security sphere 2012

[COCCOBELLO]

seleziona tutti gli elementi trovati da malwarebyts
clicca su Rimuovi gli elementi selezionati
riavvia il pc
il log ti uscirà automaticamente e lo salvi sul desktop

[torcito]

sembra che è tutto finito ho i due file di testo, adesso spiegami bene questi passaggi:
Allega i log delle scansioni di
Malwarebytes Anti-Malware
Combofix
caricali da qui
http://wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file
Clicca su Upload file
Seleziona Forum Link, copialo e incolla il link in un nuovo messaggio per il forumCOCCOBELLO
Utente Senior

1) come allegare i log delle scanzioni di Malwarebytes Anti-Malware
2)sono andato su http://wikisend.com/ ho cliccato su sfoglia ho selezionato il file estratto con Malwarebytes"mbam-log-2011-10-01" ho cliccato su upload file e lo ha aperto. devo ripetere la stessa operazione con combofix?
3)seleziona forum link da dove sempre dal sito http://wikisend.com/.

[COCCOBELLO]

si devi allegarne 2
1 di malwarebytes e l'altro di combofix
1 alla volta

[torcito]

cosa vuol dire questo"Seleziona Forum Link, copialo e incolla il link in un nuovo messaggio per il forumCOCCOBELLO"
che ti devo copiare i due file anche qui?

[COCCOBELLO]

si dopo che hai Cliccato su Upload file
ti esce una pagina con due links
tu Seleziona quella Forum Link, copialo e incolla il link qui sul forum
in un nuovo messaggio per il forum,come se volessi rispondermi
esempio
Forum link:hosts

io ora devo uscire,devo scappare
tu allega i report,si devono controllare bene
poi li controllo e domani ti aggiorno
ciao buona serata

[torcito]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versione database: 7622

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

01/10/2011 19.18.43
mbam-log-2011-10-01 (19-18-43).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|)
Elementi esaminati: 245353
Tempo impiegato: 17 minuti, 12 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 13
Valori di registro infetti: 1
Voci infette nei dati di registro: 0
Cartelle infette: 11
File infetti: 57

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UUSEE_base (PUP.Uusee) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UUSEE (PUP.Uusee) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ErrorRepairPro (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MSSec (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Error Repair Professional_is1 (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web-Mediaplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oP21703LiBmF21703 (Rogue.RemovalTool.M) -> Value: oP21703LiBmF21703 -> Quarantined and deleted successfully.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
c:\documents and settings\Giuseppe\dati applicazioni\netpumper (Adware.NetPumper) -> Quarantined and deleted successfully.
c:\programmi\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\programmi\error repair professional (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\startbug (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\webmediaplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\programmi\webmediaplayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\programmi\webmediaplayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\programmi\webmediaplayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu avvio\programmi\error repair professional (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

