www.MegaLab.it

[niko95omejo]

ciao posta un log della scansione di gmer
http://www.gmer.net/

[torch]

Ecco il log di combofix

ComboFix 10-11-12.06 - TRH 14/11/2010 12:09:01.12.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2785 [GMT 1:00]
Eseguito da: c:\documents and settings\TRH\Desktop\pippo.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000DCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000ECFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000FCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000010-0000-0000-0000-0000D8023C00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000010-0000-0000-0000-0000D8023D00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000040-0000-0000-0000-0000E8013D00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EE84-FFFC-FFFF-0200-00004FBCC4F1}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EF40-0002-0000-8843-927C00F0FF7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {006E0069-0053-0078-5300-5C0000004100}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 0 bytes in 2 streams.

((((((((((((((((((((((((( Files Creati Da 2010-10-14 al 2010-11-14 )))))))))))))))))))))))))))))))))))
.

2010-11-14 10:25 . 2010-11-14 10:45 -------- d-----w- C:\pippo
2010-11-12 20:22 . 2010-11-12 20:22 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-12 20:12 . 2010-11-12 20:12 -------- d-----w- c:\programmi\Hitman Pro 3.5
2010-11-12 18:25 . 2010-11-12 18:25 -------- d-----w- c:\programmi\NoVirusThanks
2010-11-12 13:35 . 2010-11-12 13:35 388096 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-12 12:08 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\10145712.sys
2010-11-12 12:08 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\1014571.sys
2010-11-12 09:40 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\42142092.sys
2010-11-12 09:40 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\4214209.sys
2010-11-12 09:40 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\42142091.sys
2010-11-11 21:41 . 2010-11-11 23:27 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Spotify
2010-11-11 21:41 . 2010-11-11 23:24 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Spotify
2010-11-11 21:41 . 2010-11-11 21:41 -------- d-----w- c:\programmi\Spotify
2010-11-11 20:59 . 2010-11-11 20:59 76440 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\programmi\Prevx
2010-11-11 20:59 . 2010-11-11 21:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-11-11 20:42 . 2010-11-13 09:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-11 20:41 . 2010-11-12 20:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hitman Pro
2010-11-10 18:44 . 2010-11-10 18:44 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Avira
2010-11-10 15:01 . 2010-11-10 15:01 -------- d-----w- c:\windows\system32\winrm
2010-11-10 15:01 . 2010-11-10 15:01 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-11-10 14:59 . 2008-07-11 00:29 92184 ----a-w- c:\windows\system32\SQSRVRES.DLL
2010-11-10 11:08 . 2010-11-10 11:08 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\MumboJumbo
2010-11-10 11:08 . 2010-11-10 11:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MumboJumbo
2010-11-10 11:08 . 2010-11-10 11:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2010-11-10 10:29 . 2010-11-10 10:29 -------- d-----w- c:\programmi\Games
2010-11-10 09:53 . 2010-11-10 09:53 -------- d-----w- c:\programmi\Blast From The Past
2010-11-10 09:53 . 1997-01-18 10:40 299520 ----a-w- c:\windows\uninst.exe
2010-11-10 07:46 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-11-10 07:46 . 2010-11-10 07:46 -------- d-----w- c:\programmi\AviSynth 2.5
2010-11-10 07:46 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-11-10 07:46 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-11-09 23:22 . 2010-11-09 23:22 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\VideoCharge Studio
2010-11-09 23:21 . 2008-09-30 11:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2010-11-09 23:21 . 2010-11-09 23:21 -------- d-----w- c:\programmi\VideoCharge Software
2010-11-09 21:30 . 2010-11-10 07:49 -------- d-----w- C:\video_output
2010-11-09 19:15 . 2010-11-09 19:15 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Xilisoft
2010-11-09 19:15 . 2010-11-09 19:15 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Xilisoft
2010-11-09 19:14 . 2010-11-09 19:14 -------- d-----w- c:\programmi\Xilisoft
2010-11-09 19:14 . 2010-11-09 19:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Xilisoft
2010-11-07 08:52 . 2010-11-07 08:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nikon
2010-11-05 23:53 . 2010-11-05 23:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nik Software
2010-11-05 23:50 . 2010-11-05 23:50 -------- d-----w- c:\programmi\Nik Software
2010-11-05 20:54 . 2010-11-05 20:54 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Athentech
2010-11-05 20:51 . 2010-11-05 20:51 -------- d-----w- c:\programmi\Athentech
2010-11-04 17:30 . 2010-11-04 18:05 -------- d-----w- c:\programmi\Nikon
2010-11-04 16:22 . 2010-11-11 10:04 -------- d-----w- c:\programmi\Hard Disk Sentinel
2010-11-03 23:27 . 2010-11-11 10:04 -------- d-----w- c:\programmi\HDD Regenerator
2010-11-02 15:31 . 2010-11-02 15:31 -------- d-----w- c:\programmi\tamasoftware
2010-11-02 11:05 . 2010-11-02 11:05 -------- d-----w- c:\programmi\File comuni\SafeNet Sentinel
2010-11-02 11:05 . 2010-11-02 11:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SafeNet Sentinel
2010-11-02 11:04 . 2010-11-02 11:04 -------- d-----w- c:\programmi\File comuni\Optical Research Associates
2010-11-02 10:59 . 2010-11-02 10:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LightTools
2010-11-01 13:05 . 2010-11-01 13:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logitech
2010-11-01 13:04 . 2010-11-01 13:04 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Logishrd
2010-11-01 13:04 . 2010-11-01 13:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-01 13:04 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-11-01 13:03 . 2010-11-01 13:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logishrd
