Esegui 
Vi spiego il mio problema.
Da giorni si aprono pubblicità a centinaia e non so come bloccarle.Ho fatto uno scan con Nod e mi ha rilevato la presenza(nella cartella System32) di TrojanClicker,Trojan Downloader e anche di Virtumonde(già che ci stava XDXD).
Ho usato ComboFix e questp è il log.
ComboFix 08-12-18.01 - Andrea 2008-12-19 11.47.31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.511.147 [GMT 1:00]
Eseguito da: c:\documents and settings\Andrea\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\bold.log
c:\documents and settings\Andrea\Dati applicazioni\QNVW601P.dll
c:\windows\system32\156d53vu.exe.a_a
c:\windows\system32\drivers\downld
c:\windows\system32\emakebav.ini
c:\windows\system32\ijilupiv.ini
c:\windows\system32\rerurepo.dll
c:\windows\system32\tomuzipu.dll
c:\windows\system32\uzogenin.ini
c:\windows\system32\wu3t006P.exe.a_a
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_asc3550p
((((((((((((((((((((((((( Files Creati Da 2008-11-19 al 2008-12-19 )))))))))))))))))))))))))))))))))))
.
2008-12-19 11:23 . 2008-12-19 11:23 250 --a------ c:\windows\gmer.ini
2008-12-19 10:07 . 2008-12-19 10:07 <DIR> d-------- c:\programmi\ESET
2008-12-19 10:07 . 2008-12-19 10:07 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ESET
2008-12-17 19:37 . 2008-12-17 19:37 261 --a------ c:\windows\wininit.ini
2008-12-15 10:11 . 2008-12-15 10:11 <DIR> d-------- c:\documents and settings\NetworkService\Documenti
2008-12-15 10:00 . 2008-12-15 10:00 <DIR> d---s---- c:\documents and settings\NetworkService\Preferiti
2008-12-09 16:57 . 2008-12-09 19:07 159 --a------ c:\windows\system32\temp_0000_85-20.aok
2008-12-09 13:30 . 2008-12-09 17:34 943 --a------ c:\windows\wincmd.ini
2008-12-08 21:12 . 2008-12-09 14:37 <DIR> d-------- c:\documents and settings\Andrea\Dati applicazioni\Apple Computer
2008-12-08 21:12 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-08 21:12 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-08 21:10 . 2008-12-10 18:38 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2008-12-08 19:58 . 2004-08-19 15:39 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-08 19:58 . 2001-08-30 23:07 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-04 14:11 . 2008-12-04 14:34 <DIR> d-------- c:\programmi\File comuni\ArcSoft
2008-12-04 13:49 . 2008-12-04 14:24 <DIR> d-------- c:\documents and settings\Andrea\Dati applicazioni\ArcSoft
2008-11-30 09:40 . 2008-11-30 09:50 107,134 --a------ c:\windows\UninstallFirefox.exe
2008-11-29 21:24 . 2008-12-13 13:43 <DIR> d-------- c:\programmi\MONOGRAM AMR SplitterDecoder
2008-11-29 16:17 . 2008-11-29 16:17 0 --a------ c:\windows\system32\atiicdxx.dat
2008-11-21 21:54 . 2008-11-21 22:07 <DIR> d-------- c:\documents and settings\Andrea\Dati applicazioni\Sony
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 10:24 242 ----a-w c:\programmi\FxVMonde.log
2008-12-18 19:38 --------- d-----w c:\programmi\eCover
2008-12-18 19:26 --------- d-----w c:\documents and settings\Andrea\Dati applicazioni\Zoom Player
2008-12-14 12:21 --------- d-----w c:\programmi\eMule
2008-12-04 13:34 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-02 12:22 --------- d-----w c:\programmi\Microsoft Games
2008-11-29 09:41 --------- d-----w c:\programmi\Sony Corporation
2008-11-28 18:57 --------- d-----w c:\programmi\Zoom Player
2008-11-15 16:21 --------- d-----w c:\programmi\Real
2008-11-15 16:19 --------- d-----w c:\programmi\File comuni\Real
2008-11-13 17:37 --------- d-----w c:\programmi\PopCap Games
2008-11-13 17:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\PopCap
2008-11-12 20:56 --------- d-----w c:\documents and settings\Andrea\Dati applicazioni\GanymedeNet
2008-11-12 20:17 1,792 ----a-w C:\ADD.EXE
2008-11-10 13:28 --------- d-----w c:\programmi\Messenger Plus! Live
2008-11-06 14:15 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2008-11-06 12:33 --------- d-----w c:\documents and settings\Andrea\Dati applicazioni\Ulead Systems
2008-11-06 10:19 --------- d-----w c:\programmi\File comuni\SWiSHzone.com
2008-11-04 18:14 --------- d-----w c:\programmi\Windows Live
2008-11-04 17:56 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-11-04 17:48 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-11-04 17:16 --------- d-----w c:\programmi\VS Revo Group
