ComboFix 09-01-01.01 - Erik 2009-01-02 14:01:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1022.582 [GMT 1:00]
Eseguito da: c:\documents and settings\Erik\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\lxnlpktf.ini
c:\windows\system32\nbncpdcu.ini
c:\windows\system32\xieptecg.ini

----- BITS: Sites possivelmente infetados -----

hxxp://childhe.com
.
((((((((((((((((((((((((( Files Creati Da 2008-12-02 al 2009-01-02 )))))))))))))))))))))))))))))))))))
.

2009-01-01 00:19 . 2009-01-01 00:19 <DIR> d-------- c:\programmi\EG
2008-12-31 22:20 . 2008-12-31 22:20 <DIR> d-------- c:\documents and settings\Erik\Dati applicazioni\Screaming Bee
2008-12-31 22:19 . 2008-12-31 22:19 <DIR> d-------- c:\programmi\Screaming Bee
2008-12-31 21:08 . 2008-12-31 21:08 <DIR> d-------- c:\programmi\Doctor Alex Antispyware
2008-12-30 15:39 . 2008-12-30 15:39 <DIR> d-------- c:\programmi\Winamp Toolbar
2008-12-30 15:39 . 2008-12-30 15:39 <DIR> d-------- c:\programmi\Winamp
2008-12-30 15:39 . 2008-12-30 15:41 <DIR> d-------- c:\documents and settings\Erik\Dati applicazioni\Winamp
2008-12-30 15:39 . 2008-12-30 15:39 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar
2008-12-30 15:39 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-12-30 15:39 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-30 15:39 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-28 05:07 . 2008-12-28 05:07 <DIR> d-------- c:\programmi\Enigma Software Group
2008-12-28 02:20 . 2008-12-28 02:20 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-28 02:20 . 2008-12-28 02:20 <DIR> d-------- c:\documents and settings\Erik\Dati applicazioni\Malwarebytes
2008-12-28 02:20 . 2008-12-28 02:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-28 02:20 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 02:20 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-27 15:46 . 2008-12-27 15:46 <DIR> d-------- C:\VundoFix Backups
2008-12-27 15:24 . 2008-12-27 15:24 <DIR> d-------- c:\programmi\Avira
2008-12-27 15:24 . 2008-12-27 15:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2008-12-27 13:34 . 2008-12-27 13:34 <DIR> d-------- c:\programmi\CCleaner
2008-12-27 13:17 . 2008-12-27 13:17 <DIR> d-------- c:\programmi\Trend Micro
2008-12-26 18:20 . 2008-12-27 22:41 <DIR> d-------- c:\documents and settings\Erik\Dati applicazioni\Twain
2008-12-24 02:14 . 2008-12-27 14:05 2 --a------ C:\-1071718278
2008-12-24 02:08 . 2008-12-24 02:28 <DIR> d-------- c:\documents and settings\Erik\Dati applicazioni\Sports Interactive
2008-12-24 02:08 . 2008-12-24 02:08 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Sports Interactive
2008-12-24 02:07 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-12-24 01:58 . 2008-12-24 01:58 <DIR> d-------- c:\windows\Logs
2008-12-23 23:09 . 2008-12-23 23:09 <DIR> d-------- c:\programmi\Team JPN
2008-12-23 22:52 . 2008-12-23 22:52 <DIR> d-------- c:\documents and settings\Erik\Dati applicazioni\DAEMON Tools Pro
2008-12-23 22:51 . 2008-12-24 12:08 <DIR> d-------- c:\programmi\DAEMON Tools Toolbar
2008-12-23 22:51 . 2008-12-23 22:51 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2008-12-23 22:50 . 2008-12-23 22:52 <DIR> d-------- c:\documents and settings\Erik\Dati applicazioni\DAEMON Tools Lite
2008-12-19 22:24 . 2008-12-19 22:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PY_Software
2008-12-09 19:37 . 2008-12-09 19:37 <DIR> d-------- c:\programmi\Bit Che
2008-12-09 19:37 . 2008-12-09 19:37 <DIR> d-------- c:\documents and settings\Erik\Dati applicazioni\Convivea
2008-12-09 19:37 . 2004-03-09 00:00 152,848 --a------ c:\windows\system32\comdlg32.OCX
2008-12-05 17:06 . 2008-12-05 17:10 <DIR> d-------- c:\programmi\UltraISO
2008-12-05 16:53 . 2008-12-05 17:01 <DIR> d-------- c:\programmi\WinISO
2008-12-05 14:24 . 2008-12-05 14:24 <DIR> d-------- c:\documents and settings\Erik\Dati applicazioni\ImgBurn
2008-12-05 14:23 . 2008-12-05 14:23 <DIR> d-------- c:\programmi\ImgBurn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 12:54 --------- d-----w c:\documents and settings\Erik\Dati applicazioni\DNA
2009-01-02 11:34 --------- d-----w c:\programmi\DNA
2009-01-02 11:34 --------- d-----w c:\documents and settings\Erik\Dati applicazioni\OpenOffice.org2
2008-12-31 23:25 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-31 23:19 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-31 23:19 --------- d-----w c:\documents and settings\Erik\Dati applicazioni\mIRC
2008-12-31 17:34 --------- d-----w c:\programmi\mIRC
