www.MegaLab.it

[fuckthespyware]

Ciao a tutti , ottimo forum !
Chiedo aiuto a voi esperti perché io non ne posso più di questi spyware e virus !
Navigando in internet continuano a comparirmi Ads e noto grandi rallentamenti nel mio pc , che in precedenza non avevo,
come quando gioco online si blocca spesso e poi vengo bannato dal punkbaster !
Ho letto che per il problema del PB bastava fare scansioni con un rootkit (usato uno di quelli da voi stilato nella classifica di migliori anti root..)ma non trova nulla .
Scansiono con Ad-aware free edition trova qualcosina ma ecco che magicamente ricomincia subito a rompere(Ads sempre).
Vi posto il log di Hjack This

Logfile of HijackThis v1.99.1
Scan saved at 12.27.47, on 29/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\VMware\VMware Workstation\vmware-tray.exe
C:\Programmi\VMware\VMware Workstation\hqtray.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\pbsetup.exe
C:\Programmi\Activision\Call of Duty 4 - Modern Warfare\pbsetup.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Programmi\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Programmi\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Programmi\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [d0178ad2] rundll32.exe "C:\WINDOWS\system32\qnidqsnf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2387411-D848-474B-AB70-C3C313495124}: NameServer = 193.70.152.15,193.70.152.25
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Programmi\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Programmi\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Vi ringrazio , spero che non debba per forza formattare il pc

[crazy.cat]

Scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto usando il tag LOG.

[fuckthespyware]

ComboFix 08-12-28.03 - Administrator 2008-12-29 14:27:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1023.657 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Documenti\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dati applicazioni\inst.exe
c:\recycled\Recycled
c:\recycled\Recycled\ctfmon.exe
c:\windows\system32\aecglmqq.ini
c:\windows\system32\afbdxoua.ini
c:\windows\system32\arppyshw.ini
c:\windows\system32\BReWErS.dll
c:\windows\system32\brvstjbx.dll
c:\windows\system32\buoaxjen.ini
c:\windows\system32\drivers\TDSSmhlt.sys
c:\windows\system32\ewfmxump.ini
c:\windows\system32\fnsqdinq.ini
c:\windows\system32\gvgaxobx.ini
c:\windows\system32\hxxhwqud.ini
c:\windows\system32\iwkfpfse.ini
c:\windows\system32\ixieojew.ini
c:\windows\system32\jkldhdtb.ini
c:\windows\system32\jqcwumae.ini
c:\windows\system32\kdlrdgyv.ini
c:\windows\system32\kujkcmkw.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\nejxaoub.dll
c:\windows\system32\ngjogciv.ini
c:\windows\system32\omprsbex.dll
c:\windows\system32\PsssBJjl.ini
c:\windows\system32\PsssBJjl.ini2
c:\windows\system32\qnidqsnf.dll
c:\windows\system32\qqmlgcea.dll
c:\windows\system32\rflkuvjb.ini
c:\windows\system32\TDSSerrors.log
c:\windows\system32\tdssinit.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\tdssservers.dat
c:\windows\system32\tmp14.tmp
c:\windows\system32\tmp15.tmp
c:\windows\system32\umcfxkep.ini
c:\windows\system32\vaqxooji.ini
c:\windows\system32\wrqiocap.ini
c:\windows\system32\xbjtsvrb.ini
c:\windows\system32\xebsrpmo.ini
c:\windows\system32\xtlqoqly.dll
c:\windows\system32\ylqoqltx.ini
c:\windows\Sysvxd.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Files Creati Da 2008-11-28 al 2008-12-29 )))))))))))))))))))))))))))))))))))
.

