Buon giorno a tutti. da qualche giorno ho notato che ho problemi con la connessione ad internet ed allora ho pensato di fare sia una scansione con l'antivirus avast, il quale ha rilevato 4 virus, successivamente eliminati. il problema sembrava risolto ma il giorno dopo avevo di nuovo lo stesso problema. allora ho usato combofix il quale mi ha rilevato un virus su c:\windows\system32\eucedit.exe. mi sapete dire come eliminare il virus?
grazie

questo è il risultato della scansione:


aiutatemi vi prego e, vi ringrazio in anticipo.

davide intanto ti ringrazio tantissimo per avermi risposto in maniera così celere.
dunque vediamo se ho capito bene:
1) ho scaricato da internet il programma winshearch e ho cercato il file eudcedit ma mi dice che non ci sono risultati.

2) ho cercato anche il file che tu mi ha indicato (WINDOWS/servicepack/i3869 ma anche per questo 0 risultati. forse sto sbagliando qualcosa?

che faccio procedo con le altre tue istruzioni?

ho anche eseguito la procedura da te indicata usando combofix e qui di seguito il log della scansione:

temo di non avere alcun cd win xp :-(

qui di seguito il log della scansione con adwcleaner:

chiedo scusa se ho postato qui i due log delle scansioni ma quando uso wikisend mi da questo messaggio:
We are sorry, but an error has occured while uploading.

per quanto riguarda adwcleaner devo fare pulisci?

penso di aver fatto bene, in questo modo:
combofix è sul dexstop, ho fatto taglia su combofix ed incolla su dexstop; poi ho trascinato il file in txt (block note) con il codice da te indicato. la scansione di combofix ha avuto inizio e qui di seguito il log:

hai ragione, mi sono accorto ora che il file combofix sul dexstop era un collegamento. ora dovrei aver fatto come dici te e questo è l'ultimo log:

