www.MegaLab.it

[klaude4d]

Ciao a tutti,ieri sera videochattavo in msn con una mia amica,quando ho chiuso la videochiamata il pc e' andato in blue screen, al riavvio sembrava tutto a posto ma ho voluto fare un prova cosi mi reco in kaspersky online scanner eccola la!!! non parte piu lantivirus online dice che il browser e' off ine e che non e' possibile aggiornare il databse ne con ie 7.0 ne con firefox.
cosi ho pensato di aver ripreso bagle o qualcosa di simile, uso findykill mi rileva qualcosa nel registro eseguo e pulisco, ma il problema rimane, in piu ogni volta che riavvio il pc scompaio le icone di rete e il volume, online scanner non va ancora come mi suggerite di operare?
grazie

[TheHacker66]

Scarica HijackThis
Salvalo in una cartella (non aprirlo direttamente, sennò non farà i backup!)
Apri l'eseguibile
Clicca quindi su "Do a System Scan and Save a Logfile"
Attendi che finisca la scansione
Posta sul forum il risultato facendo attenzione a queste regole.

[klaude4d]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.16.33, on 20/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\SplitCam\SplitCam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\TechSmith\Camtasia Studio 6\CamRecorder.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe
C:\Windows\system32\conime.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\SS-Black_Jaguar-SS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SS-Black_Jaguar-SS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SS-Black_Jaguar-SS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SS-Black_Jaguar-SS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SS-Black_Jaguar-SS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SS-Black_Jaguar-SS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\SS-Black_Jaguar-SS\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.h ... rchLang=IT
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Super-Search - search like an expert - {B88F0A3B-663C-4342-A7CE-2D6F81032897} - C:\PROGRA~1\EASYSE~1\BHO\4SUPER~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [SplitCam] C:\Program Files\SplitCam\SplitCam.exe /play
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\SS-Black_Jaguar-SS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Camtasia Recorder] "C:\Program Files\TechSmith\Camtasia Studio 6\CamRecorder.exe" /m
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: jetAudio.lnk = ?
O4 - Global Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAC8D54E-57C3-46D6-9A2C-EFA2BE4B101E}: NameServer = 85.37.17.57 85.38.28.80
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)

--
End of file - 10931 bytes

ecco fatto ci sono eh sono pronto

[Seba:-)]

Nel LOG sembra tutto apposto... ma hai provato a fare una scansione con AntiVir prima di fare quella online?

[klaude4d]

no ora provo faccio subito, ma il pc sembra tutto a posto ma kaspersky a voi parte? puo' essere che sia un problema del sito, ma e' lo stesso sintomo dell'altra volta che avevo preso bagle

[Seba:-)]

Ho appena provato l'Online Scanner di Kaspersky su Firefox e funziona ... sei sicuro di avergli accordato il permesso di usare Java?
Non penso si tratti di un virus, comunque finisci la scansione con Avira e poi dicci .

[crazy.cat]

Se avira funziona non è bagle.
Scansione con combofix e poi avira e vedi cosa viene fuori.

X klaude4d
Per favore i messaggi cerca di scriverli con la c dove serve e non con la k.
Ho inserito tutte le parole che avevi storpiato nel controllo ortografico del sito per poterle italianizzare.
Grazie

[klaude4d]

posto il log di combofix che mi pare sia allarmante... poi una cosa volevo chiedervi quali sono le voci da leggere in questo log di combo?
altra cosa molto strana ho installato la versione gratuita di ispq chat ma vado per disinstallarla e riparte invece upgrade quando faccio aggiungi rimuovi e' un altro segno ? non ce unistall di ispq chat come faccio a cavarlo?