2010-11-01 12:47 . 2010-11-01 12:47 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Logishrd
2010-10-30 15:27 . 2010-10-30 15:27 -------- d-----w- c:\programmi\File comuni\Skype
2010-10-30 14:55 . 2009-10-19 15:30 23848 ----a-w- c:\windows\system32\libcmmn.dll
2010-10-30 14:55 . 2009-10-19 15:30 42280 ----a-w- c:\windows\system32\WebCamKSProxyPlugin.ax
2010-10-30 14:55 . 2009-10-19 15:30 681256 ----a-w- c:\windows\system32\WebCamPropertyWindow.dll
2010-10-30 14:55 . 2008-12-12 16:34 73728 ----a-w- c:\windows\system32\BurnerApLib.dll
2010-10-30 14:55 . 2008-10-09 09:02 102400 ----a-w- c:\windows\system32\st50220.dll
2010-10-30 14:55 . 2003-02-28 16:26 947472 ----a-w- c:\windows\system32\msjava.dll
2010-10-27 09:25 . 2010-10-27 09:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\explauncher
2010-10-27 09:25 . 2010-10-27 09:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\launcher
2010-10-27 09:24 . 2010-07-13 09:57 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-10-27 09:24 . 2010-10-27 09:24 -------- d-----w- c:\programmi\Paragon Software
2010-10-27 08:59 . 2010-08-26 07:32 98696 ----a-w- c:\windows\system32\setupprwdrv03.exe
2010-10-27 08:59 . 2010-08-25 17:39 13064 ----a-w- c:\windows\system32\prwntdrv.sys
2010-10-27 08:59 . 2010-10-27 08:59 -------- d-----w- c:\programmi\EASEUS
2010-10-25 23:17 . 2010-10-25 23:28 -------- d-----w- C:\5b59075a0b5cf0c871191fe7
2010-10-25 22:45 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-25 22:45 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-25 22:45 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 17:29 . 2009-01-14 20:46 57344 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-10-16 21:52 . 2010-08-10 08:41 3072 ----a-w- c:\windows\system32\Viveza2FC32.dll
2010-10-04 12:13 . 2010-10-04 12:13 64512 ----a-w- c:\windows\system32\nlssrv32.exe
2010-09-29 08:01 . 2010-06-01 17:00 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-29 08:01 . 2010-06-01 17:00 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-29 08:01 . 2010-06-01 17:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-29 08:01 . 2010-06-04 09:55 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-29 08:01 . 2010-06-01 17:00 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-25 18:43 . 2010-09-25 18:43 1724416 ----a-w- c:\windows\system32\gdiplus.dll
2010-09-18 10:23 . 2004-08-19 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 12:00 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-19 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-19 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49 . 2006-03-04 03:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2004-08-19 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2004-08-19 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 13:22 . 2010-06-20 08:53 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-01 13:22 . 2009-09-24 09:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-01 11:51 . 2004-08-19 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2004-08-19 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-19 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 2004-08-19 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-19 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-19 12:00 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2009-11-19 19:08 . 2009-11-19 19:08 3749224 ----a-w- c:\programmi\File comuni\adlmint_libFNP.dll
2009-11-19 19:08 . 2009-11-19 19:08 2941288 ----a-w- c:\programmi\File comuni\adlmint.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="e:\masterizzazione\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"i8kfangui"="c:\programmi\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Gadwin PrintScreen Pro"="c:\programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192]
"LVCOMS"="c:\programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"IntelZeroConfig"="c:\programmi\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"avgnt"="e:\sicurezza\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"COMODO Internet Security"="e:\sicurezza\Comodo\COMODO\COMODO Internet Security\cfp.exe" [2010-09-29 2500552]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-13 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\TRH\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-4-18 95232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- e:\sistema\Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- e:\audio\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- e:\players\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-06 17:37 69216 ------w- e:\players\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 14:49 14940040 ----a-r- e:\internet\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Sistema\\Office\\Office12\\OUTLOOK.EXE"=
"e:\\Sistema\\Office\\Office12\\GROOVE.EXE"=
"e:\\Sistema\\Office\\Office12\\ONENOTE.EXE"=
"e:\\Internet\\uTorrent\\uTorrent.exe"=
"e:\\Internet\\Mirc\\mirc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Internet\\eMule\\emule.exe"=
"e:\\Internet\\Firefox\\firefox.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"e:\\Internet\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\Architettura\\Rhinoceros_4\\System\\Rhino4.exe"=
"d:\\3dsMax2010\\3dsmax.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"e:\\Architettura\\3dMax2010Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"e:\\Internet\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Architettura\\3dMax2011\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"e:\\Architettura\\Backburner\\monitor.exe"=
"e:\\Architettura\\Backburner\\manager.exe"=
"e:\\Architettura\\Backburner\\server.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Audio\\iTunes\\iTunes.exe"=
"e:\\Internet\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Crazybump\\cb.exe"=
"c:\\Programmi\\Spotify\\spotify.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"3140:TCP"= 3140:TCP:IP-Clamp Licensing Service
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows

R0 10145712;10145712 Boot Guard Driver;c:\windows\system32\drivers\10145712.sys [12/11/2010 13:08 37392]
R0 42142092;42142092 Boot Guard Driver;c:\windows\system32\drivers\42142092.sys [12/11/2010 10:40 37392]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [27/10/2010 10:24 40560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/12/2008 14:04 685816]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys c:\windows\system32\drivers\CFRMD.sys
S1 10145711;10145711;c:\windows\system32\DRIVERS\10145711.sys c:\windows\system32\DRIVERS\10145711.sys
S1 42142091;42142091;c:\windows\system32\drivers\42142091.sys [12/11/2010 10:40 128016]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [04/06/2010 10:55 239240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [01/06/2010 18:00 25240]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;\??\c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys
S1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [16/06/2009 23:57 14464]
S1 setup_9.0.0.722_12.11.2010_10-13drv;setup_9.0.0.722_12.11.2010_10-13drv;c:\windows\system32\drivers\1014571.sys [12/11/2010 13:08 315408]
S2 3d-io License Server v2.0;3d-io License Server v2.0;c:\programmi\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [28/01/2009 17:49 45056]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 - Servizio Gestione licenze;e:\scanner\abbyy\NetworkLicenseServer.exe -service e:\scanner\abbyy\NetworkLicenseServer.exe -service
S2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [04/02/2010 18:06 1431440]
S2 ArchVision Content Manager Service;ArchVision Content Manager Service;c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path "c:\programmi\ArchVision\ArchVision Content Manager" c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path c:\programmi\ArchVision\ArchVision Content Manager
S2 CAMTHWDM;CAMTHWDM;c:\windows\system32\drivers\CAMTHWDM.sys [06/10/2007 09:38 941784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 cpwnt;cpwnt;c:\windows\system32\drivers\cpwnt.sys [16/01/2009 22:52 21824]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/10/2009 14:34 133104]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run c:\windows\system32\hasplms.exe -run
S2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.;c:\programmi\cebas\ip-clamp\ipclamp.exe [20/11/2007 10:52 45700]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [01/11/2010 14:04 10448]
S2 LTService;LTService 7.0.0.1;c:\programmi\File comuni\Optical Research Associates\LightTools\ltService.exe [08/02/2010 13:55 761856]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;e:\architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 17:36 86016]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;e:\architettura\3dMax2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [10/03/2010 01:10 86016]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [04/10/2010 13:13 64512]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 07:08 3575808]
S2 WDDMService;WD SmartWare Drive Manager;c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [05/11/2009 08:44 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 08:58 20480]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/07/2009 18:14 94720]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\hpx9g2k.sys [06/01/2009 10:24 12658]
S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [04/05/2010 13:47 99968]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys c:\windows\system32\DRIVERS\ivusb.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/01/2010 05:36 20952]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11.tmp c:\windows\system32\11.tmp
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20/08/2010 18:09 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20/08/2010 18:09 8320]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [27/10/2010 09:59 13064]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [17/05/2010 16:30 27064]
S3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/03/2010 18:50 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\programmi\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 01:28 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmi\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 03:23 366936]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - LBEEPKE
*NewlyCreated* - MDMXSDK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'

