I can't remowe malwere,my pc doesn't go in the web!

[mistral]

Hi everybody..you are my last solution..
My pc is infected and corruptd but i can't clean it cause antivirus&antispyware doesn't nothing..but when i dgt on goggle a site name I.E. bloks and redirict to many other pages of online casino or other pages of fake antivirus..
I already make run S&D i can post a log in a few minuts,he finds some spyware but then they come inside another time!
My antivirus is NOD32 and he doesn't find anythings that is bad..
I already made a scan online with kasperspy but he told me that my pc is clean..but it's wrong!!
Please can you trie to help me plz?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.16.25, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\HooTech\NetMeter\NetMeter.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Sitecom\Common\WLANUtil.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NetMeter] C:\Programmi\HooTech\NetMeter\NetMeter.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [2ca28a5f] rundll32.exe "C:\WINDOWS\system32\brxxjspb.dll",b
O4 - HKLM\..\Run: [BM2f91b9c3] Rundll32.exe "C:\WINDOWS\system32\ivodnyru.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Programmi\Sitecom\Common\WLANUtil.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Programmi\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Ricerca - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196542547402
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196592515573
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 7028 bytes

[mistral]

Here is the log of Spybot..


--- Search result list ---
DriveCleaner 2006: [SBI $7E4FBD6E] ID di classe (Chiave di registro, nothing done)
HKEY_CLASSES_ROOT\CLSID\InprocServer32

Virtumonde: [SBI $42352499] Impostazioni utente (Chiave di registro, nothing done)
HKEY_USERS\S-1-5-21-261690005-1312432549-43086593-1006\Software\Microsoft\rdfa

Virtumonde: [SBI $47E741CD] Impostazioni (Chiave di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws

Virtumonde.dll: [SBI $A65264B2] Libreria (File, nothing done)
C:\WINDOWS\system32\xxyARhIY.dll

Virtumonde.dll: [SBI $960C7A04] Assistente del browser (BHO) (Chiave di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FACC28A7-B6D2-4240-A2F0-E65152F0DD18}

Virtumonde.dll: [SBI $960C7A04] ID di classe (Chiave di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FACC28A7-B6D2-4240-A2F0-E65152F0DD18}

Virtumonde.dll: [SBI $960C7A04] Assistente del browser (BHO) (Chiave di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FACC28A7-B6D2-4240-A2F0-E65152F0DD18}

Virtumonde.dll: [SBI $960C7A04] ID di classe (Chiave di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FACC28A7-B6D2-4240-A2F0-E65152F0DD18}

Vario.AntiVirus: Cookie tracciante (Internet Explorer: Riotti Stefania) (Cookie, nothing done)


Tradedoubler: Cookie tracciante (Internet Explorer: Riotti Stefania) (Cookie, nothing done)


Clickbank: Cookie tracciante (Internet Explorer: Riotti Stefania) (Cookie, nothing done)


Zedo: Cookie tracciante (Internet Explorer: Riotti Stefania) (Cookie, nothing done)


Right Media: Cookie tracciante (Internet Explorer: Riotti Stefania) (Cookie, nothing done)


MediaPlex: Cookie tracciante (Internet Explorer: Riotti Stefania) (Cookie, nothing done)


Statcounter: Cookie tracciante (Internet Explorer: Riotti Stefania) (Cookie, nothing done)


Vario.AntiVirus: Cookie tracciante (Internet Explorer: Riotti Stefania) (Cookie, nothing done)

[Rorschach112]

Hello

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/comb...o-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.





Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[mistral]

Ok,many thanks man!
Tomorrow morning i'll try!

[Rorschach112]

Ok let me know if you have any trouble

[mistral]

I have try to do Kaspersky online scanner but it bloks the scanning after few files..so i can't do it..

Now i'm going to launch combofix...i feel is working..
after done i post the log..

