www.MegaLab.it

[m@tteino]

mi potreste dire per favore se c'è qualcosa nel mio computer??
mi trova sempre un trojan tra i temp.. e non mi riesce di eliminarlo..

ecco il log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.03.07, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\drivers\mqtgsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Matteo\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\WINDOWS\System32\drivers\mqtgsvc.exe
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Programmi\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\Matteo\IMPOST~1\Temp\E_S36.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\Matteo\IMPOST~1\Temp\esentutl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\Matteo\IMPOST~1\Temp\rsvp.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Matteo\DATIAP~1\cmstp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Matteo\DATIAP~1\cmstp.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://giuliamartigiuli.spaces.live.com ... nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://giuliamartigiuli.spaces.live.com ... nPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A59BCAF-A682-41D6-B418-D3E649AAC7A4}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10735 bytes

[Amantide]

Scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.

[m@tteino]

grazie mille per la risposta!!
ecco il log


ComboFix 08-11-04.02 - Matteo 2008-11-05 16:47:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1393 [GMT 1:00]
Eseguito da: c:\documents and settings\Matteo\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\NCTAudioInformation2.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Creati Da 2008-10-05 al 2008-11-05 )))))))))))))))))))))))))))))))))))
.

2008-11-05 16:49 . 2008-10-20 11:21 81,920 --a------ c:\windows\sessmgr.exe
2008-11-05 16:49 . 2008-10-20 11:21 81,920 --a------ c:\documents and settings\Matteo\Dati applicazioni\mqtgsvc.exe
2008-11-04 10:35 . 2008-10-20 11:21 81,920 --a------ c:\windows\system\mstinit.exe
2008-11-02 14:01 . 2008-10-20 11:21 81,920 --a------ c:\documents and settings\Matteo\Dati applicazioni\comrepl.exe
2008-11-01 19:26 . 2007-11-06 17:52 102,400 --a------ c:\windows\system32\HDJSeries.cpl
2008-11-01 19:26 . 2008-01-25 12:31 80,384 --a------ c:\windows\system32\HerculesDJDevices.dll
2008-11-01 16:12 . 2008-11-01 16:12 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-11-01 16:12 . 2008-11-01 16:12 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_HDJBulk_01007.Wdf
2008-11-01 16:12 . 2008-11-01 16:12 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_HDJAsioK_01007.Wdf
2008-11-01 16:11 . 2008-03-27 16:49 1,112,288 --a------ c:\windows\system32\WdfCoInstaller01007.dll
2008-11-01 16:11 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2008-11-01 15:52 . 2008-11-01 16:39 <DIR> d-------- c:\programmi\Native Instruments
2008-10-31 17:14 . 2008-10-31 17:14 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ALM
2008-10-31 17:03 . 2008-10-31 17:03 <DIR> d-------- c:\programmi\File comuni\Macrovision Shared
2008-10-30 10:06 . 2008-10-20 11:21 81,920 --a------ c:\windows\mstsc.exe
2008-10-28 11:43 . 2008-10-28 11:43 <DIR> d-------- c:\programmi\CCleaner
2008-10-28 11:40 . 2008-10-28 11:40 <DIR> d-------- c:\documents and settings\Matteo\Dati applicazioni\Uniblue
2008-10-28 10:46 . 2008-10-20 11:21 81,920 --a------ c:\windows\system32\drivers\cmstp.exe
2008-10-27 16:35 . 2008-10-27 16:35 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\KONAMI
2008-10-27 16:24 . 2008-10-27 16:24 <DIR> d-------- c:\programmi\KONAMI
2008-10-25 12:34 . 2002-12-03 02:02 491,520 --a------ c:\windows\system32\NCTAudioFile.dll
2008-10-25 12:34 . 2002-01-05 06:37 344,064 --a------ c:\windows\system32\msvcr70.dll
2008-10-25 12:34 . 2003-03-25 14:08 286,720 --a------ c:\windows\system32\NCTWMAFile2.dll
2008-10-25 12:34 . 2002-12-03 02:07 168,448 --a------ c:\windows\system32\NCTAudioPlayer.dll
2008-10-25 12:34 . 2002-12-03 02:11 143,872 --a------ c:\windows\system32\NCTWMAFile.dll
2008-10-25 12:25 . 2008-10-25 12:25 <DIR> d-------- c:\documents and settings\Matteo\Tracing
2008-10-25 12:20 . 2008-10-25 12:20 <DIR> d-------- c:\programmi\Microsoft Office Outlook Connector