2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003Core.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003UA.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Append Link Target to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with - c:\programmi\Xilisoft\Download YouTube Video\upod_link.HTM
TCP: {B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\
FF - prefs.js: browser.search.selectedEngine - De Mauro - Sinonimi e contrari
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VisuAllViewer@digitalarts.dk\plugins\npvisuall2.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\TVUPlayer\npTVUAx.dll
FF - plugin: c:\programmi\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: e:\audio\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
e:\internet\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 12:19
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\11.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\players\PowerDVD\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(352)
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(988)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
e:\architettura\3dMax2011\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\programmi\WIBU-SYSTEMS\System\WibuShellExt.dll
e:\fotografia\Autopano Giga 2\AutopanoShell_win32.dll
c:\programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll
e:\fotografia\Autopano Pro\AutopanoShell_win32.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
Ora fine scansione: 2010-11-14 12:26:26
ComboFix-quarantined-files.txt 2010-11-14 11:26

Pre-Run: 3.571.109.888 byte disponibili
Post-Run: 3.540.336.640 byte disponibili

Current=2 Default=2 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - B44022A1725F0EA98DD33FA1C4F17164

[torch]

Ho lanciato Findykill.

Ho dovuto riavviare il firewall, altrimenti non mi faceva lanciare l'eseguidile, dicendo che non avevo le autorizzazioni necessarie per avviarlo
(ho un unico account utente, ed è chiaramente con privilegi di amministartore).

Ora si è riavviato, immagino stia lavorando.
Quando finisce posto il log.

[torch]

Appena finisco la trafila suggerita da FDAC, lancio gmer, grazie.

[FDAC]

Ciao Torch.
Ti rispondo per quanto concerne Combofix.

- Scarica Avenger dal link sottostante:
http://swandog46.geekstogo.com/avenger.zip
- Scompattalo in una sua cartella non temporanea e non sul Desktop

- Avvia Avenger
- Clicca Ok
- Inserisci queste righe (fai copia-incolla) nel riquadro bianco:

Files to delete:
c:\windows\system32\11.tmp
c:\windows\system32\drivers\pxrts.sys
c:\windows\system32\guard32.dll
c:\windows\system32\drivers\cmdhlp.sys
c:\windows\system32\licmgr10.dll
c:\windows\system32\drivers\avipbb.sys
c:\windows\system32\drivers\avgntflt.sys

Folders to delete:
c:\programmi\Blast From The Past

Registry keys to delete:
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

- Togli la spunta da Scan for Rootkit
- Clicca su Execute e aspetta un po'.
- Il PC dovrebbe riavviarsi; se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger.

P.S. La nuova versione di Avenger ha un problema che si presenta abbastanza di frequente, quando tenti di eseguire lo script ottieni questo messaggio di errore:

Error: invalid script. Avalid script must begin with a command directive.
Aborting execution!

In questo caso prova a cancellare e riscrivere la prima riga dello script e poi a rieseguirlo.


Carica questi files su VirusTotal e Posta l'esito qui:
c:\windows\system32\drivers\10145712.sys
c:\windows\system32\drivers\1014571.sys
c:\windows\system32\drivers\42142092.sys
c:\windows\system32\drivers\4214209.sys
c:\windows\system32\drivers\42142091.sys
c:\windows\uninst.exe
c:\windows\system32\drivers\LNonPnP.sys
c:\windows\system32\prwntdrv.sys

[torch]

Ciao,
appena Findykill finisce devo continuare con i passaggi che mi avevi suggerito prima, o passo subito ad avenger-'

[FDAC]

Ciao.
Appena Findy finisce, posta il log.
Poi prosegui con Avenger, sei infetto da Rootkit, e Banker Malware..

[torch]

Maledizione...

Appena mi restituisce il log lo posto. Ancora grazie.

[FDAC]

Prego, amico.
A presto.