[mistral]

Here is the log of combofix:

ComboFix 08-05-29.1 - Riotti Stefania 2008-05-29 21.11.37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.398 [GMT 2:00]
Eseguito da: F:\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM2f91b9c3.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bpsjxxrb.ini
C:\WINDOWS\system32\brxxjspb.dll
C:\WINDOWS\system32\cbXoMffE.dll
C:\WINDOWS\system32\ddcBQihI.dll
C:\WINDOWS\system32\efcYOfDw.dll
C:\WINDOWS\system32\eonoydno.dll
C:\WINDOWS\system32\epdpppjs.ini
C:\WINDOWS\system32\gtsiyenu.dll
C:\WINDOWS\system32\hktkewog.dll
C:\WINDOWS\system32\ivodnyru.dll
C:\WINDOWS\system32\ljJdaXnm.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mVFiQqru.ini
C:\WINDOWS\system32\mVFiQqru.ini2
C:\WINDOWS\system32\nqYHkUvw.ini
C:\WINDOWS\system32\nqYHkUvw.ini2
C:\WINDOWS\system32\ondyonoe.tmp
C:\WINDOWS\system32\ondyonoe.tmp2
C:\WINDOWS\system32\opnoPfEw.dll
C:\WINDOWS\system32\oqtAJRqr.ini
C:\WINDOWS\system32\oqtAJRqr.ini2
C:\WINDOWS\system32\raldgbtq.dll
C:\WINDOWS\system32\viehhhtj.dll
C:\WINDOWS\system32\vlcbofjm.ini
C:\WINDOWS\system32\YIhRAyxx.ini
C:\WINDOWS\system32\YIhRAyxx.ini2
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-04-28 al 2008-05-29 )))))))))))))))))))))))))))))))))))
.