ComboFix 09-10-19.04 - SS-Black_Jaguar-SS 20/10/2009 20.53.35.1.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3070.1780 [GMT 2:00]
Eseguito da: c:\users\SS-Black_Jaguar-SS\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {002D35B8-077F-0000-0000-000000002D00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00310034-0034-0034-6300-630066003100}
SP: AntiVir Desktop *disabled* (Outdated) {002D35B8-077F-0000-0000-000000002D00}
SP: AntiVir Desktop *enabled* (Updated) {00310034-0034-0034-6300-630066003100}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\progra~1\GOOGLE~1\8GOOgl~1.dll
c:\program files\GooglePlusVideos
c:\program files\GooglePlusVideos\8.GooglePlusVideos.dll
c:\program files\GooglePlusVideos\DeploymentHelper.exe
c:\program files\GooglePlusVideos\FFExt\chrome.manifest
c:\program files\GooglePlusVideos\FFExt\chrome\content\googleplusvideos.xul
c:\program files\GooglePlusVideos\FFExt\chrome\content\script-injector.js
c:\program files\GooglePlusVideos\FFExt\install.rdf
c:\program files\GooglePlusVideos\GooglePlusVideosLicense.txt
c:\program files\GooglePlusVideos\GVConfig.ini
c:\program files\GooglePlusVideos\MFC42U.DLL
c:\program files\GooglePlusVideos\Uninstall.bat

.
((((((((((((((((((((((((( Files Creati Da 2009-09-20 al 2009-10-20 )))))))))))))))))))))))))))))))))))
.

