Ecco il log di combofix:

ComboFix 09-05-18.04 - Adry&Fra 19/05/2009 10.33.03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.624 [GMT 2:00]
Eseguito da: c:\documents and settings\Adry&Fra\Documenti\Francesco\Varie\Software\ComboFix.exe
AV: Prevx Edge *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}
AV: Sistema Antivirus NOD32 2.51 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Creato nuovo punto di ripristino
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 60 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\struct~.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2009-04-19 al 2009-05-19 )))))))))))))))))))))))))))))))))))
.

2009-05-17 15:54 . 2009-05-19 08:35 17381472 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-17 15:53 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\19114454.sys
2009-05-16 17:21 . 2009-05-16 17:21 -------- d-----w c:\documents and settings\Adry&Fra\Dati applicazioni\Malwarebytes
2009-05-16 17:21 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 17:21 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 17:21 . 2009-05-16 17:21 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-05-16 17:21 . 2009-05-16 17:21 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-05-16 14:34 . 2009-05-16 14:34 -------- d-----w c:\programmi\Trend Micro
2009-05-07 09:05 . 2009-05-07 09:05 -------- d-----w c:\documents and settings\Adry&Fra\Dati applicazioni\Sonic
2009-05-07 09:05 . 2009-05-07 09:05 -------- d-----w c:\documents and settings\Adry&Fra\Dati applicazioni\Leadertech
2009-04-26 19:36 . 2009-05-17 13:07 -------- d-----w c:\documents and settings\Adry&Fra\Dati applicazioni\goalbit
2009-04-26 19:03 . 2009-04-26 19:03 -------- d-----w c:\programmi\GoalbitTeam
2009-04-26 19:02 . 2009-04-26 19:02 -------- d-----w c:\programmi\File comuni\NSV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 21:54 . 2009-05-17 15:54 171452 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-14 08:58 . 2009-01-08 22:37 -------- d-----w c:\programmi\Digsby
2009-05-04 21:15 . 2004-08-30 11:20 63896 ----a-w c:\windows\system32\perfc010.dat
2009-05-04 21:15 . 2004-08-30 11:20 426682 ----a-w c:\windows\system32\perfh010.dat
2009-04-28 07:31 . 2009-04-28 07:31 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-04-28 07:31 . 2004-08-19 08:00 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2009-04-24 14:37 . 2006-09-11 13:30 -------- d-----w c:\programmi\eMule
2009-04-09 07:30 . 2009-04-09 07:30 -------- d-----w c:\programmi\Sophos
2009-03-21 20:04 . 2007-02-13 15:19 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-03-20 14:11 . 2009-03-20 14:11 -------- d-----w c:\programmi\TeaTimer (Spybot - Search & Destroy)
2009-03-20 14:11 . 2009-03-20 14:11 -------- d-----w c:\programmi\Misc. Support Library (Spybot - Search & Destroy)
2009-03-20 14:11 . 2009-03-20 14:11 -------- d-----w c:\programmi\File Scanner Library (Spybot - Search & Destroy)
2009-03-05 15:39 . 2009-03-05 15:39 86016 --sha-r c:\windows\system32\cnpxyqy.dll
2009-03-02 14:13 . 2009-03-09 08:10 20648 ----a-w c:\windows\system32\dopdfmn6.dll
2009-03-02 14:13 . 2009-03-09 08:10 18088 ----a-w c:\windows\system32\dopdfmi6.dll
2007-11-28 19:53 . 2008-10-30 20:18 67696 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2007-11-28 19:53 . 2008-10-30 20:18 54376 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2007-11-28 19:53 . 2008-10-30 20:18 34952 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2007-11-28 19:53 . 2008-10-30 20:18 46720 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2007-11-28 19:53 . 2008-10-30 20:18 172144 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
2008-03-17 10:58 . 2008-03-17 10:58 22 -csha-w c:\windows\SMINST\HPCD.sys
.

