Olimpo Informatico

[fedepinde]

ciao a tutti.

mi sono imbattuto in un bel virus...che un avolta riconosciuto dal mio antivirus..( antivir..), lo ha disattivato e ha riavviato la macchina..una volta riavviato.. nessuna traccia dell'antivirus e del firewall..non me li fa piu' installare.. ho provato anche a scaricare avast o altri...niente da fare..

come posso fare prima di arrendermi e formattare il tutto??
GRAZIE X L'AIUTO..

[Sante62]

Ciao fedepinde e benvenuto...

Non dici il nome del virus rilevato da Antivir..

Dai sintomi che descrivi dovrebbe trattarsi del famoso Bagle;

quindi procedi così:
Guarda questa discussione scarica e fai la scansione con Elibagla;

Se non dovesse partire, cambiane il nome dell'eseguibile e lascia però invariata l'estensione ".exe"

Procedi poi con queste altre scansioni:

• Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
  
• Segui le istruzioni di questo topic per usare MBAM.
  
• Segui le istruzioni di questo topic per eseguire combofix.
  
• Segui le istruzioni di questo topic per postare il log di HiJackThis.
  
• Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
  
  • Carica il log di MBAM su WikiSend e posta il Forum Link che ti viene assegnato.
    
  • Carica il log di Combofix su WikiSend e posta il Forum Link che ti viene assegnato.
    
  • Carica il log di HiJackThis su WikiSend e posta il Forum Link che ti viene assegnato.

Stesso discorso per queste scansioni per quanto riguarda il nome dell'eseguibile..

[fedepinde]

si il virus è bagle..

rilevato da antivir in modalità provvisoria..
ma quando riavvio lo elimina di nuovo..


provo a seguire le tue indicazioni..sempre in modalità provvisoria??

[fedepinde]

questo l'infosat di elibagle..


Tue Sep 09 22:07:15 2008
EliBagle v11.69 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 9 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Tue Sep 09 22:36:49 2008
EliBagle v11.69 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 9 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Tue Sep 09 23:42:23 2008
EliBagle v11.69 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 9 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Tue Sep 09 23:42:50 2008
EliBagle v11.69 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 9 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\REMOTERM.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 21117
Nº Total de Ficheros: 159639
Nº de Ficheros Analizados: 19701
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

[fedepinde]

allora ho rifatto scansione con elibagle in modalità provvisoria.

poi una pulita con cclean.

poi hijackthis...

questo è il log.....

sembra tutto a posto.. o sono troppo ottimista?? sono riuscito a reinstallare antivir...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.21.58, on 10/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [PMServiceOpenHelp] C:\Program Files\richcomm\PowerManagerII\OpenHelp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [ReEXEc] C:\Users\Fedepinde\Downloads\ELIBAGLA.AIØIBØØH.EXE
O4 - HKLM\..\RunOnce: [Wrapper] runonce
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PMService - Unknown owner - C:\Program Files\richcomm\PowerManagerII\PMService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 10232 bytes

[Sante62]

Ancora non ci siamo...

Fai girare anche Combofix e MBAM come indicato quì sopra, però dalla modalità normale...Hijackthis per adesso lasciamolo stare. perchè non è efficace con questo titpo di infezione.

[fedepinde]

ecco il log di combofix..ho fatto girare anche mbam prima..


ComboFix 08-09-10.04 - Fedepinde 2008-09-12 1.01.52.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1040.18.1170 [GMT 2:00]
Eseguito da: C:\Users\Fedepinde\Downloads\Combo--Fix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\UUSEE~1.LNK
C:\Program Files\uusee
C:\Program Files\uusee\bass-plugins.exe
C:\Program Files\uusee\skins\UUPlayer\About.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Back.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Detect.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Information.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Question.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Stop.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_1.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_2.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_3.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_SP.bmp
C:\Program Files\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_0.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_6.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_7.bmp
C:\Program Files\uusee\skins\UUPlayer\Resource.h
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp
C:\Program Files\uusee\skins\UUPlayer\Thumbs.db
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record1.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Arrow.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Collapse.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Expand.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Header.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
C:\Program Files\uusee\skins\UUPlayer\UUSEE.ui
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Info.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_3.bmp
C:\Program Files\uusee\uninstuusee.exe
C:\Program Files\uusee\UUPlayer.dll
C:\Program Files\uusee\UUPlayer_update.ini
C:\Program Files\uusee\UUSee.url
C:\Program Files\uusee\UUSeePlayer.exe
C:\Users\FEDEPI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Videos.url
C:\Users\FEDEPI~1\FAVORI~1\Videos.url
C:\Users\Fedepinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
C:\Users\Fedepinde\Favorites\Videos.url
C:\Windows\system32\dao350.dll
C:\Windows\system32\jusched.exe
M:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Creati Da 2008-08-11 al 2008-09-11 )))))))))))))))))))))))))))))))))))
.