2008-05-29 20:39 . 2008-05-29 20:39 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-29 20:39 . 2008-05-29 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-05-28 17:05 . 2008-05-28 17:05 <DIR> d-------- C:\Programmi\CCleaner
2008-05-28 17:04 . 2008-05-28 17:04 <DIR> d-------- C:\VundoFix Backups
2008-05-28 17:04 . 2008-05-28 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-05-28 17:04 . 2008-05-28 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-28 17:04 . 2008-05-28 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-05-28 17:04 . 2008-05-28 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\ATI
2008-05-28 16:20 . 2008-05-28 16:20 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-28 15:43 . 2008-05-28 15:43 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Uniblue
2008-05-27 23:02 . 2008-05-28 17:04 <DIR> d-------- C:\Programmi\Spyware Terminator
2008-05-27 23:02 . 2008-05-28 17:03 <DIR> d-------- C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Spyware Terminator
2008-05-27 23:02 . 2008-05-27 23:02 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-27 23:01 . 2008-05-27 23:01 7,789,520 --a------ C:\Programmi\SpywareTerminatorSetup.exe
2008-05-27 09:38 . 2008-05-28 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-05-27 09:38 . 2008-05-28 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-05-27 09:38 . 2008-05-28 17:04 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-05-27 09:38 . 2008-05-28 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-05-27 09:38 . 2008-05-28 17:04 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-05-27 09:38 . 2008-05-28 17:04 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-27 09:32 . 2008-05-28 17:04 <DIR> d-------- C:\VEXPLITE
2008-05-27 09:32 . 2008-05-27 09:33 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-27 09:31 . 2008-05-27 09:31 2,432,512 --a------ C:\Programmi\vnlt6290.exe
2008-05-26 23:29 . 2008-05-26 23:35 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-05-26 23:13 . 2008-05-26 23:13 <DIR> d-------- C:\Programmi\Windows Defender
2008-05-26 21:59 . 2008-05-26 21:58 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-05-26 21:59 . 2008-05-26 21:58 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-05-26 21:59 . 2008-05-26 21:58 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-05-26 17:48 . 2008-05-26 17:48 <DIR> d-------- C:\kav
2008-05-26 17:48 . 2008-05-26 17:48 31,054,704 --a------ C:\Programmi\kav7.0.1.325en.exe
2008-05-26 09:29 . 2008-05-26 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Uniblue
2008-05-26 01:00 . 2008-05-29 18:45 <DIR> d-------- C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Uniblue
2008-05-26 00:59 . 2008-05-29 18:45 <DIR> d-------- C:\Programmi\Uniblue
2008-05-26 00:23 . 2008-05-26 00:23 407,680 --a------ C:\Programmi\aswclnr.exe
2008-05-25 22:25 . 2008-05-25 22:25 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-05-25 22:25 . 2008-05-25 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-25 22:24 . 2008-05-25 22:24 9,722,720 --a------ C:\Programmi\spybotsd152.exe
2008-05-25 16:17 . 2008-05-25 16:17 <DIR> d-------- C:\Programmi\File comuni\DirectX
2008-05-25 16:17 . 2008-05-25 16:36 0 --a------ C:\tt
2008-05-22 17:23 . 2008-05-22 17:23 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-22 17:23 . 2008-05-22 17:23 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-22 17:23 . 2008-05-22 17:23 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-22 11:39 . 2008-05-22 14:06 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-22 11:39 . 2008-05-22 14:06 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-05-22 11:34 . 2008-05-22 11:34 <DIR> d-------- C:\Documents and Settings\NetworkService\Documenti
2008-05-21 22:05 . 2008-05-21 22:05 <DIR> d-------- C:\Programmi\HooTech
2008-05-21 22:05 . 2008-05-21 22:05 <DIR> d-------- C:\Documents and Settings\Riotti Stefania\Dati applicazioni\HTNetMeter
2008-05-21 22:03 . 2008-05-26 08:55 <DIR> d-------- C:\cartella temporanea downloads
2008-05-21 22:03 . 2008-05-21 22:03 956,416 --a------ C:\Programmi\NetMeterSetup.zip
2008-05-21 21:16 . 2008-05-21 22:08 <DIR> d-------- C:\Documents and Settings\torrents downloads
2008-05-21 15:14 . 2004-08-19 15:25 274,944 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-05-21 15:14 . 2004-08-19 15:25 274,944 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-21 15:14 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-05-21 15:14 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-05-18 12:38 . 2008-05-18 12:40 <DIR> d-------- C:\Programmi\Harry Potter Creative CD
2008-05-16 12:39 . 2008-05-16 12:39 23,510,720 --a------ C:\Programmi\dotnetfx.exe
2008-05-13 15:19 . 2004-08-03 23:10 78,464 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys
2008-05-13 15:19 . 2004-08-03 23:10 78,464 --a--c--- C:\WINDOWS\system32\dllcache\usbvideo.sys
2008-05-13 15:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-13 15:19 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-13 15:19 . 2004-08-19 15:39 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2008-05-13 15:19 . 2004-08-19 15:39 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-05-12 16:19 . 2008-05-29 18:44 <DIR> d-------- C:\Sistema1
2008-05-10 18:34 . 2008-05-10 18:34 <DIR> d-------- C:\Programmi\Picasa2
2008-05-10 18:33 . 2008-05-10 18:33 6,104,632 --a------ C:\Programmi\picasaweb-current-setup.exe
2008-05-02 16:21 . 2008-05-02 16:21 <DIR> d-------- C:\Programmi\Drivers conceprtonics webcam
2008-05-02 16:19 . 2008-05-02 16:19 <DIR> d-------- C:\Programmi\File comuni\snp2std
2008-05-02 16:19 . 2007-01-26 16:48 12,028,032 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2008-05-02 16:19 . 2006-09-15 13:21 675,840 --a------ C:\WINDOWS\vsnp2std.exe
2008-05-02 16:19 . 2006-11-29 16:11 258,048 --a------ C:\WINDOWS\tsnp2std.exe
2008-05-02 16:19 . 2006-10-03 14:35 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2008-05-02 16:19 . 2007-02-05 15:25 151,552 --a------ C:\WINDOWS\system32\rsnp2std.dll
2008-05-02 16:19 . 2006-11-16 15:57 77,824 --a------ C:\WINDOWS\system32\csnp2std.dll
2008-05-02 16:19 . 2007-01-25 18:48 25,472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2008-05-02 16:19 . 2004-12-09 17:23 15,497 --a------ C:\WINDOWS\snp2std.ini
2008-05-02 16:19 . 2004-12-09 17:23 13,022 --a------ C:\WINDOWS\snp2std.src
2008-05-02 10:40 . 2006-05-02 19:03 2,359,350 --a------ C:\WINDOWS\I Lampaclima 1024x768.bmp
2008-05-02 10:40 . 2006-05-02 19:03 1,440,054 --a------ C:\WINDOWS\I Lampaclima 800x600.bmp
