Your genius idea has worked!!!!!!
I renamed the combofix that while running detected a root infection!!!
Now my pc seems again working!!!! Im writting from the infected pc :-)))))
Everything seems ok!!!
Here is the combofix report file :
ComboFix 08-12-18.03 - H18 2008-12-20 20:02:38.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1040.18.1023.648 [GMT 1:00]
Running from: c:\documents and settings\H18\Desktop\Somethingelse.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\TDSSmhxt.sys
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.
2008-12-20 19:53 . 2008-12-20 19:53 <DIR> d-------- c:\programmi\aaaa
2008-12-18 22:21 . 2007-01-21 12:11 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2008-12-18 22:21 . 2007-01-21 12:11 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2008-12-18 22:21 . 2007-01-21 12:11 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2008-12-18 22:21 . 2007-01-21 11:20 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2008-12-18 22:21 . 2007-01-21 12:11 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2008-12-18 22:21 . 2008-12-20 20:06 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2008-12-18 22:21 . 2007-01-21 12:11 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2008-12-18 22:21 . 2008-08-31 22:47 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2008-12-18 22:21 . 2008-12-18 22:21 <DIR> d-------- c:\documents and settings\Administrator
2008-12-18 16:32 . 2008-12-18 16:32 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2008-12-18 14:46 . 2008-12-18 14:46 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ESET
2008-12-12 17:18 . 2001-08-30 23:07 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-12-12 17:18 . 2001-08-30 23:07 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2008-12-12 17:18 . 2001-08-30 23:07 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-12-12 17:18 . 2001-08-30 23:07 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2008-12-12 17:18 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-12-12 17:18 . 2001-08-17 22:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2008-12-12 14:28 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-12-12 14:28 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2008-12-11 10:26 . 2008-04-14 04:12 6,144 --a------ c:\windows\system32\kbd106.dll
2008-12-11 10:26 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-12-11 10:26 . 2008-04-14 04:12 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2008-12-11 10:26 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2008-12-09 17:33 . 2008-12-09 17:33 552 --a------ c:\windows\system32\d3d8caps.dat
2008-11-26 17:59 . 2008-11-26 17:59 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-26 17:59 . 2008-11-26 17:59 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-26 17:58 . 2008-11-26 17:58 <DIR> d-------- c:\programmi\Kaspersky Lab
2008-11-26 17:58 . 2008-12-20 20:21 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2008-11-26 17:58 . 2008-12-20 20:18 2,232,864 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-26 17:58 . 2008-12-20 20:18 483,360 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-26 17:58 . 2008-12-20 20:18 21,668 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-26 17:58 . 2008-12-20 20:18 3,780 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-26 17:43 . 2008-12-03 18:33 <DIR> d---s---- c:\windows\Downloaded Program Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 18:50 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-20 18:47 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2008-12-20 18:47 --------- d-----w c:\documents and settings\H18\Dati applicazioni\Skype
2008-12-20 18:41 --------- d-----w c:\documents and settings\H18\Dati applicazioni\skypePM
2008-12-19 20:02 --------- d-----w c:\programmi\File comuni\Real
2008-12-19 16:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2008-12-19 12:36 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-17 16:38 --------- d-----w c:\programmi\Opera
2008-12-14 19:58 --------- d-----w c:\programmi\SUPERAntiSpyware
2008-12-14 19:58 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-26 16:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-11-26 16:31 --------- d-----w c:\documents and settings\H18\Dati applicazioni\Azureus
2008-11-13 17:21 --------- d-----w c:\programmi\Visiosonic
2008-11-11 18:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat
2008-10-25 17:13 --------- d-----w c:\programmi\Microsoft ActiveSync
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-12 15:45 44,239 ----a-w C:\sound32.dll
2008-01-28 22:16 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-09-09 09:40 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008090920080910\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"USRobotics Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1290240]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]
"nwiz"="nwiz.exe" [2005-02-24 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"VIDC.ACDV"= ACDV.dll
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\H18\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\myTV\\myTV.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Programmi\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [2002-04-22 9490]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys []
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\DRIVERS\camdrv21.sys [2007-01-31 253909]
S3 WZCOOK;WEP/WPA-PMK key recovery service;"c:\documents and settings\H18\Desktop\WiFi_WEP_Key_Finder\aircrack-ng-0.6.2-win\bin\wzcook.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c56caf3-9fb2-11dd-9e61-0014c10c7bd8}]
\Shell\AutoRun\command - 1rfw8hjr.com
\Shell\explore\Command - 1rfw8hjr.com
\Shell\open\Command - 1rfw8hjr.com
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: &Download All with Rapidshare Downloader - c:\docume~1\H18\IMPOST~1\Temp\RarSFX0\jc_all.htm
IE: &Download with Rapidshare Downloader - c:\docume~1\H18\IMPOST~1\Temp\RarSFX0\jc_link.htm
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {AD81C8A6-4507-4E78-9486-F9D0B6A49758} = 213.215.115.88,147.175.167.50
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\programmi\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\programmi\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\programmi\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\programmi\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\programmi\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\programmi\Microsoft ActiveSync\cenetflt.dll
FF - ProfilePath - c:\documents and settings\H18\Dati applicazioni\Mozilla\Firefox\Profiles\lzo7tgox.default\
FF - prefs.js: browser.startup.homepage - www.alpha.gr
FF - plugin: c:\programmi\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\programmi\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\programmi\Opera\program\plugins\NPSWF32_back.dll
FF - plugin: c:\programmi\Opera\program\plugins\npWebLaunch.dll
FF - plugin: c:\programmi\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: c:\programmi\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\programmi\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-20 20:22:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1100)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wwSecure.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-20 20:26:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-20 19:25:55
Pre-Run: 2,974,896,128 byte disponibili
Post-Run: 2,969,960,448 byte disponibili
212 --- E O F --- 2008-12-18 12:27:01
Many Thxs for All !!
Wish you the best!!