questo è il risultato di combofix chComboFix 08-08-15.04 - Cliente 2008-08-16 21.14.51.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1023 [GMT 2:00]
Eseguito da: C:\Users\Cliente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Cliente\AppData\Local\umkemyk.dat
C:\Users\Cliente\AppData\Local\umkemyk.exe
C:\Users\Cliente\AppData\Local\umkemyk_nav.dat
C:\Users\Cliente\AppData\Local\umkemyk_navps.dat
C:\Users\Cliente\FAVORI~1\Videos.url
C:\Users\Cliente\Favorites\Videos.url
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\x64

----- BITS: Sites possivelmente infetados -----

http://ftp.hp.com
.
((((((((((((((((((((((((( Files Creati Da 2008-07-16 al 2008-08-16 )))))))))))))))))))))))))))))))))))
.

2008-08-14 20:35 . 2008-08-14 22:54 <DIR> d-------- C:\Program Files\a-squared Free
2008-08-13 08:28 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 04:38 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 04:38 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 04:38 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-13 04:38 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 04:38 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-12 11:52 . 2008-08-12 11:57 <DIR> dr------- C:\Users\Cliente\Searches
2008-08-12 09:54 . 2008-08-12 15:04 <DIR> d-------- C:\Program Files\Panda Security
2008-08-09 10:25 . 2008-08-09 10:25 <DIR> d-------- C:\Program Files\CCleaner
2008-08-05 22:07 . 2008-08-05 22:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-05 12:17 . 2008-08-05 21:33 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-05 12:17 . 2008-08-05 21:33 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-05 10:16 . 2008-08-05 10:16 0 --ah----- C:\Users\Default.LOG2
2008-08-05 10:16 . 2008-08-05 10:16 0 --ah----- C:\Users\Default.LOG1
2008-08-05 10:16 . 2008-08-05 10:16 0 --ah----- C:\ProgramData.LOG2
2008-08-05 10:16 . 2008-08-05 10:16 0 --ah----- C:\ProgramData.LOG1
2008-08-04 23:09 . 2008-08-05 09:11 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-02 23:57 . 2008-08-02 23:59 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-02 23:57 . 2008-08-02 23:59 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-01 22:03 . 2008-08-01 22:03 <DIR> d-------- C:\Program Files\Google
2008-07-31 21:19 . 2008-07-31 21:21 <DIR> d-------- C:\Windows\System32\Adobe
2008-07-30 23:22 . 2008-07-30 23:22 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2008-07-30 22:15 . 2008-07-30 22:15 <DIR> d-------- C:\Users\All Users\Fellowes
2008-07-30 22:15 . 2008-07-30 22:15 <DIR> d-------- C:\ProgramData\Fellowes
2008-07-30 21:46 . 2008-07-30 21:46 <DIR> d-------- C:\Program Files\MemoriesOnTV3
2008-07-30 21:46 . 2006-10-02 12:38 10,368 --a------ C:\Windows\System32\drivers\pfc.sys
2008-07-30 21:33 . 2008-07-30 21:33 <DIR> d-------- C:\Users\Cliente\AppData\Roaming\Jasc Software Inc
2008-07-30 21:32 . 2008-07-30 21:33 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-07-30 05:48 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-30 05:48 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-30 05:48 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-30 05:48 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-30 05:48 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-30 05:48 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-30 05:48 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-30 05:46 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-30 05:46 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-30 05:46 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-30 05:46 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-30 05:46 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-30 05:46 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-30 05:46 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-30 01:16 . 2008-07-30 01:17 <DIR> d-------- C:\Program Files\Java
