salve a tutti e grazie ancora per il prezioso aiutoho eseguito la scansione con combofix questo è il risultato:
ComboFix 12-10-10.02 - marco 10/10/2012 20.49.38.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.39.1040.18.1791.1005 [GMT 2:00]
Eseguito da: c:\users\marco\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-10 al 2012-10-10 )))))))))))))))))))))))))))))))))))
.
.
2012-10-10 19:02 . 2012-10-10 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 18:25 . 2012-10-09 18:25 388096 ----a-r- c:\users\marco\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-09 18:25 . 2012-10-09 18:25 -------- d-----w- c:\program files\Trend Micro
2012-09-26 20:24 . 2012-10-10 19:02 657104 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-09-26 20:19 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A674A61-5999-413F-97BC-7BA31DA1C82F}\mpengine.dll
2012-09-26 20:14 . 2012-09-26 20:14 -------- d-----w- c:\program files\Common Files\Comodo
2012-09-26 20:14 . 2012-09-26 20:14 -------- d-----w- c:\programdata\CPA_VA
2012-09-26 19:57 . 2012-09-26 20:26 -------- d-----w- c:\programdata\Comodo
2012-09-26 19:57 . 2012-09-26 20:19 -------- d-----w- c:\program files\COMODO
2012-09-26 19:57 . 2012-09-26 19:57 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-09-24 19:58 . 2012-10-09 18:27 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-24 19:58 . 2012-10-09 18:27 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2012-08-03 08:23 . 2012-08-03 08:23 35064 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2012-08-03 08:23 . 2012-08-03 08:23 35064 ----a-w- c:\windows\inf\lps-ca\cfrmd.sys
2008-01-11 00:18 . 2008-01-11 00:18 157184 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-25 30192]
"PCMService"="c:\program files\Powercinema\PCMService.exe" [2007-02-14 159744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.ex e" [2006-11-03 319488]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-09-17 92704]
"ataDaemon"="c:\program files\AliceTiAiuta\McciTrayApp.exe" [2007-10-17 1007504]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEv entManager.exe" [2009-04-07 673616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"tvncontrol"="c:\program files\Common Files\Comodo\tvnserver.exe" [2012-01-27 828944]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
.
c:\users\marco\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE [2008-10-29 913408]
Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe [2012-8-23 49360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-24 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~ 1.DLL c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-09-24 18:27]
.
2012-10-10 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
.
2012-10-10 c:\windows\Tasks\Garanzia estesa.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-01-11 16:38]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd9c2 4ab33a280.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:19]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:19]
.
2008-10-14 c:\windows\Tasks\PBRegbk.job
- c:\program files\HDReg\HDRegApp.exe [2005-06-21 12:05]
.
2012-10-10 c:\windows\Tasks\User_Feed_Synchronization-{DCA23D27-1625-4174-83E1-90A2FF4C6C6F}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{06A883A1-539E-4D2F-911C-B668B098A6D5}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{690AD165-BB39-443E-B145-BC2340D44647}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{B212E903-C738-42C7-8D95-C46DBDDE63C3}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-icusaqc - c:\users\marco\appdata\local\icusaqc.exe
HKLM-Run-AliceRV_McciTrayApp - c:\program files\Alice ti aiuta\McciTrayApp.exe
AddRemove-Alice Ti Aiuta - c:\program files\AliceTiAiuta\Disinstalla Alice Ti Aiuta
AddRemove-docqergc - c:\users\marco\appdata\local\docqergc.bat
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-10 21:03
Windows 6.0.6001 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(4752)
c:\windows\system32\guard32.dll
c:\windows\System32\NaturalLanguage6.dll
.
Ora fine scansione: 2012-10-10 21:09:07
ComboFix-quarantined-files.txt 2012-10-10 19:09
.
Pre-Run: 69.630.267.392 byte disponibili
Post-Run: 70.689.927.168 byte disponibili
.
- - End Of File - - 2031081215A49DE6B7B61A4A52127285
speriamo si risolva .... grazie e buona serata fabio
Rispondi quotando