2008-05-01 19:42 . 2008-05-01 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ferrero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 19:20 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype
2008-05-29 19:19 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\skypePM
2008-05-29 18:38 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\WholeSecurity
2008-05-29 10:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-05-28 15:11 --------- d--h--w C:\Programmi\FX Uninstall Information
2008-05-28 15:11 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Songbird_vlc
2008-05-28 15:03 --------- d-----w C:\Programmi\Catalogo Elettronico RS
2008-05-28 13:41 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-28 13:41 --------- d-----w C:\Programmi\Winamp
2008-05-26 22:28 --------- d-----w C:\Programmi\ESET
2008-05-26 21:11 5,154,304 ----a-w C:\Programmi\WindowsDefender.msi
2008-05-26 19:48 13,052,096 ----a-w C:\Programmi\nentitst.exe
2008-05-26 13:47 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\uTorrent
2008-05-25 22:36 6,546 ----a-w C:\Programmi\aswclnr.log
2008-05-25 10:11 --------- d-----w C:\Programmi\Ski Alpin
2008-05-25 08:23 --------- d-----w C:\Programmi\Winamp Remote
2008-05-22 12:05 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-05-21 20:00 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Azureus
2008-05-12 17:45 --------- d-----w C:\Programmi\Google
2008-05-01 17:42 --------- d-----w C:\Programmi\Ferrero
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-20 18:49 --------- d-----w C:\Programmi\uTorrent
2008-04-20 12:14 230,432 ----a-w C:\PA207.DAT
2008-04-14 20:24 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-04-13 10:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\OrbNetworks
2008-04-10 16:34 --------- d-----w C:\Programmi\Trust
2008-04-10 16:34 --------- d-----w C:\Programmi\File comuni\PAC207
2008-04-09 20:05 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Winamp
2008-04-08 20:03 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-04-08 18:21 --------- d-----w C:\Programmi\Skype
2008-04-08 18:21 --------- d-----w C:\Programmi\File comuni\Skype
2008-04-08 18:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-22 21:24 18,484,236 ----a-w C:\Programmi\WDM_A404.exe
2008-02-22 20:47 3,876,496 ----a-w C:\Programmi\ffdshow-rev1860_20080215.zip
2008-02-09 17:02 142,542,114 ----a-w C:\Programmi\pokemon 320.avi
2008-02-09 17:00 11,187,119 ----a-w C:\Programmi\BlazeDVDSetup.exe
2008-02-09 16:56 105,158 ----a-w C:\Programmi\install_AVS DVD Player_.exe
2008-01-28 19:52 999,257 ----a-w C:\Programmi\avitoolbox.exe
2008-01-28 18:56 8,017,295 ----a-w C:\Programmi\pci_it_fsguard.exe
2008-01-27 18:55 6,757,262 ----a-w C:\Programmi\AliveVideoConverter.exe
2008-01-27 14:32 18,704,024 ----a-w C:\Programmi\setupita.exe
2008-01-27 14:32 17,021,984 ----a-w C:\Programmi\DivXInstaller.exe
2008-01-20 20:50 4,820,498 ----a-w C:\Programmi\dcloner.exe
2007-12-01 20:34 12,413,440 ----a-w C:\Programmi\avgas-setup-7.5.1.43.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E563FD4-4F92-4FE4-B301-8A53B567356C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24C766D3-BF71-40CC-B22D-150EBC76992B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D6368AC-6CB1-4A15-B955-3AE8EAB9B60A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{331bea75-a77e-4360-89d6-2b7f6106c71b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4262A2A4-3D26-43C7-A162-F058EE503862}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E8F46E5-291B-4E9E-9AB1-A0AB8A26FC0A}]
C:\WINDOWS\system32\xxyARhIY.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73D83EDD-18B1-48AC-BECC-F6AD5B98B6D4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{821d0da8-2861-46a9-bb3a-1093f89dd9f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD714BC-D36C-487B-8142-8BA020FB6535}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB97677B-F3F2-425C-B139-6A1EF926816B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F166655E-8DBD-4E98-ADF1-58FDFBF133E7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-02-06 18:24 21898024]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:56 204288]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-01 22:43 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]
"VTTimer"="VTTimer.exe" [2005-09-23 13:29 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-23 13:29 147456 C:\WINDOWS\system32\VTTrayp.exe]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-11-29 16:11 258048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"NetMeter"="C:\Programmi\HooTech\NetMeter\NetMeter.exe" [2006-03-07 16:45 442368]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 16:09 63712]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-05-26 21:58 949376]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-27 23:02 1817600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2007-12-01 22:43:19 126136]
Sitecom Wireless Utility.lnk - C:\Programmi\Sitecom\Common\WLANUtil.exe [2008-01-19 17:55:37 679936]
TL-WN321G Wireless Utility.lnk - C:\Programmi\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-01-27 15:46:38 622592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJdaXnm]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD"=
"C:\\Programmi\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Programmi\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Programmi\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-09-05 12:25]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 08:23]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-27 23:02]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-04-25 14:47]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-01-26 16:48]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 10:26]
S3 S3chipid;S3chipid;C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a70966b-ccde-11dc-a004-0019e08c42fc}]
\Shell\AutoRun\command - edveokw.exe
\Shell\explore\Command - edveokw.exe
\Shell\open\Command - edveokw.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-29 19:20:36 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2008-05-26 07:35:33 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-26 07:35:32 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-28 14:08:10 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 21:21:41
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\ESET\nod32krn.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-29 21:23:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-29 19:23:30

