Problema Virus - file ld12.exe e pp10.exe

[bob20]

Penso di aver preso un virus o trojan.
Mentre navigavo, Internet Explorer ha cominciato ad andare lentissimo fino a bloccarsi quasi, poi AntiVir mi ha segnalato per due volte (anzi tre, la terza volta mentre facevo scansioni varie per provare a risolvere il problema) dei Trojan, ho cliccato su elimina.

Intanto VirIt mi ha segnalato la presenza di 2 file in C:\WINDOWS in esecuzione automatica:
dl12.exe e pp10.exe.

Ho fatto la scansione con HijackThis, ho postato il risultato su quella apposita pagina consigliata sul vostro sito pc-facile.com e come voci sospette mi ha segnalato proprio le voci relative a quei due file appena citati.
Ho fatto Fix Checked. Poi ho fatto le scansioni con Gromozon e (in modalità provvisoria) con Fixlinkoptimizer, mi dice che è tutto a posto, però ho controllato e quei due file sono ancora lì!

Forse tramite Unlocker posso riuscire a eliminarli, ci posso provare? Risolverebbe il problema?

Che mi consigliate di fare?

Se può servire, metto la nuova scansione appena fatta con Hijackthis:

Codice: Seleziona tutto

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.46.55, on 14/07/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programmi\Winamp\winampa.exe
C:\Programmi\QuickTime\qttask.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Java\jre1.5.0_04\bin\jucheck.exe
C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Windows NT\Accessori\wordpad.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://liberomail.libero.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: rncsys32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Save Flash - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Google Update Service (gupdate1c9bac9b1d2c2b0) (gupdate1c9bac9b1d2c2b0) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas   www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 7633 bytes


[Luke57]

Ciao, Scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disconnetiti da internet
Disattiva l'antivirus.
Avvia il file ComboFix.exe
Digita 1 per avviare il tool
Segui le istruzioni (non fare nulla durante la scansione, se spariscono le icone dal desktop è normale) e alla fine verrà generato un log.
Finito, posta il log che trovi in C:\Combofix.txt

[bob20]

grazie Luke, gentilissimo come sempre.

Ho fatto la scansione, ma non ho installato la console di ripristino di emergenza... avrei dovuto?

Comunque questo è il log:

Codice: Seleziona tutto

ComboFix 09-07-13.01 - Roberto 14/07/2009 21.10.31.2.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.1.1252.39.1040.18.495.216 [GMT 2:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Roberto\Dati applicazioni\wiaserva.log
c:\documents and settings\Roberto\Menu Avvio\Programmi\Esecuzione automatica\rncsys32.exe
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\3.tmp
c:\windows\4.tmp
c:\windows\5.tmp
c:\windows\7.tmp
c:\windows\8.tmp
c:\windows\9.tmp
c:\windows\B.tmp
c:\windows\C.tmp
c:\windows\D.tmp
c:\windows\F.tmp
c:\windows\Installer\168f1.msi
c:\windows\ld12.exe
c:\windows\pp10.exe

.
(((((((((((((((((((((((((   Files Creati Da 2009-06-14 al 2009-07-14  )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 17:14 . 2006-09-06 13:06   41728   ----a-w-   c:\windows\system32\drivers\VIRAGTLT.SYS
2003-10-27 18:08 . 2003-10-27 18:08   770048   ----a-w-   c:\programmi\winmx331.exe
2003-10-27 18:03 . 2003-10-27 18:03   3468472   ----a-w-   c:\programmi\winamp3_0-full.exe
2009-06-29 22:15 . 2009-01-18 17:54   134648   ----a-w-   c:\programmi\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2004-08-04 05:00   29056   4448006B6BC60E6C027932CFC38D6855   c:\windows\SoftwareDistribution\Download\59c09c8627b551c5be08ab5777d2dca8\ip6fw.sys