2009-10-20 18:59 . 2009-10-20 18:59 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Local\temp
2009-10-20 18:59 . 2009-10-20 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-20 11:47 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-20 11:47 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-20 11:47 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-20 11:47 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 11:45 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-20 11:45 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-19 22:06 . 2009-10-19 22:37 -------- d-----w- C:\FindyKill
2009-10-19 21:37 . 2009-10-19 21:37 -------- d-----w- c:\windows\system32\dllcache
2009-10-18 00:11 . 2003-03-28 11:56 147456 ------w- c:\windows\system32\ncPopup2.dll
2009-10-18 00:11 . 2003-03-27 08:03 40960 ------w- c:\windows\system32\ncSSTimer2.dll
2009-10-18 00:11 . 2002-11-25 10:31 155648 ------w- c:\windows\system32\DartCertificate.dll
2009-10-16 01:26 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 01:25 . 2009-08-27 12:40 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-16 01:25 . 2009-08-27 13:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-16 01:25 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 01:25 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 01:25 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 01:25 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 01:25 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 21:42 . 2009-10-15 21:42 -------- d-----w- c:\program files\BurnAware Free
2009-10-15 18:25 . 2009-10-15 18:25 -------- d-----w- c:\program files\InfraRecorder
2009-10-15 18:08 . 2009-10-15 18:08 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\StarBurn
2009-10-15 18:06 . 2009-03-02 13:00 95592 ----a-w- c:\windows\system32\drivers\StarPortLite.sys
2009-10-15 18:04 . 2009-10-16 06:30 -------- d-----w- c:\program files\Feurio
2009-10-15 17:51 . 2009-10-15 17:51 -------- d-----w- c:\program files\Jookz
2009-10-15 17:51 . 2009-10-19 16:06 -------- d-----w- c:\programdata\Zwunzi
2009-10-15 17:51 . 2009-10-19 16:06 -------- d-----w- c:\program files\Zwunzi
2009-10-15 17:51 . 2009-10-15 17:51 -------- d-----w- c:\programdata\MessengerDiscovery 2
2009-10-15 12:43 . 2009-10-15 12:43 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\InfraRecorder
2009-10-13 10:29 . 2009-10-13 10:29 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Local\BVRP Software
2009-10-13 10:28 . 2009-10-13 10:30 -------- d-----w- c:\program files\Avanquest update
2009-10-13 10:25 . 2009-10-13 10:49 -------- d-----w- c:\programdata\BVRP Software
2009-10-13 10:25 . 2009-10-13 10:48 -------- d-----w- c:\program files\Motorola Phone Tools
2009-10-13 10:16 . 2009-10-13 10:16 -------- d-----w- c:\users\SS-Black_Jaguar-SS\{eda9c682-fa5c-4cd0-9ccc-9b5c1a0874ac}
2009-10-13 10:03 . 2009-10-13 10:03 -------- d-----w- c:\users\SS-Black_Jaguar-SS\{d8280039-aa23-4950-a9e3-c0ac23e19ff5}
2009-10-13 09:12 . 2009-10-13 09:12 -------- d-----w- c:\users\SS-Black_Jaguar-SS\{30f421a4-0ccd-4279-9c09-0183b5825da0}
2009-10-13 08:11 . 2009-10-13 08:11 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-10-10 16:05 . 2009-10-10 16:05 -------- d-----w- c:\programdata\Minnetonka Audio Software
2009-10-10 09:58 . 2009-10-18 11:53 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\vlc
2009-10-08 05:01 . 2009-10-08 18:00 -------- d-sh--w- c:\users\SS-Black_Jaguar-SS\Phone Browser
2009-10-06 18:25 . 2009-10-06 18:25 -------- d-----w- c:\program files\Winstep
2009-10-06 18:25 . 1997-07-19 14:55 1347344 ----a-w- c:\windows\system32\msvbvm50.dll
2009-10-06 08:45 . 2009-10-06 08:45 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Local\Scansoft
2009-10-04 10:16 . 2009-10-04 10:16 -------- d-----w- c:\programdata\InstallShield
2009-10-04 10:16 . 2009-10-04 10:16 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Nuance
2009-10-04 10:13 . 2009-10-04 10:13 -------- d-----w- c:\programdata\ScanSoft
2009-10-04 10:13 . 2009-10-04 10:13 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-10-04 10:13 . 2009-10-04 10:13 -------- d-----w- c:\program files\Common Files\Nuance
2009-10-04 10:12 . 2009-10-04 10:12 -------- d-----w- c:\programdata\Nuance
2009-10-04 10:12 . 2009-10-04 10:12 -------- d-----w- c:\program files\Nuance
2009-10-03 10:05 . 2009-10-03 10:05 -------- d-----w- c:\programdata\SSScanAppDataDir
2009-10-03 10:05 . 2009-10-03 10:05 -------- d-----w- c:\programdata\MSScanAppDataDir
2009-10-02 21:50 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 06:47 . 1998-10-02 17:00 327168 ----a-w- c:\windows\IsUninst.exe
2009-09-30 11:44 . 2009-09-30 11:44 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\dvdcss
2009-09-28 10:44 . 2009-09-28 10:44 -------- d-----w- c:\program files\iPod
2009-09-28 10:43 . 2009-10-17 22:07 -------- d-----w- c:\program files\iTunes
2009-09-27 20:40 . 2009-09-27 20:40 -------- d-----w- c:\program files\Toshiba
2009-09-27 17:19 . 2009-09-27 17:19 -------- d-----w- c:\program files\Recuva
2009-09-25 23:19 . 2009-09-25 23:03 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys
2009-09-25 10:40 . 2009-09-25 10:40 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-09-23 21:44 . 2009-09-23 21:44 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Nseries
2009-09-22 10:47 . 2009-09-22 10:47 -------- d-----w- c:\program files\RADVideo
2009-09-22 08:51 . 2009-09-22 08:51 -------- d-----w- c:\windows\system32\xlive
2009-09-22 08:51 . 2009-09-22 08:52 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-09-22 08:50 . 2009-09-22 08:50 -------- d-----w- c:\windows\system32\AGEIA