2008-11-04 16:57 --------- d-----w c:\programmi\Microsoft
2008-11-03 13:31 --------- d-----w c:\documents and settings\Andrea\Dati applicazioni\Atari
2008-10-25 12:16 --------- d-----w c:\documents and settings\Andrea\Dati applicazioni\Nokia
2008-10-08 11:57 65,847 ----a-w c:\windows\BricoPackUninst.cmd
2008-10-08 11:57 6,116 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2007-12-22 17:53 81,920 ----a-w c:\documents and settings\Andrea\Dati applicazioni\ezpinst.exe
2007-12-22 17:53 47,360 ----a-w c:\documents and settings\Andrea\Dati applicazioni\pcouffin.sys
2004-10-13 16:24 1,694,208 -csha-w c:\windows\ServicePackFiles\i386\msmsgs.exe
2007-11-03 16:03 88 -csha-r c:\windows\system32\88B7CC123C.sys
2007-11-03 16:03 2,516 -csha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c58e2d84-d9be-4aaa-8225-7a0c5cfc8203}]
2008-09-17 10:12 62013 --ah----- c:\windows\system32\womovire.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-08 1451264]
"CPMaf8f96ff"="c:\windows\system32\bumefoni.dll" [2008-12-19 95806]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\Andrea\Menu Avvio\Programmi\Accessori\Esecuzione automatica\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\bumefoni.dll" [2008-12-19 95806]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bumefoni.dll [2008-12-19 95806]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
R1 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2007-12-14 2944]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-10-08 34312]
R2 ekrn;Eset Service;"c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-10-08 468224]
S3 zlportio;zlportio;\??\c:\programmi\UltraStar Deluxe\zlportio.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29558a0e-3b57-11dc-9835-0090d0d54e2c}]
\Shell\Auto\command - H:\UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cf03a2c-3c41-11dc-9838-0090d0d54e2c}]
\Shell\AutoRun\command - welcome.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54aea7f0-6d08-11dd-a5e4-0090d0d54e2c}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3094d35-3b09-11dc-9833-0040ca52552a}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\nektewkc]
c:\windows\system32\nektewkc.exe
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-18 c:\windows\Tasks\At1.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At10.job
- c:\windows\system32\156d53vu.exe []
2008-12-19 c:\windows\Tasks\At11.job
- c:\windows\system32\156d53vu.exe []
2008-12-19 c:\windows\Tasks\At12.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At13.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At14.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At15.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At16.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At17.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At18.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At19.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At2.job
- c:\windows\system32\156d53vu.exe []
2008-12-18 c:\windows\Tasks\At20.job
- c:\windows\system32\156d53vu.exe []
2008-12-18 c:\windows\Tasks\At21.job
- c:\windows\system32\156d53vu.exe []
2008-12-18 c:\windows\Tasks\At22.job
- c:\windows\system32\156d53vu.exe []
2008-12-18 c:\windows\Tasks\At23.job
- c:\windows\system32\156d53vu.exe []
2008-12-18 c:\windows\Tasks\At24.job
- c:\windows\system32\156d53vu.exe []
2008-12-18 c:\windows\Tasks\At25.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At26.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At27.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At28.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At29.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At3.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At30.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At31.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At32.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At33.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At34.job
- c:\windows\system32\wu3t006P.exe []
2008-12-19 c:\windows\Tasks\At35.job
- c:\windows\system32\wu3t006P.exe []
2008-12-19 c:\windows\Tasks\At36.job
- c:\windows\system32\wu3t006P.exe []
2008-12-17 c:\windows\Tasks\At37.job