.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2003-04-08 13312]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-11-15 1670144]
"Packard Bell Data Secure"="c:\programmi\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-06-23 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-06-23 114688]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2002-07-25 151552]
"LManager"="c:\progra~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 155648]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2008-01-15 37376]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-11-05 77824]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2009-07-14 262144]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-11 185632]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-20 55296]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-06-23 88267]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-08 13312]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2003-11-28 106560]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-5-12 581693]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [29/04/2009 11.46.44 22360]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [06/09/2006 15.06.28 41728]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [29/04/2009 11.46.44 45416]
R2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [21/02/2008 20.43.26 245248]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\VIRITSVC.EXE [05/12/2008 19.19.08 57344]
S2 gupdate1c9bac9b1d2c2b0;Google Update Service (gupdate1c9bac9b1d2c2b0);c:\programmi\Google\Update\GoogleUpdate.exe [11/04/2009 19.19.26 133104]
S4 WebWdy;WebWdy;"\\?\c:\programmi\File comuni\Microsoft Shared\lpt1.exe" --> \\?\c:\programmi\File comuni\Microsoft Shared\lpt1.exe [?]
.
Contenuto della cartella 'Scheduled Tasks'

2003-10-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2003-10-19 08:27]

2009-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 19:57]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-11 17:19]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-11 17:19]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://liberomail.libero.it/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Save Flash - c:\programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 21:14
Windows 5.1.2600 Service Pack 1 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1685927933-2690133624-1694720459-1005\Identities\{F717E46F-20F7-4DB9-BA46-92292829952B}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
@DACL=(02 0000)
@SACL=
"File0"="Cielo blu.htm"
"File1"="Natura.htm"
"File2"="Giallo.htm"
"File3"="Girasole.htm"
"File4"="Agrumi.htm"
"File5"="Quadretti bianchi.htm"
"File6"="Foglie.htm"

[HKEY_USERS\S-1-5-21-1685927933-2690133624-1694720459-1005\Identities\{F717E46F-20F7-4DB9-BA46-92292829952B}\Software\Microsoft\Outlook Express\5.0\Shared Settings]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-1685927933-2690133624-1694720459-1005\Software\Local AppWizard-Generated Applications\Launch Tool]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0386D421-98BD-0323-3FA8-ED1C427590DC}]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0386D421-98BD-0323-3FA8-ED1C427590DC}\Data\MD]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"Data04"=dword:0000349c
"Data05"=dword:00000000
"Data0C"=dword:00000bb8
"Data0E"=dword:00000708
"Data0F"=dword:00000384
"Data10"=dword:00000003
"Data11"=dword:00000001
"Data12"=dword:000003e8
"Data13"=dword:00000014
"Data14"=dword:00000258
"Data15"=dword:00002a30
"Data16"=dword:00000005
"Data0D"=dword:00000960
"Data17"=dword:00000000
"Data18"=dword:0000000f
"Data19"=dword:0000000f
"Data1A"=dword:00000002
"Data21"=dword:00000001
"Data22"=dword:00000001
"Data23"=dword:00000005
"Data24"=dword:000004b0
"Data00"=dword:00000000
"Data01"=dword:00000000
"Data02"=dword:0000349c
"Data09"=dword:00000000
"Data80"="($\14ÿ˜\1f\0fG ¢‡tñÝÄÁì\12\0eû."
"Data85"="XTD¯iN>åÞƲ4Ü\02ýl\1e"
"Data86"="HD³ŸY>®ÛÈÅ(\1d\06ñdaSü¡‹="
"Data87"="8³£I®žÂ·.\1d\06ñgd@ü¡‹="
"Data82"="\08\04Ò`\1aþn–‚{îãÇ}\"\1e\0c½fR\0d?¦ž"
"Data83"="÷ÒdP\0an^–†öÅ» \"\07ùh]\0d=£¢MuáœÎ¶."
"Data84"="ÆdT@y^N†òÔ¾-\13Ìñn\\\0eF±\\Žvî"
"Data88"="§£“¹žŽÆ+\1e\16¼mTSýµš‡|éœÎ¶."
"Data89"="—“ƒï©Ž~6\1b\0e\06-]DCm¥ŠwìÙŒ¾&\1e"
"Data8A"="‡ƒóß™~í&\0býv\1dM4²]•z°œÎ¶."
"Data8B"="wóãωíÝ\01\02dRQ4²\\ŒsòÀÁë\1e\06ý"
"Data8C"="çãÓ¿øÝÍ\06rTB>¬’Lqíۍ±-\1b\0bül\1dR3ª‰nñÒ‹½%\1d"
"Data8D"="×ÓÃ/èͽrW@3¢L|ãâÁ&Û\0eõn"
"Data8E"="´\0aüíåM"
"Data8F"="·3#\0fÈ.\1eAB£‘sòœÌ³2Ü\11ù,^F>"
"Data91"="\17\13\03o)\0eý¥‘Š}òÖŒ±-\1bÌóe\1cN6­"
"Data92"="\07\03s_\19ým¥Š}õœÌ³2Ü\01ük[M<l•†{ñÌÇÀê\1d\05ü"
"Data1B"=dword:00000000
"Data1D"=dword:00000000
"Data25"=dword:00000000
"Data1C"=dword:00000000
"Data1E"=dword:00000000
"Data26"=dword:00000001
"Data0A"=dword:0000349c
"Data0B"=dword:0000003a
"Data20"=dword:0023826d
"Data90"="1\14\15÷dfRú¥—zäàdz,\12\11¹qcA9¦›„9áÜÔ»)\1cýð)d>?¬X"
"Data2B"=dword:00000000
"Data2C"=dword:00000000
"Data2D"=dword:00000000
"Data2E"=dword:00000000
"Data27"=dword:00000003
"Data28"=dword:00000003
"Data29"=dword:00000003
"Data2A"=dword:00000003

