Olimpo Informatico

birilule · Comune mortale Registrato: 22/05/08 20:23 Messaggi: 3

Proviene da qui

NFix_2008-05-22_16-16-24.log

bdoriano

Ciao birilule, Ciao

Manca il log di combofix.

Disabilita il ripristino di sistema.
Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Fai una scansione cone Norman Malware Cleaner.
- Scarica il programma
- Avvia il pc in modalità provvisoria.
- Avvia Norman Malware Cleaner e fagli fare la scansione completa.
- Alla fine della scansione viene generato un log sul desktop chiamato NFix_2008-MM-gg_hh-mm-ss.log.
Riavvia il computer in modalità normale
Segui le istruzioni di questo topic per eseguire combofix.
Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di Norman Malware Cleaner su FreeFileHosting come indicato qui e posta il link che ti viene assegnato
- Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio

Per cortesia, non accodarti ai topic di altri utenti.
Per quanto il problema possa sembrare simile, la soluzione (e l'approccio) possono essere molto diversi. Ti ringrazio per la collaborazione.

PS: se vuoi, puoi presentarti qui

birilule · Comune mortale Registrato: 22/05/08 20:23 Messaggi: 3

scusate ma sto' impazzendo
ComboFix 08-05-21.3 - Daniele 2008-05-24 1.20.29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.460 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Daniele\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-23 al 2008-05-23 )))))))))))))))))))))))))))))))))))
.