ComboFix 14-05-07.03 - utente 09/05/2014 11.12.00.13.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2006.933 [GMT 2:00]
Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\utente\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\eudcedit.exe . . . è infetto!!
.
.
((((((((((((((((((((((((( Files Creati Da 2014-04-09 al 2014-05-09 )))))))))))))))))))))))))))))))))))
.
.
2014-05-09 08:19 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-09 08:18 . 2014-05-09 08:19 -------- d-----w- C:\AdwCleaner
2014-05-09 07:41 . 2014-05-09 07:41 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Windows Search
2014-05-09 07:40 . 2014-05-09 07:40 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Windows Desktop Search
2014-05-09 07:39 . 2014-05-09 07:39 -------- d-----w- c:\programmi\Windows Desktop Search
2014-05-09 07:38 . 2014-05-09 07:38 -------- d-----w- c:\windows\LastGood
2014-05-08 17:35 . 2014-05-08 17:35 -------- d-----w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\SlimWare Utilities Inc
2014-05-08 17:35 . 2014-05-08 17:45 -------- d-----w- c:\programmi\DriverUpdate
2014-05-07 08:36 . 2014-05-07 08:36 388096 ----a-r- c:\documents and settings\utente\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-05-07 08:36 . 2014-05-07 08:36 -------- d-----w- c:\programmi\Trend Micro
2014-05-05 08:49 . 2014-05-05 08:49 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\DropboxMaster
2014-05-02 09:48 . 2014-05-02 09:48 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-02 09:48 . 2014-05-02 09:48 43152 ----a-w- c:\windows\avastSS.scr
2014-04-28 19:36 . 2014-04-28 19:36 17931952 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-04-28 10:42 . 2014-04-28 11:05 -------- d-----w- C:\F24
2014-04-28 10:38 . 2014-04-14 18:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-14 07:41 . 2014-04-14 07:41 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-02 09:48 . 2013-12-23 08:19 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-05-02 09:48 . 2013-12-23 08:19 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-05-02 09:48 . 2013-12-23 08:19 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-02 09:48 . 2013-12-23 08:19 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-02 09:48 . 2013-12-23 08:19 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-05-02 09:48 . 2013-12-23 08:19 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-05-02 09:48 . 2013-12-23 08:19 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-05-02 09:48 . 2013-04-25 13:24 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-02 09:48 . 2014-03-29 11:07 252464 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2014-04-28 19:36 . 2012-11-16 12:05 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-28 19:36 . 2011-11-03 13:56 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-14 17:47 . 2011-11-03 14:24 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-03-31 22:29 . 2014-03-31 22:29 55232 ----a-w- c:\windows\system32\drivers\tStLib.sys
2014-03-29 11:06 . 2014-03-29 11:07 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-29 11:06 . 2014-03-29 11:06 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2014-03-06 17:58 . 2009-08-29 07:49 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2009-08-29 07:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:58 . 2009-03-08 04:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2009-03-08 04:33 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2009-03-08 04:35 385024 ----a-w- c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-29 10:54 13312 ------w- c:\windows\system32\xp_eos.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-18 . 393AA70EB9F05EFC1F9B471DE4A2F08A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\programmi\adawaretb\adawareDx.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-02 09:48 260976 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\utente\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\utente\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\utente\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\utente\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cacaoweb"="c:\programmi\cacaoweb\cacaoweb.exe" [BU]
"Samsung Drive Manager"="c:\programmi\Clarus\Samsung Drive Manager\Drive Manager.exe" [BU]
"Media Finder"="c:\programmi\Media Finder\Media Finder.exe" [BU]
"Clownfish"="c:\programmi\Clownfish\Clownfish.exe" [2013-08-21 1277688]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atchk"="c:\programmi\Intel\AMT\atchk.exe" [2007-06-07 408344]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"JobHisInit"="c:\programmi\RDS\RMClient\JobHisInit.exe" [2007-08-30 229481]
"MplSetUp"="c:\programmi\RDS\RMClient\MplSetUp.exe" [2007-08-30 49254]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\programmi\AVAST Software\Avast\AvastUI.exe" [2014-05-02 3873704]
"mobilegeni daemon"="c:\programmi\Mobogenie\DaemonProcess.exe" [BU]
"IDProtect Monitor"="c:\programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe" [2010-12-02 323664]
"bit4id csp store register (M)"="c:\windows\system32\bit4upki-store.dll" [2010-08-10 151552]
"SDTray"="c:\programmi\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\
Dropbox.lnk - c:\documents and settings\utente\Dati applicazioni\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
OpenOffice.org 3.3.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2012-2-5 113664]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NAUpdate"=2 (0x2)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\utente\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmi\\XMind\\XMind.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\utente\\Dati applicazioni\\Tencent\\QQ\\STemp\\SetupEx~0\\QQSetupEx.exe"=
"c:\\Programmi\\Tencent\\QQIntl\\Bin\\QQ.exe"=
"c:\\Programmi\\File comuni\\Tencent\\QQDownload\\119\\Tencentdl.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1022:TCP"= 1022:TCP:Driver Twain
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [29/03/2014 13.06.42 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [29/03/2014 13.07.10 252464]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [23/12/2013 10.19.39 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [23/12/2013 10.19.40 180632]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [27/03/2013 22.13.17 13560]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [29/03/2014 13.07.10 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/12/2013 10.19.40 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/12/2013 10.19.39 411552]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [26/03/2012 18.07.15 101720]
R1 tStLib;tStLib;c:\windows\system32\drivers\tStLib.sys [01/04/2014 0.29.07 55232]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [02/05/2014 11.48.53 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [23/12/2013 10.19.38 67824]
R2 avast! Firewall;avast! Firewall;c:\programmi\AVAST Software\Avast\afwServ.exe [29/03/2014 13.06.42 109048]