File infetti:
c:\documents and settings\Giuseppe\dati applicazioni\thinstall\speedconnect internet accelerator v.7.5\30000000d900002i\DW20.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Giuseppe\Desktop\nuova cartella\kaspersky2009trialreset\box_ktr_v2.5a\box_ktr_v2.5a.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\documents and settings\Giuseppe\Desktop\nuova cartella\mirc\html.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Giuseppe\Desktop\nuova cartella\mirc\mirc v6.34 crack.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
c:\documents and settings\Giuseppe\Desktop\nuova cartella\utility pc\penna\mirc\html.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Giuseppe\Desktop\nuova cartella\utility pc\penna\mirc\mirc v6.34 crack.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
c:\documents and settings\Giuseppe\Desktop\nuova cartella\utility pc\penna\winrar.3.91.beta.2.32bit.64bit.fff.dm999\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\documents and settings\Giuseppe\documenti\downloads\adobe photoshop cs5 extended [32bit+64bit]\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\documents and settings\Giuseppe\documenti\downloads\box_ktr_v2.5a\box_ktr_v2.5a.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\documents and settings\Giuseppe\impostazioni locali\dati applicazioni\TVLC\Sandbox\2009.12.14t00.29\Virtual\STUBEXE\@programfiles@\TVLC\TVLC.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Giuseppe\impostazioni locali\dati applicazioni\TVLC\Sandbox\2009.12.14t00.29\Virtual\STUBEXE\@programfiles@\VideoLAN\VLC\vlc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\errorrepairprofessional.exe (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\file comuni\uusee\uninst.exe (PUP.Uusee) -> Quarantined and deleted successfully.
c:\programmi\softvision\crossvision super enalotto\CVSE303.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
c:\programmi\uusee\bass-plugins.exe (PUP.Uusee) -> Quarantined and deleted successfully.
c:\programmi\uusee\uninstuusee.exe (PUP.Uusee) -> Quarantined and deleted successfully.
c:\programmi\WinRAR\winrar v3.8 multilingual patch-true.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.19165636880466197.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.20800756442962953.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.3119213033500049.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\emule download\download speedupmypc 2011serials securely with new secured browser\securedeie_cl_sv_lw_-1253606917.exe (AdwareSecuredIE) -> Quarantined and deleted successfully.
e:\emule download\programmi superenalotto\softvision + cr-ak ita(lotto, superenalotto, totogol)\softvision\Crack\crossvision superenalotto 3.0.3\CVSE303.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
e:\mirc\html.dll (Trojan.Agent) -> Quarantined and deleted successfully.
e:\mirc\mirc v6.34 crack.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
e:\winrar.3.9.beta.2\CRACK\winrar.3.9.beta.2-patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
e:\winrar.3.9.beta.2\CRACK\winrar.3.9.beta.2-patch\winrar.3.9.beta.2-patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
c:\documents and settings\Giuseppe\dati applicazioni\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\programmi\windows\logg.dat (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\documents and settings\all users\dati applicazioni\op21703libmf21703\op21703libmf21703.exe (Rogue.RemovalTool.M) -> Quarantined and deleted successfully.
c:\programmi\Bifrost\logg.dat (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\autostart.exe (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\unins000.dat (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\unins000.exe (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_10-59-50_19-7-2010.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_11-33-51_11-6-2010.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_11-41-42_11-6-2010.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_13-27-21_22-12-2009.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_14-57-57_21-1-2010.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_14-6-52_30-4-2011.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_15-0-54_21-1-2010.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_16-0-26_23-4-2011.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_17-0-13_30-1-2011.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_18-13-56_19-9-2010.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_19-45-3_30-4-2011.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_21-55-16_11-9-2010.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_22-40-22_30-11-2010.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_7-7-19_3-5-2010.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_8-29-25_4-1-2010.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\error repair professional\Backups\backup_9-34-52_4-1-2010.reg (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\programmi\webmediaplayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\programmi\webmediaplayer\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\programmi\webmediaplayer\webmediaplayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\programmi\webmediaplayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\programmi\webmediaplayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu avvio\programmi\error repair professional\error repair professional.lnk (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu avvio\programmi\error repair professional\uninstall error repair professional.lnk (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
c:\documents and settings\Giuseppe\Desktop\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

[torcito]