[torch]

Findykill ha finito.
Il sistema si è rtiavviato ed al caricamento del desktop sono uscite 3 finestre di segnalazione errore:

la prrima: quickset.exe (software di dell) : Applicazione non correttamente inizializzata (0xc0000142)
la seconda: avgn: failed to load (e seguono 6 caratteri ascii che rappresentano 6 quadratini)

(chiudendo questa, si apre una nuova segnalazione erore del tipo: E R R O R The application module e:\sicurezza\avira\antivir desktop\ccwkrlib.dll
cannot be foun or has been modified or destroied. The AVGNT.exe cannot be started.
Please, check you installatio.

la terza: rundll: errore durante il caricamento di c:\windows\system32\NvCpl.dll
Routine di inizializzazione della libreria di collegamento dinamico (DLL) non riuscita

ora posto il log

[torch]

Ecco il log di FindyKill

############################# | FindyKill V5.052 |

# User : TRH (Administrators) # TRH-DELL
# Update on 23/10/2010 by El Desaparecido
# Start at: 13:05:58 | 14/11/2010
# Website : http://www.teamxscript.org/
# Contact : eldesaparecido@teamxscript.org

# Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : AntiVir Desktop 10.0.1.52 [ Enabled | Updated ]
# AV : AntiVir Desktop 10.0.1.52 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : AntiVir Desktop 10.0.1.52 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# FW : COMODO Firewall[ Enabled ]3.9

# C:\ # Disco rigido locale # 49,85 Go (3,28 Go free) [Sys] # NTFS
# D:\ # Disco rigido locale # 9,77 Go (1,27 Go free) [Swap] # NTFS
# E:\ # Disco rigido locale # 49,9 Go (5,86 Go free) [Programmi] # NTFS
# F:\ # Disco rigido locale # 140,7 Go (4,9 Go free) [Dati] # NTFS
# G:\ # Disco rigido locale # 24,51 Go (6,66 Go free) [TMP] # NTFS
# H:\ # Disco rigido locale # 23,36 Go (821,12 Mo free) [TMP_2] # NTFS
# I:\ # Disco CD-ROM
# J:\ # Disco CD-ROM

################## | Eléments infectieux |


################## | CRC32 ... |


################## | Registre |

Supprimé ! [HKCU\Software\Classes\ed2k]
Supprimé ! [HKCR\ed2k]

################## | Etat |

# Mode sans echec : OK


# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | Fichiers corrompus |

... OK !

################## | Upload |

Veuillez envoyer le fichier : C:\FindyKill_Upload_Me_TRH-DELL.zip : http://www.teamxscript.org/Sample/Upload.php
Merci pour votre contribution .

################## | ! Fin du rapport # FindyKill V5.052 ! |

Avenger mi ha datoi per 2 volte il messaggio di errore: "Invalid registry key format" poi si è riavviato

[torch]

log di avenger

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun Nov 14 14:41:15 2010

14:40:59: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
14:41:11: Error: Invalid registry syntax in command:
"WINRM REG_MULTI_SZ WINRM"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "c:\windows\system32\11.tmp" not found!
Deletion of file "c:\windows\system32\11.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

File "c:\windows\system32\drivers\pxrts.sys" deleted successfully.
File "c:\windows\system32\guard32.dll" deleted successfully.
File "c:\windows\system32\drivers\cmdhlp.sys" deleted successfully.
File "c:\windows\system32\licmgr10.dll" deleted successfully.
File "c:\windows\system32\drivers\avipbb.sys" deleted successfully.
File "c:\windows\system32\drivers\avgntflt.sys" deleted successfully.
Folder "c:\programmi\Blast From The Past" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[torch]

Ho inviato tutti i file su virustotal.
Hanno tutti una detection ratio di 0/43

[torch]

Ho rilanciato Avenger e mi da sempre lo stesso errore.
Eccolo per esteso:


error: invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\software\microsoft\mindows nt\currentversion\svchost]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (registry key deletion mode)

[niko95omejo]

fai anche Gmer..

[FDAC]

Ciao Torch. Come va il PC? Posta un log aggiornato di Hijackthis.

[torch]

Il pc non l'ho ancora ricollegato alla rete.
per ora va bene, ma faceva così anche ieri. Poi l'ho collegato alla rete... ed è succecco si delirio.

Per l'errove che mi da avenger devo fare qualcosa? Ho sbagliato io.

Adesso ho lanciato gmer.