------- Sigcheck -------

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-19 08:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2009-04-28 07:31 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-04-28 07:31 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"Vidalia"="c:\programmi\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 12889088]
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2006-11-08 921600]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WireLessKeyboard"="c:\programmi\Trust\Trust Keyboard 15036\StartAutorun.exe" [2005-11-30 94208]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2007-05-14 35328]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-10-30 185872]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-01-05 413696]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-02-16 61952]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Adry&Fra\Menu Avvio\Programmi\Esecuzione automatica\
digsby.lnk - c:\programmi\Digsby\digsby.exe [2008-10-11 137728]
is-922O6.lnk - c:\documents and settings\Adry&Fra\Desktop\Virus Removal Tool\is-922O6\startup.exe [2009-5-17 65536]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-28 110592]
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Privoxy.lnk - c:\programmi\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\Programmi\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\engine.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\audmig.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\speechbar.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\userwiz.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\macroeditor.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\smart.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\ewiz.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\vocabexp.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\navcentral.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\msaadmn.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\voicepad.exe"=
"c:\\Programmi\\Microsoft Office\\Office10\\WINWORD.EXE"=
"c:\\Programmi\\ViaVoice\\Bin\\vtdirect.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Digsby\\lib\\digsby-app.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"37023:UDP"= 37023:UDP:PlayerGallery PublishWorks
"55928:TCP"= 55928:TCP:PlayerGallery ModemWeb
"10402:TCP"= 10402:TCP:PlayerGallery GalleryResources
"8725:UDP"= 8725:UDP:PlayerGallery ProfilesReference

R1 is-922O6drv;is-922O6drv;c:\windows\system32\drivers\19114454.sys [17/05/2009 17.53.39 148496]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\programmi\Viewpoint\Common\ViewpointService.exe [07/11/2007 17.43.14 24652]
R4 pxprot;pxprot;c:\windows\system32\drivers\pxprot.sys --> c:\windows\system32\drivers\pxprot.sys [?]
S2 lcdtn;Shell Notify;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 10.00.00 14336]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmi\NOS\bin\getPlus_HelperSvc.exe [18/09/2008 11.40.04 33752]
S3 KEYBOARDWDFilter;KEYBOARDWDFilter;c:\windows\system32\drivers\KEYBOARDWD.SYS [27/03/2007 10.09.26 6528]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\398.tmp --> c:\windows\system32\398.tmp [?]
S4 JTEIUPTQL;JTEIUPTQL;c:\docume~1\Adry&Fra\IMPOST~1\Temp\JTEIUPTQL.exe --> c:\docume~1\Adry&Fra\IMPOST~1\Temp\JTEIUPTQL.exe [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - CSIScanner
*Deregistered* - pxrts
*Deregistered* - pxscan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lcdtn
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-05-17 c:\windows\Tasks\Servizi Internet.job
- c:\programmi\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 10:23]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-NWEReboot - (no file)


.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://192.168.1.254/
uInternet Settings,ProxyServer = 88.191.77.119:3128
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Adry&Fra\Dati applicazioni\Mozilla\Firefox\Profiles\px72awhp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\programmi\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 10:35
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????????P??|?p???? ???B?????????????hLC????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\398.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lcdtn]
"ServiceDll"="c:\windows\system32\cnpxyqy.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2341129260-3404432194-2970535891-1006\Software\Miramar Systems, Inc.\performance]
@Class="key"
@DACL=(02 0000)
@=hex:a1,29,01,0d,c7,35,37,7f

[HKEY_USERS\S-1-5-21-2341129260-3404432194-2970535891-1006\Software\Miramar Systems, Inc.\statistics]
@Class="key"
@DACL=(02 0000)
"APPLESHARE IP NETWORK@192.168.1.101"=hex:0d,ec,64,37,39,75,a7,11,f0,20,61,23,
fc,08,d1,78,42,db,b4,7f,fc,75,13,09,c1,f1,7f,ce,f5,b4,a4,e0,a5,1d,14,30,24,\
"IMAC G3 QUATTRO"=hex:0d,ec,64,37,39,75,a7,11,f0,20,61,23,fc,08,d1,78,42,db,b4,
7f,fc,75,13,09,c1,f1,7f,ce,f5,b4,a4,e0,a5,1d,14,30,24,90,30,85,f5,4a,76,bd,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2009-05-19 10.40.54
ComboFix-quarantined-files.txt 2009-05-19 08:40

Pre-Run: 47.028.572.160 byte disponibili
Post-Run: 47.274.082.304 byte disponibili

242 --- E O F --- 2009-02-25 17:08

Fatto. Ecco il nuovo log.

ComboFix 09-05-18.04 - Adry&Fra 19/05/2009 12.34.39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.702 [GMT 2:00]
Eseguito da: c:\documents and settings\Adry&Fra\Documenti\Francesco\Varie\Software\ComboFix.exe
Opzioni usate :: c:\documents and settings\Adry&Fra\Documenti\Francesco\Varie\Software\CFScript.txt
AV: Sistema Antivirus NOD32 2.51 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
c:\windows\system32\cnpxyqy.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cnpxyqy.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_lcdtn
-------\Service_lcdtn


((((((((((((((((((((((((( Files Creati Da 2009-04-19 al 2009-05-19 )))))))))))))))))))))))))))))))))))
.

