Olimpo Informatico

[lomba]

Ciao a tutti!
panda 2008 ha trovato e cancellato 50 virus che si chiamavano exhmrgas.exe ognuno preceduto da un numero diverso
ho fatto di nuovo la scansione e non ha trovato niente
ma ho letto su altri forum che ci possono essere dei problemi
posto il mio hijackthis, c'è qualcuno che può aiutarmi?
grazie
Logfile of HijackThis v1.99.1
Scan saved at 19.05.22, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\MemoRex\MemoRex.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Panda Security\Panda Antivirus 2008\AvltMain.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\enduser\Desktop\hij\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [KillCopy] "C:\WINDOWS\system32\killcopy.exe" /kcresume /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/s wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmi\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmi\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

[nicolamod]

ciao abbiamo lo stesso tipo di problema...ho aperto un topic simile , magari puoi vedere come risolvere....


http://forum.zeusnews.com/viewtopic.php?t=30183

[bdoriano]

Il log di hijackthis sembra pulito.

Segui le istruzioni di questo topic per postare il log di combofix.

[lomba]

Ciao e grazie per l'intervento!
Dopo aver fatto il log ho fatto una scansione con panda 2008 e ho trovato altri 4 file infetti, inoltre panda mi ha chiesto di cancellare un programma C.\windows\nircmd.exe perchè compromette il funzionamento degli altri
programmi. L'ho fatto cancellare (ti prego dimmi che ho fatto bene....)
Aggiornamento:
Credo di aver capito! non sono file infetti è Panda che non riconosce ComboFix (credo-spero)
ecco il log di combofix:
ComboFix 08-02-14.2 - enduser 2008-02-14 14.58.16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1489 [GMT 1:00]
Eseguito da: C:\Documents and Settings\enduser\Desktop\combofix\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-01-14 al 2008-02-14 )))))))))))))))))))))))))))))))))))
.

