o fatto tutto ora posto i due log e poi mi se potete mi dite se devo disinstallare combofix e come devo fare grazie


Malwarebytes' Anti-Malware 1.33
Versione del database: 1713
Windows 5.1.2600 Service Pack 3

01/02/2009 23.35.49
mbam-log-2009-02-01 (23-35-42).txt

Tipo di scansione: Scansione completa (C:\|E:\|F:\|)
Elementi scansionati: 165206
Tempo trascorso: 57 minute(s), 38 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Programmi\Softonic_Italia\Softonic_ItaliaToolbarHelper.exe (Adware.NetPumper) -> No action taken.
E:\System Volume Information\_restore{BEC6C552-7A71-4EC0-8CD7-8B57703A0EE5}\RP91\A0024276.exe (Trojan.Agent) -> No action taken.


e questo e il risultato di combofix
ComboFix 09-02-01.01 - Utente 2009-02-01 23.38.24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.2047.1443 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\dufult.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\dufult.exe
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\dufult_nav.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\dufult_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-01-01 al 2009-02-01 )))))))))))))))))))))))))))))))))))
.

2009-02-01 22:33 . 2009-02-01 22:33 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-02-01 22:33 . 2009-02-01 22:33 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2009-02-01 22:33 . 2009-02-01 22:33 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-02-01 22:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-01 22:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 19:39 . 2009-02-01 19:48 402 --a------ c:\documents and settings\Utente\Dati applicazioni\TilimiSettings.dat
2009-02-01 19:38 . 2009-02-01 19:38 <DIR> d-------- c:\programmi\Alea
2009-02-01 01:02 . 2009-02-01 01:02 <DIR> d-------- c:\programmi\Trend Micro
2009-01-30 23:28 . 2009-01-30 23:28 268 --ah----- C:\sqmdata01.sqm
2009-01-30 23:28 . 2009-01-30 23:28 244 --ah----- C:\sqmnoopt01.sqm
2009-01-30 21:35 . 2009-01-30 21:35 <DIR> d-------- c:\programmi\Extension Changer
2009-01-29 20:20 . 2009-01-30 20:23 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2009-01-29 20:20 . 2009-01-29 20:43 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-21 19:33 . 2009-01-21 19:33 <DIR> d-------- c:\programmi\Lavalys
2009-01-20 20:24 . 2009-01-20 20:24 <DIR> d-------- c:\programmi\NeroInstall.bak
2009-01-20 20:22 . 2009-01-20 20:22 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Nero
2009-01-20 20:19 . 2009-01-20 20:19 <DIR> d-------- c:\programmi\Nero
2009-01-20 20:19 . 2009-01-20 20:21 <DIR> d-------- c:\programmi\File comuni\Nero
2009-01-20 20:19 . 2009-01-20 20:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-01-18 16:23 . 2009-01-22 19:09 70 --a------ c:\windows\sbwin.ini
2009-01-18 16:20 . 2009-02-01 16:51 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Smart Recorder
2009-01-18 15:57 . 2009-01-18 16:28 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Creative
2009-01-18 15:57 . 2009-01-18 15:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Creative
2009-01-18 15:54 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2009-01-18 15:53 . 2000-05-22 09:58 647,872 --------- c:\windows\system32\Mscomct2.ocx
2009-01-18 15:53 . 2006-10-06 07:17 53,248 --------- c:\windows\Ctregrun.exe
2009-01-18 15:50 . 1999-12-12 18:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2009-01-18 15:50 . 1999-11-17 18:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2009-01-18 15:49 . 2009-01-18 15:49 <DIR> d-------- c:\programmi\File comuni\Creative
2009-01-18 15:49 . 2009-01-18 15:49 <DIR> d--h----- c:\programmi\Creative Installation Information
2009-01-18 15:47 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE
2009-01-18 15:45 . 2000-12-13 03:21 7,572,224 --------- c:\windows\system32\CT8MGM.SF2
2009-01-17 23:01 . 2009-01-17 23:01 <DIR> d-------- c:\programmi\Camfrog
2009-01-17 15:41 . 2009-01-17 15:41 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\MAGIX
2009-01-17 15:37 . 2009-01-17 15:37 110,304 --a------ c:\windows\system32\drivers\ACEDRV09.sys
2009-01-17 15:32 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2009-01-17 15:32 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2009-01-17 15:30 . 2009-01-17 15:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MAGIX
2009-01-17 15:25 . 2009-01-17 15:35 <DIR> d-------- c:\programmi\File comuni\MAGIX Shared
2009-01-17 15:21 . 2002-09-20 23:33 1,089,536 --a------ c:\windows\system32\ROBOEX32.DLL
2009-01-17 15:21 . 1998-10-15 16:28 85,504 --a------ c:\windows\system32\HtmlWH.dll
2009-01-17 15:21 . 1999-01-28 13:44 49,152 --a------ c:\windows\system32\INETWH32.dll
2009-01-17 15:19 . 2009-01-17 15:36 <DIR> d-------- c:\windows\system32\MAGIX
2009-01-17 15:19 . 2007-02-07 10:53 663,552 --a------ c:\windows\system32\mgxoschk.dll
2009-01-17 15:19 . 2009-01-17 15:36 5,817 --a------ c:\windows\mgxoschk.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 22:35 --------- d-----w c:\programmi\Softonic_Italia
2009-02-01 22:01 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\Skype
2009-02-01 10:53 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\skypePM
2009-01-30 19:40 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-30 19:40 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-30 19:40 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-30 19:40 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-01-22 17:05 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-20 18:31 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\uTorrent
