Allora, premetto che il virus appare ancora dopo aver fatto (credo) tutto quanto.

ho effettuato 2 scansioni con Norman. la prima da questo log:

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/06/16 19:12:25

Norman Scanner Engine Version: 5.92.08
Nvcbin.def Version: 5.92.00, Date: 2008/06/16 19:12:25, Variants: 1752355

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: SERVER\Alessio


Scan started: 29/06/2008 22:11:26


Scanning running processes and process memory...

Number of processes/threads found: 539
Number of processes/threads scanned: 538
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 6s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\Alessio\ALE\Documents and Settings\wolfbane\Desktop\wpp_essential_3.2_it.zip/winPenPack/Bin/Pidgin/sounds/purple/alert.wav (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Dati applicazioni\OOo-dev3\user\backup\[BOOK] - MM - I.bak/Configurations2/accelerator/current.xml (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Dati applicazioni\OpenOffice.org2\user\backup\[BOOK] - MM - I.bak/Configurations2/accelerator/current.xml (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Desktop\ProjectHOPE - MHSkull.odt/Configurations2/accelerator/current.xml (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\ProjectHOPE - Blog.odt/Configurations2/accelerator/current.xml (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\ProjectHOPE - MHSkull.odt/Configurations2/accelerator/current.xml (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/fenrir1.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/fumetti anni40/01aecover.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/229_2.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/ba349_2.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/ColorHeer.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/FJ%20helmet.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/helmet_ger_restored.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/komet.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/LuftPilots.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/mod6.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/p21203_1.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/Pilarski.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/Russian%20M40.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/Teufel.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/US%20D-Day%20pkg.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materiale/poteri.doc (Error whilst scanning file: I/O Error)

C:\Programmi\DAEMON Tools Pro\Patch.exe (Infected with W32/Malware.AVTN)
Deleted file

C:\Programmi\DAEMON Tools Pro\Patch\daemon.tools.pro.patch.exe (Infected with W32/Malware.AVTN)
Deleted file

C:\Programmi\eMule\Incoming\Acdsee 9.0Pro ITALIAN Crack Keigen.rar/ACDSee_9.0pro+crack+keigen\crack_ACDSee 9.0\Patch [ ACDSee Pro 9.0 ].exe (Infected with W32/Malware.CEIC)
Deleted file

C:\Programmi\eMule\Incoming\Alcohol.120%.v1.9.5.3105 ITA+keygen+crack.rar/Alcohol 120% v1.9.5 Build 3105 Br\Crack\patch.exe (Infected with W32/Malware.CGOV)
Deleted file

C:\Programmi\eMule\Incoming\Alcohol.120%.v1.9.5.3105 ITA+keygen+crack.rar/[PROG] - Alcohol.120%.v1.9.5.3105 ITA+keygen+crack\Alcohol 120% v1.9.5 Build 3105 Br\Crack\patch.exe (Infected with W32/Malware.CGOV)
Deleted file

C:\Programmi\eMule\Incoming\Big Bands Hits of The 30s & 40s-Swing.rar/AV (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Big Bands Hits of The 30s & 40s-Swing.rar/RR (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR].rar/DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\Patch\Patch.exe (Infected with W32/Malware.AVTN)
Deleted file

C:\Programmi\eMule\Incoming\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR].rar/DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR].rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR].rar/DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR].rar/Patch\Patch.exe (Infected with W32/Malware.AVTN)
Deleted file

C:\Programmi\eMule\Incoming\DTPro.Adv.Full.L33VaNcL33F.rar/Patch\daemon.tools.pro.patch.exe (Infected with W32/Malware.AVTN)
Deleted file

C:\Programmi\eMule\Incoming\Imagenes 2ª Guerra Mundial WWII.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Images - Historical Pictures - WWII, Nazi, Propaganda, Portraits 700 images.jpg.rar/RR (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\James Taylor - One Man Band (2008) ok.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Jethro Tull - Crest Of A Knave (1987).rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Prince - Discography 1978-2002.rar/Prince - (2001) - The very best of\11 - U got the look.mp3 (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Template Monster Font Collection.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Throne.of.Darkness.English.v1.2.18.Update.Patch.and.No-CD.Crack.[shareprovider.com].rar/RR (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Yeah Yeah Yeahs - Future Heads.zip/The.Futureheads.-.The.Futureheads.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\[PC GAME ITA] The Witcher-Daemon.Tools.Pro.perfetto funzionanante.rar/
(Error whilst scanning file: I/O Error)

