Questo è il log di combofix.



ComboFix 09-05-12.06 - Utente 13/05/2009 19.22.48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.553 [GMT 2:00]
Eseguito da: c:\docume~1\Utente\IMPOST~1\Temp\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Utente\IMPOST~1\Temp\7648D966.nbp
c:\docume~1\Utente\IMPOST~1\Temp\7648D967.nbp
c:\docume~1\Utente\IMPOST~1\Temp\catchme.dll
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\oqguy.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\oqguy.exe
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\oqguy_nav.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\oqguy_navps.dat
c:\documents and settings\Utente\Impostazioni locali\Temp\7648D966.nbp
c:\documents and settings\Utente\Impostazioni locali\Temp\7648D967.nbp
c:\documents and settings\Utente\Impostazioni locali\Temp\catchme.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-04-13 al 2009-05-13 )))))))))))))))))))))))))))))))))))
.

2009-05-11 17:11 . 2009-05-11 17:11 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Agnitum
2009-05-08 16:37 . 2009-05-08 16:37 -------- d-----w c:\programmi\JRE
2009-05-02 09:44 . 2009-05-02 10:16 -------- d-----w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\RadioSure
2009-05-01 10:16 . 2009-05-01 10:40 -------- d-----w c:\programmi\Kantaris
2009-04-29 18:35 . 2009-04-29 18:35 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo!
2009-04-29 18:35 . 2009-04-29 18:36 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-04-18 11:52 . 2008-05-29 07:28 28416 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-18 11:52 . 2009-04-18 11:52 355584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-18 11:52 . 2009-04-18 11:52 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-04-18 11:51 . 2009-05-10 10:48 -------- d-----w c:\programmi\TuneUp Utilities 2008
2009-04-18 11:49 . 2009-04-18 11:49 -------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-04-14 18:54 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 18:54 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-14 18:54 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-14 18:54 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 18:54 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 18:54 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 18:54 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 18:54 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 18:54 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 18:52 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 17:27 . 2008-04-26 10:33 -------- d-----w c:\programmi\Mozilla Sunbird
2009-05-13 17:25 . 2008-07-17 09:31 917536 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-13 17:25 . 2008-07-17 09:31 5264 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-13 17:25 . 2008-07-17 09:31 4200480 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-13 17:25 . 2008-07-17 09:31 34944 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-11 16:03 . 2009-04-10 17:20 -------- d-----w c:\programmi\SpywareBlaster
2009-05-09 18:48 . 2008-07-27 16:16 -------- d-----w c:\programmi\Mozilla Thunderbird
2009-05-08 17:02 . 2007-11-30 10:00 83960 ----a-w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-08 16:37 . 2008-11-02 09:54 -------- d-----w c:\programmi\OpenOffice.org 3
2009-05-08 09:01 . 2008-11-24 18:25 -------- d-----w c:\programmi\VS Revo Group
2009-05-07 10:45 . 2009-01-26 20:20 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-05-02 16:43 . 2007-12-27 18:28 -------- d-----w c:\programmi\Windows Live Toolbar
2009-04-29 18:35 . 2008-06-26 15:13 -------- d-----w c:\programmi\Yahoo!
2009-04-29 10:12 . 2008-12-21 10:38 -------- d-----w c:\programmi\Microsoft Works
2009-04-18 17:38 . 2004-09-07 12:00 84910 ----a-w c:\windows\system32\perfc010.dat
2009-04-18 17:38 . 2004-09-07 12:00 491894 ----a-w c:\windows\system32\perfh010.dat
2009-04-17 10:05 . 2009-01-22 18:11 -------- d-----w c:\programmi\VDOWNLOADER
2009-04-08 21:25 . 2009-04-08 21:25 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-07 17:31 . 2009-03-27 10:57 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-06 13:32 . 2009-03-27 10:57 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-03-27 10:57 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 18:57 . 2009-03-28 11:39 -------- d-----w c:\programmi\Microsoft Silverlight
2009-04-04 18:02 . 2008-05-05 16:28 -------- d-----w c:\programmi\WebShot
2009-03-31 17:14 . 2009-02-03 18:49 -------- d-----r c:\programmi\Skype
2009-03-31 17:08 . 2009-03-21 19:34 -------- d-----w c:\programmi\IZArc
2009-03-28 12:53 . 2009-02-11 22:27 -------- d-----w c:\programmi\RadioItalia
2009-03-28 12:39 . 2007-11-30 18:16 -------- d-----w c:\programmi\Windows Live Safety Center
2009-03-28 12:38 . 2008-08-21 15:56 -------- d-----w c:\programmi\Windows Live
2009-03-28 11:37 . 2009-03-28 11:37 -------- d-----w c:\programmi\Microsoft Sync Framework