2009-01-19 21:28 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-19 20:43 --------- d-----w c:\programmi\Ahead
2009-01-18 14:56 --------- d-----w c:\programmi\Creative
2009-01-18 14:54 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-11 16:54 --------- d-----w c:\programmi\Samsung
2009-01-08 16:12 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\dvdcss
2008-12-21 00:53 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-12-21 00:17 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\Samsung
2008-12-18 18:20 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\URSoft
2008-12-11 19:54 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\OpenOffice.org
2008-12-11 19:51 --------- d-----w c:\programmi\OpenOffice.org 3
2008-12-11 19:51 --------- d-----w c:\programmi\JRE
2008-12-11 19:51 --------- d-----w c:\programmi\Java
2008-12-11 19:50 --------- d-----w c:\programmi\File comuni\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 20:45 --------- d-----w c:\programmi\MSXML 4.0
2008-12-09 08:10 --------- d-----w c:\programmi\CCleaner
2008-12-09 07:12 --------- d-----w c:\programmi\MarkAny
2008-12-09 07:12 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\DataCast
2008-12-05 17:42 --------- d-----w c:\programmi\MSN Messenger
2008-12-03 20:31 --------- d-----w c:\programmi\File comuni\Adobe AIR
2008-12-03 20:20 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-03 19:11 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2008-12-02 18:57 --------- d-----w c:\programmi\7-Zip
2008-12-02 15:59 --------- d-----w c:\programmi\Windows Live
2008-12-02 15:59 --------- d-----w c:\programmi\Messenger Plus! Live
2008-12-01 19:51 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\vlc
2008-12-01 19:46 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\TeamViewer
2008-12-01 18:28 --------- d-----w c:\programmi\TeamViewer3
2008-12-01 17:19 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\VoipStunt
2008-12-01 16:36 --------- d-----w c:\programmi\File comuni\DVDVideoSoft
2008-12-01 15:55 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\IM
2008-12-01 15:54 --------- d-----w c:\programmi\IncrediMail
2008-12-01 15:54 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\IncrediMail
2008-12-01 15:32 --------- d-----w c:\programmi\Conduit
2008-12-01 15:12 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\Camfrog
2008-12-01 15:02 --------- d-----w c:\programmi\Motive
2008-12-01 14:55 --------- d-----w c:\programmi\Yahoo!
2008-12-01 14:46 --------- d-----w c:\programmi\Skype
2008-12-01 14:46 --------- d-----w c:\programmi\File comuni\Skype
2008-12-01 14:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2008-12-01 14:32 --------- d-----w c:\programmi\File comuni\InstallShield
2008-12-01 14:28 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\UDL
2008-12-01 14:27 --------- d-----w c:\programmi\epson
2008-12-01 14:20 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\InstallShield
2008-12-01 14:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\EPSON
2008-12-01 14:00 --------- d-----w c:\programmi\Logitech
2008-12-01 14:00 --------- d-----w c:\programmi\File comuni\Logitech
2008-12-01 13:51 155,995 ----a-w c:\windows\java\Packages\N3ZDNHVB.ZIP
2008-12-01 13:51 --------- d-----w c:\programmi\Common Files
2008-12-01 13:50 --------- d-----w c:\programmi\Telecom Italia
2008-11-29 08:42 86,016 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-29 08:42 405,504 ----a-w c:\windows\system32\wrap_oal.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4EDD5C14-2D22-4D7A-9748-C975A7FD933B}"= "c:\programmi\Softonic_Italia\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"LogitechSoftwareUpdate"="c:\programmi\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"StormCodec_Helper"="c:\programmi\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
"SMSTray"="c:\programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"CTSysVol"="c:\programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-30 20:40 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"e:\\programmi\\u torrent\\uTorrent.exe"=
"e:\\programmi\\voipe stunt\\VoipStunt\\VoipStunt.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"e:\\programmi\\camfrog5.1\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\TeamViewer3\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Alea\\Tilimi\\Tilimi.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-11-29 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-29 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-29 107272]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-01-17 110304]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-29 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-29 298264]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\programmi\Common\Database\bin\fbserver.exe [2009-01-17 1527900]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2009-01-17 544768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d2f66ff-c2f4-11dd-bbd2-00196600fe72}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-dufult - c:\documents and settings\utente\impostazioni locali\dati applicazioni\dufult.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
TCP: {311ED953-1942-490A-92E8-2165338ADBC7} = 85.37.17.5 85.38.28.77
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\4qtyy51s.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 23:39:42
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-02-01 23.41.06
ComboFix-quarantined-files.txt 2009-02-01 22:40:57