ComboFix 11-09-30.05 - Giuseppe 01/10/2011 19.30.52.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2815.2354 [GMT 2:00]
Eseguito da: c:\documents and settings\Giuseppe\Desktop\abc.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\~DFK68129.tmp
c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\1eaadjc.dll
c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\bass.dll
c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\kfgresk.dll
c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\mjcriu.dll
c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\peaadje.dll
c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\qwadjb.dll
c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\rsaadjd.dll
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\Giuseppe\Dati applicazioni\PriceGong\Data\z.xml
c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\dduulkc.dat
c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\dduulkc_nav.dat
c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\dduulkc_navps.dat
c:\documents and settings\Giuseppe\WINDOWS
c:\programmi\QUAD Utilities
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\IsUn0410.exe
c:\windows\ST6UNST.000
c:\windows\struct~.ini
c:\windows\system32\comct332.ocx
c:\windows\system32\d3d9caps.dat
c:\windows\system32\MSMAsk32.ocx
c:\windows\unin0410.exe
E:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-01 al 2011-10-01 )))))))))))))))))))))))))))))))))))
.
.
2011-10-01 16:37 . 2011-10-01 16:37 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Malwarebytes
2011-10-01 16:37 . 2011-10-01 16:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-10-01 16:36 . 2011-10-01 16:37 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-10-01 16:36 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-30 14:44 . 2011-09-30 15:32 -------- d-----w- C:\sh4ldr
2011-09-30 14:44 . 2011-09-30 14:44 -------- d-----w- c:\programmi\Enigma Software Group
2011-09-30 14:43 . 2011-09-30 15:32 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-09-30 14:43 . 2011-09-30 14:43 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2011-09-30 14:13 . 2011-09-30 14:13 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2011-09-30 13:16 . 2011-10-01 17:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\oP21703LiBmF21703
2011-09-20 17:00 . 2011-09-20 17:00 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Uniblue
2011-09-15 17:50 . 2011-09-15 17:50 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\BabylonToolbar
2011-09-12 16:07 . 2011-09-18 18:45 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Toolbar4
2011-09-12 14:09 . 2011-09-12 14:09 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Burraconline
2011-09-12 14:04 . 2011-09-12 14:04 -------- d-----w- c:\programmi\Burraconline
2011-09-12 13:56 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-09-12 13:56 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-09-12 13:56 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-09-12 13:56 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-09-09 19:52 . 2011-09-18 18:47 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\PUpdBHO
2011-09-09 19:52 . 2011-09-18 18:47 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\PService
2011-09-09 19:52 . 2011-09-10 10:27 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\ServiceUpd
2011-09-09 08:44 . 2011-09-09 08:44 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\DVDVideoSoftIEHelpers
2011-09-09 08:43 . 2011-09-18 18:42 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-18 18:39 . 2010-01-09 17:49 47360 -c--a-w- c:\documents and settings\Giuseppe\Dati applicazioni\pcouffin.sys
2011-09-12 16:00 . 2011-02-25 21:52 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-09-12 15:59 . 2011-03-01 13:09 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-09-12 15:59 . 2011-02-25 21:52 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-10 18:25 . 2011-02-25 21:52 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2009-11-09 08:40 . 2009-11-09 08:40 586240 -c--a-w- c:\programmi\SSSP_Cccam1.3.1.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\programmi\ConduitEngine\ConduitEngine.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CheckRubAnniversari"="c:\documents and settings\Giuseppe\Documenti\SeatCDItalia\127_0_0_1\chkrub_cdi.exe" [2009-08-03 630272]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Giuseppe^Menu Avvio^Programmi^Esecuzione automatica^Xfire.lnk]
path=c:\documents and settings\Giuseppe\Menu Avvio\Programmi\Esecuzione automatica\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 -c--a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 -c--a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-31 06:35 86016 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-31 06:35 1622016 -c--a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-10 14:26 406016 -c--a-w- c:\windows\system32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-18 16:17 148888 -c--a-w- c:\programmi\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 -c--a-w- c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-01-21 10:40 395640 ----a-w- c:\programmi\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUSEE]
2008-01-14 09:52 432904 -c--a-w- c:\programmi\uusee\UUSeePlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=
"c:\\Programmi\\uusee\\UUSeePlayer.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18.29.38 33808]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 16.41.38 92008]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19.02.46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17.06.48 24592]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [15/02/2011 23.08.10 136176]
S2 PowerOffer Upd Service;ServiceUpd;c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\ServiceUpd\ServiceUpd.exe [09/09/2011 21.52.19 26112]
S3 esgiguard;esgiguard;\??\c:\programmi\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\programmi\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [15/02/2011 23.08.10 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [09/01/2010 19.49.02 47360]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [19/09/2010 17.37.11 627288]
S3 ZD1211BU(SBS);SBS BW254 Wireless Wireless LAN Driver(SBS);c:\windows\system32\drivers\ZD1211BU.sys [21/12/2009 22.25.35 500736]
.
Contenuto della cartella 'Scheduled Tasks'
.
2010-06-29 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8269502706.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-02-15 21:08]
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-02-15 21:08]
.
2011-08-21 c:\windows\Tasks\NeroLiveEpgUpdate-FAG-65354EA14BE_Giuseppe.job
- c:\programmi\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 11:51]
.
2011-10-01 c:\windows\Tasks\User_Feed_Synchronization-{EC8C2FBE-F613-47B9-A351-2385EE3DA6A4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss ... 966b21be1/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Ricerca - c:\programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: videocoolstreaming.us
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-SpeedUpMyPC - c:\programmi\Uniblue\SpeedUpMyPC\launcher.exe
MSConfigStartUp-Babylon Client - c:\programmi\Babylon\Babylon-Pro\Babylon.exe
MSConfigStartUp-eBayToolbar - c:\programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-Google IME Autoupdater - c:\programmi\Google\Google Pinyin\GooglePinyinDaemon.exe
MSConfigStartUp-QuickTime Task - c:\programmi\QuickTime\qttask.exe
MSConfigStartUp-Skype - c:\programmi\Skype\Phone\Skype.exe
MSConfigStartUp-swg - c:\programmi\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
MSConfigStartUp-VoipZoom - c:\programmi\VoipZoom.com\VoipZoom\VoipZoom.exe
MSConfigStartUp-{55B7BA07-0CBF-4EAB-1D5C-72A02A1A0730} - c:\documents and settings\Giuseppe\Dati applicazioni\Dourk\oqkoz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-01 19:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3576)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\System32\ping.exe
.
**************************************************************************
.
Ora fine scansione: 2011-10-01 19:46:53 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-10-01 17:46
.
Pre-Run: 26.996.404.224 byte disponibili
Post-Run: 26.995.478.528 byte disponibili
.
- - End Of File - - 8BE2172A845CD0BB4BDBFB420C14FA59