R2 NAUpdate;@c:\programmi\Nero\Update\NASvc.exe,-200;c:\programmi\Nero\Update\NASvc.exe [23/09/2011 19.37.42 641832]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programmi\Spybot - Search & Destroy 2\SDFSSvc.exe [31/03/2014 23.11.15 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe [31/03/2014 23.11.18 1369624]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programmi\Intel\AMT\UNS.exe [03/11/2011 12.16.00 2521880]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [03/11/2011 12.25.09 36608]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [18/08/2009 14.50.49 9472]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe [31/03/2014 23.11.19 168384]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10.58.16 3275136]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [23/10/2013 9.15.08 172192]
S3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\drivers\aswTap.sys [22/11/2013 10.34.41 35272]
S3 EZUSB;EZUSB PC/SC Smart Card Reader;c:\windows\system32\drivers\ezusb.sys [09/11/2011 10.50.27 56716]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [14/12/2011 9.36.59 89600]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [03/04/2013 13.32.02 41584]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [28/09/2009 10.55.38 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [16/11/2011 11.22.08 24880]
S3 swyetskp;swyetskp; [x]
S4 gwoetowj;gwoetowj;c:\windows\system32\drivers\gwoetowj.sys [23/10/2013 9.01.53 403440]
S4 TeamViewer6;TeamViewer 6;c:\docume~1\ADMINI~1\IMPOST~1\Temp\TeamViewer\Version6\TeamViewer_Service.exe --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\TeamViewer\Version6\TeamViewer_Service.exe [?]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WSEARCH
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-16 19:37]
.
2014-05-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-02 09:48]
.
2014-05-09 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDUpdate.exe [2014-03-31 12:08]
.
2014-05-09 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
- c:\windows\system32\xp_eos.exe [2014-03-29 23:28]
.
2014-05-08 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job
- c:\windows\system32\xp_eos.exe [2014-03-29 23:28]
.
2014-05-07 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDImmunize.exe [2014-03-31 12:07]
.
2014-05-02 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDScan.exe [2014-03-31 12:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Download with &Media Finder - c:\programmi\Media Finder\hook.html
IE: {{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} -
TCP: Interfaces\{C79E3A71-725B-4492-88F8-A62AF852B956}: NameServer = 205.210.42.205,64.68.200.200
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\gq1o68j0.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=ir_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtCtBzyzzyD0FyB0AtD0EtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzy0CtC0AtAyEzytGyEyCzyyEtG0B0ByEyEtGzyyCzzzytGtDyB0AtA0FtA0FyBtC0FyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0F0D0DyDtA0AtG0D0ByB0EtG0ByC0C0BtGtA0Dzz0AtGtB0FtC0E0BtCyDzztBtA0AyC2Q&cr=1763221425&ir=
FF - prefs.js: network.proxy.ftp - 183.207.228.6
FF - prefs.js: network.proxy.ftp_port - 8000
FF - prefs.js: network.proxy.http - 183.207.228.6
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.socks - 183.207.228.6
FF - prefs.js: network.proxy.socks_port - 8000
FF - prefs.js: network.proxy.ssl - 183.207.228.6
FF - prefs.js: network.proxy.ssl_port - 8000
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-09-02 19:48; 39ffxtbr@MapsGalaxy_39.com; c:\programmi\MapsGalaxy_39\bar\1.bin
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 44337a0e000000000000001e9012985f
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15784
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.011:43
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - 44337a0e000000000000001e9012985f
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16109
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.311:01
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: extensions.irmysearch.aflt - ir_14_14_ff
FF - user.js: extensions.irmysearch.instlRef - 140305_b
FF - user.js: extensions.irmysearch.cr - 1763221425
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtC0EzytDtCtBzyzzyD0FyB0AtD0EtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzy0CtC0AtAyEzytGyEyCzyyEtG0B0ByEyEtGzyyCzzzytGtDyB0AtA0FtA0FyBtC0FyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0F0D0DyDtA0AtG0D0ByB0EtG0ByC0C0BtGtA0Dzz0AtGtB0FtC0E0BtCyDzztBtA0AyC2Q
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=ir_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtCtBzyzzyD0FyB0AtD0EtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzy0CtC0AtAyEzytGyEyCzyyEtG0B0ByEyEtGzyyCzzzytGtDyB0AtA0FtA0FyBtC0FyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0F0D0DyDtA0AtG0D0ByB0EtG0ByC0C0BtGtA0Dzz0AtGtB0FtC0E0BtCyDzztBtA0AyC2Q&cr=1763221425&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=ir_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtCtBzyzzyD0FyB0AtD0EtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzy0CtC0AtAyEzytGyEyCzyyEtG0B0ByEyEtGzyyCzzzytGtDyB0AtA0FtA0FyBtC0FyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0F0D0DyDtA0AtG0D0ByB0EtG0ByC0C0BtGtA0Dzz0AtGtB0FtC0E0BtCyDzztBtA0AyC2Q&cr=1763221425&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=ir_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtCtBzyzzyD0FyB0AtD0EtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzy0CtC0AtAyEzytGyEyCzyyEtG0B0ByEyEtGzyyCzzzytGtDyB0AtA0FtA0FyBtC0FyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0F0D0DyDtA0AtG0D0ByB0EtG0ByC0C0BtGtA0Dzz0AtGtB0FtC0E0BtCyDzztBtA0AyC2Q&cr=1763221425&ir=&q=
FF - user.js: extensions.mysearchdial.id - 001E9012985F7A0E
FF - user.js: extensions.mysearchdial.instlDay - 16160
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.022:57
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - ir_14_14_ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_b
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 1763221425
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtC0EzytDtCtBzyzzyD0FyB0AtD0EtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzy0CtC0AtAyEzytGyEyCzyyEtG0B0ByEyEtGzyyCzzzytGtDyB0AtA0FtA0FyBtC0FyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0F0D0DyDtA0AtG0D0ByB0EtG0ByC0C0BtGtA0Dzz0AtGtB0FtC0E0BtCyDzztBtA0AyC2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-09 11:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-630328440-1801674531-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,60,62,
83,79,c2,74,05,98,63,36,48,5c,4b,3b,ae
.
[HKEY_USERS\S-1-5-21-117609710-630328440-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,59,0d,da,7e,e5,cf,47,ae,98,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,cb,e6,62,8e,4a,db,4f,bf,5f,f8,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,c5,8f,63,db,11,cc,42,89,a8,b3,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2680)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\documents and settings\utente\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2014-05-09 11:19:10
ComboFix-quarantined-files.txt 2014-05-09 09:19
ComboFix2.txt 2014-05-09 08:46
ComboFix3.txt 2014-05-09 08:05
ComboFix4.txt 2014-05-08 16:33
ComboFix5.txt 2014-05-09 09:10
.
Pre-Run: 184.946.765.824 byte disponibili
Post-Run: 184.933.588.992 byte disponibili
.
- - End Of File - - 9F40739C07CA971514646717783BBA2F
828E02D5C4A4FBE53441EE9DBEE51F43