2008-10-25 12:18 . 2008-10-25 12:18 <DIR> d-------- c:\programmi\Microsoft
2008-10-25 12:06 . 2008-10-25 12:06 <DIR> d-------- c:\programmi\File comuni\Windows Live
2008-10-25 08:36 . 2008-10-25 08:38 <DIR> d-------- c:\programmi\Free WMA to MP3 Converter
2008-10-24 10:21 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-20 11:21 . 2008-10-20 11:21 81,920 --a------ c:\windows\system32\drivers\mqtgsvc.exe
2008-10-20 11:21 . 2008-10-20 11:21 81,920 --a------ c:\documents and settings\Matteo\Dati applicazioni\cmstp.exe
2008-10-20 10:31 . 2008-10-20 10:35 <DIR> d-------- c:\programmi\VirtualDJ
2008-10-15 15:38 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 15:37 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 15:37 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 15:37 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 15:37 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 15:37 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-14 14:22 . 2008-10-14 14:22 <DIR> d-------- c:\documents and settings\Matteo\Dati applicazioni\Leadertech
2008-10-14 09:02 . 2008-10-14 09:02 <DIR> d-------- c:\programmi\EA Sports
2008-10-14 09:02 . 2008-03-05 14:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-10-12 12:26 . 2008-10-12 12:26 422,046 --a------ c:\windows\system32\d3rlib.dll
2008-10-11 16:30 . 2008-10-11 16:31 <DIR> d-------- c:\windows\NV17921940.TMP
2008-10-11 16:30 . 2008-09-17 08:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2008-10-11 16:17 . 2008-11-05 16:51 194,318 --a------ c:\windows\system32\nvapps.xml
2008-10-11 16:10 . 2008-10-11 16:18 336 --a------ c:\windows\system32\d3d8caps.dat
2008-10-11 16:07 . 2008-10-11 16:07 <DIR> d-------- c:\windows\system32\AGEIA
2008-10-11 16:07 . 2008-10-11 16:07 <DIR> d-------- c:\programmi\AGEIA Technologies
2008-10-11 16:06 . 2008-10-11 16:06 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-10-06 20:28 . 2008-10-06 20:28 <DIR> d-------- c:\documents and settings\Matteo\Dati applicazioni\Windows Search
2008-10-06 11:42 . 2008-10-06 11:42 <DIR> d-------- c:\documents and settings\Matteo\Dati applicazioni\Windows Desktop Search
2008-10-06 11:41 . 2008-10-06 11:41 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-06 11:41 . 2008-10-06 11:41 <DIR> d-------- c:\programmi\Windows Desktop Search
2008-10-06 11:41 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-10-06 11:41 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-10-06 11:41 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 09:11 --------- d-----w c:\programmi\Windows Live
2008-11-04 16:59 --------- d-----w c:\programmi\eMule
2008-11-04 10:06 --------- d-----w c:\documents and settings\Matteo\Dati applicazioni\uTorrent
2008-11-03 18:23 --------- d-----w c:\programmi\Windows Live Safety Center
2008-11-01 18:26 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-31 16:12 --------- d-----w c:\programmi\File comuni\Adobe
2008-10-31 15:15 --------- d-----w c:\programmi\uTorrent
2008-10-25 11:33 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-10-21 18:36 --------- d-----w c:\programmi\Microsoft Silverlight
2008-10-15 14:51 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-10-10 11:05 --------- d-----w c:\documents and settings\Matteo\Dati applicazioni\EPSON
2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-30 10:53 --------- d-----w c:\programmi\File comuni\Real
2008-09-30 10:51 --------- d-----w c:\programmi\Lavasoft
2008-09-30 10:51 --------- d-----w c:\programmi\Game Graphic Studio
2008-09-23 18:29 --------- d-----w c:\documents and settings\Matteo\Dati applicazioni\Media Player Classic
2008-09-19 12:37 --------- d-----w c:\programmi\iTunes
2008-09-19 12:37 --------- d-----w c:\programmi\iPod
2008-09-19 12:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-19 12:36 --------- d-----w c:\programmi\QuickTime
2008-09-19 12:36 --------- d-----w c:\programmi\Bonjour
2008-09-19 12:35 --------- d-----w c:\programmi\File comuni\Apple
2008-09-17 07:55 6,132,576 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-05-12 11:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008051220080513\index.dat
.