2008-12-29 14:31 . 2008-12-29 14:31 <DIR> d-------- c:\windows\system32\xircom
2008-12-29 14:31 . 2008-12-29 14:31 <DIR> d-------- c:\windows\srchasst
2008-12-29 14:31 . 2008-12-29 14:31 <DIR> d-------- c:\programmi\microsoft frontpage
2008-12-29 13:57 . 2008-12-29 13:57 <DIR> d-------- c:\programmi\Alwil Software
2008-12-29 12:18 . 2008-12-29 12:18 <DIR> d-------- c:\programmi\Sophos
2008-12-28 15:20 . 2008-12-28 15:20 <DIR> d-------- C:\Scarface
2008-12-28 15:17 . 2008-12-28 15:17 <DIR> d-------- c:\programmi\SlySoft
2008-12-27 17:47 . 2008-12-27 17:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\vsosdk
2008-12-27 12:41 . 2008-12-27 17:48 <DIR> d-------- c:\programmi\DVDFab 5
2008-12-27 12:41 . 2008-12-28 13:58 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Vso
2008-12-27 12:41 . 2008-12-27 12:41 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-12-27 12:41 . 2008-12-27 12:41 47,360 --a------ c:\documents and settings\Administrator\Dati applicazioni\pcouffin.sys
2008-12-25 17:29 . 2008-12-25 17:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Elaborate Bytes
2008-12-18 13:23 . 2008-12-18 13:23 103,360 --a------ c:\windows\system32\drivers\AnyDVD.sys
2008-12-11 16:08 . 2008-12-11 16:08 <DIR> d-------- c:\documents and settings\LocalService\Dati applicazioni\Softland
2008-12-11 16:07 . 2008-10-13 15:23 7,533 --a------ c:\windows\system32\dopdf6.ctm
2008-12-06 16:30 . 2008-12-06 16:45 <DIR> d-------- c:\documents and settings\Administrator\dwhelper
2008-12-06 16:19 . 2008-12-06 16:19 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Moyea

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 13:37 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\VMware
2008-12-29 13:31 --------- d-----w c:\documents and settings\LocalService\Dati applicazioni\VMware
2008-12-29 13:31 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\VMware
2008-12-29 13:00 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2008-12-29 12:37 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-29 11:05 22,328 ----a-w c:\documents and settings\Administrator\Dati applicazioni\PnkBstrK.sys
2008-12-28 20:19 --------- d-----w c:\programmi\eMule
2008-12-28 14:23 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2008-12-05 13:32 --------- d-----w c:\programmi\Ubisoft
2008-12-05 13:02 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-26 16:47 --------- d-----w c:\programmi\Activision
2008-11-23 08:38 --------- d-----w c:\programmi\ATI Technologies
2008-11-22 16:21 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\ESET
2008-11-22 16:20 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ESET
2008-11-19 13:15 2,498,560 ------w C:\CoverPro.exe
2008-11-19 13:15 2,494,464 ------w C:\PolyImagePro.dll
2008-11-16 15:28 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-16 10:56 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Capcom
2008-11-16 10:07 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\File de La Battaglia per la Terra di Mezzo
2008-11-16 08:53 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2008-11-16 08:48 --------- d-----w c:\programmi\File comuni\Adobe
2008-11-16 08:39 --------- d-----w c:\programmi\File comuni\Macrovision Shared
2008-11-08 17:06 --------- d-----w c:\programmi\nLite
2008-11-08 16:47 --------- d-----w c:\programmi\TuneUp Utilities 2007
2008-11-08 16:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2008-11-08 16:30 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\TuneUp Software
2008-11-07 13:17 --------- d-----w c:\programmi\Cenega
2008-11-05 17:56 --------- d-----w c:\programmi\Internet Download Manager
2008-11-05 17:56 --------- d-----w c:\programmi\FlashGet
2008-11-05 09:26 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\IDM
2008-11-05 09:26 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\DMCache
2008-11-04 16:47 --------- d-----w c:\programmi\NFOlux
2008-11-04 15:00 --------- d-----w c:\programmi\Cool Beans NFO Creator
2008-11-01 11:25 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\BlackBean
2008-11-01 07:56 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\DAEMON Tools
2008-11-01 07:56 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\.purple
2008-11-01 07:56 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\.ABC
2008-10-31 13:36 --------- d-----w c:\programmi\Activision Value
2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-10-28 19:46 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Leadertech
2008-10-28 14:32 --------- d-----w c:\programmi\DAEMON Tools Lite
2008-10-28 13:47 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-09 15:58 8,579 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-10-09 15:58 120,811 ----a-w c:\windows\BricoPackUninst.cmd
2006-02-28 15:59 2,512,385 ----a-w c:\documents and settings\Administrator\swat4.exe
2003-07-19 11:01 724,480 ----a-w c:\documents and settings\Administrator\gtaTClient.exe
2007-11-15 18:15 67,696 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2007-11-15 18:15 54,376 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2007-11-15 18:15 34,952 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2007-11-15 18:15 46,720 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2007-11-15 18:15 172,144 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

2008-03-01 13:09 552960 67e0e92cf392160df81006a4696b0b57 c:\windows\system32\user32.dll

