Ok credo di esserci riuscito, mentre combofix faceva la scansione mi ha dato messaggi di errore. Ecco il testo:
ComboFix 10-04-14.01 - asd 16/04/2010 18.35.06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.767.440 [GMT 2:00]
Eseguito da: c:\documents and settings\asd\Documenti\rimuovere virus\ComboFix.exe
Opzioni usate :: c:\documents and settings\asd\Documenti\rimuovere virus\CFScript.txt..txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000002-0002-0000-14EF-9D7C08000A00}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\aeqqiuke.sys
c:\windows\system32\drivers\gvsda.sys
c:\windows\system32\drivers\mvsqogdq.sys
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XEFBCA
-------\Service_xefbca
((((((((((((((((((((((((( Files Creati Da 2010-03-16 al 2010-04-16 )))))))))))))))))))))))))))))))))))
.
2010-04-16 16:13 . 2010-04-16 16:45 586240 ----a-w- c:\windows\system32\drivers\aoknwbd.sys
2010-04-14 20:45 . 2010-04-14 20:45 54016 ----a-w- c:\windows\system32\drivers\mwbfedgy.sys
2010-04-14 20:35 . 2010-04-14 20:35 -------- d-----w- c:\documents and settings\asd\Dati applicazioni\Malwarebytes
2010-04-14 20:35 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 20:35 . 2010-04-14 20:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-14 20:35 . 2010-04-15 16:29 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-14 20:35 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 19:30 . 2010-04-14 19:30 -------- d-----w- c:\documents and settings\asd\Dati applicazioni\Uniblue
2010-04-09 18:48 . 2010-04-09 18:48 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-09 18:44 . 2010-04-09 18:44 -------- d-----w- c:\programmi\MSXML 6.0
2010-04-09 15:13 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-09 14:59 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-09 14:59 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-08 16:56 . 2010-04-08 16:57 -------- d-----w- c:\documents and settings\asd\Impostazioni locali\Dati applicazioni\Temp
2010-04-08 16:50 . 2010-04-08 16:50 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2010-04-08 15:30 . 2010-04-08 15:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-08 15:30 . 2010-04-08 15:30 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-04-08 15:30 . 2010-04-09 16:36 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-04-08 15:29 . 2010-04-08 15:29 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-03-26 16:52 . 2001-08-30 22:07 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-03-26 16:52 . 2001-08-30 22:07 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-03-26 16:52 . 2001-08-30 22:07 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-03-26 16:52 . 2001-08-30 22:07 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-03-26 16:52 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-03-26 16:52 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-03-26 16:52 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-03-26 16:52 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-03-26 16:52 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-03-26 16:52 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-03-26 16:52 . 2001-08-17 21:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-03-26 16:52 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 16:41 . 2009-12-22 17:29 802304 ----a-w- c:\windows\system32\drivers\xefbca.sys
2010-04-11 09:16 . 2001-08-31 10:00 80356 ----a-w- c:\windows\system32\perfc010.dat
2010-04-11 09:16 . 2001-08-31 10:00 480390 ----a-w- c:\windows\system32\perfh010.dat
2010-04-10 06:36 . 2009-05-30 08:41 43912 ----a-w- c:\documents and settings\asd\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-10 06:34 . 2009-05-31 11:37 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-04-09 18:48 . 2010-04-09 18:48 -------- d-----w- c:\programmi\MSBuild
2010-04-09 18:48 . 2010-04-09 18:48 -------- d-----w- c:\programmi\Reference Assemblies
2010-04-08 16:43 . 2009-05-31 16:08 -------- d-----w- c:\programmi\Google
2010-03-10 16:43 . 2010-03-10 16:43 63488 ----a-w- c:\windows\xobglu16.dll
2010-03-10 16:43 . 2010-03-10 16:43 23552 ----a-w- c:\windows\xobglu32.dll
2010-03-10 06:15 . 2010-04-14 15:30 420352 ----a-w- c:\windows\system32\SET10.tmp
2010-03-10 06:15 . 2010-04-14 15:30 420352 ------w- c:\windows\system32\SET5A.tmp
2010-03-10 06:15 . 2004-08-19 13:39 420352 ------w- c:\windows\system32\vbscript.dll
2010-02-25 06:16 . 2004-08-19 13:39 916480 ------w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2004-08-03 21:15 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:30 . 2004-08-19 13:34 2140672 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:30 . 2004-08-19 15:34 2020352 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-13 13:20 . 2010-02-13 13:20 61440 ----a-w- c:\documents and settings\asd\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c63a166-n\decora-sse.dll
2010-02-13 13:20 . 2010-02-13 13:20 12800 ----a-w- c:\documents and settings\asd\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c63a166-n\decora-d3d.dll
2010-02-13 13:17 . 2010-02-13 13:17 503808 ----a-w- c:\documents and settings\asd\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7156f941-n\msvcp71.dll
2010-02-13 13:17 . 2010-02-13 13:17 499712 ----a-w- c:\documents and settings\asd\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7156f941-n\jmc.dll
2010-02-13 13:17 . 2010-02-13 13:17 348160 ----a-w- c:\documents and settings\asd\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7156f941-n\msvcr71.dll
2010-02-12 04:45 . 2010-02-12 04:45 100864 ----a-w- c:\windows\system32\SET74.tmp
2010-02-12 04:45 . 2004-08-19 13:39 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-23 10:21 . 2010-01-23 10:21 79488 ----a-w- c:\documents and settings\asd\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-06-12 08:10 . 2009-06-12 08:10 4315648 ----a-w- c:\programmi\driver matrox scheda video.exe
2009-06-03 17:04 . 2009-06-03 17:04 23510720 ----a-w- c:\programmi\dotnetfx 2.0..exe
2009-06-02 12:07 . 2009-06-02 12:07 50510847 ----a-w- c:\programmi\6-11-pre-r300_xp-2k_dd_ccc_wdm_38185.exe
2009-05-30 20:58 . 2009-05-30 20:58 1296984 ----a-w- c:\programmi\wrar380it.exe
2009-05-30 20:54 . 2009-05-30 20:54 25756832 ----a-w- c:\programmi\explorer 8.exe
2009-05-30 20:40 . 2009-05-30 20:40 30113824 ----a-w- c:\programmi\avira_antivir_personal_it.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 57344]
"CnxDslTaskBar"="c:\programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 458752]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-31 68592]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-12 192512]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [30/05/2009 17.55.24 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [30/05/2009 17.55.24 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [30/05/2009 17.55.24 108675]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - aoknwbd
.
Contenuto della cartella 'Scheduled Tasks'
2010-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-08 16:43]
2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-08 16:43]
2010-03-21 c:\windows\Tasks\Packard Bell Data Secure for asd.job
- c:\programmi\Packard Bell Data Secure\DSMsg.exe [2006-04-13 12:50]
2010-04-16 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-27 21:18]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page =
hxxp://www.libero.it/IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-16 18:43
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\aoknwbd]
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3732)
c:\windows\system32\WININET.dll
c:\programmi\Windows Media Player\wmpband.dll
c:\programmi\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-16 18:48:26 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-16 16:48
ComboFix2.txt 2010-04-14 19:59
Pre-Run: 58.361.356.288 byte disponibili
Post-Run: 58.290.180.096 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 4FFC8D699444E5A2134256415E2C4F7C
Grazie per le risposte. Ciao.