2008-07-30 01:16 . 2008-07-30 01:16 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-30 00:35 . 2008-08-06 20:22 <DIR> d-------- C:\PerfLogs
2008-07-30 00:01 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-07-30 00:01 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-07-30 00:01 . 2008-01-19 09:29 705,536 --a------ C:\Windows\System32\imagesp1.dll
2008-07-30 00:01 . 2008-01-19 06:10 681,984 --a------ C:\Windows\System32\drivers\spsys.sys
2008-07-30 00:01 . 2008-01-19 09:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
2008-07-29 23:59 . 2008-01-19 09:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-07-29 23:58 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-07-29 23:57 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-07-29 23:56 . 2008-07-29 23:56 <DIR> d-------- C:\Users\Cliente\AppData\Roaming\vlc
2008-07-29 23:56 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-07-29 23:55 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-07-29 23:54 . 2008-07-29 23:54 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-29 23:54 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-07-29 23:54 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-07-29 23:54 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-07-29 23:54 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-07-29 23:50 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-07-29 23:45 . 2008-07-29 23:45 <DIR> d-------- C:\Users\Cliente\AppData\Roaming\InstallShield
2008-07-29 22:51 . 2007-01-29 20:20 361,728 --a------ C:\Windows\System32\drivers\emBDA.sys
2008-07-29 22:51 . 2007-01-29 20:18 106,496 --a------ C:\Windows\System32\emPRP.ax
2008-07-29 22:51 . 2006-12-15 15:54 61,440 --a------ C:\Windows\emMON.exe
2008-07-29 22:51 . 2007-01-29 20:19 39,680 --a------ C:\Windows\System32\drivers\emOEM.sys
2008-07-29 22:45 . 2003-03-19 05:28 2,179,072 --------- C:\Windows\System32\mfc71d.dll
2008-07-29 22:45 . 2003-03-19 04:04 765,952 --------- C:\Windows\System32\msvcp71d.dll
2008-07-29 22:45 . 2002-01-05 20:16 737,280 --------- C:\Windows\System32\msvcp70d.dll
2008-07-29 22:45 . 2003-03-19 04:03 544,768 --------- C:\Windows\System32\msvcr71d.dll
2008-07-29 22:45 . 2002-01-05 20:16 536,576 --------- C:\Windows\System32\msvcr70d.dll
2008-07-29 22:45 . 2004-06-03 11:47 385,100 --------- C:\Windows\System32\MSVCRTD.DLL
2008-07-29 22:25 . 2004-07-23 08:00 446,464 --------- C:\Windows\System32\HHActiveX.dll
2008-07-29 22:24 . 2006-12-01 22:54 626,688 --------- C:\Windows\System32\msvcr80.dll
2008-07-29 22:24 . 2006-12-01 22:54 548,864 --------- C:\Windows\System32\msvcp80.dll
2008-07-29 22:13 . 2002-09-24 10:12 1,772,032 --a------ C:\Windows\System32\LTCLR13s.dll
2008-07-29 22:12 . 2008-07-29 22:12 <DIR> d-------- C:\Users\All Users\SmartSound Software Inc
2008-07-29 22:12 . 2008-07-29 22:12 <DIR> d-------- C:\ProgramData\SmartSound Software Inc
2008-07-29 22:12 . 2008-07-29 22:12 <DIR> d-------- C:\Program Files\SmartSound Software
2008-07-29 22:10 . 2003-11-25 05:02 196,096 --a------ C:\Windows\System32\macd32.dll
2008-07-29 22:10 . 2003-11-25 05:02 138,752 --a------ C:\Windows\System32\mase32.dll
2008-07-29 22:10 . 2003-11-25 05:02 136,192 --a------ C:\Windows\System32\mamc32.dll
2008-07-29 22:10 . 2004-07-02 16:28 84,992 --a------ C:\Windows\System32\ATL70.DLL
2008-07-29 22:10 . 2003-11-25 05:02 57,856 --a------ C:\Windows\System32\masd32.dll
2008-07-29 22:10 . 1998-06-17 17:08 57,344 --a------ C:\Windows\System32\Mfc42loc.dll
2008-07-29 22:10 . 2003-11-25 05:02 27,648 --a------ C:\Windows\System32\ma32.dll
2008-07-29 22:09 . 2008-07-29 22:09 <DIR> d-------- C:\Program Files\DivX
2008-07-29 22:09 . 2005-02-09 11:59 14,165 --a------ C:\Windows\System32\drivers\Pclepci.sys