17 Directory 118,762,921,984 byte disponibili
20 Directory 118,693,855,232 byte disponibili

289 --- E O F --- 2008-05-29 12:31:33

[mistral]

This is HijackThis log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.37.58, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\HooTech\NetMeter\NetMeter.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Sitecom\Common\WLANUtil.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E8F46E5-291B-4E9E-9AB1-A0AB8A26FC0A} - C:\WINDOWS\system32\xxyARhIY.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NetMeter] C:\Programmi\HooTech\NetMeter\NetMeter.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Programmi\Sitecom\Common\WLANUtil.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Programmi\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Ricerca - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196542547402
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196592515573
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 7603 bytes

Now i try again with Kasperky onlinescan..

[mistral]

KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 10:42:16 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 812777


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 46347
Number of viruses found 7
Number of infected objects 23
Number of suspicious objects 0
Duration of the scan process 00:45:53

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Support\MPLog-05262008-231334.log Object is locked skipped

C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\HTNetMeter\sum.log Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\call256.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\chat1024.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\chat256.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\chat512.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\chatmsg1024.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\chatmsg2048.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\chatsync\03\03645e22e6470175.dat Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\chatsync\c1\c15cb1e0fe7d962b.dat Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\index2.dat Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\profile4096.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\transfer256.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\user1024.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\user16384.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype\mistralkappa\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Impostazioni locali\Cronologia\History.IE5\MSHist012008052920080530\index.dat Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Impostazioni locali\Dati applicazioni\ApplicationHistory\cli.exe.af01e8cc.ini.inuse Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Impostazioni locali\Dati applicazioni\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Impostazioni locali\Temp\Perflib_Perfdata_1fc.dat Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Impostazioni locali\Temp\Perflib_Perfdata_9c8.dat Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Impostazioni locali\Temp\Perflib_Perfdata_a84.dat Object is locked skipped

C:\Documents and Settings\Riotti Stefania\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Riotti Stefania\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Riotti Stefania\ntuser.dat.LOG Object is locked skipped

C:\Programmi\ESET\cache\CACHE.NDB Object is locked skipped

C:\Programmi\ESET\logs\virlog.dat Object is locked skipped

C:\Programmi\ESET\logs\warnlog.dat Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\brxxjspb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.vjr skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\eonoydno.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ttc skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\gtsiyenu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ivodnyru.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ttg skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\raldgbtq.dll.vir Infected: Trojan-Downloader.Win32.ConHook.te skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\viehhhtj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ttg skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP116\A0048188.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP116\A0048189.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ttc skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP116\A0048190.dll Infected: Trojan-Downloader.Win32.ConHook.te skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP120\A0050916.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tti skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP124\A0052177.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vjr skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP124\A0052229.dll Infected: Trojan-Downloader.Win32.ConHook.te skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP124\A0052230.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ttg skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP124\A0052233.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ttg skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP126\A0054057.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vjr skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP126\A0054061.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ttc skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP126\A0054062.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP126\A0054064.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ttg skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP126\A0054067.dll Infected: Trojan-Downloader.Win32.ConHook.te skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP126\A0054068.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ttg skipped

C:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP126\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP125\A0054045.exe/data/InstID.exe Infected: not-a-virus:Dialer.Win32.InterDialer.a skipped

D:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP125\A0054045.exe/data Infected: not-a-virus:Dialer.Win32.InterDialer.a skipped

D:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP125\A0054045.exe PaquetBuilder: infected - 2 skipped

D:\System Volume Information\_restore{77CDC078-25D4-4542-9946-85C66BD1ECF8}\RP126\change.log Object is locked skipped

Scan process completed.