2009-09-22 08:50 . 2009-09-22 08:50 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-22 08:48 . 2009-09-22 08:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-22 08:48 . 2008-10-10 02:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-09-22 08:48 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-09-22 08:48 . 2008-10-10 02:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-09-22 08:48 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-09-22 08:48 . 2008-10-27 08:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-09-22 08:48 . 2008-10-27 08:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-09-22 08:48 . 2008-10-27 08:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-09-22 08:14 . 2009-09-22 08:14 -------- d-----w- c:\program files\Eidos
2009-09-20 22:23 . 2009-09-20 22:23 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Subversion
2009-09-20 22:02 . 2009-09-20 22:02 -------- d-----w- c:\users\Public\Roaming
2009-09-20 22:02 . 2009-09-20 22:02 -------- d-----w- c:\users\SS-Black_Jaguar-SS\Library
2009-09-20 22:02 . 2009-09-20 22:02 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\com.adobe.ExMan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 18:28 . 2006-11-06 01:52 706428 ----a-w- c:\windows\system32\perfc010.dat
2009-10-20 18:28 . 2006-11-06 01:52 2345666 ----a-w- c:\windows\system32\perfh010.dat
2009-10-20 18:24 . 2009-08-25 08:22 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Skype
2009-10-20 09:20 . 2009-09-19 10:47 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-19 21:49 . 2009-08-15 21:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-19 15:21 . 2009-08-14 15:25 139632 ----a-w- c:\users\SS-Black_Jaguar-SS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-19 13:04 . 2009-08-25 23:00 -------- d-----w- c:\program files\AVS4YOU
2009-10-19 06:18 . 2009-08-16 18:41 -------- d-----w- c:\programdata\Nero
2009-10-18 12:27 . 2009-08-15 01:17 -------- d-----w- c:\program files\JetAudio
2009-10-18 12:27 . 2009-08-15 01:17 -------- d-----w- c:\program files\Common Files\COWON
2009-10-18 00:10 . 2009-10-18 00:10 -------- d-----w- c:\program files\nanoCom Corporation
2009-10-18 00:10 . 2009-08-14 15:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 22:10 . 2009-08-16 16:50 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Apple Computer
2009-10-16 06:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 06:21 . 2009-08-16 16:31 -------- d-----w- c:\programdata\Microsoft Help
2009-10-15 21:41 . 2009-08-25 23:02 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\AVS4YOU
2009-10-15 18:08 . 2009-08-15 00:34 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-15 18:00 . 2009-08-28 11:57 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\MessengerDiscovery 2
2009-10-15 17:51 . 2009-08-31 23:03 -------- d-----w- c:\program files\MessengerDiscovery 2
2009-10-15 12:41 . 2009-08-31 22:41 -------- d-----w- c:\programdata\NCH Swift Sound
2009-10-15 12:41 . 2009-08-31 22:41 -------- d-----w- c:\program files\NCH Swift Sound
2009-10-13 10:54 . 2009-08-31 22:04 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\BitTorrent
2009-10-13 10:49 . 2009-10-13 10:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-10-13 10:34 . 2009-08-18 17:06 9232 ----a-w- c:\users\SS-Black_Jaguar-SS\mqdmmdfl.sys
2009-10-13 10:34 . 2009-08-18 17:06 92064 ----a-w- c:\users\SS-Black_Jaguar-SS\mqdmmdm.sys
2009-10-13 10:34 . 2009-08-18 17:06 79328 ----a-w- c:\users\SS-Black_Jaguar-SS\mqdmserd.sys
2009-10-13 10:34 . 2009-08-18 17:06 5936 ----a-w- c:\users\SS-Black_Jaguar-SS\mqdmwhnt.sys
2009-10-13 10:34 . 2009-08-18 17:06 4048 ----a-w- c:\users\SS-Black_Jaguar-SS\mqdmcr.sys
2009-10-13 10:34 . 2009-08-18 17:06 66656 ----a-w- c:\users\SS-Black_Jaguar-SS\mqdmbus.sys
2009-10-13 10:34 . 2009-08-18 17:06 6208 ----a-w- c:\users\SS-Black_Jaguar-SS\mqdmcmnt.sys
2009-10-13 10:34 . 2009-08-18 17:06 25600 ----a-w- c:\users\SS-Black_Jaguar-SS\usbsermptxp.sys
2009-10-13 10:34 . 2009-08-18 17:06 22768 ----a-w- c:\users\SS-Black_Jaguar-SS\usbsermpt.sys
2009-10-13 08:39 . 2009-08-18 17:06 25600 ----a-w- c:\windows\system32\drivers\usbsermptxp.sys
2009-10-04 11:15 . 2009-10-04 11:15 2913 ----a-w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\SAS7_000.DAT
2009-10-04 10:13 . 2009-08-14 15:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-02 18:28 . 2009-08-15 22:56 -------- d-----w- c:\program files\Microsoft
2009-10-01 06:50 . 2009-08-15 20:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-01 06:50 . 2009-09-10 09:47 -------- d-----w- c:\program files\Common Files\Real
2009-09-28 10:44 . 2009-08-16 17:23 -------- d-----w- c:\program files\Common Files\Apple
2009-09-28 06:27 . 2009-08-14 15:39 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Winamp
2009-09-26 20:02 . 2009-08-22 21:47 -------- d-----w- c:\program files\Google
2009-09-25 23:19 . 2009-08-14 15:45 -------- d-----w- c:\program files\ASUS
2009-09-25 23:03 . 2009-08-14 16:10 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys
2009-09-25 14:59 . 2009-09-19 10:13 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Toshiba
2009-09-25 10:51 . 2009-08-14 15:25 1356 ----a-w- c:\users\SS-Black_Jaguar-SS\AppData\Local\d3d9caps.dat
2009-09-25 10:43 . 2009-08-14 23:29 -------- d-----w- c:\program files\Common Files\Nokia
2009-09-25 10:40 . 2009-08-14 23:23 -------- d-----w- c:\program files\Nokia
2009-09-24 06:04 . 2009-08-15 22:33 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\skypePM