Codice: Seleziona tutto

<pre>
----a-w           291,928 2007-01-07 06:14:24  c:\documents and settings\Matteo\Documenti\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 07:14:24  c:\documents and settings\Matteo\Documenti\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-10-03 217088]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"itype"="c:\programmi\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 849280]
"CnxDslTaskBar"="c:\programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2005-10-30 462848]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Hercules DJ Series"="c:\programmi\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2008-07-22 484648]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"="c:\docume~1\Matteo\IMPOST~1\Temp\esentutl.exe" [2008-10-20 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"SessMgr"="c:\windows\sessmgr.exe" [2008-10-20 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="c:\docume~1\Matteo\DATIAP~1\cmstp.exe" [2008-10-20 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\windows\mstinit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.L3CODECP"= L3CODECP.acm
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
c:\programmi\BearShare\BearShare.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2008-01-17 17:51 486856 c:\programmi\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DJ Console Mk2]
--a------ 2007-03-19 15:37 218664 c:\programmi\Hercules\Audio\DJ Console Series\Mk2\HDJ2CPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:14 1695232 c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-11-08 13:27 222208 c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 c:\programmi\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-09-17 08:55 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\utorrent.exe"=
"c:\\Programmi\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Programmi\\Guillemot\\tools\\giWebUpdater.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Matteo\\Desktop\\pes2009.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2005-10-30 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2005-10-30 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2005-10-30 108675]
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys [ ]
S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2008-06-04 61824]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2008-07-11 132096]
S3 HDJMidi;Hercules DJ Console Mk2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2008-06-04 95744]
S3 usbscan;Driver scanner USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Driver archiviazione di massa USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f55f87aa-bf39-11db-9a67-001617d7ef90}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
.
- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Matteo\Dati applicazioni\Mozilla\Firefox\Profiles\ya4xfhlz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF -: plugin - c:\programmi\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 16:51:20
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSO: c:\windows\explorer.exe
-> c:\windows\system32\nview.dll
-> ?:\windows\System32\CSCDLL.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\ScsiAccess.EXE
c:\windows\system32\searchindexer.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-05 16:57:33 - macchina è stato riavviato [Matteo]
ComboFix-quarantined-files.txt 2008-11-05 15:57:11

Pre-Run: 369,800,003,584 byte disponibili
Post-Run: 372,043,792,384 byte disponibili

275 --- E O F --- 2008-11-05 09:12:00

[Amantide]

Scarica OtMoveIt3, avvialo ed assicurati che la voce Unregister Dll's and Ocx's sia spuntata.
Nello spazio bianco sotto alla voce Paste Instructions for items to be Moved incolla seguente script e clicca su MoveIt!:

Codice: Seleziona tutto

:services
sdpiosys

:files
c:\windows\sessmgr.exe
c:\documents and settings\Matteo\Dati applicazioni\mqtgsvc.exe
c:\windows\system32\drivers\mqtgsvc.exe
c:\windows\mstinit.exe
c:\windows\system\mstinit.exe
c:\documents and settings\Matteo\Dati applicazioni\comrepl.exe
c:\windows\mstsc.exe
c:\windows\system32\drivers\cmstp.exe
c:\documents and settings\Matteo\Dati applicazioni\cmstp.exe
c:\docume~1\Matteo\IMPOST~1\Temp\esentutl.exe
c:\windows\system32\drivers\sdpiosys.sys
C:\DOCUME~1\Matteo\IMPOST~1\Temp\rsvp.exe

:reg
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"SessMgr"=-
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=-
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"rsvp"=-

:commands
[purity]
[emptytemp]
[Reboot]

Il log dell'operazione verrà salvato nella cartella C:\_OtMoveIt\MovedFiles sotto la forma del file [nome_e_data].LOG
Copia il suo contenuto ed inseriscilo qui tramite il tag LOG.

Dopo scarica Malwarebytes' Anti-Malware, installalo ed esegui la scansione completa del sistema, posta qui anche il suo log di scansione.

[m@tteino]

ecco i 2 log:

========== SERVICES/DRIVERS ==========
Service sdpiosys stopped successfully.
Service sdpiosys deleted successfully.
========== FILES ==========
c:\windows\sessmgr.exe moved successfully.
c:\documents and settings\Matteo\Dati applicazioni\mqtgsvc.exe moved successfully.
c:\windows\system32\drivers\mqtgsvc.exe moved successfully.
c:\windows\mstinit.exe moved successfully.
c:\windows\system\mstinit.exe moved successfully.
c:\documents and settings\Matteo\Dati applicazioni\comrepl.exe moved successfully.
c:\windows\mstsc.exe moved successfully.
c:\windows\system32\drivers\cmstp.exe moved successfully.
c:\documents and settings\Matteo\Dati applicazioni\cmstp.exe moved successfully.
c:\docume~1\Matteo\IMPOST~1\Temp\esentutl.exe moved successfully.
File/Folder c:\windows\system32\drivers\sdpiosys.sys not found.
File/Folder C:\DOCUME~1\Matteo\IMPOST~1\Temp\rsvp.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run\\SessMgr deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows\\load deleted successfully.
Registry value HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run\\CmSTP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run\\Esent Utl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run\\rsvp not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Matteo\IMPOST~1\Temp\~DFCBFE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Matteo\IMPOST~1\Temp\~DFCC09.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Matteo\IMPOST~1\Temp\~DFE22C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Matteo\IMPOST~1\Temp\~DFE237.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11062008_113646

Files moved on Reboot...
File C:\DOCUME~1\Matteo\IMPOST~1\Temp\~DFCBFE.tmp not found!
File C:\DOCUME~1\Matteo\IMPOST~1\Temp\~DFCC09.tmp not found!
File C:\DOCUME~1\Matteo\IMPOST~1\Temp\~DFE22C.tmp not found!
File C:\DOCUME~1\Matteo\IMPOST~1\Temp\~DFE237.tmp not found!

Malwarebytes' Anti-Malware 1.30
Versione del database: 1306
Windows 5.1.2600 Service Pack 3

06/11/2008 13.03.30
mbam-log-2008-11-06 (13-03-27).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 176625
Tempo trascorso: 1 hour(s), 19 minute(s), 37 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys2 (Spyware.OnlineGames) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\WinSys2.exe (Spyware.OnlineGames) -> No action taken.

[Amantide]

Permetti a Malwarebytes di rimuovere le voci individuate, l'avevo notate anche nel log di Combofix ma non né ero sicura sulla loro natura. Per il resto il pc ora dovrebbe essere pulito.

[m@tteino]

ok.. grazie mille!!