Ciao e grazie per la celere risposta.
Ti elenco quelloche intanto ho fatto prima di leggere il tuo post.
Ho avviato Elibalgla e dopo in modalità provvisoria attraverso il comando start esegui ho fatto partire Combofix.
Ti allego intanto il report.
Una nota: al di là che dovrò reistallare i programmi antivirus etc, ho notatoche mi ha cancellato anche i drivers del wifi che non riesco a ripristinare.
Intanto grazie e attendo tue nuove.
ComboFix 08-12-26.03 - Ranieri Railz 2008-12-27 11.21.26.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.511.393 [GMT 1:00]
Eseguito da: c:\documents and settings\Ranieri Railz\desktop\abc.exe
Interruttori di comando utilizzati :: /killall
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Firewall *disabled*
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\113923.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\118971.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\119281.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\131559.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\177665.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\178566.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\178947.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\267865.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\335562.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\336473.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\336483.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\360718.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\363642.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\364924.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\366346.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\367838.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\downld\368399.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\srosa2.sys
c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers\winupgro.exe
c:\documents and settings\Ranieri Railz\Dati applicazioni\m
C:\InfoSat.txt
c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SK9OU0S
-------\Legacy_SROSA
-------\Service_sK9Ou0s
((((((((((((((((((((((((( Files Creati Da 2008-11-27 al 2008-12-27 )))))))))))))))))))))))))))))))))))
.
2008-12-26 19:29 . 2008-12-27 11:22 <DIR> d--h----- c:\documents and settings\Ranieri Railz\Dati applicazioni\drivers
2008-12-25 20:36 . 2008-12-25 20:36 <DIR> d-------- c:\windows\Sun
2008-12-22 23:21 . 2008-12-22 23:20 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-22 23:21 . 2008-12-22 23:20 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-13 00:27 . 2008-12-13 00:27 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-09 23:29 . 2008-12-09 23:29 118 --a------ c:\windows\system32\MRT.INI
2008-12-08 12:57 . 2008-12-08 12:57 <DIR> d-------- c:\windows\system32\it
2008-12-08 12:57 . 2008-12-08 12:57 <DIR> d-------- c:\windows\system32\bits
2008-12-08 12:57 . 2008-12-08 12:57 <DIR> d-------- c:\windows\l2schemas
2008-12-04 00:14 . 2008-12-04 00:14 3,273 --a------ c:\windows\SceneLib24.ini
2008-12-04 00:14 . 2008-12-10 22:46 672 --a------ c:\windows\3dtrack.INI
2008-12-04 00:04 . 2008-12-04 00:04 97,792 --a------ c:\windows\system32\drivers\ACEDRV05.sys
2008-12-04 00:04 . 2008-12-10 23:21 3,189 --a------ c:\windows\track.INI
2008-12-03 23:49 . 2008-12-10 23:21 <DIR> d-------- c:\programmi\WinTrack7
2008-11-30 22:51 . 2008-11-30 22:51 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-11-30 22:05 . 2008-11-30 22:05 <DIR> d-------- c:\documents and settings\Ranieri Railz\Dati applicazioni\SnapMail 5
2008-11-30 21:53 . 2008-11-30 21:53 <DIR> d-------- c:\programmi\Bonjour
2008-11-30 21:50 . 2008-11-30 21:50 <DIR> d-------- c:\programmi\Apple Software Update
2008-11-30 21:49 . 2008-11-30 21:49 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Apple
2008-11-29 19:43 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-29 19:43 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-29 19:43 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-29 19:43 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-29 01:18 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-29 01:17 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-29 01:17 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-29 01:17 . 2008-05-01 15:34 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-29 01:14 . 2008-11-29 01:14 <DIR> d-------- c:\programmi\Avira
2008-11-29 01:05 . 2008-04-14 03:13 712,704 --------- c:\windows\system32\windowscodecs.dll
2008-11-29 01:05 . 2008-04-14 03:13 346,112 --------- c:\windows\system32\windowscodecsext.dll
2008-11-29 01:05 . 2008-04-14 03:13 276,992 --------- c:\windows\system32\wmphoto.dll
2008-11-29 01:05 . 2008-04-14 03:13 69,120 --------- c:\windows\system32\wlanapi.dll
2008-11-29 01:05 . 2008-04-14 03:13 53,248 --------- c:\windows\system32\tsgqec.dll
2008-11-29 01:05 . 2008-04-14 03:13 50,688 --------- c:\windows\system32\tspkg.dll