2008-02-13 17:01 . 2008-02-13 17:01 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-09 10:41 . 2008-02-09 10:41 <DIR> d-------- C:\Programmi\Uniblue
2008-02-09 10:37 . 2008-02-09 10:37 <DIR> d-------- C:\Documents and Settings\enduser\Dati applicazioni\Registry Booster
2008-02-08 21:52 . 2008-02-08 21:52 <DIR> d-------- C:\Documents and Settings\enduser\Dati applicazioni\Uniblue
2008-02-08 08:10 . 2008-02-07 09:10 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-02-08 08:10 . 2008-02-07 09:10 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-07 22:56 . 2008-02-07 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nokia
2008-02-07 22:56 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-02-07 22:56 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-02-07 22:56 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-02-07 22:56 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-02-07 09:10 . 2008-02-07 09:10 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
2008-02-03 17:12 . 2008-02-03 17:28 828 --a------ C:\WINDOWS\QT$INST$.~PC
2008-02-02 22:50 . 2008-02-03 19:17 <DIR> d-------- C:\Documents and Settings\enduser\Dati applicazioni\DivX
2008-02-02 22:45 . 2008-01-04 22:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-02-02 22:45 . 2008-01-04 22:58 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-02-02 22:45 . 2008-01-04 22:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-02-01 22:27 . 2008-02-01 22:27 <DIR> d-------- C:\Documents and Settings\enduser\Dati applicazioni\TVU networks
2008-02-01 22:27 . 2008-02-01 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TVU networks
2008-02-01 21:25 . 2008-02-01 21:48 <DIR> d-------- C:\Programmi\WinMPG VideoConvert
2008-02-01 18:21 . 2002-06-08 20:00 466,944 --a------ C:\WINDOWS\system32\iviaudio.ax
2008-02-01 18:21 . 2000-06-30 17:40 139,264 --a------ C:\WINDOWS\system32\Mpeg2Decoder.ax
2008-02-01 18:21 . 2000-06-26 13:13 94,208 --a------ C:\WINDOWS\system32\Mpeg2Parser.ax
2008-02-01 16:41 . 2008-02-01 16:41 <DIR> d-------- C:\Programmi\Xvid
2008-02-01 16:41 . 2005-04-04 13:35 745,472 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-01 16:41 . 2005-04-04 13:52 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-01 16:41 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-02-01 16:38 . 2008-02-01 16:38 <DIR> d-------- C:\Programmi\Apple Software Update
2008-02-01 16:38 . 2008-02-01 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-01-31 22:27 . 2008-01-31 22:27 <DIR> d-------- C:\Programmi\TCWorks
2008-01-31 22:27 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-01-31 22:27 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-01-31 22:27 . 2001-10-19 14:39 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-01-31 22:27 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-01-31 22:27 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-01-31 22:27 . 2002-08-02 16:33 149,570 --a------ C:\WINDOWS\WMSysPr8.prx
2008-01-31 22:27 . 2001-10-29 15:41 94,208 --a------ C:\WINDOWS\system32\TCPreset202.dll
2008-01-31 22:26 . 2008-01-31 22:26 <DIR> d-------- C:\Programmi\directx
2008-01-31 22:17 . 2002-08-02 16:32 299,520 --a------ C:\WINDOWS\uninst.exe
2008-01-19 20:53 . 2008-01-21 18:04 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-15 15:41 . 2008-01-15 15:41 431 --a------ C:\WINDOWS\mex.bll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 19:12 --------- d-----w C:\Programmi\eMule
2008-02-13 18:46 --------- d-----w C:\Programmi\Mozilla Thunderbird
2008-02-13 16:32 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-02-11 18:03 --------- d-----w C:\Programmi\EPSON
2008-02-08 07:10 --------- d-----w C:\Programmi\File comuni\Panda Software
2008-02-07 22:04 --------- d-----w C:\Programmi\Nokia
2008-02-07 22:04 --------- d-----w C:\Programmi\File comuni\Nokia
2008-02-07 21:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-02-03 16:24 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-02-02 21:45 --------- d-----w C:\Programmi\DivX
2008-02-02 08:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ahead
2008-01-31 21:34 --------- d-----w C:\Programmi\File comuni\Adobe
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-04 21:25 --------- d-----w C:\Programmi\CCleaner
2008-01-03 13:47 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-02 21:32 --------- d-----w C:\Programmi\Google
2007-12-28 22:13 --------- d-----w C:\Programmi\Zwitserleven Round Texel 2003 Screensaver
2007-12-26 11:09 --------- d-----w C:\Documents and Settings\enduser\Dati applicazioni\vlc
2007-12-26 11:08 --------- d-----w C:\Programmi\VideoLAN
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:04 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KillCopy"="C:\WINDOWS\system32\killcopy.exe" [2006-10-29 16:36 1185792]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-06-14 13:12 151552]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 04:12 16062464 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"APVXDWIN"="C:\Programmi\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 15:14 455984]
"MemoREX"="C:\Programmi\MemoRex\MemoRexStart.exe" [2003-07-30 00:37 332288]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

C:\Documents and Settings\enduser\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-22 17:05:38 113664]
Avvio rapido HP Photosmart Premier.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20 73728]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-07 09:10]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-07 09:10]
S3 HSFHWCD2;HSFHWCD2;C:\WINDOWS\system32\DRIVERS\HSFHWCD2.sys [2005-05-03 08:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb3c5a3d-5fb7-11dc-8e1c-be9a1b9132d6}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-07 21:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 14:59:18
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-14 14.59.32
.
2008-02-13 16:02:41 --- E O F ---

[bdoriano]

Ciao lomba,

Si, combofix, per il comportamento che ha, viene visto come pericoloso dagli antivirus.

Comunque non vedo cose (troppo) strane nel suo log.

Fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.

[lomba]

Ciao sei un grande, grazie!
ecco il link:
http://www.freefilehosting.net/download/3c4f9
Ah! che c'è di (poco) strano nel mio log di comboFix?