Cursore del mouse scomparso e tastiera che non funziona.

[pittipatti]

Dopo aver fatto una scansione con Avira mi è scomparso il cursore del mouse sul mio portatile con Xp e non funziona nemmeno la tastiera. Non mi permette di tornare indietro ad un precedente punto di ripristino. Che devo fare?

[shel]

quando il il cursore del mouse sparisce

[pittipatti]

Grazie della risposta ma non è quello il problema, non va nemmeno il mouse integrato nella tastiera del portatile, prima di fare la scansione con Avira mi si era aperto un exe che non riesco a togliere dove mi diceva che ho il computer infettato dai virus e che devo acquistare un determinato antivirus. Ho rimandato indietro il pc a qualche giorno prima, ho fatto la scansione con avira e non mi funziononano piu i mouse. che devo fare?

[shel]

il trucchetto e' sempre quello, accettare la richiesta della scansione ed installare il vero malware

scarica sul desktop questi programmi dopo aver disattivato l'antivirus

malwarebytes

combofix

avvia malwarebytes Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .


esegui ComboFix col tasto destro e come amministratore se hai vista (non installare la recovery console)
-

- segui le instruzioni

- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt

guida all'utilizzo di combofix

[pittipatti]

ho scaricato e fatto andare il malwarebytes e fatto tutto.

Codice: Seleziona tutto

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4305

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/07/2010 18.10.10
mbam-log-2010-07-12 (18-10-10).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 263109
Tempo trascorso: 1 ore, 37 minuti, 14 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 1
Voci infette nei dati di registro: 2
Cartelle infette: 0
File infetti: 6

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system guard (Trojan.Agent) -> Quarantined and deleted successfully.

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Documents and Settings\Administrator\Dati applicazioni\msng.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\CC.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\HirX.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP1780\A0329981.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsvncs.txt (Malware.Trace) -> Quarantined and deleted successfully.


Devo far andare anche il combofix?
Adesso i mouse funzionano!

[shel]

si meglio eseguire anche combofix per eliminare le altre infezioni che sono sfuggite a malwarebytes

[pittipatti]

Scusandomi del ritardo ti allego il risultato del combofix.

Codice: Seleziona tutto

ComboFix 10-07-20.03 - Administrator 21/07/2010  11.18.35.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.503.169 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dati applicazioni\Desktopicon
c:\documents and settings\Administrator\Dati applicazioni\Desktopicon\config.ini
c:\windows\system32\scvideo.dll
c:\windows\xpsp1hfm.log
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Creati Da 2010-06-21 al 2010-07-21  )))))))))))))))))))))))))))))))))))
.

2010-07-14 19:20 . 2010-06-14 14:31   744448   ------w-   c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 12:53 . 2010-07-12 12:53   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-07-12 12:53 . 2010-04-29 13:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-12 12:53 . 2010-07-12 12:53   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2010-07-12 12:53 . 2010-07-12 12:53   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-12 12:53 . 2010-04-29 13:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-07-12 12:43 . 2010-07-12 12:43   --------   d-----w-   c:\programmi\Trend Micro
2010-07-11 07:49 . 2010-07-11 07:49   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-07-11 00:10 . 2010-07-11 00:10   --------   d-----r-   c:\documents and settings\LocalService\Preferiti
2010-07-11 00:05 . 2008-04-14 01:47   23552   ----a-w-   c:\windows\system32\drivers\mouclass.sys
2010-07-11 00:05 . 2008-04-14 01:47   23552   ----a-w-   c:\windows\system32\dllcache\mouclass.sys
2010-07-11 00:00 . 2010-07-21 08:58   --------   d-----w-   c:\windows\system32\NtmsData
2010-06-30 17:30 . 2008-10-29 04:34   644096   ----a-w-   c:\windows\system32\drivers\rt2870.sys
2010-06-30 17:30 . 2008-10-29 04:28   221184   ----a-w-   c:\windows\system32\RaCoInst.dll
2010-06-30 17:30 . 2008-10-29 04:28   15312   ----a-w-   c:\windows\system32\RaCoInst.dat
2010-06-23 10:40 . 2010-06-23 10:40   --------   d-----w-   c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\PCHealth