2008-12-28 02:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-28 00:14 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-12-27 14:16 --------- d-----w c:\programmi\PC Registry Cleaner
2008-12-26 17:20 --------- d-----w c:\programmi\DAEMON Tools Lite
2008-12-23 22:20 --------- d-----w c:\documents and settings\Erik\Dati applicazioni\BitTorrent
2008-12-23 21:52 --------- d-----w c:\documents and settings\Erik\Dati applicazioni\DAEMON Tools
2008-12-20 11:15 --------- d-----w c:\programmi\eMule
2008-12-05 12:15 --------- d-----w c:\programmi\Astonsoft
2008-11-30 10:58 --------- d-----w c:\programmi\R-Drive Image
2008-11-25 13:33 --------- d-----w c:\programmi\Runtime Software
2008-11-22 18:58 --------- d-----w c:\documents and settings\Erik\Dati applicazioni\DeepBurner
2008-11-22 18:53 --------- d-----w c:\programmi\CDex_150
2008-11-22 18:46 --------- d-----w c:\programmi\FinalBurner
2008-11-21 21:20 --------- d-----w c:\programmi\BitTorrent
2008-11-21 21:19 --------- d-----w c:\programmi\AskSearch
2008-11-21 21:19 --------- d-----w c:\programmi\AskBarDis
2008-11-13 20:22 --------- d-----w c:\programmi\ManyCam 2.3
2008-11-08 12:36 --------- d-----w c:\programmi\TavoliVerdi
2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
1997-01-23 06:01 24,566 ----a-w c:\documents and settings\Erik\DISKCOPY.COM
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSN Webcam Recorder"="c:\programmi\MSN Webcam Recorder\ml20gui.exe" [2007-11-27 110592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"ManyCam"="c:\programmi\ManyCam 2.3\ManyCam.exe" [2008-10-14 1791272]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2008-12-16 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-12 98304]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2008-08-04 36352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Erik\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk - c:\programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2004-12-23 569405]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Programmi\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programmi\\TavoliVerdi\\TVControllo.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2008-05-12 200192]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-09-07 21920]
S1 73b61b89;73b61b89;c:\windows\system32\drivers\73b61b89.sys []
S1 7d3d1b83;7d3d1b83;c:\windows\system32\drivers\7d3d1b83.sys []
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-07-13 13352]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-02 c:\windows\Tasks\nnaacjxd.job
- c:\windows\system32\rundll32.exe [2004-08-19 14:39]
.
.
------- Supplementare di scansione -------
.
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Erik\Dati applicazioni\Mozilla\Firefox\Profiles\3z1r2rx8.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\documents and settings\Erik\Dati applicazioni\Mozilla\Firefox\Profiles\3z1r2rx8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\programmi\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
pref(dom.disable_open_during_load, false);.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 14:03:51
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????1?5?8?7??????? ???B?????????????hLC????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-01-02 14:05:38
ComboFix-quarantined-files.txt 2009-01-02 13:04:40

Pre-Run: 12,415,311,872 byte disponibili
Post-Run: 12,434,632,704 byte disponibili

210 --- E O F --- 2008-10-25 10:36:54

Il pc è meglio di prima sicuramente.

ecco il log HJT

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\MSN Webcam Recorder\ml20gui.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\ManyCam 2.3\ManyCam.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\OpenOffice.org 2.4\program\soffice.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\HPQ\shared\hpqwmi.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Java\jre1.6.0_04\bin\jucheck.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSN Webcam Recorder] "C:\Programmi\MSN Webcam Recorder\ml20gui.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Programmi\ManyCam 2.3\ManyCam.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.avp.it/kos/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210615449590
O17 - HKLM\System\CCS\Services\Tcpip\..\{824A1E0C-F516-4D35-A642-15AE07EE27D1}: NameServer = 85.37.17.8 85.38.28.73
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\shared\hpqwmi.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe


Grazie

perfetto!
grazie....e per quel trojan?