2009-03-28 11:34 . 2008-11-22 18:18 -------- d-----w c:\programmi\Microsoft
2009-03-28 11:29 . 2009-03-28 11:29 -------- d-----w c:\programmi\File comuni\Windows Live
2009-03-25 15:29 . 2007-11-30 18:53 -------- d-----w c:\programmi\Java
2009-03-22 17:02 . 2009-03-22 11:44 -------- d-----w c:\programmi\Free FLV Converter
2009-03-22 11:45 . 2009-03-22 11:45 -------- d-----w c:\programmi\Search Settings
2009-03-22 11:25 . 2008-12-13 18:59 -------- d-----w c:\programmi\ATI
2009-03-22 11:17 . 2007-11-29 11:37 -------- d-----w c:\programmi\ATI Technologies
2009-03-20 21:05 . 2009-03-22 11:44 290816 ----a-w c:\windows\system32\TubeFinder.exe
2009-03-18 20:29 . 2009-01-03 11:27 -------- d-----w c:\programmi\7-Zip
2009-03-18 20:08 . 2008-12-27 17:24 -------- d-----w c:\programmi\Windows Desktop Search
2009-03-15 11:00 . 2009-03-15 10:59 -------- d-----w c:\programmi\K-Lite Codec Pack
2009-03-09 04:19 . 2008-10-28 10:51 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:19 . 2004-09-07 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2004-09-07 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 11:05 . 2009-03-01 11:05 213888 ----a-w c:\windows\system32\drivers\timntr.sys
2009-03-01 11:05 . 2008-12-25 10:54 37888 ----a-w c:\windows\system32\setupnt.dll
2009-03-01 11:05 . 2008-04-01 11:30 28928 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-03-01 11:05 . 2009-03-01 11:05 126976 ----a-w c:\windows\system32\snapapi.dll
2009-03-01 11:05 . 2008-04-01 11:30 82464 ----a-w c:\windows\system32\drivers\snapman.sys
2009-02-25 22:58 . 2007-11-29 11:54 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2008-12-01 20:52 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2007-11-29 11:54 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2005-03-22 13:32 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2005-03-22 13:32 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2005-03-22 13:32 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2005-03-22 13:32 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2005-03-22 13:32 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2005-03-22 13:32 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2005-03-22 13:32 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2005-03-22 13:32 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2007-11-29 11:54 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2005-03-22 13:32 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2007-11-29 11:54 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:44 . 2008-12-01 19:57 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2005-03-22 13:32 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2008-12-01 19:52 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2005-03-22 13:32 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2005-03-22 13:32 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2008-12-01 19:50 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-04 02:43 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-04 02:42 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2007-11-29 11:54 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-04 02:40 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 14:15 . 2007-11-29 11:38 593920 ------w c:\windows\system32\ati2sgag.exe
2009-02-20 17:08 . 2004-09-07 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-04 201992]
"VMonitorVMUVC"="c:\programmi\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe" [2007-04-13 114688]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-10-27 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
Mozilla Sunbird.lnk - c:\programmi\Mozilla Sunbird\sunbird.exe [2008-4-27 6354540]
NumCapsScroll Indicator.lnk - c:\programmi\Vasilios Applications\NumCapsScroll Indicator\NumCapsScroll Indicator.exe [2009-2-2 1185319]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18.29.38 33808]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 20.19.58 13592]
R2 YahooAUService;Yahoo! Updater;c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe [09/11/2008 22.48.14 602392]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 21.07.10 24592]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [13/02/2009 18.26.29 248448]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [13/02/2009 18.26.28 476032]
S2 gupdate1c9877f61fbad50;Google Update Service (gupdate1c9877f61fbad50);c:\programmi\Google\Update\GoogleUpdate.exe [05/02/2009 12.49.11 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmi\NOS\bin\getPlus_HelperSvc.exe [13/10/2008 18.25.00 33176]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0895d93b-cdc3-11dc-861d-00110911dfd2}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{375a3a79-60d7-11dd-87a8-00110911dfd2}]
\Shell\AutoRun\command - j:\codysafe\Launcher.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2008\OneClick.exe [2008-06-20 07:27]

