Cn911.exe probabile virus?

[alpe]

Dopo una formattazione del Pc con conseguente reinstallazione di win xp e molti driver andati persi cercati e scaricati dalla rete ora all'accensione mi è appare questo messaggio di win: Cn911.exe. Ho fatto alcune ricerche e sembrerebbe un virus, e anche su html.it se ne parla a proposito di win32.bfrose. Prima di fare prove un po' a casaccio c'è qualche suggerimento o procedura da seguire?

[menatwork]

Buongiorno

prevx lo da come una backdoor

facciamo un controllo con hijackthis
lancia il programma cliccando l’eseguibile e avvia la scansione, scegliendo la voce "Do a system scan and save a logfile"

Ricordati di mettere HIJACKTHIS in una cartella a lui dedicata (in Programmi o Documenti), l'importante è che non si trovi sul desktop o in cartelle temporanee è importante se vuoi salvare i backup

Posta il log che rilascia

[alpe]

Logfile of HijackThis v1.99.1
Scan saved at 10.22.39, on 14/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\vVX1000.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ODBCJET.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinZip\WINZIP32.EXE
D:\HIJACKTHIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBContr oller
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Cn911] C:\WINDOWS\system32\ODBCJET.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programmi\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{431FD996-DEBF-4224-93FF-1B43619197F4}: NameServer = 212.216.112.112,212.216.176.62
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[menatwork]

apri hijackthis seleziona do a systemscan only metti la spunta accanto a questa voce e premi fix checked

O4 - HKLM\..\Run: [Cn911] C:\WINDOWS\system32\ODBCJET.exe

scarica malwarebytes.

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .

[alpe]

Malwarebytes' Anti-Malware 1.44
Versione del database: 3865
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

14/03/2010 11.46.02
mbam-log-2010-03-14 (11-46-02).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 161839
Tempo trascorso: 19 minute(s), 37 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\ODBCJET.exe (Malware.Packer.T) -> Quarantined and deleted successfully.

******

al riavvio direi nessun problema!

[menatwork]

bene ha trovato l'infezione

fai pulizia con ccleaner

In fase d’installazione levare la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)

Correzione errori File di Registro

Clicca i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati Pulsante in basso a Destra
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI


facciamo un'ulteriore verifica

disattiva l'antivirus

scarica combofix
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

[alpe]

ComboFix 10-03-13.03 - Administrator 14/03/2010 12.34.14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3070.2438 [GMT 1:00]
Eseguito da: d:\download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-02-14 al 2010-03-14 )))))))))))))))))))))))))))))))))))
.