2008-05-23 18:45 . 2008-05-23 18:45 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-23 18:44 . 2008-05-24 00:50 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\skypePM
2008-05-23 18:41 . 2008-05-24 01:22 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\Skype
2008-05-23 18:37 . 2008-05-23 18:38 <DIR> d-------- C:\Programmi\Skype
2008-05-23 18:37 . 2008-05-23 18:37 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-05-23 18:34 . 2008-05-23 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-04-28 10:23 . 2008-04-28 10:23 <DIR> d-------- C:\Programmi\16Jugs
2008-04-27 10:57 . 2008-04-27 10:57 <DIR> d-------- C:\Programmi\iPod
2008-04-27 10:57 . 2008-05-24 00:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-27 10:57 . 2008-04-27 10:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-27 10:34 . 2008-04-27 10:34 <DIR> d-------- C:\Programmi\File comuni\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 22:48 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd6781.sys
2008-05-22 14:58 --------- d-----w C:\Programmi\MessengerDiscovery
2008-05-21 10:48 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-05-20 12:09 --------- d-----w C:\Programmi\Motorola Phone Tools
2008-05-20 12:05 --------- d-----w C:\Programmi\Avanquest update
2008-04-28 08:24 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\16Jugs
2008-04-28 08:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Bags Plus Online Chin
2008-04-27 08:57 --------- d-----w C:\Programmi\iTunes
2008-04-27 08:54 --------- d-----w C:\Programmi\QuickTime
2008-04-27 08:34 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-27 08:34 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-27 08:34 --------- d-----w C:\Programmi\File comuni\Real
2008-04-06 10:32 --------- d-----w C:\Programmi\Yahoo!
2008-04-06 10:24 --------- d-----w C:\Programmi\Google
2008-04-06 10:21 --------- d-----w C:\Programmi\Windows Live
2008-04-06 10:20 --------- d-----w C:\Programmi\MySpace
2008-04-04 14:11 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\FileZilla
2008-03-28 13:48 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-03-26 10:19 --------- d-----w C:\Programmi\Java
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 10:19 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-03 11:22 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-02-09 11:30 92,064 ----a-w C:\Documents and Settings\Daniele\mqdmmdm.sys
2007-02-09 11:30 9,232 ----a-w C:\Documents and Settings\Daniele\mqdmmdfl.sys
2007-02-09 11:30 79,328 ----a-w C:\Documents and Settings\Daniele\mqdmserd.sys
2007-02-09 11:30 66,656 ----a-w C:\Documents and Settings\Daniele\mqdmbus.sys
2007-02-09 11:30 6,208 ----a-w C:\Documents and Settings\Daniele\mqdmcmnt.sys
2007-02-09 11:30 5,936 ----a-w C:\Documents and Settings\Daniele\mqdmwhnt.sys
2007-02-09 11:30 4,048 ----a-w C:\Documents and Settings\Daniele\mqdmcr.sys
2007-02-09 11:30 25,600 ----a-w C:\Documents and Settings\Daniele\usbsermptxp.sys
2007-02-09 11:30 22,768 ----a-w C:\Documents and Settings\Daniele\usbsermpt.sys
2004-12-15 10:32 2,634,365 ------r C:\Documents and Settings\Daniele\Setup6858.1.12.25.exe
2004-11-24 09:55 6,233,025 ------r C:\Documents and Settings\Daniele\cpm_en_v364.exe
1999-08-18 14:36 135,168 ----a-w C:\WINDOWS\inf\AGFA\message.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"LiteDash"="C:\DOCUME~1\Daniele\DATIAP~1\16Jugs\web skip gram.exe" [2008-04-28 10:22 400384]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 17:01 68096 C:\WINDOWS\SOUNDMAN.EXE]
"ALi5289"="C:\Programmi\ULI5289\ALi5289.exe" [2004-07-24 11:13 405504]
"JMAP5289"="C:\Programmi\ULI5289\JMAP5289.exe" [2004-07-19 09:37 28672]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37 40960]
"EPSON Stylus C66 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.exe" [2003-11-26 20:00 99840]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-03-03 13:22 949376]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-27 10:34 185896]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Online chin internet bolt"="C:\Documents and Settings\All Users\Dati applicazioni\Bags Plus Online Chin\Play Send.exe" [2008-05-24 01:17 2442752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2006-04-13 17:52:57 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= digivcap.dll
"vidc.mmes"= digivcap.dll
"vidc.dv25"= digivcap.dll
"vidc.dv50"= digivcap.dll
"vidc.mjpg"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2006-10-13 10:08 5726208 C:\Programmi\eMule\emule.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"C:\\Programmi\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"C:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Programmi\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Programmi\\Electric Rain\\Swift 3D\\Version 4.50\\Program\\Swift3D.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 aliidex;aliidex;C:\WINDOWS\system32\drivers\aliidex.sys [2003-03-06 11:26]
R0 aliperf;aliperf;C:\WINDOWS\system32\drivers\aliperf.sys [2003-01-16 16:47]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-07-23 17:00]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2004-07-08 15:58]
R3 JM5289;JM5289;C:\Documents and Settings\Daniele\JM5289.sys []
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 21:19]
S3 DigiPnp;DigiPnp;C:\WINDOWS\system32\Drivers\DigiPnp.sys [2001-09-19 16:30]
S3 G400RT2K;G400RT2K;C:\WINDOWS\system32\DRIVERS\g400RT2Km.sys [2001-09-21 16:04]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-23 23:00:06 C:\WINDOWS\Tasks\A982E2809185998C.job"
- c:\docume~1\daniele\datiap~1\16jugs\Boob Download Load.exe
"2008-05-21 15:08:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-23 23:19:05 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 01:22:10
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-05-24 1.23.24
ComboFix-quarantined-files.txt 2008-05-23 23:22:52
ComboFix2.txt 2008-05-23 23:08:07

9 Directory 11,250,479,104 byte disponibili
11 Directory 11,241,361,408 byte disponibili

156 --- E O F --- 2008-05-16 16:59:39
Logfile of HijackThis v1.99.1
Scan saved at 1.19.36, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ULI5289\ALi5289.exe
C:\Programmi\ULI5289\JMAP5289.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ALi5289] C:\Programmi\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] C:\Programmi\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Online chin internet bolt] C:\Documents and Settings\All Users\Dati applicazioni\Bags Plus Online Chin\Play Send.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LiteDash] C:\DOCUME~1\Daniele\DATIAP~1\16Jugs\web skip gram.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Brothers In Arms.LNK = E:\BIA\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?0c239e9018a34c22a5e2980aac4bb5f1
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?0c239e9018a34c22a5e2980aac4bb5f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150462346069
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-it.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