2008-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-05-13 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-23 17:29]

2009-05-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-05 10:49]

2009-05-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-05-13 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-08 10:16]

2009-05-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-08 10:16]

2009-03-22 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-19 17:15]

2009-05-12 c:\windows\Tasks\User_Feed_Synchronization-{CBE927A5-3159-45B5-8F5D-30F286C020F8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-oqguy - c:\documents and settings\utente\impostazioni locali\dati applicazioni\oqguy.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://notizie.libero.it/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\Download Express\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\Download Express\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\Download Express\mdpph.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\hotcop60.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://notizie.libero.it/|http://it.yahoo.com/|http://www.aiutamici.com/software.aspx
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT556636&SearchSource=2&q=
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\hotcop60.default\extensions\{0aaeaede-aefd-4672-a764-5c5c037612a2}\components\FFAlert.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll
FF - plugin: c:\programmi\Tracker Software\PDF-XChange Viewer\pdf-viewer\npPDFXCviewNPPlugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 19:27
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1214440339-573735546-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(556)
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-13 19.32.26 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-05-13 17:32

Pre-Run: 149.849.366.528 byte disponibili
Post-Run: 149.741.936.640 byte disponibili

266 --- E O F --- 2009-05-13 09:12

e questo quello di HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.41.10, on 13/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Vasilios Applications\NumCapsScroll Indicator\NumCapsScroll Indicator.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Utente\Documenti\PROGRAMMI E Icone di sicurezza e utilità\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://notizie.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RadioItalia Toolbar - {0aaeaede-aefd-4672-a764-5c5c037612a2} - C:\Programmi\RadioItalia\tbRad1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programmi\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: RadioItalia Toolbar - {0aaeaede-aefd-4672-a764-5c5c037612a2} - C:\Programmi\RadioItalia\tbRad1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Programmi\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O4 - Startup: NumCapsScroll Indicator.lnk = C:\Programmi\Vasilios Applications\NumCapsScroll Indicator\NumCapsScroll Indicator.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9877f61fbad50) (gupdate1c9877f61fbad50) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10456 bytes

---

Un amico è colui che cammina con te sulla spiaggia infinita della realtà, ma se un giorno voltandoti vedrai le impronte di una sola persona non pensare che ti abbia abbandonato nel momento in cui avevi bisogno di lui, ti ha soltanto preso in braccio.......

R16, che dire: sono meravigliato anche io di esserci riuscito!!! Credevo che avrei fatto un gran ca..no per come sono imbranato.

Ho seguito le operazioni principali da te suggeritemi, ora non mi resta che togliere alcune toolbar che, tra l'altro, non utilizzo.

Sembra che adesso tutto fili liscio e stanotte potrò dormire tranquillo con le finestre chiuse, lasciando aperte solo quelle che voglio.

Ti ringrazio per l'aiuto e la competenza dimostrata

Mario

---

Un amico è colui che cammina con te sulla spiaggia infinita della realtà, ma se un giorno voltandoti vedrai le impronte di una sola persona non pensare che ti abbia abbandonato nel momento in cui avevi bisogno di lui, ti ha soltanto preso in braccio.......

1) Si, fai una copia con Acronis 6.
2) E' un Navipromo, un tipo di infezione, molto comune, ma per fortuna poco dannosa,non essendo un vero e proprio virus, gli antivirus,hanno qualche difficoltà nel rilevarlo.
3) questo link ti può dare un'idea di cosa sono gli ADS, a cosa servono, e a chi possono servire:
http://sicurezza.html.it/articoli/leggi/1046/alternate-data-streams-i-file-invisibili-di-window/