[HKEY_LOCAL_MACHINE\software\CyberLink\PowerDVD\BuildInfo]
@DACL=(02 0000)
@SACL=
"SR_No"="DVD030423-04"
"Skin"="2420"
"iPower"="030407"
"UG"="1510"
"Setup"="030421"
"Help"="2416"
"RC"="030414"
"Readme"="2416"
"Kernel"="v2834_DS(Acer)"
"UI"="v2824_DDVS_DS(Acer)"
"Filter"="v2834_DS(Acer)"

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\ahafh]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)

[HKEY_LOCAL_MACHINE\software\Microsoft\ghkig]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{13A7995E-7D8F-45B4-9C77-819265225763}]
@DACL=(02 0000)
"Priority"=dword:00000001
"AutoInsert"=dword:00000001
"Name"="WMPlayer Spectrum Analyzer DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{95037DA1-6ED9-4B27-8CFF-9AD3DFB0B2F2}]
@DACL=(02 0000)
"Priority"=dword:fffffffb
"AutoInsert"=dword:00000001
"Name"="WMPlayer SRSWow DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{974BF3BF-C9AE-4476-8003-5FE544DF458C}]
@DACL=(02 0000)
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Video Processing DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{B2DBA270-9F49-4513-AC13-76496D6EBA3A}]
@DACL=(02 0000)
"Priority"=dword:00000002
"AutoInsert"=dword:00000000
"Name"="Speaker Enhancement DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D01BC8E2-70AD-4976-9612-21B37ED5C8E8}]
@DACL=(02 0000)
"Priority"=dword:00000003
"AutoInsert"=dword:00000001
"Name"="WMPlayer Equalizer DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Publish\{1AC8AC62-67E9-4676-BA08-194A6916B145}]
@DACL=(02 0000)
@="WMPlayer CD Burn Publish Provider"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Publish\{F6402585-08FB-498E-877D-2D8EDF05219F}]
@DACL=(02 0000)
@="WMPlayer WMDM Publish Provider"

