Olimpo Informatico

[ballack01]

salve....controllando task manager pochi minuti fa mi sono accorto di avere un programma che ieri non avevo, chiamato btdna.exe....è un software che può creare disturbi al mio pc o posso tenerlo senza problemi???grazie

[Sante62]

Ciao ballack01
Non credo che puoi tenerlo...

Anche per te pulizie generiche per cominciare:
CCleaner;
Combofix;
Virit;
Hijackthis;

[ballack01]

ho fatto le scansioni che mi hai detto...virit non mi ha trovato niente...posto i 3 log...


CCleaner:

PULIZIA COMPLETATA - (7.390 sec)
------------------------------------------------------------------------------------------
13,6MB rimossi.
------------------------------------------------------------------------------------------

Dettaglio dei file cancellati
------------------------------------------------------------------------------------------
File Temporanei Internet di IE (1029 file) 13,4MB
C:\Documents and Settings\Massimo\Cookies\massimo@just.advit[1].txt 226 byte
C:\Documents and Settings\Massimo\Cookies\massimo@zune[3].txt 237 byte
C:\Documents and Settings\Massimo\Cookies\massimo@nba.112.2o7[1].txt 112 byte
C:\Documents and Settings\Massimo\Cookies\massimo@msn[3].txt 235 byte
C:\Documents and Settings\Massimo\Cookies\massimo@yahoo[3].txt 164 byte
C:\Documents and Settings\Massimo\Cookies\massimo@nba[2].txt 179 byte
C:\Documents and Settings\Massimo\Cookies\massimo@intellitxt[1].txt 114 byte
C:\Documents and Settings\Massimo\Cookies\massimo@windowsmarketplace[3].txt 265 byte
C:\Documents and Settings\Massimo\Cookies\massimo@www.nba[1].txt 79 byte
C:\Documents and Settings\Massimo\Cookies\massimo@bs.serving-sys[2].txt 152 byte
C:\Documents and Settings\Massimo\Cookies\massimo@tribalfusion[2].txt 187 byte
C:\Documents and Settings\Massimo\Cookies\massimo@imgfarm[1].txt 65 byte
C:\Documents and Settings\Massimo\Cookies\massimo@ccleaner[1].txt 346 byte
C:\Documents and Settings\Massimo\Cookies\massimo@google[3].txt 130 byte
C:\Documents and Settings\Massimo\Cookies\massimo@serving-sys[3].txt 554 byte
C:\Documents and Settings\Massimo\Cookies\massimo@forum.zeusnews[1].txt 530 byte
C:\Documents and Settings\Massimo\Cookies\massimo@live[3].txt 241 byte
C:\Documents and Settings\Massimo\Cookies\massimo@static.nme[1].txt 109 byte
C:\Documents and Settings\Massimo\Cookies\massimo@www.rockol[1].txt 112 byte
C:\Documents and Settings\Massimo\Cookies\massimo@msn[2].txt 235 byte
C:\Documents and Settings\Massimo\Cookies\massimo@zune[2].txt 237 byte
C:\Documents and Settings\Massimo\Cookies\massimo@google[1].txt 130 byte
C:\Documents and Settings\Massimo\Cookies\massimo@live[2].txt 243 byte
C:\Documents and Settings\Massimo\Cookies\massimo@abmr[1].txt 202 byte
C:\Documents and Settings\Massimo\Cookies\massimo@windowsmarketplace[2].txt 265 byte
C:\Documents and Settings\Massimo\Cookies\massimo@yahoo[2].txt 162 byte
C:\Documents and Settings\Massimo\Cookies\massimo@myspace[2].txt 452 byte
C:\Documents and Settings\Massimo\Cookies\massimo@delb.opt.fimserve[1].txt 121 byte
C:\Documents and Settings\Massimo\Cookies\massimo@opt.fimserve[2].txt 245 byte
C:\Documents and Settings\Massimo\Cookies\massimo@google[2].txt 137 byte
C:\Documents and Settings\Massimo\Cookies\massimo@imagehosting[2].txt 379 byte
C:\Documents and Settings\Massimo\Cookies\massimo@nb.myspace[1].txt 202 byte
C:\Documents and Settings\Massimo\Cookies\massimo@www.myspace[1].txt 205 byte
C:\Documents and Settings\Massimo\Cookies\massimo@rcsadv[1].txt 84 byte
C:\Documents and Settings\Massimo\Cookies\massimo@mediaservices.myspace[2].txt 170 byte
C:\Documents and Settings\Massimo\Cookies\massimo@oasisfr[2].txt 401 byte