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 09:49 . 2008-11-15 00:32   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-07-21 09:49 . 2007-01-16 10:50   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-07-21 09:17 . 2008-11-13 20:22   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\HPAppData
2010-07-05 09:22 . 2004-08-30 10:50   88548   ----a-w-   c:\windows\system32\perfc010.dat
2010-07-05 09:22 . 2004-08-30 10:50   503720   ----a-w-   c:\windows\system32\perfh010.dat
2010-06-30 17:30 . 2009-05-16 09:00   --------   d-----w-   c:\programmi\DIFX
2010-06-08 20:38 . 2009-11-14 12:16   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\HpUpdate
2010-06-05 11:08 . 2009-02-15 21:22   --------   d-----w-   c:\programmi\Microsoft Silverlight
2010-06-02 13:44 . 2010-05-25 15:44   --------   d-----w-   c:\programmi\VideoLAN
2010-06-01 20:00 . 2007-01-16 07:03   105640   -c--a-w-   c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-06-01 19:36 . 2010-06-01 19:32   77469   ----a-w-   c:\windows\hpqins05.dat
2010-06-01 19:36 . 2008-11-13 16:45   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\HP
2010-06-01 19:35 . 2010-06-01 19:35   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2010-05-27 09:13 . 2006-04-18 20:13   --------   d--h--w-   c:\programmi\InstallShield Installation Information
2010-05-26 12:25 . 2008-07-05 22:10   --------   d-----w-   c:\programmi\PeerGuardian2
2010-05-26 11:18 . 2009-10-29 17:35   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\dvdcss
2010-05-25 09:43 . 2010-05-25 09:43   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Minnetonka Audio Software
2010-05-23 16:19 . 2010-05-23 13:41   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\avg9
2010-05-23 13:41 . 2010-05-23 13:41   --------   d-----w-   c:\programmi\AVG
2010-05-11 16:30 . 2010-05-11 16:25   23124   ----a-w-   c:\windows\hpqins15.dat
2010-05-06 10:32 . 2004-08-19 08:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 16:47 . 2003-03-18 20:14   499712   ------w-   c:\windows\system32\msvcp71.dll
2010-05-04 16:47 . 2003-02-21 02:42   348160   ------w-   c:\windows\system32\msvcr71.dll
2010-05-02 08:06 . 2004-08-19 08:00   1851264   ------w-   c:\windows\system32\win32k.sys
2009-02-24 17:17 . 2009-02-24 17:17   25782063   -c--a-w-   c:\programmi\wmp11-windowsxp-x86-it-it.zip
.
[code]<pre>
c:\programmi\Analog Devices\Core\smax4pnp .exe
c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\programmi\Hp\HP Software Update\HPWuSchd2 .exe
c:\programmi\HPQ\Default Settings\cpqset .exe
c:\programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe
c:\programmi\InterVideo\DVD Check\DVDCheck    .exe
c:\programmi\Synaptics\SynTP\SynTPEnh .exe
c:\programmi\Windows Media Player\WMPNSCFG .exe
c:\windows\CREATOR\Remind_XP .exe
c:\windows\SMINST\Recguard .exe
c:\windows\SMINST\Scheduler .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\NeroCheck .exe
c:\windows\system32\DLA\DLACTRLW .exe
</pre>[/code]

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [N/A]
"PTHOSTTR"="c:\programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [N/A]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [N/A]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [N/A]
"WatchDog"="c:\programmi\InterVideo\DVD Check\DVDCheck   .exe" [N/A]
"igfxtray"="c:\windows\system32\igfxtray.exe" [N/A]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [N/A]
"igfxpers"="c:\windows\system32\igfxpers.exe" [N/A]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [N/A]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [N/A]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [N/A]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [N/A]
"Symantec PIF AlertEng"="c:\programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"hpqSRMon"="c:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Livestream Procaster"="c:\programmi\Procaster\Procaster.exe" [2009-10-12 6415648]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-05-04 202256]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-3 110592]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 01:15   63488   ----a-r-   c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Programmi\\GlobalSCAPE\\CuteFTP\\cutftp32.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programmi\\Hp\\HP Software Update\\hpwucli.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe -k Cognizance [19/08/2004 10.00.00 14336]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [19/08/2004 10.00.00 14336]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;c:\programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe [01/04/2007 18.47.46 100032]
S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\INQ1usbser.sys [16/05/2009 11.00.52 103680]
S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/05/2007 13.30.38 508160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ      ASBroker ASChannel
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2010-07-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2807930981-3978777549-1355080167-500.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-07-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2807930981-3978777549-1355080167-500.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{EAE9205E-6467-4DAD-BEC5-64EA71C0069E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-07-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-08 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.omnianews.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Convert Tool... - c:\programmi\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\programmi\MP3 Player Utilities 4.00\MediaManager\grab.html
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {C6BEBA53-1F7E-4A0A-B738-61FBB49E0B06} - hxxp://videopostaumail.alice.it/resources/VPDefault.ocx
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\1328ula1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.omnianews.it/
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\docume~1\ADMINI~1\DATIAP~1\POWERC~1\nppowerloader.dll
FF - plugin: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 11:50
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe?????????? ???@???????????????@??????X??????(?@???????@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2807930981-3978777549-1355080167-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,0e,1b,0c,db,c9,d5,48,9b,a6,bb,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,0e,1b,0c,db,c9,d5,48,9b,a6,bb,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,ba,18,7a,0f,13,80,4f,ab,25,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,ba,18,7a,0f,13,80,4f,ab,25,7a,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:19,bd,5f,78,e6,8d,23,6a,e0,e1,6e,4c,c1,ca,bc,aa,b6,0a,91,8b,79,
   29,40,9f,57,d0,c6,dd,28,74,c5,b2,b4,a3,b2,71,79,56,ce,4a,f4,11,65,25,ab,a5,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:19,bd,5f,78,e6,8d,23,6a,e0,e1,6e,4c,c1,ca,bc,aa,b6,0a,91,8b,79,
   29,40,9f,57,d0,c6,dd,28,74,c5,b2,b4,a3,b2,71,79,56,ce,4a,f4,11,65,25,ab,a5,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll
c:\programmi\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\msi.dll

- - - - - - - > 'explorer.exe'(756)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\DllHost.exe
c:\programmi\HPQ\IAM\bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\mqsvc.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\mqtgsvc.exe
c:\programmi\Skype\Phone\Skype.exe
c:\programmi\Hp\Digital Imaging\bin\hpqtra08.exe
c:\programmi\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programmi\HP\Digital Imaging\bin\hpqbam08.exe
c:\programmi\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Ora fine scansione: 2010-07-21  12:01:43 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-07-21 10:01

Pre-Run: 13.364.535.296 byte disponibili
Post-Run: 15.409.373.184 byte disponibili

- - End Of File - - 1A71F2268BAA8C9C2EBDB37A8D093B8B


[pittipatti]

Chi mi controla il Combofix?
Grazie in anticipo!