2009-09-20 17:38 . 2009-08-14 16:04 -------- d-----w- c:\program files\Realtek
2009-09-20 13:44 . 2009-08-20 22:20 -------- d--h--w- c:\program files\Temp
2009-09-20 13:26 . 2009-09-20 13:35 1933312 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2009-09-20 13:26 . 2009-09-20 13:35 306176 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2009-09-20 13:26 . 2009-09-20 13:35 126976 ----a-w- c:\windows\system32\MaxxAudioAPO.dll
2009-09-20 13:26 . 2009-09-20 13:35 267264 ----a-w- c:\windows\system32\FMAPO.dll
2009-09-20 13:26 . 2009-09-20 13:35 142848 ----a-w- c:\windows\system32\AERTACap.dll
2009-09-20 13:26 . 2009-09-20 13:35 125952 ----a-w- c:\windows\system32\AERTARen.dll
2009-09-20 13:26 . 2009-09-20 13:35 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-09-17 16:53 . 2009-09-17 15:53 -------- d-----w- c:\program files\WinAVI MP4 Converter
2009-09-14 11:08 . 2009-09-14 11:08 -------- d-----w- c:\program files\Utility Configurazione iPhone
2009-09-14 11:07 . 2009-09-14 11:06 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-14 11:05 . 2009-09-14 11:04 -------- d-----w- c:\program files\QuickTime
2009-09-12 11:37 . 2009-08-31 10:14 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\ooVoo Details
2009-09-12 11:36 . 2009-08-31 10:14 -------- d-----w- c:\program files\ooVoo
2009-09-11 08:11 . 2009-09-10 09:53 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\SoundSpectrum
2009-09-10 09:48 . 2009-08-14 15:39 -------- d-----w- c:\program files\Winamp
2009-09-09 09:44 . 2009-08-16 07:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 00:15 . 2009-09-06 04:02 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Camfrog
2009-09-06 17:06 . 2009-09-06 15:17 -------- d-----w- c:\program files\JDownloader 0.8
2009-09-06 04:01 . 2009-09-06 04:01 -------- d-----w- c:\program files\Camfrog
2009-09-05 09:32 . 2009-09-05 07:19 -------- d-----w- c:\programdata\AQ
2009-09-04 12:00 . 2009-09-04 12:00 -------- d-----w- c:\program files\Free Audio Pack
2009-09-03 12:43 . 2009-09-03 12:43 -------- d-----w- c:\program files\Western Digital Corporation
2009-09-02 09:31 . 2009-09-02 09:31 -------- d-----w- c:\program files\VideoLAN
2009-08-31 22:56 . 2009-08-31 22:56 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Recordpad
2009-08-31 22:42 . 2009-08-31 22:41 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\NCH Swift Sound
2009-08-31 22:41 . 2009-08-31 22:41 -------- d-----w- c:\program files\NCH Software
2009-08-31 22:38 . 2009-08-31 22:38 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Canneverbe_Limited
2009-08-31 22:38 . 2009-08-31 22:38 -------- d-----w- c:\programdata\Canneverbe Limited
2009-08-31 22:04 . 2009-08-31 22:04 -------- d-----w- c:\program files\BitTorrent
2009-08-30 21:59 . 2009-08-30 21:59 -------- d-----w- c:\program files\Trend Micro
2009-08-30 01:17 . 2009-08-30 01:17 -------- d-----w- c:\programdata\Messenger Plus!
2009-08-29 21:52 . 2009-08-29 11:43 -------- d-----w- c:\program files\Unlocker
2009-08-29 00:27 . 2009-09-02 11:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 11:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 12:10 . 2009-08-28 12:10 -------- d-----w- c:\program files\Defraggler
2009-08-28 12:01 . 2009-08-28 12:01 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-28 09:37 . 2009-08-28 09:37 -------- d-----w- c:\program files\VirtualDubMod_1_5_10_2_b2542
2009-08-26 16:08 . 2009-08-15 22:16 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Autodesk
2009-08-26 16:08 . 2009-08-15 21:57 -------- d-----w- c:\programdata\Autodesk
2009-08-26 16:06 . 2009-08-15 22:06 -------- d-----w- c:\programdata\FLEXnet
2009-08-26 14:22 . 2009-08-26 14:22 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-26 08:36 . 2009-08-14 23:32 -------- d-----w- c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Nokia
2009-08-25 23:02 . 2009-08-25 23:02 -------- d-----w- c:\programdata\AVS4YOU
2009-08-25 23:02 . 2009-08-25 23:01 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-25 17:03 . 2009-08-25 17:03 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-08-25 17:03 . 2009-08-25 17:03 -------- d-----w- c:\program files\SplitCam
2009-08-25 14:09 . 2009-08-25 14:07 -------- d-----w- c:\program files\Total Video Converter
2009-08-25 11:59 . 2009-08-25 11:59 -------- d-----w- c:\programdata\TechSmith
2009-04-07 18:52 . 2009-04-07 18:52 28672 ----a-w- c:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2009-08-09 21:14 . 2009-08-09 21:14 49152 ----a-w- c:\program files\mozilla firefox\components\SuperSearchXPCOM.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2009-01-04 743936]
"SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2006-09-09 990208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\users\SS-Black_Jaguar-SS\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-20 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Camtasia Recorder"="c:\program files\TechSmith\Camtasia Studio 6\CamRecorder.exe" [2008-10-10 2678104]
"Camfrog"="c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2009-06-16 41800]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-20 7739936]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-19 149280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2008-7-23 427336]
jetAudio.lnk - c:\program files\JetAudio\JetAudio.exe [2009-8-15 3008512]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2009-7-16 1873272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):35,62,8d,43,3b,1d,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-534440758-3768623821-1441760294-1000]
"EnableNotificationsRef"=dword:00000001