2009-05-17 15:54 . 2009-05-19 10:40 27389984 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-17 15:53 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\19114454.sys
2009-05-16 17:21 . 2009-05-16 17:21 -------- d-----w c:\documents and settings\Adry&Fra\Dati applicazioni\Malwarebytes
2009-05-16 17:21 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 17:21 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 17:21 . 2009-05-16 17:21 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-05-16 17:21 . 2009-05-16 17:21 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-05-16 14:34 . 2009-05-16 14:34 -------- d-----w c:\programmi\Trend Micro
2009-05-07 09:05 . 2009-05-07 09:05 -------- d-----w c:\documents and settings\Adry&Fra\Dati applicazioni\Sonic
2009-05-07 09:05 . 2009-05-07 09:05 -------- d-----w c:\documents and settings\Adry&Fra\Dati applicazioni\Leadertech
2009-04-26 19:36 . 2009-05-17 13:07 -------- d-----w c:\documents and settings\Adry&Fra\Dati applicazioni\goalbit
2009-04-26 19:03 . 2009-04-26 19:03 -------- d-----w c:\programmi\GoalbitTeam
2009-04-26 19:02 . 2009-04-26 19:02 -------- d-----w c:\programmi\File comuni\NSV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 10:37 . 2009-05-17 15:54 320732 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-14 08:58 . 2009-01-08 22:37 -------- d-----w c:\programmi\Digsby
2009-05-04 21:15 . 2004-08-30 11:20 63896 ----a-w c:\windows\system32\perfc010.dat
2009-05-04 21:15 . 2004-08-30 11:20 426682 ----a-w c:\windows\system32\perfh010.dat
2009-04-28 07:31 . 2009-04-28 07:31 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-04-28 07:31 . 2004-08-19 08:00 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2009-04-24 14:37 . 2006-09-11 13:30 -------- d-----w c:\programmi\eMule
2009-04-09 07:30 . 2009-04-09 07:30 -------- d-----w c:\programmi\Sophos
2009-03-21 20:04 . 2007-02-13 15:19 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-03-20 14:11 . 2009-03-20 14:11 -------- d-----w c:\programmi\TeaTimer (Spybot - Search & Destroy)
2009-03-20 14:11 . 2009-03-20 14:11 -------- d-----w c:\programmi\Misc. Support Library (Spybot - Search & Destroy)
2009-03-20 14:11 . 2009-03-20 14:11 -------- d-----w c:\programmi\File Scanner Library (Spybot - Search & Destroy)
2009-03-02 14:13 . 2009-03-09 08:10 20648 ----a-w c:\windows\system32\dopdfmn6.dll
2009-03-02 14:13 . 2009-03-09 08:10 18088 ----a-w c:\windows\system32\dopdfmi6.dll
2007-11-28 19:53 . 2008-10-30 20:18 67696 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2007-11-28 19:53 . 2008-10-30 20:18 54376 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2007-11-28 19:53 . 2008-10-30 20:18 34952 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2007-11-28 19:53 . 2008-10-30 20:18 46720 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2007-11-28 19:53 . 2008-10-30 20:18 172144 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
2008-03-17 10:58 . 2008-03-17 10:58 22 -csha-w c:\windows\SMINST\HPCD.sys
.

------- Sigcheck -------

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-19 08:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2009-04-28 07:31 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-04-28 07:31 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( SnapShot@2009-05-19_08.35.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-19 10:38 . 2009-05-19 10:38 16384 c:\windows\temp\Perflib_Perfdata_a4.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"Vidalia"="c:\programmi\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 12889088]
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2006-11-08 921600]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WireLessKeyboard"="c:\programmi\Trust\Trust Keyboard 15036\StartAutorun.exe" [2005-11-30 94208]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2007-05-14 35328]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-10-30 185872]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-01-05 413696]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-02-16 61952]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Adry&Fra\Menu Avvio\Programmi\Esecuzione automatica\
digsby.lnk - c:\programmi\Digsby\digsby.exe [2008-10-11 137728]
is-922O6.lnk - c:\documents and settings\Adry&Fra\Desktop\Virus Removal Tool\is-922O6\startup.exe [2009-5-17 65536]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-28 110592]
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Privoxy.lnk - c:\programmi\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\Programmi\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\engine.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\audmig.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\speechbar.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\userwiz.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\macroeditor.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\smart.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\ewiz.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\vocabexp.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\navcentral.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\msaadmn.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\voicepad.exe"=
"c:\\Programmi\\Microsoft Office\\Office10\\WINWORD.EXE"=
"c:\\Programmi\\ViaVoice\\Bin\\vtdirect.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Digsby\\lib\\digsby-app.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"37023:UDP"= 37023:UDP:PlayerGallery PublishWorks
"55928:TCP"= 55928:TCP:PlayerGallery ModemWeb
"10402:TCP"= 10402:TCP:PlayerGallery GalleryResources
"8725:UDP"= 8725:UDP:PlayerGallery ProfilesReference