Poi riprendo dalla lista che mi avevi dato, quindi da Kaspersky virus removal?

questo è il log aggiornato di hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:54:40, on 14/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Sicurezza\Avira\AntiVir Desktop\sched.exe
C:\Programmi\3d-io plugins\licensing_v2\ActiveLockServerV2.exe
E:\Scanner\abbyy\NetworkLicenseServer.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\WINDOWS\system32\astsrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\cebas\ip-clamp\ipclamp.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Optical Research Associates\LightTools\ltService.exe
E:\Architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe
E:\Architettura\3dMax2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\WINDOWS\system32\MNSFramework.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Manutenzione\PerfectDisk\PDAgent.exe
C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Programmi\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Programmi\Dell\QuickSet\Quickset.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe
C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe
E:\Sicurezza\Avira\AntiVir Desktop\avgnt.exe
E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
E:\Masterizzazione\DAEMON Tools\daemon.exe
C:\Programmi\I8kfanGUI\I8kfanGUI.exe
C:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - E:\Architettura\DIALux\DLXShellExtension.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Sistema\Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmi\IDM\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [avgnt] "E:\Sicurezza\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Masterizzazione\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [i8kfangui] C:\Programmi\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with - C:\Programmi\Xilisoft\Download YouTube Video\upod_link.HTM
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Sistema\Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Sistema\Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Sistema\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Sistema\Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 3d-io License Server v2.0 - 3d-io GmbH - C:\Programmi\3d-io plugins\licensing_v2\ActiveLockServerV2.exe
O23 - Service: ABBYY FineReader 9.0 - Servizio Gestione licenze (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - E:\Scanner\abbyy\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - E:\Sicurezza\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Sicurezza\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: ArchVision Content Manager Service - ArchVision - C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe
O23 - Service: AST Service (ASTCC) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc. (IPClampService) - Unknown owner - C:\Programmi\cebas\ip-clamp\ipclamp.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LTService 7.0.0.1 (LTService) - Optical Research Associates - C:\Programmi\File comuni\Optical Research Associates\LightTools\ltService.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - E:\Architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - E:\Architettura\3dMax2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\nlssrv32.exe
O23 - Service: Provider supporto protezione LM NT (NtLmSsp) - Unknown owner - (no file)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - E:\Manutenzione\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Manutenzione\PerfectDisk\PDEngine.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 14981 bytes

[FDAC]

Carica su Virustotal questo file:
C:\WINDOWS\system32\MNSFramework.exe

Posta l'esito

Procedi con le mie indicazioni

[hashcat]

Il sistema si è riavviato ed al caricamento del desktop sono uscite 3 finestre di segnalazione errore:

la prrima: quickset.exe (software di dell) : Applicazione non correttamente inizializzata (0xc0000142)
la seconda: avgn: failed to load (e seguono 6 caratteri ascii che rappresentano 6 quadratini)

(chiudendo questa, si apre una nuova segnalazione erore del tipo: E R R O R The application module e:\sicurezza\avira\antivir desktop\ccwkrlib.dll
cannot be foun or has been modified or destroied. The AVGNT.exe cannot be started.
Please, check you installatio.

la terza: rundll: errore durante il caricamento di c:\windows\system32\NvCpl.dll
Routine di inizializzazione della libreria di collegamento dinamico (DLL) non riuscita

ora posto il log

E ci credo che vengono fuori questi errori, lo script per the avenger era scritto male (erano presenti dei file effettivamente infetti nello script) ma altri erano completamente innocui:
queste voci non andavano eliminate, erano sicure:

Codice: Seleziona tutto

c:\windows\system32\guard32.dll (appartiene a Comodo)
c:\windows\system32\drivers\cmdhlp.sys (appartiene a Comodo)
c:\windows\system32\drivers\avipbb.sys (Appartiene ad Avira (Avira Driver for RootKit Detection))
c:\windows\system32\drivers\avgntflt.sys (Appartiene ad Avira (AVIRA Minifilter Driver))


Inoltre la dll mancante c:\windows\system32\NvCpl.dll era pulita (nvcpl.dll è un archivio delle biblioteche per l'adattatore di visualizzazione di NVIDIA)
Quindi ora avira e comodo non funzionano più correttamente, devi reinstallarli. Per quanto riguarda hijackthis sembra a posto. Fai analizzare come detto da FDAC questo file C:\WINDOWS\system32\MNSFramework.exe.

[FDAC]

Diamine! Mi saro' addormentato, dannazione.

Torch:
disinstalla Avira e Comodo

Reinstallali

Scusa ancora.
@hascat: hai MP