2008-07-29 22:07 . 2004-02-24 12:04 41,219 --a------ C:\Windows\RSETPATH.exe
2008-07-29 22:05 . 2002-01-05 03:48 974,848 --a------ C:\Windows\System32\MFC70.DLL
2008-07-29 22:04 . 2008-07-29 23:52 <DIR> d-------- C:\Users\All Users\Pinnacle Studio
2008-07-29 22:04 . 2008-07-29 23:52 <DIR> d-------- C:\ProgramData\Pinnacle Studio
2008-07-29 22:01 . 2008-07-29 23:52 <DIR> d-------- C:\Users\All Users\Pinnacle
2008-07-29 22:01 . 2008-07-29 23:52 <DIR> d-------- C:\ProgramData\Pinnacle
2008-07-29 22:01 . 2008-07-29 22:45 <DIR> d-------- C:\Program Files\Pinnacle
2008-07-29 21:43 . 2008-07-29 21:43 <DIR> d-------- C:\Users\Cliente\AppData\Roaming\HP
2008-07-29 21:38 . 2008-07-29 21:38 <DIR> d-------- C:\Users\All Users\WEBREG
2008-07-29 21:38 . 2008-07-29 21:38 <DIR> d-------- C:\ProgramData\WEBREG
2008-07-29 21:37 . 2008-07-29 21:37 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
2008-07-29 21:37 . 2008-07-29 21:37 <DIR> d-------- C:\ProgramData\Hewlett-Packard
2008-07-29 21:36 . 2008-07-29 21:36 <DIR> d-------- C:\Users\Cliente\AppData\Roaming\HPAppData
2008-07-29 21:36 . 2008-07-29 21:36 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
2008-07-29 21:36 . 2008-07-29 21:36 <DIR> d-------- C:\ProgramData\HPSSUPPLY
2008-07-29 21:35 . 2008-07-29 21:35 <DIR> d-------- C:\Users\All Users\HP Product Assistant
2008-07-29 21:35 . 2008-07-29 21:35 <DIR> d-------- C:\ProgramData\HP Product Assistant
2008-07-29 21:33 . 2008-07-29 21:33 <DIR> d-------- C:\Program Files\Common Files\HP
2008-07-29 21:32 . 2008-07-29 21:36 <DIR> d-------- C:\Program Files\HP
2008-07-29 21:32 . 2007-03-30 17:11 267,864 --a------ C:\Windows\System32\hpzids01.dll
2008-07-29 21:32 . 2007-03-28 14:01 117,760 --a------ C:\Windows\System32\hpzll5ha.dll
2008-07-29 21:31 . 2008-08-09 10:08 149,037 --a------ C:\Windows\HPHins15.dat
2008-07-29 21:31 . 2007-06-07 10:56 2,828 --------- C:\Windows\hphmdl15.dat
2008-07-29 21:30 . 2008-07-29 21:39 <DIR> d-------- C:\Users\All Users\HP
2008-07-29 21:30 . 2008-07-29 21:39 <DIR> d-------- C:\ProgramData\HP
2008-07-29 21:08 . 2008-08-16 16:05 <DIR> d-------- C:\Users\Cliente\AppData\Roaming\skypePM
2008-07-29 21:08 . 2008-07-29 21:08 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-07-29 21:08 . 2008-07-29 21:08 56 --ah----- C:\ProgramData\ezsidmv.dat
2008-07-29 21:04 . 2008-08-16 20:52 <DIR> d-------- C:\Users\Cliente\AppData\Roaming\Skype
2008-07-29 21:03 . 2008-07-29 21:04 <DIR> d-------- C:\Users\All Users\Skype
2008-07-29 21:03 . 2008-07-29 21:04 <DIR> d-------- C:\ProgramData\Skype
2008-07-29 21:03 . 2008-07-29 21:04 <DIR> d-------- C:\Program Files\Skype
2008-07-29 21:03 . 2008-07-29 21:03 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-29 20:59 . 2008-07-29 20:59 <DIR> d-------- C:\Users\All Users\Adobe
2008-07-29 20:59 . 2008-07-29 20:59 <DIR> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 06:26 --------- d-----w C:\Program Files\Windows Mail
2008-07-29 22:44 174 --sha-w C:\Program Files\desktop.ini
2008-07-29 22:36 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-29 22:36 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-29 22:36 --------- d-----w C:\Program Files\Windows Journal
2008-07-29 22:36 --------- d-----w C:\Program Files\Windows Defender
2008-07-29 22:36 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-29 22:36 --------- d-----w C:\Program Files\Windows Calendar
2008-07-29 22:18 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-29 22:18 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-25 07:23 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-07-25 07:15 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-25 07:15 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-25 07:15 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-25 07:15 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-25 07:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-24 12:57 --------- d-sh--w C:\ProgramData\Preferiti
