grazie a tutti !!!!!!
per r 16 ti incollo i vari post
Malwarebytes' Anti-Malware 1.28
Versione del database: 1266
Windows 5.1.2600 Service Pack 3
13/10/2008 22.30.28
mbam-log-2008-10-13 (22-30-28).txt
Tipo di scansione: Scansione completa (C:\|E:\|)
Elementi scansionati: 74101
Tempo trascorso: 28 minute(s), 22 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
ComboFix 08-10-12.01 - pb 2008-10-13 22.40.28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.419 [GMT 2:00]
Eseguito da: C:\Documents and Settings\pb\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-09-13 al 2008-10-13 )))))))))))))))))))))))))))))))))))
.
2008-10-13 21:37 . 2008-10-13 21:38 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-13 21:37 . 2008-10-13 21:37 <DIR> d-------- C:\Documents and Settings\pb\Dati applicazioni\Malwarebytes
2008-10-13 21:37 . 2008-10-13 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-13 21:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 21:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 10:40 . 2008-10-13 10:40 <DIR> d-------- C:\Programmi\ClamWin
2008-10-13 10:40 . 2008-10-13 10:40 <DIR> d-------- C:\Documents and Settings\pb\Dati applicazioni\.clamwin
2008-10-13 10:40 . 2008-10-13 10:40 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin
2008-10-13 10:38 . 2008-10-13 10:38 <DIR> d-------- C:\Programmi\ReflexiveArcade
2008-10-13 10:38 . 2008-10-13 10:38 <DIR> d-------- C:\Programmi\LuckyTender
2008-10-11 10:19 . 2008-10-13 14:36 424 --a------ C:\WINDOWS\zipgenius.xml
2008-10-11 10:18 . 2008-10-11 10:22 <DIR> d-------- C:\Documents and Settings\pb\Dati applicazioni\ZipGenius
2008-10-11 10:17 . 2008-10-11 10:18 <DIR> d-------- C:\Programmi\ZipGenius 6
2008-09-23 09:25 . 2008-09-23 09:25 <DIR> d-------- C:\Programmi\Defraggler
2008-09-23 09:24 . 2008-09-23 09:24 <DIR> d-------- C:\Programmi\Recuva
2008-09-20 20:50 . 2008-09-20 21:49 <DIR> d-------- C:\Programmi\NOS
2008-09-20 20:50 . 2008-09-20 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 19:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-10-13 17:46 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-10-13 12:43 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-13 08:25 --------- d-----w C:\Programmi\Ahead
2008-10-11 19:44 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\OpenOffice.org2
2008-10-04 13:32 --------- d-----w C:\Programmi\OpenOffice.org 2.4
2008-09-26 17:38 --------- d-----w C:\Programmi\Java
2008-09-12 22:21 --------- d-----w C:\Programmi\File comuni\Adobe
2008-09-10 17:11 --------- d-----w C:\Programmi\CCleaner
2008-09-09 11:39 --------- d-----w C:\Programmi\Pinnacle
2008-09-07 18:57 --------- d-----w C:\Programmi\Windows Live
2008-09-07 18:20 --------- d-----w C:\Programmi\IObit
2008-09-07 18:17 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-09-06 15:47 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\GlarySoft
2008-08-19 17:45 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\Video DVD Maker FREE
2008-08-19 17:44 1,024,000 ----a-w C:\WINDOWS\system32\ewmpegco.dll
2008-08-19 17:41 --------- d-----w C:\Programmi\Video DVD Maker FREE
2008-08-19 15:37 --------- d-----w C:\Programmi\Tiscali ADSL Signup
2008-08-19 15:23 --------- d-----w C:\Programmi\QuickTime
2008-08-19 15:13 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-19 15:11 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SmartSound Software Inc
2008-08-18 20:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
2008-08-18 20:13 --------- d-----w C:\Programmi\AdorageI-SAL
2008-08-18 20:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\QuickTime
2008-08-18 19:57 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-08-18 19:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle Studio
2008-08-18 10:26 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-08-18 10:26 --------- d-----w C:\Programmi\AVS4YOU
2008-08-18 09:57 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\AVS4YOU
2008-08-18 07:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-08-17 18:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle VideoSpin
2008-08-17 18:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\VideoSpin
2008-08-17 18:45 --------- d-----w C:\Programmi\File comuni\Nero
2008-08-17 18:44 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-08-14 08:38 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\CyberLink
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 17:00 17,931,485 -c--a-w C:\Programmi\gimp2.zip
2008-07-15 11:37 87,710 ----a-w C:\Programmi\install_wmp11windowsxpx86itit.exe.exe
2008-07-15 11:10 6,530,392 -c--a-w C:\Programmi\AWCSetup.zip
2008-07-15 07:06 15,083,520 ----a-w C:\Programmi\spybotsd160.exe
2008-07-15 06:51 529,473 ----a-w C:\WINDOWS\system32\flash.zip
2008-06-30 12:23 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008063020080701\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"RMC"="C:\WINDOWS\system32\drivers\RMC.exe" [2005-03-28 24576]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-03-04 102490]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-03-04 708698]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ClamWin"="C:\Programmi\ClamWin\bin\ClamTray.exe" [2006-12-12 73728]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-12 C:\WINDOWS\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"EverioService"="C:\Programmi\CyberLink\PCM4Everio\EverioService.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 13912]
R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-01-05 226768]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-13 C:\WINDOWS\Tasks\Garanzia estesa.job
- C:\APPS\SMP\PBCARNOT.EXE [2005-11-09 13:55]
2008-10-13 C:\WINDOWS\Tasks\Master CD_DVD Creator.job
- C:\Apps\SMP\MCDCHECK.EXE [2005-11-08 15:26]
2008-10-13 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Programmi\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2006-08-11 C:\WINDOWS\Tasks\Promemoria registrazione 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:14]
2006-08-18 C:\WINDOWS\Tasks\Promemoria registrazione 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:14]
2006-08-11 C:\WINDOWS\Tasks\Promemoria registrazione 3.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:14]
2008-09-25 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Programmi\Registry Easy\RE.exe []
.
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.sitecom.com/connectivity
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
O8 -: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-13 22:41:24
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-10-13 22.42.09
ComboFix-quarantined-files.txt 2008-10-13 20:42:07
ComboFix2.txt 2008-10-13 20:37:40
Pre-Run: 11.207.122.944 byte disponibili
Post-Run: 11,192,639,488 byte disponibili
180 --- E O F --- 2008-10-09 19:54:57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.48.10, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\APPS\RecordNow\RecordNow.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\CCleaner\CCleaner.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://it.msn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.sitecom.com/connectivityR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 8270 bytes
questo è il risultato, spero possa esserti d'aiuto; una considerazione: in combofix ho trovato forse qusti due programmi che possono essere collegati al virus:
2008-10-13 10:38 . 2008-10-13 10:38 <DIR> d-------- C:\Programmi\ReflexiveArcade
2008-10-13 10:38 . 2008-10-13 10:38 <DIR> d-------- C:\Programmi\LuckyTender
grazie ancora!!!!