Olimpo Informatico

[Kakashy]

Ciao ragazzi ho un problema....ieri smanettando con programmi poco affidabili mi sono inbattuto in un trojan....controllando il pc sono riuscito a cancellare l'exe principale del trojan e la sua chiave di avvio nell registro di sistema(leggo molto i vostri articoli sul forum sono interessantissimi)ma riavviando il pc mi sono sorti dei problemi per esempio non riesco ad istallare hijackthis per mostrarvi il log (impossibile accedere a windows istaller ciò si verifica se windows viene eseguito in modalità provvisoria o se windows istaller non è istallato correttamente contattare il personale di supporto per assistenza)il bello è che solo con hijackthis da questo problema di istallazione ,la barra degli indirizzi è cambiata di configurazione cioè se riduco in icona non si vede niente e quindi per spostarmi da una finestra all altra devo usare la combinazione da tastiera premendo alt+tab,e oltre a non partire in modalità provvisoria ho sia firewall che av bloccati cioè sono in esecuzione ma come se fossero stati sospesi stessa cosa per malwarebytes.Non so che fare aiutatemi plz(scusate per l'italiano poco corretto).

[Kakashy]

per tanto ho come AV:avast versione 5.1.889
firewall:zone allarm

sono riuscito a fare una scanzione online ecco il log che sono riuscito a prendere

QuickScan Beta 32-bit v0.9.9.93
-------------------------------
Post modificato, in quanto di nessuna utilità.
By R16

[R16]

Ciao.
Non ho capito che S.O usi.
Prova con un ripristino configurazione sistema.
Porta il pc a una data in cui sei sicuro che funzionava bene.
Se il ripristino và a buon fine, aggiorna Malwarebytes, e fai una scansione completa.
Posta il log.
Carica i log di MBAM, su http://www.freefilehosting.net/ e posta il Forum Link che ti viene assegnato.
link

Oppure:
link

[Kakashy]

ciao grazie per avermi risposto,provando a eseguire il ripristino mi esce questo avviso impedendomi di continuare(rispristino configuarazione di sistema non è in grado di proteggere il computer.Riavviare il computer ed eseguire dinuovo ripristino configurazione sistema).Sto notando altri problemi tipo l'audio del pc è sparito e si sente il classico bit del case...uffa.Se possono interessare posso dirvi i file che ho eliminato.

[R16]

[Kakashy]

Ho caricato il log nel sito da te richiesto ma dal browser non mi fa copiare niente cio[ faccio copia vado per icollare e niente non lo fa.Riesco a copiare solo i testi presenti sul mio computer.Riguardo alle operazioni da me fatte mi sono spostato nella cartella run del registo di sistema ho individuato la chiave sospetta dal no svchost la quale indicava il seguente percorso del file C:\WINDOWS\system32\svchost dove era presente il file svhost.exe e l-ho eliminato con delinvfile ovviamente ho anche eliminato la chiave del registo.Ho notato che avviando un gioco mi da il messaggio che manca la scheda audio...roba da matti infatti windos media player non si avvia e provando con vlc ad aprire un file l-audio non me lo fa sentire,come SO ho windows profetional verisone 2002 service pack 3.Riguado al log sono costretto a postarlo qui per il problema sopra citato, dalla scansione non e risultato niente.E scrivendo qui ho notato che alcuni caratteri della tastiera non me li fa digitare per esempio lapostrofo se provo a digitare mi esce questo----.

2011/05/26 20:38:47.0843 1872 Detected object count: 1
2011/05/26 20:38:47.0843 1872 Actual detected object count: 1
2011/05/26 20:39:03.0718 1872 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/26 20:39:38.0718 0816 Deinitialize success

[R16]

[Kakashy]

OTL logfile created on: 26/05/2011 22.51.23 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Utente\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1022,42 Mb Total Physical Memory | 510,52 Mb Available Physical Memory | 49,93% Memory free
2,40 Gb Paging File | 1,95 Gb Available in Paging File | 81,44% Paging File free
Paging file location(s): C:\pagefile.sys 1533 1533 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 232,88 Gb Total Space | 131,13 Gb Free Space | 56,31% Space Free | Partition Type: NTFS