[mistral]

And this is combofix with windows recovery..
before i missed...

ComboFix 08-05-29.1 - Riotti Stefania 2008-05-29 22.50.02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.505 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Riotti Stefania\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Riotti Stefania\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
* Creato nuovo punto di ripristino
* Resident AV is active

.

((((((((((((((((((((((((( Files Creati Da 2008-04-28 al 2008-05-29 )))))))))))))))))))))))))))))))))))
.

2008-05-29 21:41 . 2008-05-29 21:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-29 21:41 . 2008-05-29 21:41 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-29 21:41 . 2008-05-29 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-05-28 17:05 . 2008-05-28 17:05 <DIR> d-------- C:\Programmi\CCleaner
2008-05-28 17:04 . 2008-05-28 17:04 <DIR> d-------- C:\VundoFix Backups
2008-05-28 17:04 . 2008-05-28 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-05-28 17:04 . 2008-05-28 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-28 17:04 . 2008-05-28 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-05-28 17:04 . 2008-05-28 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\ATI
2008-05-28 16:20 . 2008-05-28 16:20 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-28 15:43 . 2008-05-28 15:43 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Uniblue
2008-05-27 23:02 . 2008-05-28 17:04 <DIR> d-------- C:\Programmi\Spyware Terminator
2008-05-27 23:02 . 2008-05-28 17:03 <DIR> d-------- C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Spyware Terminator
2008-05-27 23:02 . 2008-05-27 23:02 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-27 23:01 . 2008-05-27 23:01 7,789,520 --a------ C:\Programmi\SpywareTerminatorSetup.exe
2008-05-27 09:38 . 2008-05-28 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-05-27 09:38 . 2008-05-28 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-05-27 09:38 . 2008-05-28 17:04 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-05-27 09:38 . 2008-05-29 22:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-05-27 09:38 . 2008-05-28 17:04 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-05-27 09:38 . 2008-05-28 17:04 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-27 09:32 . 2008-05-28 17:04 <DIR> d-------- C:\VEXPLITE
2008-05-27 09:32 . 2008-05-27 09:33 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-27 09:31 . 2008-05-27 09:31 2,432,512 --a------ C:\Programmi\vnlt6290.exe
2008-05-26 23:29 . 2008-05-26 23:35 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-05-26 23:13 . 2008-05-26 23:13 <DIR> d-------- C:\Programmi\Windows Defender
2008-05-26 21:59 . 2008-05-26 21:58 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-05-26 21:59 . 2008-05-26 21:58 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-05-26 21:59 . 2008-05-26 21:58 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-05-26 17:48 . 2008-05-26 17:48 <DIR> d-------- C:\kav
2008-05-26 17:48 . 2008-05-26 17:48 31,054,704 --a------ C:\Programmi\kav7.0.1.325en.exe
2008-05-26 09:29 . 2008-05-26 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Uniblue
2008-05-26 01:00 . 2008-05-29 18:45 <DIR> d-------- C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Uniblue
2008-05-26 00:59 . 2008-05-29 18:45 <DIR> d-------- C:\Programmi\Uniblue
2008-05-26 00:23 . 2008-05-26 00:23 407,680 --a------ C:\Programmi\aswclnr.exe
2008-05-25 22:25 . 2008-05-25 22:25 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-05-25 22:25 . 2008-05-25 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-25 22:24 . 2008-05-25 22:24 9,722,720 --a------ C:\Programmi\spybotsd152.exe
2008-05-25 16:17 . 2008-05-25 16:17 <DIR> d-------- C:\Programmi\File comuni\DirectX
2008-05-25 16:17 . 2008-05-25 16:36 0 --a------ C:\tt
2008-05-22 17:23 . 2008-05-22 17:23 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-22 17:23 . 2008-05-22 17:23 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-22 17:23 . 2008-05-22 17:23 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-22 11:39 . 2008-05-22 14:06 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-22 11:39 . 2008-05-22 14:06 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-05-22 11:34 . 2008-05-22 11:34 <DIR> d-------- C:\Documents and Settings\NetworkService\Documenti