bdoriano

Crea un file di testo con le seguenti istruzioni:

birilule · Comune mortale Registrato: 22/05/08 20:23 Messaggi: 3

ComboFix 08-05-21.3 - Daniele 2008-05-24 12:25:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.537 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Daniele\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Daniele\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\docume~1\daniele\datiap~1\16jugs\Boob Download Load.exe
C:\DOCUME~1\Daniele\DATIAP~1\16Jugs\web skip gram.exe
C:\Documents and Settings\All Users\Dati applicazioni\Bags Plus Online Chin\Play Send.exe
C:\WINDOWS\Tasks\A982E2809185998C.job
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\daniele\datiap~1\16jugs\Boob Download Load.exe
C:\DOCUME~1\Daniele\DATIAP~1\16Jugs\web skip gram.exe
C:\Documents and Settings\All Users\Dati applicazioni\Bags Plus Online Chin\Play Send.exe
C:\WINDOWS\Tasks\A982E2809185998C.job

.
((((((((((((((((((((((((( Files Creati Da 2008-04-24 al 2008-05-24 )))))))))))))))))))))))))))))))))))
.

2008-05-23 18:45 . 2008-05-23 18:45 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-23 18:44 . 2008-05-24 12:15 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\skypePM
2008-05-23 18:41 . 2008-05-24 12:32 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\Skype
2008-05-23 18:37 . 2008-05-23 18:38 <DIR> d-------- C:\Programmi\Skype
2008-05-23 18:37 . 2008-05-23 18:37 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-05-23 18:34 . 2008-05-23 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-04-28 10:23 . 2008-04-28 10:23 <DIR> d-------- C:\Programmi\16Jugs
2008-04-27 10:57 . 2008-04-27 10:57 <DIR> d-------- C:\Programmi\iPod
2008-04-27 10:57 . 2008-05-24 12:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-27 10:57 . 2008-04-27 10:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-27 10:34 . 2008-04-27 10:34 <DIR> d-------- C:\Programmi\File comuni\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 10:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Bags Plus Online Chin
2008-05-24 10:25 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\16Jugs
2008-05-23 22:48 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd6781.sys
2008-05-22 14:58 --------- d-----w C:\Programmi\MessengerDiscovery
2008-05-21 10:48 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-05-20 12:09 --------- d-----w C:\Programmi\Motorola Phone Tools
2008-05-20 12:05 --------- d-----w C:\Programmi\Avanquest update
2008-04-27 08:57 --------- d-----w C:\Programmi\iTunes
2008-04-27 08:54 --------- d-----w C:\Programmi\QuickTime
2008-04-27 08:34 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-27 08:34 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-27 08:34 --------- d-----w C:\Programmi\File comuni\Real
2008-04-06 10:32 --------- d-----w C:\Programmi\Yahoo!
2008-04-06 10:24 --------- d-----w C:\Programmi\Google
2008-04-06 10:21 --------- d-----w C:\Programmi\Windows Live
2008-04-06 10:20 --------- d-----w C:\Programmi\MySpace
2008-04-04 14:11 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\FileZilla
2008-03-28 13:48 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-03-26 10:19 --------- d-----w C:\Programmi\Java
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 10:19 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-03 11:22 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-02-09 11:30 92,064 ----a-w C:\Documents and Settings\Daniele\mqdmmdm.sys
2007-02-09 11:30 9,232 ----a-w C:\Documents and Settings\Daniele\mqdmmdfl.sys
2007-02-09 11:30 79,328 ----a-w C:\Documents and Settings\Daniele\mqdmserd.sys
2007-02-09 11:30 66,656 ----a-w C:\Documents and Settings\Daniele\mqdmbus.sys
2007-02-09 11:30 6,208 ----a-w C:\Documents and Settings\Daniele\mqdmcmnt.sys
2007-02-09 11:30 5,936 ----a-w C:\Documents and Settings\Daniele\mqdmwhnt.sys
2007-02-09 11:30 4,048 ----a-w C:\Documents and Settings\Daniele\mqdmcr.sys
2007-02-09 11:30 25,600 ----a-w C:\Documents and Settings\Daniele\usbsermptxp.sys
2007-02-09 11:30 22,768 ----a-w C:\Documents and Settings\Daniele\usbsermpt.sys
2004-12-15 10:32 2,634,365 ------r C:\Documents and Settings\Daniele\Setup6858.1.12.25.exe
2004-11-24 09:55 6,233,025 ------r C:\Documents and Settings\Daniele\cpm_en_v364.exe