Computer Name: UTENTE-8C7D356A | User Name: Utente | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 22.51.15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Utente\Desktop\OTL.exe
PRC - [2011/05/09 07.54.20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox\firefox.exe
PRC - [2011/04/08 13.28.52 | 003,510,160 | ---- | M] (Xfire Inc.) -- C:\Programmi\Xfire\Xfire.exe
PRC - [2011/01/13 10.47.34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Programmi\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/10/29 15.49.28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
PRC - [2010/09/16 18.54.54 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2010/08/29 03.53.14 | 001,039,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/08/27 11.34.02 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Programmi\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/08/27 11.34.00 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Programmi\CheckPoint\ZAForceField\ForceField.exe
PRC - [2008/04/14 13.00.00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/10 15.55.26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2011/05/26 22.51.15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Utente\Desktop\OTL.exe
MOD - [2011/04/08 13.28.58 | 000,974,736 | ---- | M] (Xfire Inc.) -- C:\Programmi\Xfire\xfire_toucan_44183.dll
MOD - [2011/01/13 10.47.35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Programmi\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/27 11.34.08 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2008/07/25 11.17.20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/07/25 11.17.20 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
MOD - [2008/04/14 13.00.00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 13.00.00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 10.47.33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/29 03.54.52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/08/27 11.34.02 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2008/11/04 01.06.28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/09/20 16.35.38 | 000,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 13.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/02/13 23.55.31 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2011/01/13 10.41.16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 10.40.16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 10.40.04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 10.37.30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 10.37.11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 10.37.09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/04 16.29.54 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/16 18.55.02 | 004,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/09/16 18.54.54 | 000,930,308 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2010/08/27 11.33.54 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programmi\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/08/26 05.33.38 | 005,386,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/07/21 13.30.32 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/06/09 20.16.12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/05/02 10.58.12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/02/13 13.17.26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=304b6e91000000000000001617c3dc2d&tlver=1.4.19.19&affID=17159

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=304b6e91000000000000001617c3dc2d&tlver=1.4.19.19&affID=17159
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 43 1F F1 0F 72 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=304b6e91000000000000001617c3dc2d&tlver=1.4.19.19&instlRef=sst&affID=17159&q="
FF - prefs.js..network.proxy.socks_version: 0
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Programmi\MyWebSearch\bar\1.bin
FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programmi\CheckPoint\ZAForceField\TrustChecker [2011/02/08 08.23.12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/05/09 07.54.28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/05/09 07.54.28 | 000,000,000 | ---D | M]