C:\Documents and Settings\Massimo\Cookies\massimo@wikipedia[1].txt 339 byte
C:\Documents and Settings\Massimo\Cookies\massimo@www.corriere[1].txt 116 byte
C:\Documents and Settings\Massimo\Cookies\massimo@rockol[1].txt 361 byte
C:\Documents and Settings\Massimo\Cookies\massimo@ilsole24ore[1].txt 90 byte
C:\Documents and Settings\Massimo\Cookies\massimo@media.intelia[2].txt 217 byte
C:\Documents and Settings\Massimo\Cookies\massimo@www.mtv[1].txt 90 byte
C:\Documents and Settings\Massimo\Cookies\massimo@bs.serving-sys[1].txt 146 byte
C:\Documents and Settings\Massimo\Cookies\massimo@stat.onestat[2].txt 180 byte
C:\Documents and Settings\Massimo\Cookies\massimo@serving-sys[2].txt 599 byte
C:\Documents and Settings\Massimo\Cookies\massimo@2o7[2].txt 143 byte
C:\Documents and Settings\Massimo\Cookies\massimo@www.bose[1].txt 95 byte
C:\Documents and Settings\Massimo\Cookies\massimo@mtv[2].txt 477 byte
C:\Documents and Settings\Massimo\Cookies\massimo@newsic[1].txt 358 byte
C:\Documents and Settings\Massimo\Cookies\massimo@indie-rock[2].txt 396 byte
Contrassegnato per la cancellazione: C:\Documents and Settings\Massimo\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
Contrassegnato per la cancellazione: C:\Documents and Settings\Massimo\Cookies\index.dat
Contrassegnato per la cancellazione: C:\Documents and Settings\Massimo\Impostazioni locali\Cronologia\History.IE5\index.dat
C:\WINDOWS\TEMP\WGAErrLog.txt 255 byte
C:\WINDOWS\TEMP\MpCmdRun.log 1,41KB
C:\WINDOWS\TEMP\WGANotify.settings 409 byte
C:\Documents and Settings\Massimo\Impostazioni locali\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 0 1,77KB
C:\Documents and Settings\Massimo\Impostazioni locali\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 1 2,65KB
C:\Documents and Settings\Massimo\Impostazioni locali\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 2 2,62KB
C:\Documents and Settings\Massimo\Impostazioni locali\Temp\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn feed 0 1,88KB
C:\Documents and Settings\Massimo\Impostazioni locali\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn upgrade status 109 byte
C:\Documents and Settings\Massimo\Impostazioni locali\Temp\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn upgrade status 109 byte
C:\Documents and Settings\Massimo\Impostazioni locali\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn upgrade status 109 byte
C:\Documents and Settings\Massimo\Impostazioni locali\Temp\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn update 358 byte
C:\Documents and Settings\Massimo\Impostazioni locali\Temp\wmplog00.sqm 1,36KB
C:\Documents and Settings\Massimo\Impostazioni locali\Temp\SSUPDATE.EXE 0,15MB
C:\Documents and Settings\Massimo\Impostazioni locali\Temp\jusched.log 173 byte
C:\WINDOWS\system32\wbem\Logs\wbemess.log 8,52KB
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 520 byte
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 67 byte
C:\WINDOWS\setupapi.log 444 byte
C:\WINDOWS\0.log 0 byte
C:\WINDOWS\KB951698.log 4,25KB
C:\Programmi\eMule\config\AC_SearchStrings.dat 844 byte
C:\Documents and Settings\Massimo\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\W32ND84J\www.youtube.com\soundData.sol 58 byte
C:\Documents and Settings\Massimo\Dati applicazioni\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 byte
C:\Documents and Settings\Massimo\Dati applicazioni\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 438 byte
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Scans\History\Results\Quick\{6AAF8705-3B14-4C55-9645-52A66F97CA5F} 5,38KB