[torcito]

ok ci sentiamo domani spero di aver fatto tutto bene
ciao

[COCCOBELLO]

Fai un click destro in un punto vuoto del Desktop
crea un Nuovo Documento di testo
Ci copi e incolli dentro il Nuovo Documento di testo il codice che vedi sotto,
e lo salvi con il nome CFScript.txt
e trascinalo sull'icona di ComboFix.
partirà la scansione attendi la fine senza toccare niente
se chiede il riavvio del pc riavvia
Posta il log aggiornato di combofix

Codice: Seleziona tutto

KillAll::

File::
c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
c:\programmi\SSSP_Cccam1.3.1.exe
c:\programmi\ConduitEngine\ConduitEngine.dll
c:\programmi\uusee\UUSeePlayer.exe
c:\programmi\Enigma Software Group\SpyHunter\esgiguard.sys
c:\programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
c:\programmi\Babylon\Babylon-Pro\Babylon.exe
c:\documents and settings\Giuseppe\Dati applicazioni\Dourk\oqkoz.exe

Driver::
esgiguard

Folder::
c:\documents and settings\All Users\Dati applicazioni\oP21703LiBmF21703
c:\documents and settings\Giuseppe\Dati applicazioni\BabylonToolbar
c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\PUpdBHO
c:\programmi\Enigma Software Group
c:\programmi\ConduitEngine
c:\programmi\uusee
c:\programmi\eBay\eBay Toolbar2
c:\programmi\Babylon\Babylon-Pro

DirLook::
C:\sh4ldr

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUSEE]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000

DDS::
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss ... 966b21be1/
IE: Ricerca - c:\programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

[torcito]

ciao ti invio il log aggiornato:

ComboFix 11-09-30.05 - Giuseppe 02/10/2011 12.22.26.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2815.2365 [GMT 2:00]
Eseguito da: c:\documents and settings\Giuseppe\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\Giuseppe\Desktop\CFScript.txt.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\documents and settings\Giuseppe\Dati applicazioni\Dourk\oqkoz.exe"
"c:\programmi\Babylon\Babylon-Pro\Babylon.exe"
"c:\programmi\ConduitEngine\ConduitEngine.dll"
"c:\programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe"
"c:\programmi\Enigma Software Group\SpyHunter\esgiguard.sys"
"c:\programmi\SSSP_Cccam1.3.1.exe"
"c:\programmi\uusee\UUSeePlayer.exe"
"c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\oP21703LiBmF21703
c:\documents and settings\All Users\Dati applicazioni\oP21703LiBmF21703\oP21703LiBmF21703
c:\documents and settings\Giuseppe\Dati applicazioni\BabylonToolbar
c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\PUpdBHO
c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\PUpdBHO\settings\settings.ini
c:\programmi\ConduitEngine
c:\programmi\ConduitEngine\appContextMenu.xml
c:\programmi\ConduitEngine\ConduitEngine.dll
c:\programmi\ConduitEngine\ConduitEngineHelper.exe
c:\programmi\ConduitEngine\engineContextMenu.xml
c:\programmi\ConduitEngine\EngineSettings.json
c:\programmi\ConduitEngine\toolbar.cfg
c:\programmi\Enigma Software Group
c:\programmi\Enigma Software Group\SpyHunter\Data\dns.dat
c:\programmi\Enigma Software Group\SpyHunter\Defs\cmp_2011092901.def
c:\programmi\Enigma Software Group\SpyHunter\gil.dat
c:\programmi\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\programmi\Enigma Software Group\SpyHunter\Log\SpyHunter4_20110930_164419.log
c:\programmi\Enigma Software Group\SpyHunter\mon\autoexec.bat.bk
c:\programmi\Enigma Software Group\SpyHunter\mon\hosts.bk
c:\programmi\Enigma Software Group\SpyHunter\mon\system.ini.bk
c:\programmi\Enigma Software Group\SpyHunter\mon\win.ini.bk
c:\programmi\Enigma Software Group\SpyHunter\safeol.dat
c:\programmi\Enigma Software Group\SpyHunter\scanlog.log
c:\programmi\Enigma Software Group\SpyHunter\SH4.com
c:\programmi\Enigma Software Group\SpyHunter\supportlog.txt
c:\programmi\Enigma Software Group\SpyHunter\unkcache.dat
c:\programmi\SSSP_Cccam1.3.1.exe
c:\programmi\uusee
c:\programmi\uusee\AD\1\000\index_new.html
c:\programmi\uusee\AD\1\000\uue_new.jpg
c:\programmi\uusee\AD\1\001\index_new.html
c:\programmi\uusee\AD\1\001\uue_new.jpg
c:\programmi\uusee\AD\1\cy\cy.html
c:\programmi\uusee\AD\1\dm\dm.html
c:\programmi\uusee\AD\1\dsj\dsj.html
c:\programmi\uusee\AD\1\dst\dst.html
c:\programmi\uusee\AD\1\dy\dy.html
c:\programmi\uusee\AD\1\jk\jk.html
c:\programmi\uusee\AD\1\ty\ty.html
c:\programmi\uusee\AD\1\uu\uu.html
c:\programmi\uusee\AD\1\yl\yl.html
c:\programmi\uusee\AD\1\yx\yx.html
c:\programmi\uusee\AD\1\zx\zx.html
c:\programmi\uusee\AD\2\100\index.html
c:\programmi\uusee\AD\2\200\index.html
c:\programmi\uusee\AD\2\300\index.html
c:\programmi\uusee\AD\2\400\index.html
c:\programmi\uusee\AD\UUAD_Banner_1.html
c:\programmi\uusee\AD\UUAD_Banner_3.html
c:\programmi\uusee\AD\UUAD_Buffering.html
c:\programmi\uusee\AD\UUAD_Buffering.jpg
c:\programmi\uusee\AD\UUAD_TextLink_0.xml
c:\programmi\uusee\channelid_chatid.txt
c:\programmi\uusee\skins\UUPlayer\About.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_Compact_1.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_Compact_2.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_Compact_3.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_FullScreen_1.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_FullScreen_2.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_FullScreen_3.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
c:\programmi\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
c:\programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
c:\programmi\uusee\skins\UUPlayer\Dlg_Back.bmp
c:\programmi\uusee\skins\UUPlayer\Dlg_Detect.bmp
c:\programmi\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
c:\programmi\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
c:\programmi\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
c:\programmi\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
c:\programmi\uusee\skins\UUPlayer\Icon_Information.bmp
c:\programmi\uusee\skins\UUPlayer\Icon_Question.bmp
c:\programmi\uusee\skins\UUPlayer\Icon_Stop.bmp
c:\programmi\uusee\skins\UUPlayer\ListHeader_1.bmp
c:\programmi\uusee\skins\UUPlayer\ListHeader_2.bmp
c:\programmi\uusee\skins\UUPlayer\ListHeader_3.bmp
c:\programmi\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
c:\programmi\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
c:\programmi\uusee\skins\UUPlayer\ListHeader_SP.bmp
c:\programmi\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
c:\programmi\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
c:\programmi\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
c:\programmi\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
c:\programmi\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
c:\programmi\uusee\skins\UUPlayer\Progressbar_BM_0.bmp
c:\programmi\uusee\skins\UUPlayer\Progressbar_BM_1.bmp
c:\programmi\uusee\skins\UUPlayer\Progressbar_BM_2.bmp
c:\programmi\uusee\skins\UUPlayer\Progressbar_BM_3.bmp
c:\programmi\uusee\skins\UUPlayer\Progressbar_BM_4.bmp
c:\programmi\uusee\skins\UUPlayer\Progressbar_BM_5.bmp