2008-09-12 00:49 . 2008-09-12 00:49 <DIR> d-------- C:\Users\Fedepinde\AppData\Roaming\Malwarebytes
2008-09-12 00:49 . 2008-09-12 00:49 <DIR> d-------- C:\Users\FEDEPI~1\AppData\Roaming\Malwarebytes
2008-09-12 00:49 . 2008-09-12 00:49 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-12 00:49 . 2008-09-12 00:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 00:49 . 2008-09-12 00:49 <DIR> d-------- C:\PROGRA~2\Malwarebytes
2008-09-12 00:49 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-12 00:49 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-10 01:08 . 2008-09-10 01:08 <DIR> d-------- C:\Users\All Users\Avira
2008-09-10 01:08 . 2008-09-10 01:08 <DIR> d-------- C:\PROGRA~2\Avira
2008-09-10 00:35 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-10 00:21 . 2008-09-10 00:21 <DIR> d-------- C:\Program Files\Avira
2008-09-09 22:45 . 2008-09-09 22:45 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-09-09 22:45 . 2008-09-09 22:45 <DIR> d-------- C:\PROGRA~2\WindowsSearch
2008-09-09 22:44 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 22:44 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 22:44 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 22:44 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 22:44 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 22:44 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 22:44 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 22:44 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 22:44 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 22:03 . 2008-09-09 22:03 <DIR> d-------- C:\Program Files\CCleaner
2008-09-09 19:21 . 2008-09-09 19:22 <DIR> d-------- C:\TEMP
2008-09-08 20:44 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-09-08 14:38 . 2008-09-09 23:22 <DIR> d-------- C:\Users\Fedepinde\.housecall6.6
2008-09-08 14:33 . 2008-09-08 14:33 <DIR> d-------- C:\Program Files\Panda Security
2008-09-08 14:27 . 2008-09-08 14:27 <DIR> d-------- C:\Windows\Sun
2008-09-08 14:22 . 2008-09-08 14:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-08 14:10 . 2008-09-08 14:10 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-04 22:48 . 2008-09-04 22:48 <DIR> d-------- C:\Program Files\SDW Software
2008-09-01 10:10 . 2008-09-01 10:10 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-01 10:10 . 2008-09-01 10:10 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-09-01 10:08 . 2008-09-01 10:08 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-01 10:08 . 2007-09-17 15:53 21,632 --a------ C:\Windows\System32\drivers\pccsmcfd.sys
2008-08-25 12:09 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-24 16:19 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-24 16:18 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-24 16:18 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-24 16:18 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-24 16:18 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-13 00:36 . 2008-08-13 00:36 95 --a------ C:\a.ini
2008-08-12 22:53 . 2008-08-12 22:53 <DIR> d-------- C:\Program Files\Photo DVD Creator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 22:35 --------- d-----w C:\Users\Fedepinde\AppData\Roaming\Skype
2008-09-11 22:35 --------- d-----w C:\Users\FEDEPI~1\AppData\Roaming\Skype
2008-09-11 22:08 --------- d-----w C:\Users\Fedepinde\AppData\Roaming\skypePM
2008-09-11 22:08 --------- d-----w C:\Users\FEDEPI~1\AppData\Roaming\skypePM
2008-09-11 01:27 --------- d-----w C:\Users\Fedepinde\AppData\Roaming\uTorrent
2008-09-11 01:27 --------- d-----w C:\Users\FEDEPI~1\AppData\Roaming\uTorrent
2008-09-11 00:13 --------- d-----w C:\PROGRA~2\Google Updater
2008-09-10 07:08 --------- d-----w C:\Program Files\Microsoft Works
2008-09-09 19:27 --------- d-----w C:\Program Files\FCMvista