2008-07-24 12:57 --------- d-sh--w C:\ProgramData\Modelli
2008-07-24 12:57 --------- d-sh--w C:\ProgramData\Menu Avvio
2008-07-24 12:57 --------- d-sh--w C:\ProgramData\Documenti
2008-07-24 12:57 --------- d-sh--w C:\ProgramData\Dati applicazioni
2008-07-24 12:57 --------- d-sh--w C:\Program Files\File comuni
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-06-03 15:08 21718312]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [2007-02-12 20:12 253000]
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-02-22 16:20 105544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-05-04 12:23 502544]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 17:42 457728]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"MediaFace Integration"="D:\UTILITY\SetHook.exe" [2004-07-01 19:08 53248]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-07-24 16:30:18 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B1C3063A-CE2E-4A18-B56D-D1385C6A147A}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM
"TCP Query User{39D5E44A-9E7D-44BF-8B4F-ED20ABA93E32}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{F14BFB21-60C7-44C0-88D4-FFD77370365A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{A8BA9814-0E8A-4936-B760-8C75CB08F139}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8CA4E346-4A8E-4981-94A5-AEE7A9C41166}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{4F81CC68-874F-4047-9408-3FEAC129317F}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{4B205F00-74C2-4286-872C-0F40A4818901}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{AD7D9B3B-47AD-4103-A9A5-FECD4636CDC2}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{E6F841FD-AE40-4EDC-9B6F-DDC36F278641}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{7F0ED1B6-E2A6-424C-BDA3-7BA4B97A4F15}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{853807C9-7FE4-46B8-9585-DA4FF1168CD6}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{2F6D77AF-1C30-46C5-967C-8F15A6462ADD}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{9EF837B8-4984-4F33-8377-7F0DFDF33722}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{2AA32CF2-315A-4456-B471-C4999FD4A9E1}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"TCP Query User{E2AF0775-BEDC-464E-A99E-F329B7A44D39}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{432D9153-79AD-42DA-A150-E0FD1DC90984}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{5EC8DD46-EAF0-4A36-863B-02D018072F79}"= UDP:990:LocalSubnet:LocalSubnet|IF={01C6AA85-0F55-4C55-A0EA-D2E78DFE933C}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 07:51]
S3 b57nd60x;%SvcDispName%;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 06:25]
S3 USB28xxBGA;PCTV 330e/800e Device;C:\Windows\system32\DRIVERS\emBDA.sys [2007-01-29 20:20]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-01-29 20:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-16 C:\Windows\Tasks\User_Feed_Synchronization-{F69A4360-CA55-474F-953D-979361B4ED8D}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-umkemyk - c:\users\cliente\appdata\local\umkemyk.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://virgilio.alice.it/indexbb.html


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 21:17:24
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-16 21:18:40
ComboFix-quarantined-files.txt 2008-08-16 19:18:36

Pre-Run: 47,371,309,056 byte disponibili
Post-Run: 47,233,044,480 byte disponibili

280 --- E O F --- 2008-08-16 07:39:18
e per me è stato molto utile grazieancora a PIDUE x l'aiuto ciao!!

Ho piacere che hai risolto. La prossima volta continua sul primo post, non aprirne altri sulla stessa discussione, altrimenti chi ti assiste perde il filo del discorso.
Ciao.

---