R1 is-922O6drv;is-922O6drv;c:\windows\system32\drivers\19114454.sys [17/05/2009 17.53.39 148496]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\programmi\Viewpoint\Common\ViewpointService.exe [07/11/2007 17.43.14 24652]
S2 lcdtn;Shell Notify;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 10.00.00 14336]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmi\NOS\bin\getPlus_HelperSvc.exe [18/09/2008 11.40.04 33752]
S3 KEYBOARDWDFilter;KEYBOARDWDFilter;c:\windows\system32\drivers\KEYBOARDWD.SYS [27/03/2007 10.09.26 6528]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\398.tmp --> c:\windows\system32\398.tmp [?]
S4 JTEIUPTQL;JTEIUPTQL;c:\docume~1\Adry&Fra\IMPOST~1\Temp\JTEIUPTQL.exe --> c:\docume~1\Adry&Fra\IMPOST~1\Temp\JTEIUPTQL.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lcdtn
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-05-17 c:\windows\Tasks\Servizi Internet.job
- c:\programmi\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 10:23]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://192.168.1.254/
uInternet Settings,ProxyServer = 88.191.77.119:3128
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Adry&Fra\Dati applicazioni\Mozilla\Firefox\Profiles\px72awhp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\programmi\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 12:39
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????????P??|?????? ???B?????????????hLC????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\398.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lcdtn]
"ServiceDll"="c:\windows\system32\cnpxyqy.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2341129260-3404432194-2970535891-1006\Software\Miramar Systems, Inc.\performance]
@Class="key"
@DACL=(02 0000)
@=hex:a1,29,01,0d,c7,35,37,7f

[HKEY_USERS\S-1-5-21-2341129260-3404432194-2970535891-1006\Software\Miramar Systems, Inc.\statistics]
@Class="key"
@DACL=(02 0000)
"APPLESHARE IP NETWORK@192.168.1.101"=hex:0d,ec,64,37,39,75,a7,11,f0,20,61,23,
fc,08,d1,78,42,db,b4,7f,fc,75,13,09,c1,f1,7f,ce,f5,b4,a4,e0,a5,1d,14,30,24,\
"IMAC G3 QUATTRO"=hex:0d,ec,64,37,39,75,a7,11,f0,20,61,23,fc,08,d1,78,42,db,b4,
7f,fc,75,13,09,c1,f1,7f,ce,f5,b4,a4,e0,a5,1d,14,30,24,90,30,85,f5,4a,76,bd,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(936)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\ESET\nod32krn.exe
c:\windows\system32\fxssvc.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
c:\windows\system32\rundll32.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\programmi\Digsby\lib\digsby-app.exe
c:\documents and settings\Adry&Fra\Desktop\Virus Removal Tool\is-922O6\is-922O6.exe
c:\programmi\HP\Digital Imaging\bin\hpqimzone.exe
c:\programmi\HP\Digital Imaging\bin\hpqste08.exe
c:\programmi\Vidalia Bundle\Tor\tor.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-19 12.44.15 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-05-19 10:44
ComboFix2.txt 2009-05-19 08:40

Pre-Run: 47.261.396.992 byte disponibili
Post-Run: 47.178.391.552 byte disponibili

266 --- E O F --- 2009-02-25 17:08

Fatto anche questo. Riposto il log. Eccolo:


ComboFix 09-05-18.04 - Adry&Fra 19/05/2009 13.09.15.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.575 [GMT 2:00]
Eseguito da: c:\documents and settings\Adry&Fra\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Adry&Fra\Desktop\CFScript.txt
AV: Sistema Antivirus NOD32 2.51 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-04-19 al 2009-05-19 )))))))))))))))))))))))))))))))))))
.