2008-09-08 10:24 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-09-01 08:10 --------- d-----w C:\Program Files\Nokia
2008-09-01 08:10 --------- d-----w C:\PROGRA~2\Installations
2008-09-01 07:55 --------- d-----w C:\PROGRA~2\NVIDIA
2008-08-31 21:50 --------- d-----w C:\Program Files\HP
2008-08-25 10:07 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 23:08 --------- d-----w C:\Users\Fedepinde\AppData\Roaming\muvee Technologies
2008-08-12 23:08 --------- d-----w C:\Users\FEDEPI~1\AppData\Roaming\muvee Technologies
2008-08-10 23:49 --------- d-----w C:\Program Files\Google
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-29 21:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 21:10 --------- d-----w C:\PROGRA~2\Roxio
2008-07-24 10:51 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-24 08:36 13 ---h--w C:\Users\All Users\ÝÃÄÎ?Ò3113?.sys
2008-07-24 08:36 13 ---h--w C:\PROGRA~2\ÝÃÄÎ?Ò3113?.sys
2008-07-24 08:36 --------- d-----w C:\Program Files\CoffeeCup Software
2008-07-23 20:30 --------- d-----w C:\Users\Fedepinde\AppData\Roaming\Roxio
2008-07-23 20:30 --------- d-----w C:\Users\FEDEPI~1\AppData\Roaming\Roxio
2008-07-22 07:52 174 --sha-w C:\Program Files\desktop.ini
2008-07-21 22:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-21 22:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-21 22:48 --------- d-----w C:\Program Files\Windows Journal
2008-07-21 22:48 --------- d-----w C:\Program Files\Windows Defender
2008-07-21 22:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-21 22:48 --------- d-----w C:\Program Files\Windows Calendar
2008-07-21 19:52 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-21 19:52 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-21 09:57 --------- d-----w C:\PROGRA~2\InstallShield
2008-07-21 09:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-19 09:40 --------- d-----w C:\Users\Fedepinde\AppData\Roaming\Nokia
2008-07-19 09:40 --------- d-----w C:\Users\FEDEPI~1\AppData\Roaming\Nokia
2008-07-19 08:08 --------- d-----w C:\Program Files\Series_60_Theme_Studio
2008-07-18 22:20 --------- d-----w C:\Users\Fedepinde\AppData\Roaming\PC Suite
2008-07-18 22:20 --------- d-----w C:\Users\FEDEPI~1\AppData\Roaming\PC Suite
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-28 11:50 13 ---h--w C:\Users\All Users\1ÌØ13.sys
2008-01-28 11:50 13 ---h--w C:\PROGRA~2\1ÌØ13.sys
2008-01-03 11:03 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-03 11:03 32 ----a-w C:\PROGRA~2\ezsid.dat
2008-01-02 23:58 0 ----a-w C:\Program Files\instala-emule.exe
2008-01-02 21:53 229,904,272 ----a-w C:\Program Files\PinnacleTVCenterPro4.9.4Setup.exe
2007-12-28 11:17 2,607,135 ----a-w C:\Program Files\fcm823.exe
2007-12-28 10:04 9,522,944 ----a-w C:\Program Files\CFP_Setup_3.0.14.276_XP_Vista_x32.exe
2007-12-27 23:35 51,622,242 ----a-w C:\Program Files\ACEMCP603PRO.exe
2007-12-27 23:26 9,228,440 ----a-w C:\Program Files\sygate562808.exe
2007-12-27 23:16 21,300,224 ----a-w C:\Program Files\antivir_workstation_win7u_en_h.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-06-08 65536]
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 109640]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 219520]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 486856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"PinnacleDriverCheck"="C:\Windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"PAC7311_Monitor"="C:\Windows\PixArt\PAC7311\Monitor.exe" [2008-09-09 319488]
"PMServiceOpenHelp"="C:\Program Files\richcomm\PowerManagerII\OpenHelp.exe" [2007-08-15 20480]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-08-05 308720]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-09-09 959976]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 88608]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe]

