01-01 07:00 94050 ----a-w- c:\windows\system32\perfc010.dat
2010-04-11 10:14 . 1980-01-01 07:00 516138 ----a-w- c:\windows\system32\perfh010.dat
2010-04-11 07:28 . 2009-12-06 20:09 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-04-11 07:26 . 2009-06-21 12:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-07 20:30 . 2008-06-23 12:35 -------- d-----w- c:\programmi\CCleaner
2010-04-07 20:22 . 2007-10-08 18:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-04-07 07:48 . 2005-05-23 11:12 75176 -c--a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-10 06:15 . 1980-01-01 07:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:16 . 1980-01-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 1980-01-01 07:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:05 . 1980-01-01 07:00 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2002-09-09 20:34 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 1980-01-01 07:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 1980-01-01 07:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-23 07:57 . 2010-01-23 07:57 388096 -c--a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"TrackPointSrv"="tp4serv.exe" [2003-11-13 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\programmi\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-07 94208]
"TP4EX"="tp4ex.exe" [2002-09-04 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UC_Start"="c:\programmi\IBM\Updater\\ucstartup.exe" [2004-06-25 36864]
"UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCTRAY"="c:\programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2004-08-18 708608]
"QCWLICON"="c:\programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 81920]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\programmi\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 397312]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-10-25 282624]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-08-18 10:30 258048 ----a-w- c:\windows\system32\QConGina.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Programmi\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmi\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/10/2008 18.14.39 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/06/2009 18.26.45 114768]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [23/05/2005 13.49.47 16384]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/06/2009 18.26.45 20560]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10/03/2008 1.04.52 65536]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [01/01/1980 9.00.00 13904]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [23/05/2005 13.46.37 12288]
.
Contenuto della cartella 'Scheduled Tasks'
2010-04-15 c:\windows\Tasks\User_Feed_Synchronization-{49E82B10-DBA1-4AF9-9459-EA882EA4A2BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.yahoo.ituInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {30EE28EB-E72B-4386-9D97-4D861FA510C8} = 208.67.222.222,208.67.220.220
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-UC_SMB - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-15 20:24
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spag.sys >>UNKNOWN [0x8378B938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74f3f28
\Driver\ACPI -> ACPI.sys @ 0xf734ecb8
\Driver\atapi -> atapi.sys @ 0xf72ebb40
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf71dfbb0
PacketIndicateHandler -> NDIS.sys @ 0xf71cea0d
SendHandler -> NDIS.sys @ 0xf71e2b40
user & kernel MBR OK
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-3895753961-738691795-396080738-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,ad,69,00,db,5e,8f,47,81,31,06,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,ad,69,00,db,5e,8f,47,81,31,06,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\WININET.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\system32\S24EvMon.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\windows\System32\QCONSVC.EXE
c:\windows\system32\tp4serv.exe
c:\windows\system32\RegSrvc.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\programmi\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\SearchIndexer.exe
c:\programmi\IBM\Updater\jre\bin\javaw.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-15 20:33:11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-15 18:33
Pre-Run: 15.661.989.888 byte disponibili
Post-Run: 15.768.387.584 byte disponibili
- - End Of File - - CF28A3FC3B9C0D735E39747C1C878802
Mi consigli di fare qualche altra cosa?
Grazie