[HKEY_LOCAL_MACHINE\software\NewTech Infosystems\NTI CD-Maker\6]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\NewTech Infosystems\NTI CD-Maker\OEMUrl]
@DACL=(02 0000)
@SACL=
"Home"="http://global.acer.com"

[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek AC'97 Audio]
@DACL=(02 0000)
@SACL=
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\System32\ODBC32.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\System32\hccutils.DLL

- - - - - - - > 'lsass.exe'(796)
c:\windows\System32\dssenh.dll
.
Ora fine scansione: 2009-07-14 21.15.18
ComboFix-quarantined-files.txt  2009-07-14 19:15
ComboFix2.txt  2007-10-04 10:52

Pre-Run: 988.889.088 byte disponibili
Post-Run: 1.032.421.376 byte disponibili

286


[Luke57]

Ciao, in effetti sembra un'infezione da linkoptimizer, hai detto che i tools non hanno rilevato niente,
adesso apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:

Codice: Seleziona tutto

Driver::
WebWdy

File::
c:\programmi\File comuni\Microsoft Shared\lpt1.exe

salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.

[bob20]

Grazie. Ho fatto come hai detto.
Questo è il nuovo log:

Codice: Seleziona tutto

ComboFix 09-07-13.01 - Roberto 15/07/2009 12.11.58.3.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.1.1252.39.1040.18.495.235 [GMT 2:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Roberto\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\programmi\File comuni\Microsoft Shared\lpt1.exe"
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WEBWDY
-------\Service_WebWdy


(((((((((((((((((((((((((   Files Creati Da 2009-06-15 al 2009-07-15  )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 17:14 . 2006-09-06 13:06   41728   ----a-w-   c:\windows\system32\drivers\VIRAGTLT.SYS
2003-10-27 18:08 . 2003-10-27 18:08   770048   ----a-w-   c:\programmi\winmx331.exe
2003-10-27 18:03 . 2003-10-27 18:03   3468472   ----a-w-   c:\programmi\winamp3_0-full.exe
2009-06-29 22:15 . 2009-01-18 17:54   134648   ----a-w-   c:\programmi\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2004-08-04 05:00   29056   4448006B6BC60E6C027932CFC38D6855   c:\windows\SoftwareDistribution\Download\59c09c8627b551c5be08ab5777d2dca8\ip6fw.sys

.
(((((((((((((((((((((((((((((   SnapShot@2009-07-14_19.14.03   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 10:17 . 2009-07-15 10:17   16384              c:\windows\temp\Perflib_Perfdata_7b0.dat
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2003-04-08 13312]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-11-15 1670144]
"Packard Bell Data Secure"="c:\programmi\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-06-23 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-06-23 114688]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2002-07-25 151552]
"LManager"="c:\progra~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 155648]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2008-01-15 37376]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-11-05 77824]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2009-07-14 262144]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-11 185632]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-20 55296]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-06-23 88267]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-08 13312]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2003-11-28 106560]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-5-12 581693]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [29/04/2009 11.46.44 22360]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [06/09/2006 15.06.28 41728]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [29/04/2009 11.46.44 45416]
R2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [21/02/2008 20.43.26 245248]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\VIRITSVC.EXE [05/12/2008 19.19.08 57344]
S2 gupdate1c9bac9b1d2c2b0;Google Update Service (gupdate1c9bac9b1d2c2b0);c:\programmi\Google\Update\GoogleUpdate.exe [11/04/2009 19.19.26 133104]
.
Contenuto della cartella 'Scheduled Tasks'

2003-10-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2003-10-19 08:27]

2009-07-15 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 19:57]