- c:\windows\system32\wu3t006P.exe []
2008-12-17 c:\windows\Tasks\At38.job
- c:\windows\system32\wu3t006P.exe []
2008-12-17 c:\windows\Tasks\At39.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At4.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At40.job
- c:\windows\system32\wu3t006P.exe []
2008-12-17 c:\windows\Tasks\At41.job
- c:\windows\system32\wu3t006P.exe []
2008-12-17 c:\windows\Tasks\At42.job
- c:\windows\system32\wu3t006P.exe []
2008-12-17 c:\windows\Tasks\At43.job
- c:\windows\system32\wu3t006P.exe []
2008-12-19 c:\windows\Tasks\At44.job
- c:\windows\system32\wu3t006P.exe []
2008-12-18 c:\windows\Tasks\At45.job
- c:\windows\system32\wu3t006P.exe []
2008-12-18 c:\windows\Tasks\At46.job
- c:\windows\system32\wu3t006P.exe []
2008-12-18 c:\windows\Tasks\At47.job
- c:\windows\system32\wu3t006P.exe []
2008-12-18 c:\windows\Tasks\At48.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At5.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At6.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At7.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At8.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At9.job
- c:\windows\system32\156d53vu.exe []
2008-12-19 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-bunotenuge - c:\windows\system32\hekeyapi.dll
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.gazzetta.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
TCP: {A1AFA018-765B-47B7-BB0E-5FDAB00E1452} = 208.67.222.222
FF - ProfilePath - c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\kyvzzu87.default\
FF - plugin: c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\kyvzzu87.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07073001.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\nppopcaploader.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 11:51:13
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-19 11:59:06 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-19 10:59:02
Pre-Run: 2.859.356.160 byte disponibili
Post-Run: 2,837,106,688 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
297 --- E O F --- 2007-12-16 12:54:00
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.511.147 [GMT 1:00]
Eseguito da: c:\documents and settings\Andrea\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\bold.log
c:\documents and settings\Andrea\Dati applicazioni\QNVW601P.dll
c:\windows\system32\156d53vu.exe.a_a
c:\windows\system32\drivers\downld
c:\windows\system32\emakebav.ini
c:\windows\system32\ijilupiv.ini
c:\windows\system32\rerurepo.dll
c:\windows\system32\tomuzipu.dll
c:\windows\system32\uzogenin.ini
c:\windows\system32\wu3t006P.exe.a_a
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_asc3550p
((((((((((((((((((((((((( Files Creati Da 2008-11-19 al 2008-12-19 )))))))))))))))))))))))))))))))))))
.
2008-12-19 11:23 . 2008-12-19 11:23 250 --a------ c:\windows\gmer.ini
2008-12-19 10:07 . 2008-12-19 10:07 <DIR> d-------- c:\programmi\ESET
2008-12-19 10:07 . 2008-12-19 10:07 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ESET
2008-12-17 19:37 . 2008-12-17 19:37 261 --a------ c:\windows\wininit.ini
2008-12-15 10:11 . 2008-12-15 10:11 <DIR> d-------- c:\documents and settings\NetworkService\Documenti
2008-12-15 10:00 . 2008-12-15 10:00 <DIR> d---s---- c:\documents and settings\NetworkService\Preferiti
2008-12-09 16:57 . 2008-12-09 19:07 159 --a------ c:\windows\system32\temp_0000_85-20.aok
2008-12-09 13:30 . 2008-12-09 17:34 943 --a------ c:\windows\wincmd.ini
2008-12-08 21:12 . 2008-12-09 14:37 <DIR> d-------- c:\documents and settings\Andrea\Dati applicazioni\Apple Computer
2008-12-08 21:12 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-08 21:12 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-08 21:10 . 2008-12-10 18:38 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2008-12-08 20:11 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2008-12-08 19:58 . 2004-08-19 15:39 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-08 19:58 . 2001-08-30 23:07 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-04 14:11 . 2008-12-04 14:34 <DIR> d-------- c:\programmi\File comuni\ArcSoft
2008-12-04 13:49 . 2008-12-04 14:24 <DIR> d-------- c:\documents and settings\Andrea\Dati applicazioni\ArcSoft