2008-05-21 22:05 . 2008-05-21 22:05 <DIR> d-------- C:\Programmi\HooTech
2008-05-21 22:05 . 2008-05-21 22:05 <DIR> d-------- C:\Documents and Settings\Riotti Stefania\Dati applicazioni\HTNetMeter
2008-05-21 22:03 . 2008-05-26 08:55 <DIR> d-------- C:\cartella temporanea downloads
2008-05-21 22:03 . 2008-05-21 22:03 956,416 --a------ C:\Programmi\NetMeterSetup.zip
2008-05-21 21:16 . 2008-05-21 22:08 <DIR> d-------- C:\Documents and Settings\torrents downloads
2008-05-21 15:14 . 2004-08-19 15:25 274,944 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-05-21 15:14 . 2004-08-19 15:25 274,944 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-21 15:14 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-05-21 15:14 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-05-18 12:38 . 2008-05-18 12:40 <DIR> d-------- C:\Programmi\Harry Potter Creative CD
2008-05-16 12:39 . 2008-05-16 12:39 23,510,720 --a------ C:\Programmi\dotnetfx.exe
2008-05-13 15:19 . 2004-08-03 23:10 78,464 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys
2008-05-13 15:19 . 2004-08-03 23:10 78,464 --a--c--- C:\WINDOWS\system32\dllcache\usbvideo.sys
2008-05-13 15:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-13 15:19 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-13 15:19 . 2004-08-19 15:39 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2008-05-13 15:19 . 2004-08-19 15:39 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-05-12 16:19 . 2008-05-29 18:44 <DIR> d-------- C:\Sistema1
2008-05-10 18:34 . 2008-05-10 18:34 <DIR> d-------- C:\Programmi\Picasa2
2008-05-10 18:33 . 2008-05-10 18:33 6,104,632 --a------ C:\Programmi\picasaweb-current-setup.exe
2008-05-02 16:21 . 2008-05-02 16:21 <DIR> d-------- C:\Programmi\Drivers conceprtonics webcam
2008-05-02 16:19 . 2008-05-02 16:19 <DIR> d-------- C:\Programmi\File comuni\snp2std
2008-05-02 16:19 . 2007-01-26 16:48 12,028,032 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2008-05-02 16:19 . 2006-09-15 13:21 675,840 --a------ C:\WINDOWS\vsnp2std.exe
2008-05-02 16:19 . 2006-11-29 16:11 258,048 --a------ C:\WINDOWS\tsnp2std.exe
2008-05-02 16:19 . 2006-10-03 14:35 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2008-05-02 16:19 . 2007-02-05 15:25 151,552 --a------ C:\WINDOWS\system32\rsnp2std.dll
2008-05-02 16:19 . 2006-11-16 15:57 77,824 --a------ C:\WINDOWS\system32\csnp2std.dll
2008-05-02 16:19 . 2007-01-25 18:48 25,472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2008-05-02 16:19 . 2004-12-09 17:23 15,497 --a------ C:\WINDOWS\snp2std.ini
2008-05-02 16:19 . 2004-12-09 17:23 13,022 --a------ C:\WINDOWS\snp2std.src
2008-05-02 10:40 . 2006-05-02 19:03 2,359,350 --a------ C:\WINDOWS\I Lampaclima 1024x768.bmp
2008-05-02 10:40 . 2006-05-02 19:03 1,440,054 --a------ C:\WINDOWS\I Lampaclima 800x600.bmp
2008-05-01 19:42 . 2008-05-01 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ferrero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 20:18 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Skype
2008-05-29 20:12 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\WholeSecurity
2008-05-29 19:19 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\skypePM
2008-05-29 10:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-05-28 15:11 --------- d--h--w C:\Programmi\FX Uninstall Information
2008-05-28 15:11 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Songbird_vlc
2008-05-28 15:03 --------- d-----w C:\Programmi\Catalogo Elettronico RS
2008-05-28 13:41 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-28 13:41 --------- d-----w C:\Programmi\Winamp
2008-05-26 22:28 --------- d-----w C:\Programmi\ESET
2008-05-26 21:11 5,154,304 ----a-w C:\Programmi\WindowsDefender.msi
2008-05-26 19:48 13,052,096 ----a-w C:\Programmi\nentitst.exe
2008-05-26 13:47 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\uTorrent
2008-05-25 22:36 6,546 ----a-w C:\Programmi\aswclnr.log
2008-05-25 10:11 --------- d-----w C:\Programmi\Ski Alpin
2008-05-25 08:23 --------- d-----w C:\Programmi\Winamp Remote
2008-05-22 12:05 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-05-21 20:00 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Azureus
2008-05-12 17:45 --------- d-----w C:\Programmi\Google
2008-05-01 17:42 --------- d-----w C:\Programmi\Ferrero