c:\programmi\uusee\skins\UUPlayer\Progressbar_BM_6.bmp
c:\programmi\uusee\skins\UUPlayer\Progressbar_BM_7.bmp
c:\programmi\uusee\skins\UUPlayer\Resource.h
c:\programmi\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
c:\programmi\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
c:\programmi\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
c:\programmi\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
c:\programmi\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
c:\programmi\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
c:\programmi\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
c:\programmi\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
c:\programmi\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
c:\programmi\uusee\skins\UUPlayer\Setting_Group_4_1.bmp
c:\programmi\uusee\skins\UUPlayer\Setting_Group_4_2.bmp
c:\programmi\uusee\skins\UUPlayer\Setting_Group_4_3.bmp
c:\programmi\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp
c:\programmi\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp
c:\programmi\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp
c:\programmi\uusee\skins\UUPlayer\Sidebar_Group_1.bmp
c:\programmi\uusee\skins\UUPlayer\Sidebar_Group_2.bmp
c:\programmi\uusee\skins\UUPlayer\Sidebar_Group_3.bmp
c:\programmi\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp
c:\programmi\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp
c:\programmi\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp
c:\programmi\uusee\skins\UUPlayer\Thumbs.db
c:\programmi\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
c:\programmi\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
c:\programmi\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
c:\programmi\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp
c:\programmi\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp
c:\programmi\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp
c:\programmi\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp
c:\programmi\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp
c:\programmi\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp
c:\programmi\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp
c:\programmi\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp
c:\programmi\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp
c:\programmi\uusee\skins\UUPlayer\TopTab_Browse.bmp
c:\programmi\uusee\skins\UUPlayer\TopTab_Browse1.bmp
c:\programmi\uusee\skins\UUPlayer\TopTab_Play.bmp
c:\programmi\uusee\skins\UUPlayer\TopTab_Play1.bmp
c:\programmi\uusee\skins\UUPlayer\TopTab_Record.bmp
c:\programmi\uusee\skins\UUPlayer\TopTab_Record1.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_Arrow.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_Collapse.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_Expand.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_Header.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
c:\programmi\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
c:\programmi\uusee\skins\UUPlayer\UUSEE.ui
c:\programmi\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
c:\programmi\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
c:\programmi\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
c:\programmi\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
c:\programmi\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
c:\programmi\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Control_1.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Control_2.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Control_3.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Control_4.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Info.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Main_1.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Main_2.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Main_3.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Main_5.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Play_1.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Play_2.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Play_5.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Record_1.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Record_2.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Record_3.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Record_4.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Side_1.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Side_2.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Side_3.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Top_1.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Top_2.bmp
c:\programmi\uusee\skins\UUPlayer\Wnd_Top_3.bmp
c:\programmi\uusee\UUPlayer.dll
c:\programmi\uusee\UUPlayer_update.ini
c:\programmi\uusee\UUSee.url
c:\programmi\uusee\UUSeePlayer.exe
c:\programmi\uusee\UUTV_Chat.xml
c:\programmi\uusee\UUTV_MY.xml
c:\programmi\uusee\UUTV_UUPlayer.xml
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESGIGUARD
-------\Service_esgiguard
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-02 al 2011-10-02 )))))))))))))))))))))))))))))))))))
.
.
2011-10-01 16:37 . 2011-10-01 16:37 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Malwarebytes