2008-11-30 09:40 . 2008-11-30 09:50 107,134 --a------ c:\windows\UninstallFirefox.exe
2008-11-29 21:24 . 2008-12-13 13:43 <DIR> d-------- c:\programmi\MONOGRAM AMR SplitterDecoder
2008-11-29 16:17 . 2008-11-29 16:17 0 --a------ c:\windows\system32\atiicdxx.dat
2008-11-21 21:54 . 2008-11-21 22:07 <DIR> d-------- c:\documents and settings\Andrea\Dati applicazioni\Sony
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 10:24 242 ----a-w c:\programmi\FxVMonde.log
2008-12-18 19:38 --------- d-----w c:\programmi\eCover
2008-12-18 19:26 --------- d-----w c:\documents and settings\Andrea\Dati applicazioni\Zoom Player
2008-12-14 12:21 --------- d-----w c:\programmi\eMule
2008-12-04 13:34 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-02 12:22 --------- d-----w c:\programmi\Microsoft Games
2008-11-29 09:41 --------- d-----w c:\programmi\Sony Corporation
2008-11-28 18:57 --------- d-----w c:\programmi\Zoom Player
2008-11-15 16:21 --------- d-----w c:\programmi\Real
2008-11-15 16:19 --------- d-----w c:\programmi\File comuni\Real
2008-11-13 17:37 --------- d-----w c:\programmi\PopCap Games
2008-11-13 17:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\PopCap
2008-11-12 20:56 --------- d-----w c:\documents and settings\Andrea\Dati applicazioni\GanymedeNet
2008-11-12 20:17 1,792 ----a-w C:\ADD.EXE
2008-11-10 13:28 --------- d-----w c:\programmi\Messenger Plus! Live
2008-11-06 14:15 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2008-11-06 12:33 --------- d-----w c:\documents and settings\Andrea\Dati applicazioni\Ulead Systems
2008-11-06 10:19 --------- d-----w c:\programmi\File comuni\SWiSHzone.com
2008-11-04 18:14 --------- d-----w c:\programmi\Windows Live
2008-11-04 17:56 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-11-04 17:48 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-11-04 17:16 --------- d-----w c:\programmi\VS Revo Group
2008-11-04 16:57 --------- d-----w c:\programmi\Microsoft
2008-11-03 13:31 --------- d-----w c:\documents and settings\Andrea\Dati applicazioni\Atari
2008-10-25 12:16 --------- d-----w c:\documents and settings\Andrea\Dati applicazioni\Nokia
2008-10-08 11:57 65,847 ----a-w c:\windows\BricoPackUninst.cmd
2008-10-08 11:57 6,116 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2007-12-22 17:53 81,920 ----a-w c:\documents and settings\Andrea\Dati applicazioni\ezpinst.exe
2007-12-22 17:53 47,360 ----a-w c:\documents and settings\Andrea\Dati applicazioni\pcouffin.sys
2004-10-13 16:24 1,694,208 -csha-w c:\windows\ServicePackFiles\i386\msmsgs.exe
2007-11-03 16:03 88 -csha-r c:\windows\system32\88B7CC123C.sys
2007-11-03 16:03 2,516 -csha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c58e2d84-d9be-4aaa-8225-7a0c5cfc8203}]
2008-09-17 10:12 62013 --ah----- c:\windows\system32\womovire.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-08 1451264]
"CPMaf8f96ff"="c:\windows\system32\bumefoni.dll" [2008-12-19 95806]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\Andrea\Menu Avvio\Programmi\Accessori\Esecuzione automatica\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\bumefoni.dll" [2008-12-19 95806]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bumefoni.dll [2008-12-19 95806]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
R1 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2007-12-14 2944]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-10-08 34312]
R2 ekrn;Eset Service;"c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-10-08 468224]
S3 zlportio;zlportio;\??\c:\programmi\UltraStar Deluxe\zlportio.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29558a0e-3b57-11dc-9835-0090d0d54e2c}]
\Shell\Auto\command - H:\UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cf03a2c-3c41-11dc-9838-0090d0d54e2c}]
\Shell\AutoRun\command - welcome.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54aea7f0-6d08-11dd-a5e4-0090d0d54e2c}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3094d35-3b09-11dc-9833-0040ca52552a}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\nektewkc]
c:\windows\system32\nektewkc.exe
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-18 c:\windows\Tasks\At1.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At10.job