C:\Users\Fedepinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GAAlerter.lnk - C:\Users\Fedepinde\Documents\Fede\Acquari\GestioneAcquario\Gestione_Allarmi.exe [2008-01-08 229376]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-21 113664]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Avvio veloce di Adobe Acrobat.lnk - C:\Windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-01-23 295606]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-14 124400]

C:\Users\FEDEPI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
GAAlerter.lnk - C:\Users\Fedepinde\Documents\Fede\Acquari\GestioneAcquario\Gestione_Allarmi.exe [2008-01-08 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1690659563-3113191369-3720041505-1001]
"EnableNotificationsRef"=dword:00000005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8D458657-A5FD-4291-AA29-BD1392F15FB9}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AF30CFFB-7DFA-4B4E-9C10-563B4CCB36ED}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{69967746-CD14-43F9-8214-E3BD0A8AC888}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{3AAA3D96-70ED-45C9-9AEA-ED1A82842798}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{23274F2F-C38B-4F02-AE2A-4F2A86870846}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{4FA4B353-C551-4846-B416-B0C6F8A54767}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{0F3484CF-C8B6-4ECA-9932-DC3E06BE1926}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{4D09CEF9-5BD9-4948-8318-27FA043EC972}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{3D8638C7-B804-46AD-9C28-07D956A76F6F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BEFA622E-84D0-48E1-8096-A0E36C1D0385}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
"{8B4B8AD1-2772-433F-A5C6-214928C12AEC}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
"{11C117F5-FBED-47A7-8571-A80D988995E3}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
"{33E0264B-B799-496B-AD43-DE4542BF3B48}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
"{99B27343-1E01-466E-80AF-8ED162FC48E7}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSInstallInit.exe
"{34C6F360-35F9-4FB3-94B4-A08FFDCE42E6}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSInstallInit.exe
"{77A6429C-5693-4BB7-942D-2D08FCAB618A}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC.Tvtv.Wizard.exe
"{0DE02C8C-0F50-4286-8B79-A3459120737B}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC.Tvtv.Wizard.exe
"{186ED859-98AB-4D29-BFC6-F79C338BD09C}"= UDP:C:\Users\Fedepinde\Saved Games\fm.exe:Football Manager 2008
"{BA8C4EA9-1A08-48A9-AE73-F4A500EA6A6B}"= TCP:C:\Users\Fedepinde\Saved Games\fm.exe:Football Manager 2008
"{CD8BA4B5-D89B-40B3-95C9-3BC581159D43}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{101E373A-DC43-44E3-9E92-A1527AD416D4}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C6C82F50-FF79-411F-9EED-FE16BD9B81FD}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E14DE7B2-9171-456C-834D-491B2C072DD8}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{93E10270-371A-4AFF-95E3-9EAD7BC7B51E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8C288774-8CAF-4E29-B515-ACA11A2A09EF}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D9B61382-29B0-4548-836A-D224016394DD}"= Disabled:UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:PMCService
"{7F9263C4-D2E4-4D9B-A83B-C43E8300AC46}"= Disabled:TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:PMCService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 PMService;PMService;C:\Program Files\richcomm\PowerManagerII\PMService.exe [2007-08-15 147456]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-08-31 464384]
R3 PAC7311;Trust Webcam Live;C:\Windows\system32\DRIVERS\PA707UCM.SYS [2007-03-14 449024]
R3 USB28xxBGA;PCTV 320e Device;C:\Windows\system32\DRIVERS\emBDA.sys [2007-08-08 476288]
R3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-08-08 38656]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
.
- - - - ORFÇOS REMOVIDOS - - - -

HKCU-Run-PMCRemote - C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
HKLM-Run-Pinnacle WebUpdater - C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml
HKU-Default-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\FEDEPI~1\AppData\Roaming\Mozilla\Firefox\Profiles\bni314g8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/ig?hl=it
FF -: plugin - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1172.2021\npCIDetect11.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\Users\Fedepinde\AppData\Roaming\Mozilla\Firefox\Profiles\bni314g8.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07073001.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 01:08:09
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\Program Files\Common Files\Adobe\Adobe PCD\cache\cache.db-journal 3608 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\UI0Detect.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-12 1:13:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-11 23:13:09

Pre-Run: 317,074,083,840 byte disponibili
Post-Run: 316,895,801,344 byte disponibili

462 --- E O F --- 2008-09-10 07:11:32

[Sante62]

Combofix ha ripulito un pò...
Per piacere posta anche il log di MBAM....

Fai poi la scansione con Systemscan e posta il log generato come
indicato quì

[fedepinde]

ecco il logo di MBAM.

dopo scan con suspisous file..la macchina mi sembra moltopiu' lenta nel riavvio e mi si blocca il browers dopo un po' che lo uso...se chiudo la finestra e lo riavvio mi dice che è già in funzione ma nn è tra le applicazioni che stanno andando in task manager e allora devo riavviare.....

grazie x l'aiuto che mi staio dando..

ciao!!