2011-10-01 16:37 . 2011-10-01 16:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-10-01 16:36 . 2011-10-01 16:37 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-10-01 16:36 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-30 14:44 . 2011-09-30 15:32 -------- d-----w- C:\sh4ldr
2011-09-30 14:43 . 2011-09-30 15:32 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-09-30 14:43 . 2011-09-30 14:43 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2011-09-30 14:13 . 2011-09-30 14:13 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2011-09-20 17:00 . 2011-09-20 17:00 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Uniblue
2011-09-12 16:07 . 2011-09-18 18:45 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Toolbar4
2011-09-12 14:09 . 2011-09-12 14:09 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Burraconline
2011-09-12 14:04 . 2011-09-12 14:04 -------- d-----w- c:\programmi\Burraconline
2011-09-12 13:56 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-09-12 13:56 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-09-12 13:56 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-09-12 13:56 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-09-09 19:52 . 2011-09-18 18:47 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\PService
2011-09-09 19:52 . 2011-09-10 10:27 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\ServiceUpd
2011-09-09 08:44 . 2011-09-09 08:44 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\DVDVideoSoftIEHelpers
2011-09-09 08:43 . 2011-09-18 18:42 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-18 18:39 . 2010-01-09 17:49 47360 -c--a-w- c:\documents and settings\Giuseppe\Dati applicazioni\pcouffin.sys
2011-09-12 16:00 . 2011-02-25 21:52 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-09-12 15:59 . 2011-03-01 13:09 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-09-12 15:59 . 2011-02-25 21:52 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-10 18:25 . 2011-02-25 21:52 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\sh4ldr ----
.
2011-09-30 14:44 . 2011-09-30 14:44 8192 ----a-w- c:\sh4ldr\shldr.mbr
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-01_17.42.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-02 10:36 . 2011-10-02 10:36 16384 c:\windows\temp\Perflib_Perfdata_70c.dat
+ 2009-04-09 06:42 . 2011-10-02 10:35 827424 c:\windows\system32\drivers\fidbox2.dat
- 2009-04-09 06:42 . 2011-10-01 17:40 827424 c:\windows\system32\drivers\fidbox2.dat
+ 2009-04-09 06:42 . 2011-10-02 10:35 3992608 c:\windows\system32\drivers\fidbox.dat
- 2009-04-09 06:42 . 2011-10-01 17:40 3992608 c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CheckRubAnniversari"="c:\documents and settings\Giuseppe\Documenti\SeatCDItalia\127_0_0_1\chkrub_cdi.exe" [2009-08-03 630272]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Giuseppe^Menu Avvio^Programmi^Esecuzione automatica^Xfire.lnk]
path=c:\documents and settings\Giuseppe\Menu Avvio\Programmi\Esecuzione automatica\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 -c--a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 -c--a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-31 06:35 86016 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-31 06:35 1622016 -c--a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-10 14:26 406016 -c--a-w- c:\windows\system32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-18 16:17 148888 -c--a-w- c:\programmi\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 -c--a-w- c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-01-21 10:40 395640 ----a-w- c:\programmi\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18.29.38 33808]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 16.41.38 92008]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19.02.46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17.06.48 24592]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [15/02/2011 23.08.10 136176]
S2 PowerOffer Upd Service;ServiceUpd;c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\ServiceUpd\ServiceUpd.exe [09/09/2011 21.52.19 26112]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [15/02/2011 23.08.10 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [09/01/2010 19.49.02 47360]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [19/09/2010 17.37.11 627288]
S3 ZD1211BU(SBS);SBS BW254 Wireless Wireless LAN Driver(SBS);c:\windows\system32\drivers\ZD1211BU.sys [21/12/2009 22.25.35 500736]
.
Contenuto della cartella 'Scheduled Tasks'
.
2010-06-29 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8269502706.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2011-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-02-15 21:08]
.
2011-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-02-15 21:08]
.
2011-08-21 c:\windows\Tasks\NeroLiveEpgUpdate-FAG-65354EA14BE_Giuseppe.job
- c:\programmi\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 11:51]
.
2011-10-02 c:\windows\Tasks\User_Feed_Synchronization-{EC8C2FBE-F613-47B9-A351-2385EE3DA6A4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: videocoolstreaming.us
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-02 12:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\savedump.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2011-10-02 12:40:59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-10-02 10:40
ComboFix2.txt 2011-10-01 17:46
.
Pre-Run: 26.926.010.368 byte disponibili
Post-Run: 26.897.244.160 byte disponibili
.
- - End Of File - - 0B3687F6E96B08721EB300AB251B0296