Combofix:

ComboFix 08-06-09.7 - Massimo 2008-06-11 12.35.26.5 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.396 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Massimo\Documenti\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-05-11 al 2008-06-11 )))))))))))))))))))))))))))))))))))
.

2008-06-11 12:05 . 2008-06-11 12:05 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-10 19:59 . 2008-06-10 19:59 <DIR> d-------- C:\Programmi\CCleaner
2008-06-06 17:56 . 2008-06-06 17:56 <DIR> d-------- C:\Programmi\uTorrent
2008-06-06 17:56 . 2008-06-06 17:56 <DIR> d-------- C:\Documents and Settings\Massimo\Dati applicazioni\uTorrent
2008-06-06 17:52 . 2008-06-06 17:52 <DIR> d-------- C:\Programmi\DNA
2008-06-06 17:52 . 2008-06-06 17:52 <DIR> d-------- C:\Programmi\BitTorrent
2008-06-06 17:52 . 2008-06-06 17:52 <DIR> d-------- C:\Documents and Settings\Massimo\Dati applicazioni\DNA
2008-06-06 17:52 . 2008-06-06 17:52 <DIR> d-------- C:\Documents and Settings\Massimo\Dati applicazioni\BitTorrent
2008-06-06 17:30 . 2008-06-06 17:30 <DIR> d--hs---- C:\FOUND.000
2008-06-03 00:27 . 2005-11-25 22:46 421,888 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-05-26 11:25 . 2008-06-01 18:33 820 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-05-24 12:11 . 2008-05-24 14:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-24 12:11 . 2008-05-24 14:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-23 18:43 . 2005-08-15 17:54 1,536 --a------ C:\WINDOWS\system32\hidec.exe
2008-05-23 18:35 . 2008-05-23 18:35 <DIR> d-------- C:\Programmi\VAIOXP
2008-05-23 11:16 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-22 10:03 . 2008-05-22 10:03 <DIR> d-------- C:\VundoFix Backups
2008-05-21 18:46 . 2008-05-21 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-05-21 18:45 . 2008-05-21 18:45 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-05-21 18:45 . 2008-05-21 18:45 <DIR> d-------- C:\Documents and Settings\Massimo\Dati applicazioni\SUPERAntiSpyware.com
2008-05-21 12:40 . 2008-06-11 12:00 2,206 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-20 15:20 . 2008-05-20 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2008-05-20 15:18 . 2008-05-20 15:18 <DIR> d-------- C:\Temp
2008-05-20 13:21 . 2008-05-20 13:21 <DIR> d-------- C:\VEXPLITE
2008-05-19 12:42 . 2004-08-19 23:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-19 12:42 . 2004-08-19 23:39 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-19 12:41 . 2004-08-04 07:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-19 12:41 . 2004-08-04 07:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-18 23:46 . 2008-05-21 13:23 1,185 --a------ C:\WINDOWS\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 15:44 57,632 ----a-w C:\StiImg.dat
2008-05-08 13:11 --------- d-----w C:\Programmi\Easy CD-DA Extractor 10
2008-05-05 14:15 --------- d-----w C:\Programmi\Windows Sidebar
2008-05-01 00:54 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\DataCast
2008-05-01 00:49 --------- d-----w C:\Programmi\Lame MP3 Codec
2008-05-01 00:48 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-05-01 00:48 --------- d-----w C:\Programmi\XviD
2008-05-01 00:48 --------- d-----w C:\Programmi\MarkAny
2008-05-01 00:47 --------- d-----w C:\Programmi\Samsung
2008-04-25 12:56 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-25 12:56 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-25 12:56 --------- d-----w C:\Programmi\File comuni\xing shared
2008-04-18 14:08 --------- d-----w C:\Programmi\Avanquest update
2008-04-18 14:07 24,192 ----a-w C:\Documents and Settings\Massimo\usbsermptxp.sys
2008-04-18 14:07 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-04-18 14:07 22,768 ----a-w C:\Documents and Settings\Massimo\usbsermpt.sys
2008-04-18 14:07 --------- d-----w C:\Programmi\Motorola Phone Tools
2008-04-17 09:45 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-17 09:45 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-11 17:51 --------- d-----w C:\Programmi\Anti-Trojan-55
2008-04-11 17:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-11 17:34 --------- d-----w C:\Programmi\Trojan Remover
2008-04-11 17:34 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\Simply Super Software
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 183,072 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:06 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 22:06 274,432 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-11 14:51 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe
2008-02-27 09:25 148,239 ----a-w C:\Documents and Settings\Massimo\Dati applicazioni\mdbu.bin
2007-04-23 10:45 92,064 ----a-w C:\Documents and Settings\Massimo\mqdmmdm.sys
2007-04-23 10:45 9,232 ----a-w C:\Documents and Settings\Massimo\mqdmmdfl.sys
2007-04-23 10:45 79,328 ----a-w C:\Documents and Settings\Massimo\mqdmserd.sys
2007-04-23 10:45 66,656 ----a-w C:\Documents and Settings\Massimo\mqdmbus.sys
2007-04-23 10:45 6,208 ----a-w C:\Documents and Settings\Massimo\mqdmcmnt.sys
2007-04-23 10:45 5,936 ----a-w C:\Documents and Settings\Massimo\mqdmwhnt.sys