2008-03-01 13:11 360832 ce3ec03c9f65302e44af5c452d20a86f c:\windows\system32\drivers\tcpip.sys

2008-08-17 17:51 2194944 d20ec1a968f99681d18a5b9f31f0a847 c:\windows\system32\ntkrnlpa.exe

2008-03-01 13:07 1008640 42a8c7dba63cc8e2dd0e2fe0bae426f4 c:\windows\explorer.exe

2008-03-01 13:09 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\system32\spoolsv.exe

2008-03-01 13:09 721752 8818417e21798c7d5143768987dc0135 c:\windows\system32\wuauclt.exe

2008-03-01 13:09 296960 426d423d5b826f198fee09dd3f3fd6ee c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"vmware-tray"="c:\programmi\VMware\VMware Workstation\vmware-tray.exe" [2008-08-08 72240]
"VMware hqtray"="c:\programmi\VMware\VMware Workstation\hqtray.exe" [2008-08-08 55856]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2008-03-01 c:\windows\system32\HDAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"wixpo"="c:\documents and settings\Administrator\Dati applicazioni\Google\mupd1_2_1931888.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\aMSN\\bin\\wish.exe"=
"c:\\Documents and Settings\\Administrator\\gtaTClient.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-29 111184]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-10-07 95888]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-10-07 41680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-29 20560]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\GPU-Z.sys []
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4B.tmp []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - HELPSVC
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 19:35]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{BE3D7036-4D5D-4BFF-8C90-E2A31E318517} - c:\windows\system32\ljJBsssP.dll
BHO-{DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - c:\windows\system32\ddcYqqOH.dll
HKLM-Explorer_Run-hGz1UMv54E - c:\documents and settings\All Users\Dati applicazioni\mvgzenyz\efavujsd.exe
ShellExecuteHooks-{CB0A0B68-3F3C-61D2-A901-8381E136D21A} - (no file)
ShellExecuteHooks-{DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - c:\windows\system32\ddcYqqOH.dll
Notify-ddcYqqOH - ddcYqqOH.dll


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
mStart Page = about:blank
TCP: {F2387411-D848-474B-AB70-C3C313495124} = 193.70.152.15,193.70.152.25
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\f68vh7e3.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 14:37:09
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4B.tmp"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\programmi\VMware\VMware Workstation\vmware-authd.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-29 14:38:45 - macchina è stato riavviato [Administrator]
ComboFix-quarantined-files.txt 2008-12-29 13:38:42

Pre-Run: 45,907,644,416 byte disponibili
Post-Run: 45,832,773,632 byte disponibili

262

Grazie mille , ha già eliminato qualcosa e per ora niente ADS...
Mi consigliate qualche Anti Virus senza firewall?

[riise90]

Mi consigliate qualche AntiVirus senza firewall?

Io ti consiglio Antivir. In questo caso scarica la versione free, anche se spesso Avira rilascia delle licenze con cui puoi attivare la versione premium. Comunque dai uno sguardo anche a questo.

[Fred]

ComboFix 08-12-28.03 - Administrator 2008-12-29 14:27:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1023.657 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Documenti\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dati applicazioni\inst.exe
c:\recycled\Recycled
c:\recycled\Recycled\ctfmon.exe
c:\windows\system32\aecglmqq.ini
c:\windows\system32\afbdxoua.ini
c:\windows\system32\arppyshw.ini
c:\windows\system32\BReWErS.dll
c:\windows\system32\brvstjbx.dll
c:\windows\system32\buoaxjen.ini
c:\windows\system32\drivers\TDSSmhlt.sys
c:\windows\system32\ewfmxump.ini
c:\windows\system32\fnsqdinq.ini
c:\windows\system32\gvgaxobx.ini
c:\windows\system32\hxxhwqud.ini
c:\windows\system32\iwkfpfse.ini
c:\windows\system32\ixieojew.ini
c:\windows\system32\jkldhdtb.ini
c:\windows\system32\jqcwumae.ini
c:\windows\system32\kdlrdgyv.ini
c:\windows\system32\kujkcmkw.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\nejxaoub.dll
c:\windows\system32\ngjogciv.ini
c:\windows\system32\omprsbex.dll
c:\windows\system32\PsssBJjl.ini
c:\windows\system32\PsssBJjl.ini2
c:\windows\system32\qnidqsnf.dll
c:\windows\system32\qqmlgcea.dll
c:\windows\system32\rflkuvjb.ini
c:\windows\system32\TDSSerrors.log
c:\windows\system32\tdssinit.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\tdssservers.dat
c:\windows\system32\tmp14.tmp
c:\windows\system32\tmp15.tmp
c:\windows\system32\umcfxkep.ini
c:\windows\system32\vaqxooji.ini
c:\windows\system32\wrqiocap.ini
c:\windows\system32\xbjtsvrb.ini
c:\windows\system32\xebsrpmo.ini
c:\windows\system32\xtlqoqly.dll
c:\windows\system32\ylqoqltx.ini
c:\windows\Sysvxd.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Files Creati Da 2008-11-28 al 2008-12-29 )))))))))))))))))))))))))))))))))))
.