Leggere, grazie http://www.hwupgrade.it/forum/showthread.php?t=1751598

chiedo scusa al moderatore, avevo provato winsender e non mi funzionava. grazie per la segnalazione delle altre opzioni.

qui il link dell'ultimo log:

<a href=http://www.filedropper.com/combofix_2><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >upload files free</a></div>

http://www.filedropper.com/combofix_2

grazie ancora davide!

questo è il link del log della scansione con adwcleaner:

http://www.filedropper.com/adwcleaners0_1

<a href=http://www.filedropper.com/adwcleaners0_1><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >file backup online</a></div>

una volta che mi procuro il cd di windows xp cosa dovrei fare? come si chiama il file da cercare e da rimpiazzare il file eudcedit. exe?

fatto come dici. qui il link al log

http://www.filedropper.com/hitmanpro201405091711

<a href=http://www.filedropper.com/hitmanpro201405091711><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >upload files online</a></div>

sembra che dopo quest'ultima scansione e conseguente eliminazione dei file nocivi rilevati l'accesso ad internet sia tornato alla normalità.
dici che abbiamo risolto?:)

facendo di nuovo la scansione con combofix senza inserimento del codice da te indicato mi da sempre lo stesso messaggio che eudcedit è infetto.
dovrei fare la scansione con la procedura da te indicata ossia incollando il codice nell'icona?

Che ne dite di controllarlo per scrupolo su VT?

c:\windows\system32\eudcedit.exe

ho fatto come dite e come risultato ho solo luce verde e nessuna segnalazione in rosso.
ora procedo con le ulteriori scansioni come da Davide consigliatomi, e se avete altri consigli, sono sempre ben accetti.

In ogni caso grazie a davide e a chill out:)