- c:\windows\system32\156d53vu.exe []
2008-12-19 c:\windows\Tasks\At11.job
- c:\windows\system32\156d53vu.exe []
2008-12-19 c:\windows\Tasks\At12.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At13.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At14.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At15.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At16.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At17.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At18.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At19.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At2.job
- c:\windows\system32\156d53vu.exe []
2008-12-18 c:\windows\Tasks\At20.job
- c:\windows\system32\156d53vu.exe []
2008-12-18 c:\windows\Tasks\At21.job
- c:\windows\system32\156d53vu.exe []
2008-12-18 c:\windows\Tasks\At22.job
- c:\windows\system32\156d53vu.exe []
2008-12-18 c:\windows\Tasks\At23.job
- c:\windows\system32\156d53vu.exe []
2008-12-18 c:\windows\Tasks\At24.job
- c:\windows\system32\156d53vu.exe []
2008-12-18 c:\windows\Tasks\At25.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At26.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At27.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At28.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At29.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At3.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At30.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At31.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At32.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At33.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At34.job
- c:\windows\system32\wu3t006P.exe []
2008-12-19 c:\windows\Tasks\At35.job
- c:\windows\system32\wu3t006P.exe []
2008-12-19 c:\windows\Tasks\At36.job
- c:\windows\system32\wu3t006P.exe []
2008-12-17 c:\windows\Tasks\At37.job
- c:\windows\system32\wu3t006P.exe []
2008-12-17 c:\windows\Tasks\At38.job
- c:\windows\system32\wu3t006P.exe []
2008-12-17 c:\windows\Tasks\At39.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At4.job
- c:\windows\system32\156d53vu.exe []
2008-12-17 c:\windows\Tasks\At40.job
- c:\windows\system32\wu3t006P.exe []
2008-12-17 c:\windows\Tasks\At41.job
- c:\windows\system32\wu3t006P.exe []
2008-12-17 c:\windows\Tasks\At42.job
- c:\windows\system32\wu3t006P.exe []
2008-12-17 c:\windows\Tasks\At43.job
- c:\windows\system32\wu3t006P.exe []
2008-12-19 c:\windows\Tasks\At44.job
- c:\windows\system32\wu3t006P.exe []
2008-12-18 c:\windows\Tasks\At45.job
- c:\windows\system32\wu3t006P.exe []
2008-12-18 c:\windows\Tasks\At46.job
- c:\windows\system32\wu3t006P.exe []
2008-12-18 c:\windows\Tasks\At47.job
- c:\windows\system32\wu3t006P.exe []
2008-12-18 c:\windows\Tasks\At48.job
- c:\windows\system32\wu3t006P.exe []
2008-12-14 c:\windows\Tasks\At5.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At6.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At7.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At8.job
- c:\windows\system32\156d53vu.exe []
2008-12-14 c:\windows\Tasks\At9.job
- c:\windows\system32\156d53vu.exe []
2008-12-19 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-bunotenuge - c:\windows\system32\hekeyapi.dll
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.gazzetta.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
TCP: {A1AFA018-765B-47B7-BB0E-5FDAB00E1452} = 208.67.222.222
FF - ProfilePath - c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\kyvzzu87.default\
FF - plugin: c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\kyvzzu87.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07073001.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\nppopcaploader.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 11:51:13
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-19 11:59:06 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-19 10:59:02
Pre-Run: 2.859.356.160 byte disponibili
Post-Run: 2,837,106,688 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
297 --- E O F --- 2007-12-16 12:54:00
Come mi devo muovere?
Grazie in anticipo per l'aiuto.
the object does not exist![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")
![[grazie]](http://www.megalab.it/forum/images/smilies/Grazie.gif "Grazie")