Ciao ancora, ho seguito i vostri consigli, e dopo circa 15 minuti di navigazione sembra che sia tutto a posto, da verificare meglio col tempo.
Posto il log di Combofix e vi ringrazio infinitamente per i Vs. consigli e per la Vs. risposta immediata.(Postatemi se tutto e a posto)
ComboFix 08-11-27.07 - Giovanni 2008-11-28 16.04.23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.619 [GMT 1:00]
Eseguito da: c:\documents and settings\Giovanni\desktop\combofix.exe
Interruttori di comando utilizzati :: /killall
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Giovanni\Dati applicazioni\inst.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-10-28 al 2008-11-28 )))))))))))))))))))))))))))))))))))
.
2008-11-27 19:53 . 2008-11-27 19:53 <DIR> d-------- c:\programmi\Lavasoft
2008-11-27 19:53 . 2008-11-27 19:54 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-11-26 15:01 . 2008-11-26 15:01 <DIR> d-------- c:\programmi\SDHelper (Spybot - Search & Destroy)
2008-11-26 15:01 . 2008-11-26 15:01 <DIR> d-------- c:\programmi\Misc. Support Library (Spybot - Search & Destroy)
2008-11-26 15:01 . 2008-11-26 15:01 <DIR> d-------- c:\programmi\File Scanner Library (Spybot - Search & Destroy)
2008-11-24 15:56 . 2008-11-28 16:00 <DIR> d-------- c:\programmi\Orbitdownloader
2008-11-23 18:27 . 2008-11-23 18:27 <DIR> d-------- c:\documents and settings\Giovanni\Dati applicazioni\EmailNotifier
2008-11-23 18:27 . 2008-11-23 18:27 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Megaupload
2008-11-23 18:27 . 2008-11-23 18:27 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\EmailNotifier
2008-11-23 12:35 . 2008-11-23 12:35 <DIR> d-------- c:\documents and settings\Giovanni\Dati applicazioni\TERMINAL Studio
2008-11-23 12:34 . 2008-11-24 16:20 <DIR> d-------- c:\programmi\Astro Gemini Software
2008-11-23 12:34 . 2008-11-23 12:34 <DIR> d-------- c:\documents and settings\Giovanni\Dati applicazioni\Astro Gemini Software
2008-11-23 12:34 . 2007-11-06 17:46 106,496 --a------ c:\windows\system32\Astro Gemini Screensaver Manager.scr
2008-11-21 14:48 . 2008-11-25 14:47 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-21 14:48 . 2008-11-21 14:48 1,409 --a------ c:\windows\QTFont.for
2008-11-18 13:01 . 2008-11-18 08:25 <DIR> d-------- c:\documents and settings\Vhannibal Dual Feeds 18 nov
2008-11-16 14:59 . 2008-11-16 14:59 60 --a------ c:\windows\system32\ZgE_DbKY.srg
2008-11-16 14:57 . 2008-11-16 14:57 112 --a------ c:\windows\system32\ZMPNCaxW.srg
2008-11-16 14:56 . 2008-11-16 14:59 <DIR> d-------- c:\programmi\Link Checker Pro
2008-11-16 14:56 . 1999-12-17 11:13 86,016 --------- c:\windows\unvise32.exe
2008-11-15 21:12 . 2008-11-28 15:32 <DIR> d-------- C:\downloads
2008-11-15 21:12 . 2008-11-28 15:33 <DIR> d-------- c:\documents and settings\Giovanni\Dati applicazioni\Orbit
2008-11-15 21:12 . 2008-11-15 21:12 <DIR> d-------- c:\documents and settings\Giovanni\Dati applicazioni\GrabPro
2008-11-15 15:21 . 2008-11-15 15:21 <DIR> d-------- c:\programmi\micla-multimedia
2008-11-13 16:41 . 2008-11-13 16:41 <DIR> d-------- c:\programmi\Caricature Studio Green 3.6
2008-11-13 16:40 . 2008-11-13 16:40 <DIR> d-------- c:\documents and settings\Giovanni\Dati applicazioni\Carnival Software
2008-11-12 12:21 . 2008-11-12 12:21 <DIR> d-------- c:\programmi\Network Stumbler
2008-11-10 15:55 . 2008-11-10 15:55 <DIR> d-------- c:\programmi\DX-Ball
2008-11-10 15:39 . 2008-11-10 15:39 <DIR> d-------- c:\programmi\ScreenSaver.com
2008-11-10 15:39 . 2004-04-29 14:24 974,848 --a------ c:\windows\vorbis.dll
2008-11-10 15:39 . 2004-11-10 17:20 425,984 --a------ c:\windows\My 3D Christmas Tree Full.scr
2008-11-10 15:39 . 2004-04-29 14:24 49,152 --a------ c:\windows\ogg.dll
2008-11-10 15:39 . 2004-04-29 14:24 28,672 --a------ c:\windows\vorbisfile.dll
2008-11-10 15:01 . 2008-11-10 15:01 <DIR> d--h----- c:\windows\PIF
2008-11-10 12:52 . 2008-11-10 12:52 <DIR> d-------- c:\programmi\Lavalys
2008-11-08 17:41 . 2008-11-21 20:02 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-31 21:23 . 2008-10-31 21:23 <DIR> d-------- C:\vcs5BGEffects
2008-10-31 14:32 . 2008-10-31 14:32 268 --ah----- C:\sqmdata03.sqm
2008-10-31 14:32 . 2008-10-31 14:32 244 --ah----- C:\sqmnoopt03.sqm
2008-10-28 15:41 . 2008-10-28 15:43 <DIR> d-------- c:\programmi\AceMoney
2008-10-28 15:41 . 2008-10-28 15:41 <DIR> d-------- c:\documents and settings\Giovanni\Dati applicazioni\MechCAD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 18:52 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-27 18:48 --------- d-----w c:\programmi\eMule
2008-11-26 14:01 --------- d-----w c:\programmi\TeaTimer (Spybot - Search & Destroy)