[fedepinde]

ops .. il log..


Malwarebytes' Anti-Malware 1.28
Versione del database: 1141
Windows 6.0.6001 Service Pack 1

12/09/2008 0.55.16
mbam-log-2008-09-12 (00-55-16).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 49260
Tempo trascorso: 3 minute(s), 41 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 1
Chiavi di registro infette: 3
Valori di registro infetti: 3
Elementi dato del registro infetti: 0
Cartelle infette: 1
File infetti: 130

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\Program Files\free-downloads.net\tbfree.dll (Adware.Shopper) -> Delete on reboot.

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ecdee021-0d17-467f-a1ff-c7a115230949} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{ecdee021-0d17-467f-a1ff-c7a115230949} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ecdee021-0d17-467f-a1ff-c7a115230949} (Adware.Shopper) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Windows\System32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

File infetti:
C:\Program Files\free-downloads.net\tbfree.dll (Adware.Shopper) -> Delete on reboot.
C:\Windows\System32\drivers\downld\100027.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\100995.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\101275.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\103818.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\106018.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\109653.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\113225.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\113428.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\116329.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\122413.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\128856.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\135377.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\135533.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\144488.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\144550.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14627340.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14628666.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14650771.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14660427.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14670396.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14711923.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14714529.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14727336.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14734778.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14749270.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15079587.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\150806.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15080959.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15092940.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15103096.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15111380.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15144748.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15147073.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15158273.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15165449.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15187321.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\155314.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\155392.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\156640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\156859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\157342.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\157592.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\159807.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\160649.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\164409.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\164440.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\170524.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\176780.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\180461.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\184049.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\184471.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\188137.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\188246.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\192926.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\193472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\200742.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\204376.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\207450.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\209041.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\210570.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\212941.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\221490.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\224501.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\225171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\226934.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\227277.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\229181.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\235920.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\236778.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\237324.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\239617.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\248743.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\252924.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\256356.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\257245.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\272081.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\282237.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\289085.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29162187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29163248.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29203059.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29227083.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29250390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29297050.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29310856.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29318032.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29331151.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29613154.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29614215.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29627101.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29634995.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29643075.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29675087.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29678129.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29690890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29697894.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29709282.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\304357.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\312158.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\337242.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\339894.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\343327.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\381484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\387116.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\400298.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\408332.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\420921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\543569.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\545972.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\548998.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\581571.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\585222.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\604472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\612475.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\64381.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\645890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\68125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\76346.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\79591.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\81354.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\89248.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\90605.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\91790.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\93023.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\95675.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\98280.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\98421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\99388.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

[fedepinde]

Messaggio di test, da cancellare

[Sante62]

[fedepinde]

ciao ecco il log di suspiciuos file(Systemscan).. scusa è il nome della cartella generta da Systemscan.

report.txt

[Sante62]

Il log di Systemscan è abbastanza lungo, ( circa 3 MB!) e spero non mi sia sfuggito qualcosa...

Porta il Pc in modalità provvisoria (consulta la guida di Win Vista)

Portati in

[fedepinde]

ecco il log do panda scan..

ActiveScan.txt


la macchina sembra funzionare meglio..

anche se mi da 2 problemi...

- mi si scollega ogni tanto da adsl......

- fa fatica a spegnersi ...spesso devo spegnere col "tasto"..in maniera un po' drastica..

ciao e grazie ancora

[Sante62]

Cerca ed elimina manualmente questi file:

[fedepinde]

ciao!!

allora sembra si sia risolto tutto.....

anche se in chiusura la macchina mi sembra piu' lenta di prima..ma per il resto tutto bene.


grazie infinite per l'aiuto!!

che scansioni mi consigli di fare periodicamente per evitare di arrivare in queste condizioni??

ciao!

Federico

[Sante62]

[fedepinde]

si ...purtroppo sono stato un po' ottimista..

sono 2 volte che mi si blocca dopo che chiude le applicazioni del desktop, ma si ferma su "disconnesione in corso"...

apro un altro argomento qui??

ciao e grazie..

[Sante62]

Continuiamo quì;

Fai la scansione con Systemscan e posta il log generato come
indicato quì;

Ora non ricordo se è compatibile con Vista, comunque prova...