2008-12-29 14:31 . 2008-12-29 14:31 <DIR> d-------- c:\windows\system32\xircom
2008-12-29 14:31 . 2008-12-29 14:31 <DIR> d-------- c:\windows\srchasst
2008-12-29 14:31 . 2008-12-29 14:31 <DIR> d-------- c:\programmi\microsoft frontpage
2008-12-29 13:57 . 2008-12-29 13:57 <DIR> d-------- c:\programmi\Alwil Software
2008-12-29 12:18 . 2008-12-29 12:18 <DIR> d-------- c:\programmi\Sophos
2008-12-28 15:20 . 2008-12-28 15:20 <DIR> d-------- C:\Scarface
2008-12-28 15:17 . 2008-12-28 15:17 <DIR> d-------- c:\programmi\SlySoft
2008-12-27 17:47 . 2008-12-27 17:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\vsosdk
2008-12-27 12:41 . 2008-12-27 17:48 <DIR> d-------- c:\programmi\DVDFab 5
2008-12-27 12:41 . 2008-12-28 13:58 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Vso
2008-12-27 12:41 . 2008-12-27 12:41 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-12-27 12:41 . 2008-12-27 12:41 47,360 --a------ c:\documents and settings\Administrator\Dati applicazioni\pcouffin.sys
2008-12-25 17:29 . 2008-12-25 17:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Elaborate Bytes
2008-12-18 13:23 . 2008-12-18 13:23 103,360 --a------ c:\windows\system32\drivers\AnyDVD.sys
2008-12-11 16:08 . 2008-12-11 16:08 <DIR> d-------- c:\documents and settings\LocalService\Dati applicazioni\Softland
2008-12-11 16:07 . 2008-10-13 15:23 7,533 --a------ c:\windows\system32\dopdf6.ctm
2008-12-06 16:30 . 2008-12-06 16:45 <DIR> d-------- c:\documents and settings\Administrator\dwhelper
2008-12-06 16:19 . 2008-12-06 16:19 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Moyea

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 13:37 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\VMware
2008-12-29 13:31 --------- d-----w c:\documents and settings\LocalService\Dati applicazioni\VMware
2008-12-29 13:31 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\VMware
2008-12-29 13:00 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2008-12-29 12:37 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-29 11:05 22,328 ----a-w c:\documents and settings\Administrator\Dati applicazioni\PnkBstrK.sys
2008-12-28 20:19 --------- d-----w c:\programmi\eMule
2008-12-28 14:23 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2008-12-05 13:32 --------- d-----w c:\programmi\Ubisoft
2008-12-05 13:02 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-26 16:47 --------- d-----w c:\programmi\Activision
2008-11-23 08:38 --------- d-----w c:\programmi\ATI Technologies
2008-11-22 16:21 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\ESET
2008-11-22 16:20 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ESET
2008-11-19 13:15 2,498,560 ------w C:\CoverPro.exe
2008-11-19 13:15 2,494,464 ------w C:\PolyImagePro.dll
2008-11-16 15:28 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-16 10:56 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Capcom
2008-11-16 10:07 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\File de La Battaglia per la Terra di Mezzo
2008-11-16 08:53 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2008-11-16 08:48 --------- d-----w c:\programmi\File comuni\Adobe
2008-11-16 08:39 --------- d-----w c:\programmi\File comuni\Macrovision Shared
2008-11-08 17:06 --------- d-----w c:\programmi\nLite
2008-11-08 16:47 --------- d-----w c:\programmi\TuneUp Utilities 2007
2008-11-08 16:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2008-11-08 16:30 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\TuneUp Software
2008-11-07 13:17 --------- d-----w c:\programmi\Cenega
2008-11-05 17:56 --------- d-----w c:\programmi\Internet Download Manager
2008-11-05 17:56 --------- d-----w c:\programmi\FlashGet
2008-11-05 09:26 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\IDM
2008-11-05 09:26 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\DMCache
2008-11-04 16:47 --------- d-----w c:\programmi\NFOlux
2008-11-04 15:00 --------- d-----w c:\programmi\Cool Beans NFO Creator
2008-11-01 11:25 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\BlackBean
2008-11-01 07:56 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\DAEMON Tools
2008-11-01 07:56 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\.purple
2008-11-01 07:56 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\.ABC
2008-10-31 13:36 --------- d-----w c:\programmi\Activision Value
2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-10-28 19:46 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Leadertech
2008-10-28 14:32 --------- d-----w c:\programmi\DAEMON Tools Lite
2008-10-28 13:47 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-09 15:58 8,579 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-10-09 15:58 120,811 ----a-w c:\windows\BricoPackUninst.cmd
2006-02-28 15:59 2,512,385 ----a-w c:\documents and settings\Administrator\swat4.exe
2003-07-19 11:01 724,480 ----a-w c:\documents and settings\Administrator\gtaTClient.exe
2007-11-15 18:15 67,696 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2007-11-15 18:15 54,376 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2007-11-15 18:15 34,952 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2007-11-15 18:15 46,720 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2007-11-15 18:15 172,144 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