2010-03-14 11:19 . 2010-03-14 11:19 -------- d-----w- c:\programmi\CCleaner
2010-03-14 10:45 . 2010-03-14 10:45 -------- d-----w- C:\$AVG
2010-03-14 10:02 . 2010-03-14 10:02 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-03-14 10:02 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 10:02 . 2010-03-14 10:45 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-14 10:02 . 2010-03-14 10:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-14 10:02 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 23:29 . 2010-03-13 23:29 -------- d-----w- c:\windows\system32\LogFiles
2010-03-13 22:58 . 2010-03-13 22:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ATI
2010-03-13 22:58 . 2010-03-13 22:58 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ATI
2010-03-13 22:58 . 2010-03-13 22:58 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ATI
2010-03-13 22:58 . 2010-03-13 22:58 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-13 22:55 . 2010-02-10 20:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-03-13 22:54 . 2010-03-13 22:56 -------- d-----w- c:\programmi\ATI Technologies
2010-03-13 22:54 . 2010-03-13 22:54 -------- d-----w- C:\ATI
2010-03-13 22:16 . 2010-03-13 22:16 0 ----a-w- c:\windows\nsreg.dat
2010-03-13 22:16 . 2010-03-13 22:16 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
2010-03-13 22:05 . 2010-03-13 22:05 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 22:05 . 2010-03-13 22:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 22:05 . 2010-03-13 22:05 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 22:05 . 2010-03-13 22:05 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 22:05 . 2010-03-14 08:25 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-13 22:05 . 2010-03-13 22:05 -------- d-----w- c:\programmi\AVG
2010-03-13 22:05 . 2010-03-13 22:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-03-13 21:54 . 2010-03-13 21:54 -------- d-----w- c:\programmi\Analog Devices
2010-03-13 21:54 . 2005-09-26 15:20 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-03-13 21:54 . 2005-05-04 08:20 53248 ------w- c:\windows\system32\wdmioctl.dll
2010-03-13 21:54 . 2002-04-17 14:05 45056 ------w- c:\windows\system32\CleanUp.exe
2010-03-13 21:54 . 2001-09-11 14:20 1285632 ------w- c:\windows\system32\SMMedia.dll
2010-03-13 21:12 . 2010-03-13 21:12 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\RadarSync
2010-03-13 19:47 . 2010-03-13 19:47 1956656 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_pla yer_ax.exe
2010-03-13 19:47 . 2010-03-13 19:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-03-13 19:28 . 2008-04-13 08:35 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-03-13 19:28 . 2008-04-13 08:35 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-03-13 11:17 . 2001-10-10 10:37 25434 ----a-r- c:\windows\system32\drivers\DLKRTL.SYS
2010-03-13 11:06 . 2010-03-13 11:06 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-13 11:04 . 2010-03-13 11:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2010-03-13 10:48 . 2010-03-13 10:48 -------- d-----w- c:\documents and settings\Default User\Impostazioni locali\Dati applicazioni\Adobe
2010-03-13 10:47 . 2010-03-13 10:47 -------- d-----w- c:\programmi\File comuni\Adobe
2010-03-13 10:46 . 2010-03-13 11:07 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Adobe
2010-03-13 10:11 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-03-13 10:11 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2010-03-12 15:29 . 2010-03-13 19:40 -------- d--h--w- c:\windows\$hf_mig$
2010-03-12 14:56 . 2010-03-12 14:56 -------- d-----w- c:\windows\system32\InsFiles
2010-03-12 14:55 . 2003-01-30 11:02 167936 ----a-w- c:\windows\system32\stmcfg32.dll
2010-03-12 14:55 . 2003-01-22 11:01 151552 ----a-w- c:\windows\system32\stmctrl.dll
2010-03-12 14:55 . 2010-03-12 14:55 -------- d-----w- c:\programmi\Fastrate USB 100
2010-03-12 14:55 . 2003-01-22 11:01 86016 ----a-w- c:\windows\stmtrace.exe
2010-03-12 14:55 . 2003-01-09 14:21 527980 ----a-w- c:\windows\system32\drivers\torususb.sys
2010-03-12 14:55 . 2002-09-25 06:37 59338 ----a-w- c:\windows\system32\drivers\stmatm.sys
2010-03-12 14:54 . 2010-03-13 22:55 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-12 14:54 . 2010-03-12 14:54 -------- d-----w- c:\programmi\Telecom Italia
2010-03-12 11:50 . 2006-03-23 18:51 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-12 11:50 . 2010-03-12 14:54 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-03-12 10:33 . 2010-03-12 10:33 -------- d-----w- c:\programmi\Lavalys
2010-03-12 09:07 . 2007-01-23 09:12 81920 ----a-w- c:\windows\system32\PCLECoInst.dll
2010-03-12 09:07 . 2007-01-23 09:11 441472 ----a-w- c:\windows\system32\drivers\MarvinUsb.sys