C:\temp\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR].rar/CMT (Error whilst scanning file: I/O Error)

C:\temp\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR].rar/Patch\Patch.exe (Infected with W32/Malware.AVTN)
Deleted file

C:\temp\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\Patch\Patch.exe (Infected with W32/Malware.AVTN)
Deleted file

C:\temp\[PROG] - Alcohol.120%.v1.9.5.3105 ITA+keygen+crack\Alcohol 120% v1.9.5 Build 3105 Br\Crack\patch.exe (Infected with W32/Malware.CGOV)
Deleted file

Scanning: c:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 468243
Number of archives unpacked: 3453
Number of files scanned: 468181
Number of files not scanned: 62
Number of files skipped due to exclude list: 0
Number of infected files found: 11
Number of infected files repaired/deleted: 11
Number of infections removed: 11
Total scanning time: 2h 5m 58s

---

la successiva quest'altro:

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/06/16 19:12:25

Norman Scanner Engine Version: 5.92.08
Nvcbin.def Version: 5.92.00, Date: 2008/06/16 19:12:25, Variants: 1752355

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: SERVER\Alessio

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scan started: 30/06/2008 08:12:30


Scanning running processes and process memory...

Number of processes/threads found: 557
Number of processes/threads scanned: 556
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 10s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\Alessio\ALE\Documents and Settings\wolfbane\Desktop\wpp_essential_3.2_it.zip/winPenPack/Bin/Pidgin/sounds/purple/alert.wav (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Dati applicazioni\OOo-dev3\user\backup\[BOOK] - MM - I.bak/Configurations2/accelerator/current.xml (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Dati applicazioni\OpenOffice.org2\user\backup\[BOOK] - MM - I.bak/Configurations2/accelerator/current.xml (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Desktop\ProjectHOPE - MHSkull.odt/Configurations2/accelerator/current.xml (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\ProjectHOPE - Blog.odt/Configurations2/accelerator/current.xml (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\ProjectHOPE - MHSkull.odt/Configurations2/accelerator/current.xml (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/fenrir1.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/fumetti anni40/01aecover.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/229_2.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/ba349_2.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/ColorHeer.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/FJ%20helmet.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/helmet_ger_restored.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/komet.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/LuftPilots.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/mod6.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/p21203_1.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/Pilarski.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/Russian%20M40.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/Teufel.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materale fotografico/US%20D-Day%20pkg.jpg (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alessio\Documenti\ProjectHOPE\- Materiali -\- Vecchi materiali -\xxx.zip/Supereroi/materiale/poteri.doc (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Big Bands Hits of The 30s & 40s-Swing.rar/AV (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Big Bands Hits of The 30s & 40s-Swing.rar/RR (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR].rar/DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR].rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Imagenes 2ª Guerra Mundial WWII.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Images - Historical Pictures - WWII, Nazi, Propaganda, Portraits 700 images.jpg.rar/RR (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\James Taylor - One Man Band (2008) ok.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Jethro Tull - Crest Of A Knave (1987).rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Prince - Discography 1978-2002.rar/Prince - (2001) - The very best of\11 - U got the look.mp3 (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Template Monster Font Collection.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Throne.of.Darkness.English.v1.2.18.Update.Patch.and.No-CD.Crack.[shareprovider.com].rar/RR (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Yeah Yeah Yeahs - Future Heads.zip/The.Futureheads.-.The.Futureheads.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\[PC GAME ITA] The Witcher-Daemon.Tools.Pro.perfetto funzionanante.rar/
(Error whilst scanning file: I/O Error)

C:\temp\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR].rar/CMT (Error whilst scanning file: I/O Error)


Running post-scan cleanup routine:

Number of files found: 467790
Number of archives unpacked: 3449
Number of files scanned: 467728
Number of files not scanned: 62
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 2h 10m 58s

---

il log generato da Combofix con internet disattivata:


ComboFix 08-06-20.4 - Alessio 2008-06-30 10.31.13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1492 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Alessio\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-05-28 al 2008-06-30 )))))))))))))))))))))))))))))))))))
.