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-20 18:49 --------- d-----w C:\Programmi\uTorrent
2008-04-20 12:14 230,432 ----a-w C:\PA207.DAT
2008-04-14 20:24 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-04-13 10:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\OrbNetworks
2008-04-10 16:34 --------- d-----w C:\Programmi\Trust
2008-04-10 16:34 --------- d-----w C:\Programmi\File comuni\PAC207
2008-04-09 20:05 --------- d-----w C:\Documents and Settings\Riotti Stefania\Dati applicazioni\Winamp
2008-04-08 20:03 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-04-08 18:21 --------- d-----w C:\Programmi\Skype
2008-04-08 18:21 --------- d-----w C:\Programmi\File comuni\Skype
2008-04-08 18:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-22 21:24 18,484,236 ----a-w C:\Programmi\WDM_A404.exe
2008-02-22 20:47 3,876,496 ----a-w C:\Programmi\ffdshow-rev1860_20080215.zip
2008-02-09 17:02 142,542,114 ----a-w C:\Programmi\pokemon 320.avi
2008-02-09 17:00 11,187,119 ----a-w C:\Programmi\BlazeDVDSetup.exe
2008-02-09 16:56 105,158 ----a-w C:\Programmi\install_AVS DVD Player_.exe
2008-01-28 19:52 999,257 ----a-w C:\Programmi\avitoolbox.exe
2008-01-28 18:56 8,017,295 ----a-w C:\Programmi\pci_it_fsguard.exe
2008-01-27 18:55 6,757,262 ----a-w C:\Programmi\AliveVideoConverter.exe
2008-01-27 14:32 18,704,024 ----a-w C:\Programmi\setupita.exe
2008-01-27 14:32 17,021,984 ----a-w C:\Programmi\DivXInstaller.exe
2008-01-20 20:50 4,820,498 ----a-w C:\Programmi\dcloner.exe
2007-12-01 20:34 12,413,440 ----a-w C:\Programmi\avgas-setup-7.5.1.43.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E8F46E5-291B-4E9E-9AB1-A0AB8A26FC0A}]
C:\WINDOWS\system32\xxyARhIY.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-02-06 18:24 21898024]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:56 204288]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-01 22:43 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]
"VTTimer"="VTTimer.exe" [2005-09-23 13:29 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-23 13:29 147456 C:\WINDOWS\system32\VTTrayp.exe]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-11-29 16:11 258048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"NetMeter"="C:\Programmi\HooTech\NetMeter\NetMeter.exe" [2006-03-07 16:45 442368]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 16:09 63712]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-05-26 21:58 949376]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-27 23:02 1817600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2007-12-01 22:43:19 126136]
Sitecom Wireless Utility.lnk - C:\Programmi\Sitecom\Common\WLANUtil.exe [2008-01-19 17:55:37 679936]
TL-WN321G Wireless Utility.lnk - C:\Programmi\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-01-27 15:46:38 622592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD"=
"C:\\Programmi\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Programmi\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Programmi\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-09-05 12:25]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 08:23]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-27 23:02]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-01-26 16:48]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 10:26]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-04-25 14:47]
S3 S3chipid;S3chipid;C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a70966b-ccde-11dc-a004-0019e08c42fc}]
\Shell\AutoRun\command - edveokw.exe
\Shell\explore\Command - edveokw.exe
\Shell\open\Command - edveokw.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-29 19:20:36 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2008-05-26 07:35:33 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-26 07:35:32 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-28 14:08:10 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 22:51:51
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-05-29 22.52.27
ComboFix-quarantined-files.txt 2008-05-29 20:52:19
ComboFix2.txt 2008-05-29 19:23:41

17 Directory 118,668,460,032 byte disponibili
21 Directory 118,643,359,744 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition SP2" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

239 --- E O F --- 2008-05-29 12:31:33



Now i wait for more instructions...i hope i have not done a mess