[2010/10/04 14.18.39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Extensions
[2011/05/26 16.47.07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\m5rreykn.default\extensions
[2011/05/26 16.47.07 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\m5rreykn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/10/25 16.16.30 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\m5rreykn.default\searchplugins\mywebsearch.xml
[2011/01/04 22.44.47 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\m5rreykn.default\searchplugins\sweetim.xml
[2011/05/16 14.43.50 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2011/04/09 13.17.38 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/13 08.31.31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/13 15.15.46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/12 09.00.02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010/09/17 11.06.31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/09 07.54.20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22.40.24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/26 10.55.21 | 000,002,423 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\babylon.xml
[2011/05/09 07.54.22 | 000,002,252 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\bing.xml
[2011/05/09 07.54.22 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2011/05/09 07.54.22 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2011/05/09 07.54.22 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2011/05/09 07.54.22 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/09/17 10.49.16 | 000,000,815 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Supporto di collegamento per Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Programmi\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Programmi\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISW] C:\Programmi\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\svchost\svhost.exe) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/16 18.21.10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5e743da9-2fcc-11e0-810e-001617c3dc2d}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 22.51.15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Utente\Desktop\OTL.exe
[2011/05/26 20.38.10 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Utente\Desktop\TDSSKiller.exe
[2011/05/26 16.47.11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Dati applicazioni\QuickScan
[2011/05/26 15.32.28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/26 15.32.04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Utente\Recent
[2011/05/26 15.29.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Dati applicazioni\DelinvFile
[2011/05/26 15.29.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\DelinvFile
[2011/05/26 15.29.36 | 000,000,000 | ---D | C] -- C:\PurgeIE
[2011/05/26 15.29.36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\PurgeIE
[2011/05/26 15.29.18 | 000,640,808 | ---- | C] (Assistance and Resources for Computing, Inc. ) -- C:\Documents and Settings\Utente\Desktop\divfinst.exe
[2011/05/26 15.04.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Camouflage
[2011/05/26 15.04.31 | 000,000,000 | ---D | C] -- C:\Programmi\Camouflage
[2011/05/26 15.04.23 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/05/26 14.50.00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\svchost
[2011/05/26 02.31.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Vitalwerks
[2011/05/26 02.31.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Menu Avvio\Programmi\No-IP DUC
[2011/05/26 02.31.29 | 000,000,000 | ---D | C] -- C:\Programmi\No-IP
[2011/05/24 21.36.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Menu Avvio\Programmi\SFX Compiler
[2011/05/24 21.36.40 | 000,000,000 | ---D | C] -- C:\Programmi\SFX Compiler
[2011/05/18 13.18.45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Desktop\Nuova cartella (7)
[2011/05/18 13.09.56 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/17 14.59.54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\system32
[2011/05/16 14.43.41 | 000,000,000 | ---D | C] -- C:\Programmi\Babylon
[2011/05/15 15.08.06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\AlterGeo
[2011/05/15 15.08.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Badoo
[2011/05/15 11.46.01 | 000,000,000 | ---D | C] -- C:\Programmi\MU Engine
[2011/05/15 11.45.40 | 001,207,927 | ---- | C] (Hacker's God Inc. ) -- C:\Documents and Settings\Utente\Desktop\Setup_MU_Engine_1.00.exe
[2011/05/05 15.20.46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Dati applicazioni\Mumble
[2011/05/05 15.20.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Mumble
[2011/05/05 15.20.25 | 000,000,000 | ---D | C] -- C:\Programmi\Mumble
[2011/04/27 01.18.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Documenti\WideStream
[2011/04/27 01.18.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Dati applicazioni\widestream
[2011/04/27 01.18.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\widestream6 Air
[2011/04/27 01.18.14 | 000,000,000 | ---D | C] -- C:\Programmi\Widestream6
[2011/04/27 01.18.00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Dati applicazioni\OfferBox
[2011/04/27 01.17.58 | 000,000,000 | ---D | C] -- C:\Programmi\OfferBox
[2011/04/27 01.17.22 | 001,047,888 | ---- | C] (Secure Digital Services ) -- C:\Documents and Settings\Utente\Desktop\Widestream6-setup.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/26 22.51.15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Utente\Desktop\OTL.exe
[2011/05/26 20.38.02 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\tdsskiller.zip
[2011/05/26 20.16.42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/26 17.20.06 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\Utente\default.pls
[2011/05/26 17.19.50 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/26 15.44.49 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\HiJackThis.msi
[2011/05/26 15.32.47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/05/26 15.29.36 | 000,001,343 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Delete Invalid File.lnk
[2011/05/26 15.29.20 | 000,640,808 | ---- | M] (Assistance and Resources for Computing, Inc. ) -- C:\Documents and Settings\Utente\Desktop\divfinst.exe
[2011/05/26 14.26.04 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/05/25 07.10.16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Utente\Desktop\TDSSKiller.exe
[2011/05/24 21.22.53 | 003,581,768 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\PFCSetup.exe
[2011/05/18 21.30.49 | 000,000,071 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/05/18 13.09.56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/17 22.49.10 | 000,059,228 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\OmegleSpyJAVA.jar
[2011/05/15 15.34.17 | 000,482,036 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2011/05/15 15.34.17 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/15 15.34.17 | 000,080,490 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2011/05/15 15.34.17 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/06 15.35.39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 15.52.02 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\Untitled125.pas
[2011/05/05 15.22.39 | 000,002,382 | ---- | M] () -- C:\Documents and Settings\Utente\Documenti\MumbleAutomaticCertificateBackup.p12
[2011/05/05 15.20.28 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2011/05/02 23.54.36 | 001,207,927 | ---- | M] (Hacker's God Inc. ) -- C:\Documents and Settings\Utente\Desktop\Setup_MU_Engine_1.00.exe
[2011/05/01 14.59.19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/27 01.17.23 | 001,047,888 | ---- | M] (Secure Digital Services ) -- C:\Documents and Settings\Utente\Desktop\Widestream6-setup.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/26 20.38.01 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\tdsskiller.zip
[2011/05/26 15.44.48 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\HiJackThis.msi
[2011/05/26 15.29.36 | 000,001,343 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Delete Invalid File.lnk
[2011/05/26 15.04.02 | 002,718,208 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\Camou121.exe
[2011/05/24 21.22.39 | 003,581,768 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\PFCSetup.exe
[2011/05/18 21.30.49 | 000,000,071 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/05/17 22.49.09 | 000,059,228 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\OmegleSpyJAVA.jar
[2011/05/15 15.08.04 | 000,001,297 | ---- | C] () -- C:\Documents and Settings\Utente\Menu Avvio\Programmi\Badoo Desktop.lnk
[2011/05/09 07.54.31 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Mozilla Firefox.lnk
[2011/05/05 15.22.39 | 000,002,382 | ---- | C] () -- C:\Documents and Settings\Utente\Documenti\MumbleAutomaticCertificateBackup.p12
[2011/05/05 15.20.28 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2011/05/05 15.19.27 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\Untitled125.pas
[2011/04/15 16.40.26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/09 13.18.45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/08 13.28.58 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/02/16 15.46.04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2011/01/06 10.42.43 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/12/17 23.18.33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/12/13 14.24.36 | 000,000,078 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2010/10/23 13.26.35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Utente\Dati applicazioni\chrtmp
[2010/10/23 13.26.32 | 002,034,647 | ---- | C] () -- C:\Documents and Settings\Utente\Dati applicazioni\PacSteamT-23-08-09.exe
[2010/10/17 21.34.03 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/10/12 15.13.03 | 000,064,941 | ---- | C] () -- C:\Documents and Settings\Utente\Dati applicazioni\SQLite3.dll
[2010/10/07 08.55.33 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/10/06 16.43.24 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/04 14.18.26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/20 20.38.28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/20 20.38.21 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/16 20.08.44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/16 20.07.34 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/16 20.04.49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/09/16 20.04.40 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/09/16 20.04.40 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/09/16 20.04.40 | 000,219,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/09/16 20.04.40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/09/16 20.04.40 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/09/16 18.23.06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/16 18.18.37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 13.00.00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 13.00.00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 13.00.00 | 000,482,036 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2008/04/14 13.00.00 | 000,435,396 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 13.00.00 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2008/04/14 13.00.00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 13.00.00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 13.00.00 | 000,080,490 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2008/04/14 13.00.00 | 000,068,292 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 13.00.00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 13.00.00 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2008/04/14 13.00.00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 13.00.00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 13.00.00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 13.00.00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 13.00.00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/02 09.27.46 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/08/29 12.20.00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/08/29 12.20.00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/08/29 12.20.00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/08/29 12.20.00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/08/29 12.20.00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2006/08/29 12.20.00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/08/29 12.20.00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/08/29 12.20.00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/08/29 12.20.00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/01/25 15.15.42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004/05/09 13.11.32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/05/09 11.31.44 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