R1 AsUpIO;AsUpIO;c:\windows\System32\drivers\AsUpIO.sys [26/09/2009 1.19.08 11448]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\System32\drivers\StarPortLite.sys [15/10/2009 20.06.40 95592]
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe -k bthaudiosvc [15/08/2009 0.24.21 21504]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 17.05.04 92008]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [16/08/2009 2.43.28 208144]
R2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService c:\program files\Winstep\WsxService
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 17.36.24 86016]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16.28.36 1533808]
S3 BthAudioHF;Servizio Audio vivavoce Bluetooth;c:\windows\System32\drivers\BthAudioHF.sys [10/07/2008 15.44.12 30208]
S3 BthAvrcp;Profilo Bluetooth AVRCP;c:\windows\System32\drivers\BthAvrcp.sys [10/07/2008 15.43.32 15872]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 14.48.18 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 14.48.12 8320]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 5.46.20 284016]
S4 gupdate1ca23724714d2b8;Servizio di Google Update (gupdate1ca23724714d2b8);c:\program files\Google\Update\GoogleUpdate.exe [22/08/2009 23.48.25 133104]
S4 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-22 21:47]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 21:48]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 21:48]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534440758-3768623821-1441760294-1000Core.job
- c:\users\SS-Black_Jaguar-SS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-20 10:36]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534440758-3768623821-1441760294-1000UA.job
- c:\users\SS-Black_Jaguar-SS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-20 10:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.europowersearch.com/Search.h ... rchLang=IT
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {EAC8D54E-57C3-46D6-9A2C-EFA2BE4B101E} = 85.37.17.57 85.38.28.80
FF - ProfilePath - c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Mozilla\Firefox\Profiles\rl0tibof.default\
FF - prefs.js: browser.search.selectedEngine - Google Search Community
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?cl ... t:official
FF - component: c:\program files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
FF - component: c:\program files\Mozilla Firefox\components\SuperSearchXPCOM.dll
FF - component: c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Mozilla\Firefox\Profiles\rl0tibof.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Mozilla\Firefox\Profiles\rl0tibof.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\SS-Black_Jaguar-SS\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\SS-Black_Jaguar-SS\AppData\Roaming\Mozilla\Firefox\Profiles\rl0tibof.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-10-20 21.01.01
ComboFix-quarantined-files.txt 2009-10-20 19:00