2010-03-12 08:42 . 2008-04-13 10:46 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2010-03-12 08:42 . 2008-04-13 10:46 59136 ----a-w- c:\windows\system32\dllcache\rfcomm.sys
2010-03-12 08:42 . 2008-04-13 18:14 152576 ----a-w- c:\windows\system32\irftp.exe
2010-03-12 08:42 . 2008-04-13 18:14 152576 ----a-w- c:\windows\system32\dllcache\irftp.exe
2010-03-12 08:42 . 2008-04-13 18:13 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-03-12 08:42 . 2008-04-13 18:13 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-03-12 08:42 . 2008-04-13 18:13 29696 ----a-w- c:\windows\system32\irmon.dll
2010-03-12 08:42 . 2008-04-13 18:13 29696 ----a-w- c:\windows\system32\dllcache\irmon.dll
2010-03-12 08:42 . 2008-04-13 10:46 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys
2010-03-12 08:42 . 2008-04-13 10:46 17024 ----a-w- c:\windows\system32\dllcache\bthenum.sys
2010-03-10 19:01 . 2008-04-13 17:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-03-10 18:26 . 2010-03-10 18:26 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\HP
2010-03-10 18:17 . 2008-04-13 10:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-03-10 18:16 . 2010-03-10 18:26 113114 ----a-w- c:\windows\hpoins07.dat
2010-03-10 18:16 . 2005-05-24 06:50 21124 ------w- c:\windows\hpomdl07.dat
2010-03-10 18:14 . 2005-04-20 07:44 154295 ----a-r- c:\windows\system32\hpop5612.dat
2010-03-10 18:14 . 2005-04-08 01:51 40960 ----a-r- c:\windows\system32\hpofax08.dll
2010-03-10 18:14 . 2005-03-08 04:46 169880 ----a-r- c:\windows\system32\hpof5612.dat
2010-03-10 18:12 . 2005-03-08 04:43 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-03-10 18:11 . 2005-03-08 04:43 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-03-10 18:11 . 2005-03-08 04:43 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-03-10 18:10 . 2005-04-08 01:51 258122 ----a-r- c:\windows\system32\hpovst08.dll
2010-03-10 18:10 . 2005-03-08 04:39 274432 ----a-r- c:\windows\system32\HPZc3212.dll
2010-03-10 18:10 . 2005-04-08 01:51 278528 ----a-r- c:\windows\system32\hpgwiamd.dll
2010-03-10 18:10 . 2005-04-08 01:51 606208 ----a-r- c:\windows\system32\hpotscl.dll
2010-03-10 18:10 . 2008-04-13 10:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-03-10 18:10 . 2008-04-13 10:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-10 18:04 . 2010-03-10 18:04 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-10 17:58 . 2008-04-13 10:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-03-09 17:49 . 2010-03-09 17:49 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-03-09 17:44 . 2010-03-09 17:44 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Identities
2010-03-09 16:04 . 2008-04-13 11:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-03-09 16:04 . 2008-04-13 11:45 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-03-09 16:04 . 2008-04-13 11:39 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2010-03-09 16:04 . 2008-04-13 09:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-03-09 16:04 . 2008-04-13 11:39 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2010-03-09 16:04 . 2008-04-13 12:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-03-09 16:04 . 2008-04-13 11:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-03-09 16:04 . 2008-04-13 12:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-03-09 16:04 . 2008-04-13 11:39 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2010-03-09 16:04 . 2008-04-13 11:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-03-09 16:04 . 2008-04-13 11:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-09 16:04 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-03-09 16:03 . 2008-04-13 11:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-09 16:03 . 2008-04-13 18:13 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-03-09 16:03 . 2008-04-13 18:13 4096 ----a-w- c:\windows\system32\dllcache\ksuser.dll
2010-03-09 16:03 . 2008-04-13 11:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2010-03-09 16:03 . 2008-04-13 11:19 146048 ----a-w- c:\windows\system32\dllcache\portcls.sys
2010-03-09 16:03 . 2008-04-13 10:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-03-09 16:03 . 2008-04-13 10:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-03-09 16:03 . 2008-04-13 10:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-03-09 16:03 . 2008-04-13 10:45 60160 ----a-w- c:\windows\system32\dllcache\drmk.sys
2010-03-09 16:03 . 2008-04-13 18:49 58368 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-03-09 16:02 . 2001-08-17 21:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-03-09 16:02 . 2008-04-13 19:13 76800 ----a-w- c:\windows\system32\usbui.dll