2008-06-29 19:19 . 2008-06-29 19:19 <DIR> d-------- C:\Programmi\CCleaner
2008-06-29 18:52 . 2008-06-29 18:52 <DIR> d-------- C:\Programmi\Trend Micro
2008-06-29 15:59 . 2007-11-15 07:02 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-06-29 15:59 . 2007-11-15 07:02 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-06-29 15:59 . 2007-11-15 07:02 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-06-29 15:59 . 2007-11-15 06:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-06-29 15:59 . 2007-11-15 07:02 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-06-29 15:59 . 2008-06-30 10:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-06-29 15:59 . 2007-11-15 07:02 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-06-29 15:59 . 2008-06-29 15:59 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Ipswitch
2008-06-29 15:59 . 2008-06-29 15:59 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-06-29 15:59 . 2008-06-29 15:59 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-28 07:48 . 2008-06-28 07:48 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-06-28 07:48 . 2008-06-29 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-28 07:10 . 2008-06-28 07:10 109,056 --a------ C:\WINDOWS\system32\lphcgq3j0ee3g.exe
2008-06-28 07:10 . 2008-06-30 10:28 90,838 --a------ C:\WINDOWS\system32\phcgq3j0ee3g.bmp
2008-06-28 07:10 . 2008-06-30 10:28 60,928 --a------ C:\WINDOWS\system32\blphcgq3j0ee3g.scr
2008-06-27 22:08 . 2008-06-27 22:08 <DIR> d-------- C:\Programmi\My Company Name
2008-06-27 22:06 . 2008-06-27 22:09 <DIR> d-------- C:\WINDOWS\NV31043140.TMP
2008-06-10 20:25 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 20:25 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-15 22:22 . 2008-06-09 22:44 <DIR> d-------- C:\Documents and Settings\Alessio\Dati applicazioni\OOo-dev3
2008-05-15 22:19 . 2008-05-15 22:20 <DIR> d-------- C:\Programmi\OpenOffice.org
2008-05-15 22:19 . 2008-05-15 22:19 <DIR> d-------- C:\Programmi\OOo-dev 3
2008-05-15 22:19 . 2008-05-15 22:19 <DIR> d-------- C:\Programmi\JRE
2008-05-14 09:17 . 2008-06-29 18:36 <DIR> d-------- C:\Documents and Settings\Alessio\Dati applicazioni\Hamachi
2008-05-14 09:16 . 2008-05-14 09:16 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-09 10:16 . 2008-05-09 10:16 <DIR> d-------- C:\Programmi\AliveMedia
2008-05-06 22:13 . 2008-05-06 22:50 <DIR> d-------- C:\WINDOWS\NV38003496.TMP
2008-05-06 22:13 . 2007-12-07 07:51 159,956 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-06 22:12 . 2008-05-06 22:12 <DIR> d-------- C:\NVIDIA
2008-05-06 09:49 . 2008-05-06 09:49 <DIR> d-------- C:\Documents and Settings\Alessio\Dati applicazioni\Ubisoft
2008-05-06 09:46 . 2008-05-06 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ubisoft
2008-05-06 09:40 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-06 09:40 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-06 09:40 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-06 09:40 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-05 22:23 . 2008-05-05 22:23 82,774 --a------ C:\WINDOWS\Uninstall Jade Empire.exe
2008-05-05 21:36 . 2008-05-05 22:23 <DIR> d-------- C:\Programmi\Jade Empire
2008-05-03 10:37 . 2008-05-03 10:37 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-03 10:36 . 2008-05-03 10:36 <DIR> d-------- C:\Programmi\File comuni\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 08:33 --------- d-----w C:\Programmi\PeerGuardian2
2008-06-30 08:28 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-30 08:28 --------- d-----w C:\Documents and Settings\Alessio\Dati applicazioni\skypePM
2008-06-30 08:28 --------- d-----w C:\Documents and Settings\Alessio\Dati applicazioni\Skype
2008-06-30 08:28 --------- d-----w C:\Documents and Settings\Alessio\Dati applicazioni\OpenOffice.org2
2008-06-30 00:10 --------- d-----w C:\Documents and Settings\Alessio\Dati applicazioni\MxBoost
2008-06-29 20:50 --------- d-----w C:\Programmi\DAEMON Tools Pro
2008-06-29 19:26 --------- d-----w C:\Programmi\Mozilla Thunderbird
2008-06-28 08:02 --------- d-----w C:\Programmi\Spyware Doctor
2008-06-28 06:10 --------- d-----w C:\Programmi\File comuni\PC Tools
2008-06-27 20:08 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-18 07:58 --------- d-----w C:\Programmi\Maxthon2
2008-06-12 12:30 --------- d-----w C:\Programmi\eMule
2008-06-09 23:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-14 21:16 --------- d-----w C:\Programmi\File comuni\Adobe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 07:27 --------- d-----w C:\Programmi\Ubisoft
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-04 06:25 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-04-04 06:25 176 ----a-w C:\Programmi\INSTALL.LOG
2008-04-04 06:25 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-04-04 06:25 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 20:48 200,232 ----a-w C:\Programmi\AquilineTwo.ttf
2008-01-12 22:57 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-11-15 04:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012007111520071116\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-30_ 2.08.17,45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 23:52:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 08:28:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 08:28:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:39 15360]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"PeerGuardian"="C:\Programmi\PeerGuardian2\pg2.exe" [2005-04-23 21:03 1175552]
"DAEMON Tools Pro Agent"="C:\Programmi\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 06:00 98304]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57 30208]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 12:09 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-07 07:51 8523776]
"nwiz"="nwiz.exe" [2007-12-07 07:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 09:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 06:00 98304]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"00PCTFW"="C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2007-12-31 10:16 2594712]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03 81920]
"winPenPack"="I:\winPenPack.exe" [ ]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-07 07:51 81920]
"lphcgq3j0ee3g"="C:\WINDOWS\system32\lphcgq3j0ee3g.exe" [2008-06-28 07:10 109056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:39 15360]