2009-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-11 17:19]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-11 17:19]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://liberomail.libero.it/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Save Flash - c:\programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\o51ze5ma.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 12:17
Windows 5.1.2600 Service Pack 1 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1685927933-2690133624-1694720459-1005\Identities\{F717E46F-20F7-4DB9-BA46-92292829952B}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
@DACL=(02 0000)
@SACL=
"File0"="Cielo blu.htm"
"File1"="Natura.htm"
"File2"="Giallo.htm"
"File3"="Girasole.htm"
"File4"="Agrumi.htm"
"File5"="Quadretti bianchi.htm"
"File6"="Foglie.htm"

[HKEY_USERS\S-1-5-21-1685927933-2690133624-1694720459-1005\Identities\{F717E46F-20F7-4DB9-BA46-92292829952B}\Software\Microsoft\Outlook Express\5.0\Shared Settings]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-1685927933-2690133624-1694720459-1005\Software\Local AppWizard-Generated Applications\Launch Tool]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0386D421-98BD-0323-3FA8-ED1C427590DC}]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0386D421-98BD-0323-3FA8-ED1C427590DC}\Data\MD]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"Data04"=dword:0000349c
"Data05"=dword:00000000
"Data0C"=dword:00000bb8
"Data0E"=dword:00000708
"Data0F"=dword:00000384
"Data10"=dword:00000003
"Data11"=dword:00000001
"Data12"=dword:000003e8
"Data13"=dword:00000014
"Data14"=dword:00000258
"Data15"=dword:00002a30
"Data16"=dword:00000005
"Data0D"=dword:00000960
"Data17"=dword:00000000
"Data18"=dword:0000000f
"Data19"=dword:0000000f
"Data1A"=dword:00000002
"Data21"=dword:00000001
"Data22"=dword:00000001
"Data23"=dword:00000005
"Data24"=dword:000004b0
"Data00"=dword:00000000
"Data01"=dword:00000000
"Data02"=dword:0000349c
"Data09"=dword:00000000
"Data80"="($\14ÿ˜\1f\0fG ¢‡tñÝÄÁì\12\0eû."
"Data85"="XTD¯iN>åÞƲ4Ü\02ýl\1e"
"Data86"="HD³ŸY>®ÛÈÅ(\1d\06ñdaSü¡‹="
"Data87"="8³£I®žÂ·.\1d\06ñgd@ü¡‹="
"Data82"="\08\04Ò`\1aþn–‚{îãÇ}\"\1e\0c½fR\0d?¦ž"
"Data83"="÷ÒdP\0an^–†öÅ» \"\07ùh]\0d=£¢MuáœÎ¶."
"Data84"="ÆdT@y^N†òÔ¾-\13Ìñn\\\0eF±\\Žvî"
"Data88"="§£“¹žŽÆ+\1e\16¼mTSýµš‡|éœÎ¶."
"Data89"="—“ƒï©Ž~6\1b\0e\06-]DCm¥ŠwìÙŒ¾&\1e"
"Data8A"="‡ƒóß™~í&\0býv\1dM4²]•z°œÎ¶."
"Data8B"="wóãωíÝ\01\02dRQ4²\\ŒsòÀÁë\1e\06ý"
"Data8C"="çãÓ¿øÝÍ\06rTB>¬’Lqíۍ±-\1b\0bül\1dR3ª‰nñÒ‹½%\1d"
"Data8D"="×ÓÃ/èͽrW@3¢L|ãâÁ&Û\0eõn"
"Data8E"="´\0aüíåM"
"Data8F"="·3#\0fÈ.\1eAB£‘sòœÌ³2Ü\11ù,^F>"
"Data91"="\17\13\03o)\0eý¥‘Š}òÖŒ±-\1bÌóe\1cN6­"
"Data92"="\07\03s_\19ým¥Š}õœÌ³2Ü\01ük[M<l•†{ñÌÇÀê\1d\05ü"
"Data1B"=dword:00000000
"Data1D"=dword:00000000
"Data25"=dword:00000000
"Data1C"=dword:00000000
"Data1E"=dword:00000000
"Data26"=dword:00000001
"Data0A"=dword:0000349c
"Data0B"=dword:0000003a
"Data20"=dword:0023826d
"Data90"="1\14\15÷dfRú¥—zäàdz,\12\11¹qcA9¦›„9áÜÔ»)\1cýð)d>?¬X"
"Data2B"=dword:00000000
"Data2C"=dword:00000000
"Data2D"=dword:00000000
"Data2E"=dword:00000000
"Data27"=dword:00000003
"Data28"=dword:00000003
"Data29"=dword:00000003
"Data2A"=dword:00000003