Pre-Run: 67.062.681.600 byte disponibili
Post-Run: 67,062,112,256 byte disponibili

231 --- E O F --- 2009-01-14 18:56:06

ti ringrazio per la tua pazienza rank ora ti posto i log aggiornati

ComboFix 09-02-02.04 - Utente 2009-02-03 17:28:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.2047.1485 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Utente\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-01-03 al 2009-02-03 )))))))))))))))))))))))))))))))))))
.

2009-02-01 22:33 . 2009-02-01 22:33 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-02-01 22:33 . 2009-02-01 22:33 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2009-02-01 22:33 . 2009-02-01 22:33 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-02-01 22:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-01 22:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 19:39 . 2009-02-01 19:48 402 --a------ c:\documents and settings\Utente\Dati applicazioni\TilimiSettings.dat
2009-02-01 19:38 . 2009-02-01 19:38 <DIR> d-------- c:\programmi\Alea
2009-02-01 01:02 . 2009-02-01 01:02 <DIR> d-------- c:\programmi\Trend Micro
2009-01-30 23:28 . 2009-01-30 23:28 268 --ah----- C:\sqmdata01.sqm
2009-01-30 23:28 . 2009-01-30 23:28 244 --ah----- C:\sqmnoopt01.sqm
2009-01-30 21:35 . 2009-01-30 21:35 <DIR> d-------- c:\programmi\Extension Changer
2009-01-29 20:20 . 2009-01-30 20:23 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2009-01-29 20:20 . 2009-01-29 20:43 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-21 19:33 . 2009-01-21 19:33 <DIR> d-------- c:\programmi\Lavalys
2009-01-20 20:24 . 2009-01-20 20:24 <DIR> d-------- c:\programmi\NeroInstall.bak
2009-01-20 20:22 . 2009-01-20 20:22 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Nero
2009-01-20 20:19 . 2009-01-20 20:19 <DIR> d-------- c:\programmi\Nero
2009-01-20 20:19 . 2009-01-20 20:21 <DIR> d-------- c:\programmi\File comuni\Nero
2009-01-20 20:19 . 2009-01-20 20:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-01-18 16:23 . 2009-01-22 19:09 70 --a------ c:\windows\sbwin.ini
2009-01-18 16:20 . 2009-02-01 16:51 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Smart Recorder
2009-01-18 15:57 . 2009-01-18 16:28 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Creative
2009-01-18 15:57 . 2009-01-18 15:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Creative
2009-01-18 15:54 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2009-01-18 15:53 . 2000-05-22 09:58 647,872 --------- c:\windows\system32\Mscomct2.ocx
2009-01-18 15:53 . 2006-10-06 07:17 53,248 --------- c:\windows\Ctregrun.exe
2009-01-18 15:50 . 1999-12-12 18:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2009-01-18 15:50 . 1999-11-17 18:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2009-01-18 15:49 . 2009-01-18 15:49 <DIR> d-------- c:\programmi\File comuni\Creative
2009-01-18 15:49 . 2009-01-18 15:49 <DIR> d--h----- c:\programmi\Creative Installation Information
2009-01-18 15:47 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE
2009-01-18 15:45 . 2000-12-13 03:21 7,572,224 --------- c:\windows\system32\CT8MGM.SF2
2009-01-17 23:01 . 2009-01-17 23:01 <DIR> d-------- c:\programmi\Camfrog
2009-01-17 15:41 . 2009-01-17 15:41 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\MAGIX
2009-01-17 15:37 . 2009-01-17 15:37 110,304 --a------ c:\windows\system32\drivers\ACEDRV09.sys
2009-01-17 15:32 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2009-01-17 15:32 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2009-01-17 15:30 . 2009-01-17 15:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MAGIX
2009-01-17 15:25 . 2009-01-17 15:35 <DIR> d-------- c:\programmi\File comuni\MAGIX Shared
2009-01-17 15:21 . 2002-09-20 23:33 1,089,536 --a------ c:\windows\system32\ROBOEX32.DLL
2009-01-17 15:21 . 1998-10-15 16:28 85,504 --a------ c:\windows\system32\HtmlWH.dll
2009-01-17 15:21 . 1999-01-28 13:44 49,152 --a------ c:\windows\system32\INETWH32.dll
2009-01-17 15:19 . 2009-01-17 15:36 <DIR> d-------- c:\windows\system32\MAGIX
2009-01-17 15:19 . 2007-02-07 10:53 663,552 --a------ c:\windows\system32\mgxoschk.dll