2007-04-23 10:45 4,048 ----a-w C:\Documents and Settings\Massimo\mqdmcr.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-23_ 9.28.34.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 07:18:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 09:59:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-14 17:59:12 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0410-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-06-10 09:07:32 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0410-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2005-10-28 16:44:12 308,224 ----a-w C:\WINDOWS\system32\avisynth.dll
+ 2004-02-22 08:11:10 719,872 ----a-w C:\WINDOWS\system32\devil.dll
+ 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
- 2004-08-19 21:39:16 294,400 ----a-w C:\WINDOWS\system32\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02BFDFDC-876F-4CAA-99A2-29610AA2F5A5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40B05B07-4DD6-484E-9B9B-413779BDD716}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d92dce-02ed-4fa3-b5d2-90b48084c92a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D3D9D15-3BBC-4B57-A467-7077E77C93DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68F0C540-8213-4A0D-991F-4E9BAFDAF3C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F5DDC76-1649-4EFD-B4FA-F9D353488F98}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B088A37-68C2-48E9-BC7B-6BB1E6CECE89}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0289460-E621-4704-A2BF-696C2B4068B1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23:39 15360]
"Packard Bell Data Secure"="C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe" [ ]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 21:29 68856]
"LClock"="C:\Programmi\LClock\LClock.exe" [ ]
"Vista Sidebar"="C:\Programmi\Vista Sidebar\sidebar.exe" [ ]
"ViStart"="C:\Programmi\ViStart\ViStart.exe" [ ]
"ViOrb"="C:\Programmi\ViOrb\ViOrb.exe" [ ]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]
"Sidebar"="C:\Programmi\Windows Sidebar\sidebar.exe" [2007-01-30 07:21 1230848]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2008-06-06 17:52 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-10-02 20:05 36864 C:\WINDOWS\system32\VTTimer.exe]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2003-09-23 09:09 57344 C:\WINDOWS\SOUNDMAN.EXE]
"Disk Monitor"="C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57 466944]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"CloneCDElbyCDFL"="C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 13:09 45056]
"CloneCDTray"="C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 09:12 57344]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-03-13 00:06 921600]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 23:39 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"MsgCenterExe"="C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" [2008-04-25 14:55 69632]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-25 14:55 185896]
"SMSTray"="C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 23:39 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2006-02-14 20:47:36 212992]
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-10-24 17:06:37 49254]
Windows Desktop Search.lnk - C:\Programmi\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 257752]
BlueSoleil.lnk - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-26 12:03:53 1183744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtUnkkh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" -hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\uTorrent\\utorrent.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-04 07:00]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 19:32]
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
S3 gtermddo;gtermddo;C:\DOCUME~1\Massimo\IMPOST~1\Temp\gtermddo.sys []
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-07-28 19:36]
S3 urusba;NEC 228 Command Port Driver;C:\WINDOWS\system32\DRIVERS\urusba.sys [2004-06-09 16:00]
S3 urusbc;NEC 228 CONTROL Driver;C:\WINDOWS\system32\DRIVERS\urusbc.sys [2004-06-09 16:00]
S3 urusbe;NEC 228 ENUMERATION Driver;C:\WINDOWS\system32\DRIVERS\urusbe.sys [2004-06-09 16:00]
S3 urusbm;NEC 228 Modem Driver;C:\WINDOWS\system32\DRIVERS\urusbm.sys [2004-06-09 16:00]
S3 urusbo;NEC 228 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\urusbo.sys [2004-06-09 16:00]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"C:\Programmi\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"C:\Programmi\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
C:\WINDOWS\system32\hidec /W "C:\Programmi\VAIOXP\Tools\regtlib.exe" "C:\Programmi\Windows Sidebar\sidebar.exe"
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-11 10:20:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2008-06-11 10:01:26 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-07 14:35:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-06-10 14:04:14 C:\WINDOWS\Tasks\User_Feed_Synchronization-{1794B3EC-3A3E-45FB-90E8-F3BE0E92163A}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-01-02 18:03:38 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 12:38:47
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-06-11 12.39.14
ComboFix-quarantined-files.txt 2008-06-11 10:39:12
ComboFix4.txt 2008-05-23 07:29:00
ComboFix3.txt 2008-05-23 09:09:46
ComboFix2.txt 2008-06-10 09:20:38