========== Files - Unicode (All) ==========
[2010/10/21 23.20.14 | 000,000,000 | ---D | M](C:\Documents and Settings\Utente\Documenti\?? ???) -- C:\Documents and Settings\Utente\Documenti\넥슨 플러그
[2010/10/21 23.20.14 | 000,000,000 | ---D | C](C:\Documents and Settings\Utente\Documenti\?? ???) -- C:\Documents and Settings\Utente\Documenti\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:8CE646EE

< End of report >

noXDDD dentro la cartella system32 cera un altra cartella che si chiamava svchost dove dentro cera svhost.exe (senza la c)

[R16]

Segui le istruzioni di questo topic per usare Combofix: (usa Internet Explorer, e ricorda di salvarlo sul Desktop)
http://forum.zeusnews.com/viewtopic.php?t=45224
Posta il log.

[Kakashy]

hey davvero sorprendente usando combofix da situazione si è rispristinata tutti i problemi sono stati risolti l'av funziona!!!tutto funziona si sentono anche le canzoni davvero magnifico.
Ecco il log di combofix

ComboFix.txt

[R16]

Non è finita.
Ci sono ancora dei rootkit da levare:
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

[Kakashy]

Spero di aver fatto bene ecco il log aggiornato
log.txt

vorrei imparare anche io.....ad essere come te...come posso fare?(mi piace dare la caccia hai virus in poche parole tipo una passione)

[R16]

[Kakashy]

XD no nessun problema...è ovvio che c'è ne sono di più bravi hihih non si è mai al top e non si finisce mai di imparare... possiamo pure procedere per le pulizie....almeno dimmi da dove cominciare per imapare...XDDDD

[R16]

Segui le istruzioni di questo topic per postare il log di HiJackThis:
http://forum.zeusnews.com/viewtopic.php?t=23440

[Kakashy]

ecco il log hijackthis.log

[R16]

Disattiva il ripristino configurazione di sistema.
http://forum.zeusnews.com/viewtopic.php?t=22084

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":

[Kakashy]

ho fatto quasi tutto,per la deframmentazione che software mi consigli?

[R16]

[Kakashy]

Grazie di tutto.....il computer è pure più veloce,grazie supratutto per il tempo che mi hai dedicato.Buona fortuna.Anche se non mi hai detto da dove cominciare per essere bravo come XD.