2009-01-17 15:19 . 2009-01-17 15:36 5,817 --a------ c:\windows\mgxoschk.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 16:28 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\Skype
2009-02-03 16:16 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\skypePM
2009-02-01 22:35 --------- d-----w c:\programmi\Softonic_Italia
2009-01-30 19:40 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-30 19:40 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-30 19:40 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-30 19:40 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-01-22 17:05 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-20 18:31 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\uTorrent
2009-01-19 21:28 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-19 20:43 --------- d-----w c:\programmi\Ahead
2009-01-18 14:56 --------- d-----w c:\programmi\Creative
2009-01-18 14:54 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-11 16:54 --------- d-----w c:\programmi\Samsung
2009-01-08 16:12 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\dvdcss
2008-12-21 00:53 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-12-21 00:17 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\Samsung
2008-12-18 18:20 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\URSoft
2008-12-11 19:54 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\OpenOffice.org
2008-12-11 19:51 --------- d-----w c:\programmi\OpenOffice.org 3
2008-12-11 19:51 --------- d-----w c:\programmi\JRE
2008-12-11 19:51 --------- d-----w c:\programmi\Java
2008-12-11 19:50 --------- d-----w c:\programmi\File comuni\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 20:45 --------- d-----w c:\programmi\MSXML 4.0
2008-12-09 08:10 --------- d-----w c:\programmi\CCleaner
2008-12-09 07:12 --------- d-----w c:\programmi\MarkAny
2008-12-09 07:12 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\DataCast
2008-12-05 17:42 --------- d-----w c:\programmi\MSN Messenger
2008-12-03 20:31 --------- d-----w c:\programmi\File comuni\Adobe AIR
2008-12-03 20:20 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-03 19:11 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2008-12-01 13:51 155,995 ----a-w c:\windows\java\Packages\N3ZDNHVB.ZIP
2008-11-29 08:42 86,016 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-29 08:42 405,504 ----a-w c:\windows\system32\wrap_oal.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4EDD5C14-2D22-4D7A-9748-C975A7FD933B}"= "c:\programmi\Softonic_Italia\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"LogitechSoftwareUpdate"="c:\programmi\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"StormCodec_Helper"="c:\programmi\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
"SMSTray"="c:\programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"CTSysVol"="c:\programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-30 20:40 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"e:\\programmi\\u torrent\\uTorrent.exe"=
"e:\\programmi\\voipe stunt\\VoipStunt\\VoipStunt.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"e:\\programmi\\camfrog5.1\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\TeamViewer3\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Alea\\Tilimi\\Tilimi.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-11-29 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-29 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-29 107272]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-01-17 110304]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-29 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-29 298264]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\programmi\Common\Database\bin\fbserver.exe [2009-01-17 1527900]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2009-01-17 544768]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\4qtyy51s.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 17:29:57
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-02-03 17:31:10
ComboFix-quarantined-files.txt 2009-02-03 16:30:59