2008-11-29 01:04 . 2008-04-14 03:13 412,160 --------- c:\windows\system32\photometadatahandler.dll
2008-11-29 01:04 . 2008-04-14 03:13 293,888 --------- c:\windows\system32\qagentrt.dll
2008-11-29 01:04 . 2008-04-14 03:13 290,304 --------- c:\windows\system32\rhttpaa.dll
2008-11-29 01:04 . 2008-04-14 03:13 150,528 --------- c:\windows\system32\qagent.dll
2008-11-29 01:04 . 2008-04-14 03:13 144,896 --------- c:\windows\system32\onex.dll
2008-11-29 01:04 . 2008-04-14 03:13 76,800 --------- c:\windows\system32\qutil.dll
2008-11-29 01:04 . 2008-04-14 03:13 62,464 --------- c:\windows\system32\qcliprov.dll
2008-11-29 01:04 . 2008-04-14 03:13 61,952 --------- c:\windows\system32\rasqec.dll
2008-11-29 01:04 . 2008-04-14 03:14 32,768 --------- c:\windows\system32\setupn.exe
2008-11-29 01:04 . 2008-04-13 19:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-11-29 01:02 . 2008-04-14 03:13 651,264 --------- c:\windows\system32\dot3ui.dll
2008-11-29 01:01 . 2008-04-14 03:13 136,192 --------- c:\windows\system32\aaclient.dll
2008-11-29 00:12 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-29 00:12 . 2008-06-14 18:32 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-29 00:11 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-29 00:03 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 21:58 43,100 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-26 21:58 3,788,832 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-26 17:22 --------- d-----w c:\programmi\Google
2008-12-22 22:20 --------- d-----w c:\programmi\Java
2008-12-22 22:09 --------- d-----w c:\programmi\Sicurezza
2008-12-22 21:17 --------- d-----w c:\programmi\Utility
2008-12-13 18:46 --------- d-----w c:\documents and settings\Ranieri Railz\Dati applicazioni\Lavasoft
2008-12-10 22:32 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-12-02 23:49 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\QuickTime
2008-11-29 00:14 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-17 171448]
"eMuleAutoStart"="c:\programmi\Utility\eMule0.49b\emule.exe" [2008-08-01 5480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-09-24 4861952]
"00THotkey"="c:\windows\System32\
00THotkey.exe" [2003-05-23 14:27 253952]
"SigmaTel StacMon"="c:\programmi\SigmaTel\Driver audio di SigmaTel AC97\stacmon.exe" [2003-08-03 86073]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 110592]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 614400]
"TouchED"="c:\programmi\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 122880]
"PRONoMgr.exe"="c:\programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"ZoneAlarm Client"="c:\programmi\Sicurezza\Zone Labs\ZoneAlarm\zlclient.exe" [2008-12-27 919016]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-12-27 266497]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-09-18 98304]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
"nwiz"="nwiz.exe" [2003-09-24 c:\windows\system32\nwiz.exe]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 c:\windows\system32\
000StTHK.exe]
"TFNF5"="TFNF5.exe" [2003-07-18 c:\windows\system32\TFNF5.exe]
"LTSMMSG"="LTSMMSG.exe" [2003-04-18 c:\windows\ltsmmsg.exe]
"TPSMain"="TPSMain.exe" [2003-10-02 c:\windows\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 15:49 110592 c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= usbmn2x2.dll
"midi2"= usbmn2x2.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Ranieri Railz^Menu Avvio^Programmi^Esecuzione automatica^FreePOPs.lnk]
path=c:\documents and settings\Ranieri Railz\Menu Avvio\Programmi\Esecuzione automatica\FreePOPs.lnk
backup=c:\windows\pss\FreePOPs.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-10-28 15:25 94208 c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:14 1695232 c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-09-18 22:11 98304 c:\programmi\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-17 20:42 171448 c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Utility\\eMule0.49b\\emule.exe"=
"c:\\Programmi\\Utility\\SnapMail\\SnapMail.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [2007-11-10 14272]
S3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys [2007-11-10 22304]
S4 Acp2w2kw;Acp2w2kw; []
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-TOSCDSPD - c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr
.
------- Supplementare di scansione -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-27 11:26:59
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\windows\System32\LgNotify.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Toshiba\ConfigFree\CFSvcs.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\1XConfig.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\programmi\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-27 11:30:34 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-27 10:30:31
Pre-Run: 21.535.600.640 byte disponibili
Post-Run: 21,427,605,504 byte disponibili
225 --- E O F --- 2008-12-18 22:30:52