21 Directory 10,064,723,968 byte disponibili
24 Directory 10,056,302,592 byte disponibili

225 --- E O F --- 2008-06-10 09:07:53

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.44.23, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Windows Desktop Search\WindowsSearchFilter.exe
C:\Documents and Settings\Massimo\Documenti\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/news?ned=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {02BFDFDC-876F-4CAA-99A2-29610AA2F5A5} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {2F85D76C-0569-466F-A488-493E6BD0E955} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {40B05B07-4DD6-484E-9B9B-413779BDD716} - (no file)
O2 - BHO: (no name) - {45d92dce-02ed-4fa3-b5d2-90b48084c92a} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D3D9D15-3BBC-4B57-A467-7077E77C93DB} - (no file)
O2 - BHO: (no name) - {68F0C540-8213-4A0D-991F-4E9BAFDAF3C9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7F5DDC76-1649-4EFD-B4FA-F9D353488F98} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B088A37-68C2-48E9-BC7B-6BB1E6CECE89} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D0289460-E621-4704-A2BF-696C2B4068B1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Programmi\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Programmi\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Programmi\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?ca17ac8f33bd418b822794213e219fe8
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?ca17ac8f33bd418b822794213e219fe8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {13EC2BEE-5CAE-48CD-9F55-2074CCAEDF1C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://maxi13mb.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maxi13mb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33E448CD-0EE1-4FC6-A400-5F57C8630964}: NameServer = 85.37.17.7 85.38.28.95
O17 - HKLM\System\CS2\Services\Tcpip\..\{33E448CD-0EE1-4FC6-A400-5F57C8630964}: NameServer = 85.37.17.7 85.38.28.95
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtUnkkh - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12279 bytes

[Sante62]

disattiva il ripristino di sistema e avvia il PC in modalità provvisoria;

Avvia Hijackthis, seleziona queste righe e clicca poi su fix cheched:

[ballack01]

ho fatto ciò che mi hai detto...posto i log di hijackthis e virit...