[HKEY_LOCAL_MACHINE\software\CyberLink\PowerDVD\BuildInfo]
@DACL=(02 0000)
@SACL=
"SR_No"="DVD030423-04"
"Skin"="2420"
"iPower"="030407"
"UG"="1510"
"Setup"="030421"
"Help"="2416"
"RC"="030414"
"Readme"="2416"
"Kernel"="v2834_DS(Acer)"
"UI"="v2824_DDVS_DS(Acer)"
"Filter"="v2834_DS(Acer)"

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\ahafh]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)

[HKEY_LOCAL_MACHINE\software\Microsoft\ghkig]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{13A7995E-7D8F-45B4-9C77-819265225763}]
@DACL=(02 0000)
"Priority"=dword:00000001
"AutoInsert"=dword:00000001
"Name"="WMPlayer Spectrum Analyzer DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{95037DA1-6ED9-4B27-8CFF-9AD3DFB0B2F2}]
@DACL=(02 0000)
"Priority"=dword:fffffffb
"AutoInsert"=dword:00000001
"Name"="WMPlayer SRSWow DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{974BF3BF-C9AE-4476-8003-5FE544DF458C}]
@DACL=(02 0000)
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Video Processing DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{B2DBA270-9F49-4513-AC13-76496D6EBA3A}]
@DACL=(02 0000)
"Priority"=dword:00000002
"AutoInsert"=dword:00000000
"Name"="Speaker Enhancement DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D01BC8E2-70AD-4976-9612-21B37ED5C8E8}]
@DACL=(02 0000)
"Priority"=dword:00000003
"AutoInsert"=dword:00000001
"Name"="WMPlayer Equalizer DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Publish\{1AC8AC62-67E9-4676-BA08-194A6916B145}]
@DACL=(02 0000)
@="WMPlayer CD Burn Publish Provider"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Publish\{F6402585-08FB-498E-877D-2D8EDF05219F}]
@DACL=(02 0000)
@="WMPlayer WMDM Publish Provider"

[HKEY_LOCAL_MACHINE\software\NewTech Infosystems\NTI CD-Maker\6]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\NewTech Infosystems\NTI CD-Maker\OEMUrl]
@DACL=(02 0000)
@SACL=
"Home"="http://global.acer.com"

[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek AC'97 Audio]
@DACL=(02 0000)
@SACL=
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(796)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(1076)
c:\windows\System32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVIRA\ANTIVIR DESKTOP\SCHED.EXE
c:\programmi\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE
c:\programmi\WIDCOMM\SOFTWARE BLUETOOTH\BIN\BTWDINS.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\programmi\LAUNCH MANAGER\CPLBCL53.EXE
c:\programmi\APOINT2K\APNTEX.EXE
c:\programmi\WIDCOMM\SOFTWARE BLUETOOTH\BTSTACKSERVER.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-07-15 12.20.21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2009-07-15 10:20
ComboFix2.txt  2009-07-14 19:15
ComboFix3.txt  2007-10-04 10:52

Pre-Run: 1.031.798.784 byte disponibili
Post-Run: 1.011.646.464 byte disponibili

292


[bob20]

Il problema è risolto così?
Oppure devo fare qualche altra operazione?

Grazie

[Luke57]

Ciao, scusa il ritardo, nel report di combofix non appare più niente.

[bob20]

Figurati! Anzi, grazie mille per avermi aiutato.

Ciao