2008-11-25 12:36 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\Vso
2008-11-16 17:22 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-11-16 17:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-11-13 12:48 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-11-09 11:45 --------- d-----w c:\programmi\WinAVIVideoConverter
2008-11-05 22:23 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-05 22:23 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2008-10-31 13:33 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-26 17:53 --------- d-----w c:\programmi\Dream Aquarium
2008-10-24 17:25 --------- d-----w c:\programmi\Chris PC-Lock
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 14:58 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2008-10-22 14:56 --------- d-----w c:\programmi\AVG
2008-10-22 14:56 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avg8
2008-10-19 10:37 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\CoSoSys
2008-10-19 10:01 --------- d-----w c:\programmi\PDF Editor 2
2008-10-16 11:04 --------- d-----w c:\programmi\TuneUp Utilities 2008
2008-10-16 11:04 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\TuneUp Software
2008-10-16 11:04 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2008-10-16 06:26 98,304 ----a-w c:\windows\DreamAquarium.scr
2008-10-12 10:28 --------- d-----w c:\programmi\Yamicsoft
2008-08-16 15:54 47,360 ----a-w c:\documents and settings\Giovanni\Dati applicazioni\pcouffin.sys
2008-03-23 19:01 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-08-19 23:09 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008082020080821\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"3COM"="c:\programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe" [2004-09-15 385024]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064]
"SunJavaUpdateSched"="c:\programmi\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 32873]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-03-22 151597]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\Giovanni\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
hp psc 2000 Series.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 323646]
hpoddt01.exe.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chris PC-Lock]
--a------ 2008-05-19 12:30 449050 c:\programmi\Chris PC-Lock\PCLock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-12-09 14:56 57344 c:\programmi\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2004-11-14 15:26 188459 c:\programmi\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 03:14 1695232 c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 c:\programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-16 15:03 155648 c:\programmi\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 c:\programmi\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
--a------ 2008-01-17 15:54 8811824 c:\programmi\VoipBuster.com\VoipBuster\VoipBuster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-02-29 08:14 4670704 c:\programmi\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Programmi\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-10-22 12936]
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2008-03-22 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-22 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-22 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-23 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-22 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-05 1212184]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-10-22 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-10-22 29208]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys [2008-03-30 233984]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
2008-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
2008-07-02 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1206268830.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
2008-11-28 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:27]
.
- - - - ORFÃOS REMOVIDOS - - - -
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
MSConfigStartUp-Norton Ghost 12 - c:\programmi\Norton Ghost\Agent\VProTray.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-28 16:10:28
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\programmi\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\programmi\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-28 16:16:40 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-28 15:16:36
Pre-Run: 60.561.461.248 byte disponibili
Post-Run: 60,849,307,648 byte disponibili
210 --- E O F --- 2008-11-13 12:48:35
Registrazione
di claudioc » 27/10/08 15:20 
