stò facendo tutto alla lettera mi sono assicurato che tutti i file fossero selezionatie li ho rimossi ma il log che ti ho postato me lo ha creato prima di selezionare e rimuovere poi come tu hai scritto succesivamente ho scaricato combo fix che mi ha creato questo log
ComboFix 09-01-10.03 - mario 2009-01-11 18.04.47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.511.182 [GMT 1:00]
Eseguito da: c:\documents and settings\mario\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\msrdo20.dll
c:\windows\system32\rdocurs.dll
.
((((((((((((((((((((((((( Files Creati Da 2008-12-11 al 2009-01-11 )))))))))))))))))))))))))))))))))))
.
2009-01-11 17:14 . 2009-01-11 17:14 <DIR> d-------- c:\programmi\CCleaner
2009-01-11 15:45 . 2009-01-11 15:45 <DIR> d-------- c:\documents and settings\mario\Dati applicazioni\Malwarebytes
2009-01-11 15:44 . 2009-01-11 15:45 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-11 15:44 . 2009-01-11 15:44 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-11 15:44 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 15:44 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-11 15:39 . 2009-01-11 15:39 <DIR> d-------- c:\programmi\Trend Micro
2009-01-01 16:03 . 2009-01-01 16:02 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-30 20:59 . 2008-12-30 20:59 <DIR> d-------- c:\documents and settings\mario\Dati applicazioni\Red Kawa
2008-12-30 20:53 . 2008-12-30 20:53 <DIR> d-------- c:\programmi\Red Kawa
2008-12-30 20:53 . 2008-12-30 20:53 <DIR> d-------- c:\programmi\AviSynth 2.5
2008-12-30 20:16 . 2008-12-30 20:16 <DIR> d-------- C:\OpenCandy
2008-12-27 18:52 . 2008-12-27 18:52 <DIR> d-------- c:\programmi\Bonjour
2008-12-27 18:02 . 2008-12-27 18:02 <DIR> d-------- c:\programmi\iTunes
2008-12-27 18:02 . 2008-12-27 18:02 <DIR> d-------- c:\programmi\iPod
2008-12-27 18:02 . 2008-12-27 18:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-27 18:00 . 2008-12-27 18:00 <DIR> d-------- c:\programmi\QuickTime
2008-12-25 17:50 . 2008-12-25 17:50 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Winferno
2008-12-25 17:46 . 2008-12-25 17:46 <DIR> d-------- c:\documents and settings\mario\Dati applicazioni\Yahoo!
2008-12-25 17:45 . 2009-01-11 12:44 <DIR> d-------- c:\programmi\Seekeen
2008-12-15 09:42 . 2008-12-15 09:42 <DIR> d-------- c:\programmi\GamersOxygen
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 14:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Zylom
2009-01-10 10:55 --------- d-----w c:\programmi\Everest Poker
2009-01-05 21:41 --------- d-----w c:\documents and settings\mario\Dati applicazioni\uTorrent
2009-01-01 15:02 --------- d-----w c:\programmi\Java
2008-12-31 11:56 --------- d-----w c:\programmi\eMule
2008-12-27 17:00 --------- d-----w c:\programmi\File comuni\Apple
2008-12-27 16:52 --------- d-----w c:\programmi\Safari
2008-12-26 10:50 --------- d-----w c:\programmi\Zylom Games
2008-12-26 10:47 --------- d-----w c:\programmi\GameShadow
2008-12-26 10:45 --------- d-----w c:\programmi\Gabest
2008-12-25 16:51 --------- d-----w c:\programmi\Yahoo!
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-18 17:53 669,184 ----a-w c:\windows\system32\pbsvc.exe
2008-10-18 17:53 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-10-18 17:53 22,328 ----a-w c:\documents and settings\mario\Dati applicazioni\PnkBstrK.sys
2008-10-18 17:53 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2003-10-23 15:52 40,960 ----a-w c:\programmi\Uninstall_CDS.exe
2008-08-22 17:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008082220080823\index.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 57,344 2005-07-07 16:41:54 c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
----a-w 344,064 2004-11-24 19:10:00 c:\programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
----a-w 32,768 2004-11-24 22:27:20 c:\programmi\ATI Technologies\ATI.ACE\bak\cli.exe
----a-w 12 2008-02-20 08:29:19 c:\programmi\ATnotes\bak\ATnotes.dat
----a-w 2,900 2006-09-28 09:03:04 c:\programmi\ATnotes\ATnotes.dat
----a-w 1,015,808 2005-01-05 13:45:36 c:\programmi\ATnotes\bak\ATnotes.exe
----a-w 68,856 2007-08-02 09:55:47 c:\programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
----a-w 132,496 2007-07-12 02:00:36 c:\programmi\Java\jre1.6.0_02\bin\bak\jusched.exe
----a-w 4,670,968 2007-03-27 13:22:56 c:\programmi\Yahoo!\Messenger\bak\YahooMessenger.exe
----a-w 15,360 2004-08-30 20:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 02:14:03 c:\windows\system32\ctfmon.exe
----a-r 155,648 2001-07-09 09:50:42 c:\windows\system32\bak\NeroCheck.exe
----a-r 83,968 2004-06-11 03:15:18 c:\windows\system32\bak\nvraidservice.exe
----a-w 99,840 2003-09-11 03:00:00 c:\windows\system32\spool\drivers\w32x86\3\bak\E_S4I0F2.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"PowerBar"="" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2008-01-20 77824]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"DAEMON Tools-1033"="c:\programmi\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 c:\windows\SOUNDMAN.EXE]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 c:\windows\system32\stmctrl.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.XVID"= xvid.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Eidos\\Pyro Studios\\Commandos Strike Force\\CommXPC.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12548:TCP"= 12548:TCP:BitComet 12548 TCP
"12548:UDP"= 12548:UDP:BitComet 12548 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-01 111184]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2006-09-14 59338]
R3 TaurusUsb;ADSL Modem USB Service 1.09a;c:\windows\system32\drivers\torususb.sys [2006-09-14 527980]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-01 20560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3e69503-43ef-11db-bc0b-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORFÃOS REMOVIDOS - - - -
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.gazzetta.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://it.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: xfire_lsp_9028.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-11 18:06:31
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ?????)?|Y,?|??@?`?@?l???????????7)?|8?????@?????????????d???????8???????????????????????????x?????9~??????????????@????????|p??|????m??||?:~??????????????@???@?????????????????????(?*???????????????????:~??????????@???????????:~>!@???@???????@???@?????x??sW??s
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\xfire_lsp_9028.dll
.
Ora fine scansione: 2009-01-11 18.08.08
ComboFix-quarantined-files.txt 2009-01-11 17:07:54
Pre-Run: 50.905.772.032 byte disponibili
Post-Run: 51,043,995,648 byte disponibili
185 --- E O F --- 2008-12-18 21:42:42