.

[alpe]

SEGUE (ERA TROPPO LUNGO)

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-03-13 21:06 . 2002-09-10 12:00 66874 ----a-w- c:\windows\system32\perfc010.dat
2010-03-13 21:06 . 2002-09-10 12:00 430692 ----a-w- c:\windows\system32\perfh010.dat
2010-03-13 11:06 . 2010-03-10 18:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-12 17:20 . 2010-03-09 15:21 -------- d-----w- c:\programmi\Servizi in linea
2010-03-10 18:22 . 2010-03-10 18:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2010-03-10 18:22 . 2010-03-10 18:17 -------- d-----w- c:\programmi\HP
2010-03-10 18:22 . 2010-03-10 18:22 -------- d-----w- c:\programmi\File comuni\HP
2010-03-10 18:20 . 2010-03-10 18:20 -------- d-----w- c:\programmi\Hewlett-Packard
2010-03-10 18:20 . 2010-03-10 18:20 -------- d-----w- c:\programmi\File comuni\Hewlett-Packard
2010-03-10 18:03 . 2010-03-10 18:02 -------- d-----w- c:\programmi\Microsoft LifeCam
2010-03-10 10:05 . 2010-03-09 15:40 13664 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-09 15:38 . 2010-03-09 15:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-09 15:22 . 2010-03-09 15:22 -------- d-----w- c:\programmi\microsoft frontpage
2010-03-09 15:19 . 2010-03-09 15:19 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-11 07:38 . 2010-02-11 07:38 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-11 05:17 . 2010-02-11 05:17 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-11 05:07 . 2010-02-11 05:07 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-11 04:46 . 2010-02-11 04:46 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-11 04:45 . 2010-02-11 04:45 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-11 04:37 . 2010-02-11 04:37 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-11 04:36 . 2010-02-11 04:36 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-11 04:35 . 2010-02-11 04:35 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-11 04:35 . 2010-02-11 04:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-11 04:33 . 2010-02-11 04:33 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-11 04:32 . 2010-02-11 04:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-11 04:25 . 2010-02-11 04:25 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-11 04:23 . 2010-02-11 04:23 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-11 04:22 . 2010-02-11 04:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-11 04:21 . 2010-02-11 04:21 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-11 04:19 . 2010-02-11 04:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-11 04:12 . 2010-02-11 04:12 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-11 04:12 . 2010-02-11 04:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2010-02-11 04:12 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-11 03:59 . 2010-02-11 03:59 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-11 03:55 . 2010-02-11 03:55 475136 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-11 03:54 . 2010-02-11 03:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-11 03:53 . 2010-02-11 03:53 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-11 03:47 . 2010-02-11 03:47 626688 ----a-w- c:\windows\system32\ati2cqag.dll
.

------- Sigcheck -------

[-] 2008-08-06 . FEB1CF132A090B0F5D2ECF4A9525DA7E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"USB2Check"="c:\windows\system32\PCLECoInst.dl l" [2007-01-23 81920]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 151552]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 22:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/03/2010 23.05.41 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/03/2010 23.05.46 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [13/03/2010 23.05.35 916760]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [13/03/2010 23.05.34 308064]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [12/03/2010 15.55.12 59338]
R3 TaurusUsb;ADSL Modem USB Service 1.09a;c:\windows\system32\drivers\torususb.sys [12/03/2010 15.55.12 527980]
S3 DLKRTL;D-Link DFE-528TX PCI Adapter NT Driver;c:\windows\system32\drivers\DLKRTL.SYS [13/03/2010 12.17.51 25434]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: {431FD996-DEBF-4224-93FF-1B43619197F4} = 212.216.112.112,212.216.176.62
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\zn1hj270.def ault\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 12:36
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(476)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(240)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-03-14 12:36:44
ComboFix-quarantined-files.txt 2010-03-14 11:36

Pre-Run: 154.273.005.568 byte disponibili
Post-Run: 154.241.634.304 byte disponibili

- - End Of File - - 685EE38E81CA4EA491F51513428C3C93

[menatwork]

non lo hai scaricato sul desktop, e' li che dovevi salvarlo prima di eseguirlo

disinstallalo con questo tool

eseguilo
Clicca su CleanUp.
Alla richiesta di riavvio clicca SI


scarica nuovamente combofix SUL DESKTOP e riesegui la scansione

dovresti caricarlo su wikisend non incollarlo

[alpe]

eccolo:

log_combofix.txt