Pre-Run: 70,598,529,024 byte disponibili
Post-Run: 70,587,064,320 byte disponibili

192 --- E O F --- 2009-01-14 18:56:06



questo e il log agg di HJT

HJTLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.36.50, on 03/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\explorer.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSoft.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSoft.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Programmi\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S15A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{311ED953-1942-490A-92E8-2165338ADBC7}: NameServer = 85.37.17.5 85.38.28.77
O17 - HKLM\System\CS2\Services\Tcpip\..\{311ED953-1942-490A-92E8-2165338ADBC7}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\programmi\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8598 bytes


ti ringrazio ancora premetto o fatto tutto quello che mi ai postato a parte le chiavette usb ora lo faccio

TI RINGRAZIO PER LA TUA PAZIENZA

ComboFix 09-02-02.04 - Utente 2009-02-03 17:28:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.2047.1485 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Utente\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-01-03 al 2009-02-03 )))))))))))))))))))))))))))))))))))
.

2009-02-01 22:33 . 2009-02-01 22:33 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-02-01 22:33 . 2009-02-01 22:33 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2009-02-01 22:33 . 2009-02-01 22:33 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-02-01 22:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-01 22:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 19:39 . 2009-02-01 19:48 402 --a------ c:\documents and settings\Utente\Dati applicazioni\TilimiSettings.dat
2009-02-01 19:38 . 2009-02-01 19:38 <DIR> d-------- c:\programmi\Alea
2009-02-01 01:02 . 2009-02-01 01:02 <DIR> d-------- c:\programmi\Trend Micro
2009-01-30 23:28 . 2009-01-30 23:28 268 --ah----- C:\sqmdata01.sqm
2009-01-30 23:28 . 2009-01-30 23:28 244 --ah----- C:\sqmnoopt01.sqm
2009-01-30 21:35 . 2009-01-30 21:35 <DIR> d-------- c:\programmi\Extension Changer
2009-01-29 20:20 . 2009-01-30 20:23 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2009-01-29 20:20 . 2009-01-29 20:43 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-21 19:33 . 2009-01-21 19:33 <DIR> d-------- c:\programmi\Lavalys
2009-01-20 20:24 . 2009-01-20 20:24 <DIR> d-------- c:\programmi\NeroInstall.bak
2009-01-20 20:22 . 2009-01-20 20:22 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Nero
2009-01-20 20:19 . 2009-01-20 20:19 <DIR> d-------- c:\programmi\Nero
2009-01-20 20:19 . 2009-01-20 20:21 <DIR> d-------- c:\programmi\File comuni\Nero
2009-01-20 20:19 . 2009-01-20 20:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-01-18 16:23 . 2009-01-22 19:09 70 --a------ c:\windows\sbwin.ini
2009-01-18 16:20 . 2009-02-01 16:51 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Smart Recorder
2009-01-18 15:57 . 2009-01-18 16:28 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Creative
2009-01-18 15:57 . 2009-01-18 15:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Creative
2009-01-18 15:54 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2009-01-18 15:53 . 2000-05-22 09:58 647,872 --------- c:\windows\system32\Mscomct2.ocx
2009-01-18 15:53 . 2006-10-06 07:17 53,248 --------- c:\windows\Ctregrun.exe
2009-01-18 15:50 . 1999-12-12 18:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2009-01-18 15:50 . 1999-11-17 18:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2009-01-18 15:49 . 2009-01-18 15:49 <DIR> d-------- c:\programmi\File comuni\Creative
2009-01-18 15:49 . 2009-01-18 15:49 <DIR> d--h----- c:\programmi\Creative Installation Information
2009-01-18 15:47 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE
2009-01-18 15:45 . 2000-12-13 03:21 7,572,224 --------- c:\windows\system32\CT8MGM.SF2
2009-01-17 23:01 . 2009-01-17 23:01 <DIR> d-------- c:\programmi\Camfrog
2009-01-17 15:41 . 2009-01-17 15:41 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\MAGIX
2009-01-17 15:37 . 2009-01-17 15:37 110,304 --a------ c:\windows\system32\drivers\ACEDRV09.sys
2009-01-17 15:32 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2009-01-17 15:32 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2009-01-17 15:30 . 2009-01-17 15:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MAGIX
2009-01-17 15:25 . 2009-01-17 15:35 <DIR> d-------- c:\programmi\File comuni\MAGIX Shared
2009-01-17 15:21 . 2002-09-20 23:33 1,089,536 --a------ c:\windows\system32\ROBOEX32.DLL
2009-01-17 15:21 . 1998-10-15 16:28 85,504 --a------ c:\windows\system32\HtmlWH.dll
2009-01-17 15:21 . 1999-01-28 13:44 49,152 --a------ c:\windows\system32\INETWH32.dll
2009-01-17 15:19 . 2009-01-17 15:36 <DIR> d-------- c:\windows\system32\MAGIX
2009-01-17 15:19 . 2007-02-07 10:53 663,552 --a------ c:\windows\system32\mgxoschk.dll