2008-03-01 13:09 552960 67e0e92cf392160df81006a4696b0b57 c:\windows\system32\user32.dll

2008-03-01 13:11 360832 ce3ec03c9f65302e44af5c452d20a86f c:\windows\system32\drivers\tcpip.sys

2008-08-17 17:51 2194944 d20ec1a968f99681d18a5b9f31f0a847 c:\windows\system32\ntkrnlpa.exe

2008-03-01 13:07 1008640 42a8c7dba63cc8e2dd0e2fe0bae426f4 c:\windows\explorer.exe

2008-03-01 13:09 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\system32\spoolsv.exe

2008-03-01 13:09 721752 8818417e21798c7d5143768987dc0135 c:\windows\system32\wuauclt.exe

2008-03-01 13:09 296960 426d423d5b826f198fee09dd3f3fd6ee c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"vmware-tray"="c:\programmi\VMware\VMware Workstation\vmware-tray.exe" [2008-08-08 72240]
"VMware hqtray"="c:\programmi\VMware\VMware Workstation\hqtray.exe" [2008-08-08 55856]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2008-03-01 c:\windows\system32\HDAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"wixpo"="c:\documents and settings\Administrator\Dati applicazioni\Google\mupd1_2_1931888.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\aMSN\\bin\\wish.exe"=
"c:\\Documents and Settings\\Administrator\\gtaTClient.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-29 111184]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-10-07 95888]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-10-07 41680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-29 20560]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\GPU-Z.sys []
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4B.tmp []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - HELPSVC
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 19:35]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{BE3D7036-4D5D-4BFF-8C90-E2A31E318517} - c:\windows\system32\ljJBsssP.dll
BHO-{DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - c:\windows\system32\ddcYqqOH.dll
HKLM-Explorer_Run-hGz1UMv54E - c:\documents and settings\All Users\Dati applicazioni\mvgzenyz\efavujsd.exe
ShellExecuteHooks-{CB0A0B68-3F3C-61D2-A901-8381E136D21A} - (no file)
ShellExecuteHooks-{DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - c:\windows\system32\ddcYqqOH.dll
Notify-ddcYqqOH - ddcYqqOH.dll


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
mStart Page = about:blank
TCP: {F2387411-D848-474B-AB70-C3C313495124} = 193.70.152.15,193.70.152.25
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\f68vh7e3.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 14:37:09
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4B.tmp"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\programmi\VMware\VMware Workstation\vmware-authd.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-29 14:38:45 - macchina è stato riavviato [Administrator]
ComboFix-quarantined-files.txt 2008-12-29 13:38:42

Pre-Run: 45,907,644,416 byte disponibili
Post-Run: 45,832,773,632 byte disponibili

262

Grazie mille , ha già eliminato qualcosa e per ora niente ADS...
Mi consigliate qualche Anti Virus senza firewall?

Scusa se sono indiscreto ma perché senza firewall?

[enea83]

anche io ti consiglio avira free, pero' se non lo affianchi ad un buon antyspyware (spywareterminator) che ti protegga in tempo reale a sei punto e a capo... dato che avira free non offre questa funzione.