[COCCOBELLO]

Ok

ora finiamo il tutto

adesso
scarica
Glary Utilities
http://www.glarysoft.com/products/utili ... /download/
salvalo sul desktop,
Installalo

aprilo
sulla voce Menu clicca su - Settings
imposta la lingua Italiana e clicca su OK

nella sezione Eliminazione tracce clicca su Opzioni -poi su Seleziona tracce da eliminare
Seleziona tutte le voci che vedi e clicca su OK

sulla voce Manutenzione 1-Click
metti la spunta su tutte le voci,come vedi nell'immagine sotto
e clicca su Ricerca Problemi

a fine scansione
clicca su Ripara Problemi
e attendi la fine dell'operazione

poi
scarica HiJackThis da qui
http://www.trendmicro.com/ftp/products/ ... ckThis.msi
salvalo sul Desktop
installa HiJackThis
clicca sul pulsante Do a system scan and save a logfile
alla fine ti apparirà un log in formato documento di testo salvalo sul desktop e postalo qui

[torcito]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.06.51, on 02/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\Programmi\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CheckRubAnniversari] C:\Documents and Settings\Giuseppe\Documenti\SeatCDItalia\127_0_0_1\chkrub_cdi.exe "C:\Documents and Settings\Giuseppe\Documenti\SeatCDItalia\127_0_0_1\PB.rub" "I"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.videocoolstreaming.us
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... s-i586.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceUpd (PowerOffer Upd Service) - ServiceUpd - C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\ServiceUpd\ServiceUpd.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
O24 - Desktop Component 0: (no name) - http://profile.ak.fbcdn.net/hprofile-ak ... 0179_n.jpg

--
End of file - 8492 bytes

[COCCOBELLO]

Rilancia HijackThis:
e: clicca sul pulsante Do a system scan only
Chiudi tutti i programmi aperti (browser compreso).
Metti la spunta alle voci che vedi sotto
clicca su Fixchecked
Se vengono rilasciati messaggi clicca su Si

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O4 - HKCU\..\Run: [CheckRubAnniversari] C:\Documents and Settings\Giuseppe\Documenti\SeatCDItalia\127_0_0_1\chkrub_cdi.exe "C:\Documents and Settings\Giuseppe\Documenti\SeatCDItalia\127_0_0_1\PB.rub" "I"

O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O15 - Trusted Zone: http://*.videocoolstreaming.us

O23 - Service: ServiceUpd (PowerOffer Upd Service) - ServiceUpd - C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\ServiceUpd\ServiceUpd.exe

O24 - Desktop Component 0: (no name) - http://profile.ak.fbcdn.net/hprofile-ak ... 0179_n.jpg


e fai sapere come va il pc
e se hai ancora la schermata blu con il riavvio

[torcito]

il pc sembra che va bene, la schermata blu non è più riapparsa dopo i primi passaggi.
l'unico problema rimasto e che all'avvio ci mette molto a caricare l'antivirus(kaspersky internet security 2009 versione di prova)

[COCCOBELLO]

se non hai intenzione di acquistarlo dopo il periodo di prova,ti consiglio di disinstallarlo ed installarti uno gratuito,leggero e altrettanto efficace

segui qui come disinstallare Kaspersky
http://www.trucchetti.com/2009/02/02/co ... kaspersky/

Installati questo
Microsoft Security Essentials 2
http://www.microsoft.com/it-it/security ... fault.aspx

[torcito]

ok farò come dici, anche se avevo intenzione di installare avira. mi avevano detto che anche questo è un buon antivirus ed è anche leggero. sul portatile ho avg mi consigli di tenerlo o di sostituire anche questo, se lo devo sostituire esiste una procedura da seguire?

[COCCOBELLO]

Avg ti consiglio di disinstallarlo
scegli Avira o Microsoft security Essentials2
sono i migliori tra quelli free

Microsoft security Essentials2
te lo consiglio per te,e molto leggero e facile da usare e configurare
ed Offre un elevata protezzione in tempo reale soprattutto per le connessioni di rete.quando navighi in internet da virus e Spyware,piu' efficace di avira

[COCCOBELLO]

per disinstallare AVG
http://www.lagazzettainformatica.it/ant ... antivirus/

[torcito]

per microsoft security essentials2 devi avere per forza windows originale?, se non sbaglio è un prodotto della microsoft.
per avira esiste una procedura di disinstallazione o si disinstalla facilmente?

[COCCOBELLO]

per microsoft security essentials2 devi avere per forza windows originale?,

si ma non per il tuo sistema operativo, dai vista in su
avira si disinstalla da installazioni applicazioni