1999-08-18 14:36 135,168 ----a-w C:\WINDOWS\inf\AGFA\message.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-24_ 1.06.49,62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 22:48:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 10:30:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-23 22:53:30 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-24 10:19:22 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-23 22:53:30 63,180 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-05-24 10:19:22 63,180 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-05-23 22:53:30 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-24 10:19:22 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-23 22:53:30 425,432 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-05-24 10:19:22 425,432 ----a-w C:\WINDOWS\system32\perfh010.dat
- 2008-05-23 22:49:26 12,602 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-05-24 10:30:54 12,602 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-05-24 10:32:28 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_cf0.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 17:01 68096 C:\WINDOWS\SOUNDMAN.EXE]
"ALi5289"="C:\Programmi\ULI5289\ALi5289.exe" [2004-07-24 11:13 405504]
"JMAP5289"="C:\Programmi\ULI5289\JMAP5289.exe" [2004-07-19 09:37 28672]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37 40960]
"EPSON Stylus C66 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.exe" [2003-11-26 20:00 99840]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-03-03 13:22 949376]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-27 10:34 185896]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2006-04-13 17:52:57 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= digivcap.dll
"vidc.mmes"= digivcap.dll
"vidc.dv25"= digivcap.dll
"vidc.dv50"= digivcap.dll
"vidc.mjpg"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2006-10-13 10:08 5726208 C:\Programmi\eMule\emule.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"C:\\Programmi\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"C:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Programmi\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Programmi\\Electric Rain\\Swift 3D\\Version 4.50\\Program\\Swift3D.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 aliidex;aliidex;C:\WINDOWS\system32\drivers\aliidex.sys [2003-03-06 11:26]
R0 aliperf;aliperf;C:\WINDOWS\system32\drivers\aliperf.sys [2003-01-16 16:47]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-07-23 17:00]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2004-07-08 15:58]
R3 JM5289;JM5289;C:\Documents and Settings\Daniele\JM5289.sys []
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 21:19]
S3 DigiPnp;DigiPnp;C:\WINDOWS\system32\Drivers\DigiPnp.sys [2001-09-19 16:30]
S3 G400RT2K;G400RT2K;C:\WINDOWS\system32\DRIVERS\g400RT2Km.sys [2001-09-21 16:04]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-21 15:08:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-24 10:19:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 12:31:06
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-24 12:39:37 - machine was rebooted [Daniele]
ComboFix-quarantined-files.txt 2008-05-24 10:39:34
ComboFix2.txt 2008-05-23 23:23:26
ComboFix3.txt 2008-05-23 23:08:07

9 Directory 11,196,891,136 byte disponibili
12 Directory 11,180,036,096 byte disponibili

197 --- E O F --- 2008-05-16 16:59:39
Logfile of HijackThis v1.99.1
Scan saved at 13.00.55, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ULI5289\ALi5289.exe
C:\Programmi\ULI5289\JMAP5289.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ALi5289] C:\Programmi\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] C:\Programmi\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Brothers In Arms.LNK = E:\BIA\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?0c239e9018a34c22a5e2980aac4bb5f1
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?0c239e9018a34c22a5e2980aac4bb5f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150462346069
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-it.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

bdoriano

OK, dovresti essere a posto.

Per sicurezza, fai questa scansione con Kaspersky.
Al termine della scansione disinstalla Kaspersky.