2009-05-19 10:49 . 2009-05-19 10:49 -------- d-----w c:\windows\LastGood
2009-05-17 15:54 . 2009-05-19 11:11 31107104 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-17 15:53 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\19114454.sys
2009-05-16 17:21 . 2009-05-16 17:21 -------- d-----w c:\documents and settings\Adry&Fra\Dati applicazioni\Malwarebytes
2009-05-16 17:21 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 17:21 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 17:21 . 2009-05-16 17:21 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-05-16 17:21 . 2009-05-16 17:21 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-05-16 14:34 . 2009-05-16 14:34 -------- d-----w c:\programmi\Trend Micro
2009-05-07 09:05 . 2009-05-07 09:05 -------- d-----w c:\documents and settings\Adry&Fra\Dati applicazioni\Sonic
2009-05-07 09:05 . 2009-05-07 09:05 -------- d-----w c:\documents and settings\Adry&Fra\Dati applicazioni\Leadertech
2009-04-26 19:36 . 2009-05-17 13:07 -------- d-----w c:\documents and settings\Adry&Fra\Dati applicazioni\goalbit
2009-04-26 19:03 . 2009-04-26 19:03 -------- d-----w c:\programmi\GoalbitTeam
2009-04-26 19:02 . 2009-04-26 19:02 -------- d-----w c:\programmi\File comuni\NSV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 10:37 . 2009-05-17 15:54 320732 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-14 08:58 . 2009-01-08 22:37 -------- d-----w c:\programmi\Digsby
2009-05-04 21:15 . 2004-08-30 11:20 63896 ----a-w c:\windows\system32\perfc010.dat
2009-05-04 21:15 . 2004-08-30 11:20 426682 ----a-w c:\windows\system32\perfh010.dat
2009-04-28 07:31 . 2009-04-28 07:31 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-04-28 07:31 . 2004-08-19 08:00 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2009-04-24 14:37 . 2006-09-11 13:30 -------- d-----w c:\programmi\eMule
2009-04-09 07:30 . 2009-04-09 07:30 -------- d-----w c:\programmi\Sophos
2009-03-21 20:04 . 2007-02-13 15:19 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-03-20 14:11 . 2009-03-20 14:11 -------- d-----w c:\programmi\TeaTimer (Spybot - Search & Destroy)
2009-03-20 14:11 . 2009-03-20 14:11 -------- d-----w c:\programmi\Misc. Support Library (Spybot - Search & Destroy)
2009-03-20 14:11 . 2009-03-20 14:11 -------- d-----w c:\programmi\File Scanner Library (Spybot - Search & Destroy)
2009-03-02 14:13 . 2009-03-09 08:10 20648 ----a-w c:\windows\system32\dopdfmn6.dll
2009-03-02 14:13 . 2009-03-09 08:10 18088 ----a-w c:\windows\system32\dopdfmi6.dll
2007-11-28 19:53 . 2008-10-30 20:18 67696 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2007-11-28 19:53 . 2008-10-30 20:18 54376 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2007-11-28 19:53 . 2008-10-30 20:18 34952 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2007-11-28 19:53 . 2008-10-30 20:18 46720 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2007-11-28 19:53 . 2008-10-30 20:18 172144 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
2008-03-17 10:58 . 2008-03-17 10:58 22 -csha-w c:\windows\SMINST\HPCD.sys
.

------- Sigcheck -------

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-19 08:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2009-04-28 07:31 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-04-28 07:31 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( SnapShot@2009-05-19_08.35.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-19 10:38 . 2009-05-19 10:38 16384 c:\windows\temp\Perflib_Perfdata_a4.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"Vidalia"="c:\programmi\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 12889088]
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2006-11-08 921600]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WireLessKeyboard"="c:\programmi\Trust\Trust Keyboard 15036\StartAutorun.exe" [2005-11-30 94208]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2007-05-14 35328]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-10-30 185872]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-01-05 413696]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-02-16 61952]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Adry&Fra\Menu Avvio\Programmi\Esecuzione automatica\
digsby.lnk - c:\programmi\Digsby\digsby.exe [2008-10-11 137728]
is-922O6.lnk - c:\documents and settings\Adry&Fra\Desktop\Virus Removal Tool\is-922O6\startup.exe [2009-5-17 65536]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-28 110592]
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Privoxy.lnk - c:\programmi\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\Programmi\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\engine.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\audmig.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\speechbar.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\userwiz.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\macroeditor.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\smart.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\ewiz.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\vocabexp.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\navcentral.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\msaadmn.exe"=
"c:\\Programmi\\ViaVoice\\Bin\\voicepad.exe"=
"c:\\Programmi\\Microsoft Office\\Office10\\WINWORD.EXE"=
"c:\\Programmi\\ViaVoice\\Bin\\vtdirect.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Digsby\\lib\\digsby-app.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"37023:UDP"= 37023:UDP:PlayerGallery PublishWorks
"55928:TCP"= 55928:TCP:PlayerGallery ModemWeb
"10402:TCP"= 10402:TCP:PlayerGallery GalleryResources
"8725:UDP"= 8725:UDP:PlayerGallery ProfilesReference