2009-01-17 15:19 . 2009-01-17 15:36 5,817 --a------ c:\windows\mgxoschk.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 16:28 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\Skype
2009-02-03 16:16 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\skypePM
2009-02-01 22:35 --------- d-----w c:\programmi\Softonic_Italia
2009-01-30 19:40 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-30 19:40 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-30 19:40 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-30 19:40 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-01-22 17:05 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-20 18:31 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\uTorrent
2009-01-19 21:28 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-19 20:43 --------- d-----w c:\programmi\Ahead
2009-01-18 14:56 --------- d-----w c:\programmi\Creative
2009-01-18 14:54 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-11 16:54 --------- d-----w c:\programmi\Samsung
2009-01-08 16:12 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\dvdcss
2008-12-21 00:53 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-12-21 00:17 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\Samsung
2008-12-18 18:20 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\URSoft
2008-12-11 19:54 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\OpenOffice.org
2008-12-11 19:51 --------- d-----w c:\programmi\OpenOffice.org 3
2008-12-11 19:51 --------- d-----w c:\programmi\JRE
2008-12-11 19:51 --------- d-----w c:\programmi\Java
2008-12-11 19:50 --------- d-----w c:\programmi\File comuni\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 20:45 --------- d-----w c:\programmi\MSXML 4.0
2008-12-09 08:10 --------- d-----w c:\programmi\CCleaner
2008-12-09 07:12 --------- d-----w c:\programmi\MarkAny
2008-12-09 07:12 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\DataCast
2008-12-05 17:42 --------- d-----w c:\programmi\MSN Messenger
2008-12-03 20:31 --------- d-----w c:\programmi\File comuni\Adobe AIR
2008-12-03 20:20 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-03 19:11 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2008-12-01 13:51 155,995 ----a-w c:\windows\java\Packages\N3ZDNHVB.ZIP
2008-11-29 08:42 86,016 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-29 08:42 405,504 ----a-w c:\windows\system32\wrap_oal.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4EDD5C14-2D22-4D7A-9748-C975A7FD933B}"= "c:\programmi\Softonic_Italia\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"LogitechSoftwareUpdate"="c:\programmi\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"StormCodec_Helper"="c:\programmi\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
"SMSTray"="c:\programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"CTSysVol"="c:\programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-30 20:40 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"e:\\programmi\\u torrent\\uTorrent.exe"=
"e:\\programmi\\voipe stunt\\VoipStunt\\VoipStunt.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"e:\\programmi\\camfrog5.1\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\TeamViewer3\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Alea\\Tilimi\\Tilimi.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-11-29 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-29 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-29 107272]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-01-17 110304]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-29 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-29 298264]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\programmi\Common\Database\bin\fbserver.exe [2009-01-17 1527900]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2009-01-17 544768]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\4qtyy51s.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 17:29:57
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-02-03 17:31:10
ComboFix-quarantined-files.txt 2009-02-03 16:30:59

Pre-Run: 70,598,529,024 byte disponibili
Post-Run: 70,587,064,320 byte disponibili

192 --- E O F --- 2009-01-14 18:56:06



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.39.09, on 03/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof1.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof1.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Programmi\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S15A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{311ED953-1942-490A-92E8-2165338ADBC7}: NameServer = 85.37.17.5 85.38.28.77
O17 - HKLM\System\CS2\Services\Tcpip\..\{311ED953-1942-490A-92E8-2165338ADBC7}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\programmi\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8683 bytes


ECCOTI TUTTO SPERO ABBIA FATTO TUTTO BENE LE CHIAVETTE LE FACCIO DOPO GRAZIE

Grazie, ma mi interesserebbe sapere se se hai risolto.
Poi ti raccomando di eseguire le operazioni che ti ho indicato nell'ultimo mio post.
( non mi servono altri log....)