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.21.18, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\VEXPLITE\VIRITEXP.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Documents and Settings\Massimo\Documenti\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/news?ned=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {02BFDFDC-876F-4CAA-99A2-29610AA2F5A5} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {2F85D76C-0569-466F-A488-493E6BD0E955} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {40B05B07-4DD6-484E-9B9B-413779BDD716} - (no file)
O2 - BHO: (no name) - {45d92dce-02ed-4fa3-b5d2-90b48084c92a} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D3D9D15-3BBC-4B57-A467-7077E77C93DB} - (no file)
O2 - BHO: (no name) - {68F0C540-8213-4A0D-991F-4E9BAFDAF3C9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7F5DDC76-1649-4EFD-B4FA-F9D353488F98} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B088A37-68C2-48E9-BC7B-6BB1E6CECE89} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D0289460-E621-4704-A2BF-696C2B4068B1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Programmi\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Programmi\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Programmi\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?ca17ac8f33bd418b822794213e219fe8
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?ca17ac8f33bd418b822794213e219fe8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {13EC2BEE-5CAE-48CD-9F55-2074CCAEDF1C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://maxi13mb.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maxi13mb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33E448CD-0EE1-4FC6-A400-5F57C8630964}: NameServer = 85.37.17.7 85.38.28.95
O17 - HKLM\System\CS2\Services\Tcpip\..\{33E448CD-0EE1-4FC6-A400-5F57C8630964}: NameServer = 85.37.17.7 85.38.28.95
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtUnkkh - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11887 bytes

virit:

12/06/2008 - 11:51:12

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 69512.
Files Totali: 69512.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[Sante62]

Avvia Hijackthis e fixa nuovamente queste righe, alla modalità normale;

se hai attivo il TTimer di Spybot disattivalo momentaneamente, compreso anche l'antivirus e chiudi tutte le finestre:

[ballack01]

Ho fatto ciò che mi hai detto....posto il log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.54.19, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Massimo\Documenti\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/news?ned=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Programmi\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Programmi\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Programmi\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?ca17ac8f33bd418b822794213e219fe8
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?ca17ac8f33bd418b822794213e219fe8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {13EC2BEE-5CAE-48CD-9F55-2074CCAEDF1C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://maxi13mb.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maxi13mb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtUnkkh - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 10766 bytes

e qui sotto metto il risultato della scansione con systemscan

[URL="http://www.freefilehosting.net/download/3ia47"]report_1213276522439.txt[/URL]

[Sante62]

Il log di systemscan sembra pulito;

adesso collegati a Kaspersky online scanner e procedi con la scansione estesa del PC..

[ballack01]

Kaspersky mi ha trovato un file infetto, che era già nella quarantena del mio antivirus, NOD32...posto il log di Kaspersky

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 10:43:33
Records in database: 859435


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 68532
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 01:44:12

File name Threat name Threats count
C:\Programmi\Eset\infected\THGS4YCA.NQF Infected: Trojan.Win32.LowZones.gb 1

The selected area was scanned.

Posso cancellare il file dalla quarantena di NOD?

[Sante62]

Puoi cancellare tutta la quarantena di Nod...

riscontri altri problemi?

[ballack01]

ora no...ma btdna non mi dava problemi, lo vedevo come file in task manager e basta...grazie comunque dell'aiuto che mi hai dato...

[Sante62]

Prego...

[Sante62]

Prego...