C:\Documents and Settings\Alessio\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Codemasters\\Turning Point - Fall of Liberty\\Binaries\\LTCG-TPGame.exe"=
"C:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-01-14 20:48]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-01-04 15:13]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-01-04 15:13]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2005-07-21 11:48]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;C:\DOCUME~1\Alessio\IMPOST~1\Temp\TCCpuInfo.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41ce1de8-c1d1-11dc-9a58-001bfcac76df}]
\Shell\AutoRun\command - I:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1b9db7a-f8e1-11dc-9a90-001bfcac76df}]
\Shell\Auto\command - activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - activexdebugger32.exe f
\Shell\open\Command - activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec002e91-c7f3-11dc-9a67-001bfcac76df}]
\Shell\AutoRun\command - Z:\winPenPack.exe

*Newly Created Service* - PGFILTER
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-27 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 10:34:05
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-06-30 10.40.24
ComboFix-quarantined-files.txt 2008-06-30 08:39:59
ComboFix2.txt 2008-06-30 00:08:55

13 Directory 77,627,437,056 byte disponibili
16 Directory 77,612,228,608 byte disponibili

180 --- E O F --- 2008-06-27 19:24:13



ho infine fatto una pulizia con CCleaner.

Ciao
eccola qua:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.16.45, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lphcgq3j0ee3g.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecocho.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: AmsServer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [winPenPack] I:\winPenPack.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programmi\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /M "Stylus DX4800" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Programmi\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe

--
End of file - 8998 bytes



ho omesso di dire che periodicamente mi compare la "schermata blu" di errore di Windows.

Sembra sia tornato tutto a posto. VirIt mi ha trovato altri 3 Trojan, ma non li ha rimossi (periodo di prova esaurito). ecco il log:
VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK

---

30/06/2008 - 22:56:43

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: O

C:\Documents and Settings\Alessio\ALE\Documents and Settings\wolfbane\Documenti\AAAA\Documents and Settings\Wolfbane\Documenti\exsplorer.lnk Infetto da Trojan.Win32.Agent.SP
C:\Documents and Settings\Alessio\ALE\Documents and Settings\wolfbane\Impostazioni locali\Temp\cel90xbe.sys Infetto da Trojan.Win32.Agent.BBE
C:\WINDOWS\system32\blphcgq3j0ee3g.scr Infetto da Trojan.Win32.Agent.Gen

Chiavi Registro infette: 0.
Files Infetti: 3.
Files Sospetti: 0.
Files Analizzati: 197089.
Files Totali: 197089.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.


l'ultimo file è uno screensaver, posso toglierlo manualmente? Avast non lo riconosce come infetto..
Comunque credo che la chiave di tutto sia stata Hijackthis.

grazie ancora.

Si i files individuati da VirIt li ho eliminati a mano,tutti.
Scusami, mi sono dimenticato la chiave di registro. la chiave non aveva alcuna aggiunta dopo la virgola, quindi ho lasciato tutto così. :)