R1 is-922O6drv;is-922O6drv;c:\windows\system32\drivers\19114454.sys [17/05/2009 17.53.39 148496]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\programmi\Viewpoint\Common\ViewpointService.exe [07/11/2007 17.43.14 24652]
S2 lcdtn;Shell Notify;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 10.00.00 14336]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmi\NOS\bin\getPlus_HelperSvc.exe [18/09/2008 11.40.04 33752]
S3 KEYBOARDWDFilter;KEYBOARDWDFilter;c:\windows\system32\drivers\KEYBOARDWD.SYS [27/03/2007 10.09.26 6528]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\398.tmp --> c:\windows\system32\398.tmp [?]
S4 JTEIUPTQL;JTEIUPTQL;c:\docume~1\Adry&Fra\IMPOST~1\Temp\JTEIUPTQL.exe --> c:\docume~1\Adry&Fra\IMPOST~1\Temp\JTEIUPTQL.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lcdtn
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-05-17 c:\windows\Tasks\Servizi Internet.job
- c:\programmi\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 10:23]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://192.168.1.254/
uInternet Settings,ProxyServer = 88.191.77.119:3128
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Adry&Fra\Dati applicazioni\Mozilla\Firefox\Profiles\px72awhp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\programmi\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 13:11
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????????P??|?????? ???B?????????????hLC????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\398.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lcdtn]
"ServiceDll"="c:\windows\system32\cnpxyqy.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2341129260-3404432194-2970535891-1006\Software\Miramar Systems, Inc.\performance]
@Class="key"
@DACL=(02 0000)
@=hex:a1,29,01,0d,c7,35,37,7f

[HKEY_USERS\S-1-5-21-2341129260-3404432194-2970535891-1006\Software\Miramar Systems, Inc.\statistics]
@Class="key"
@DACL=(02 0000)
"APPLESHARE IP NETWORK@192.168.1.101"=hex:0d,ec,64,37,39,75,a7,11,f0,20,61,23,
fc,08,d1,78,42,db,b4,7f,fc,75,13,09,c1,f1,7f,ce,f5,b4,a4,e0,a5,1d,14,30,24,\
"IMAC G3 QUATTRO"=hex:0d,ec,64,37,39,75,a7,11,f0,20,61,23,fc,08,d1,78,42,db,b4,
7f,fc,75,13,09,c1,f1,7f,ce,f5,b4,a4,e0,a5,1d,14,30,24,90,30,85,f5,4a,76,bd,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(936)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3116)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-05-19 13.13.22
ComboFix-quarantined-files.txt 2009-05-19 11:12
ComboFix2.txt 2009-05-19 10:44
ComboFix3.txt 2009-05-19 08:40

Pre-Run: 47.030.370.304 byte disponibili
Post-Run: 47.014.830.080 byte disponibili

238 --- E O F --- 2009-02-25 17:08

Finalmente riesco a collegarmi ai siti degli antivirus. Continuo però ad avere problemi di aggiornamento del Nod32. Forse è un problema del programma stesso. Quale antivirus mi consigli di utilizzare per tenere al sicuro il computer? E poi, posso disinstallare Malware e gli altri programmi che ho utilizzato per ripulire il computer?

Ho fatto quello che mi hai detto. Non ho capito però cosa dovrei postare. Dopo aver riavviato il computer Avenger non dà alcun segnale

Ciao.
C'era ancora un driver che rompeva le scatole.
Ti consiglio di disistallare completamente Nod32 e installare Antivir:
http://dlce.antivir.com/package/wks_avira/win32/it/pecl/avira_antivir_personal_it.exe
Ecco una guida per configurarlo bene:
http://www.zeusnews.it/zz_upload/PSV/Guida%20completa%20di%20%20AVIRA%20Antivir%209.pdf
Non controlla la posta elettronica, ma ferma i virus all'apertura, dei file.
Oggi come oggi, lo ritengo il miglior antivirus free in circolazione.