Pre-Run: 76.455.858.176 byte disponibili
Post-Run: 76.504.010.752 byte disponibili

- - End Of File - - 55C92696E026FB33D6D45CC225724457

[klaude4d]

altra cosa importante che mi sono dimenticato ogni volta al riavvio scompaiono le icone della rete e del volume sigh !!!!!

[Seba:-)]

Scansione con Avira?

[klaude4d]

ancora devo finire ho trovato questo intanto e la cosa mi preoccupa : viewtopic.php?t=44937

[Seba:-)]

ancora devo finire ho trovato questo intanto e la cosa mi preoccupa : viewtopic.php?t=44937

Intendi srosa.sys?

EDIT: ma hai idea di cosa sia questo GooglePlusVideo che Combofix ha eliminato?

[klaude4d]

pensavo di avere la stessa cosa di quella ragazza, non lo so credevo che era un estensione componente aggiuntivo che avevo installato su firefox ma ho guardato non ce ne traccia, altra cosa nel log di combo dice elimanto :c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
invece la cartella c:\$recycle.bin\ ce ancora . ho avira ancora al 30%

[klaude4d]

adesso mi son occorto che ho anche 2 cartelle nuove di cui no conosco lì'esistenza : una Boot piena di cartelle con sigle di cartelle con iniziali di file delle lingue es. : de-De , it-IT , sv-SV etc. una cartella Qoobox un altra cartella d:\$recycle.bin\ nella altro hhd completamente vuoto che tengo per archiviare ma che ca**o succede scusatemi e permettetemi lespressione

[Seba:-)]

Sembra che ci sia un bel casino... OK, finisci la scansione con Avira, poi da lì vediamo quale è il problema...

[klaude4d]

sono ancora al 50 %

[klaude4d]

fino ad ora ha trovato eh !!! TR/BHO.ZWangi.8 ne sapete niente raga?

[klaude4d]

Avira AntiVir Personal
Data del file di report: martedì 20 ottobre 2009 21:59

Ricerca di 1809849 virus e programmi indesiderati.

Concesso in licenza a : Avira AntiVir Personal - FREE Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows Vista
Versione di Windows : (Service Pack 2) [6.0.6002]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : S-BLACKJAGUAR-S

Informazioni sulla versione:
BUILD.DAT : 9.0.0.17 18072 Bytes 25/09/2009 12:06:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 18/08/2009 21:21:06
AVSCAN.DLL : 9.0.3.0 47873 Bytes 03/03/2009 10:14:29
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:56
LUKERES.DLL : 9.0.2.0 12545 Bytes 03/03/2009 10:15:14
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 15:34:22
ANTIVIR2.VDF : 7.1.6.112 4833792 Bytes 15/10/2009 22:23:12
ANTIVIR3.VDF : 7.1.6.129 164864 Bytes 20/10/2009 19:47:45
Motore : 8.2.1.42
AEVDF.DLL : 8.1.1.2 106867 Bytes 16/09/2009 00:25:10
AESCRIPT.DLL : 8.1.2.38 487804 Bytes 20/10/2009 19:47:48
AESCN.DLL : 8.1.2.5 127346 Bytes 03/09/2009 22:22:09
AERDL.DLL : 8.1.3.2 479604 Bytes 03/10/2009 00:38:42
AEPACK.DLL : 8.2.0.1 422263 Bytes 20/10/2009 19:47:46
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 14/08/2009 15:34:36
AEHEUR.DLL : 8.1.0.167 2011511 Bytes 08/10/2009 00:39:03
AEHELP.DLL : 8.1.7.0 237940 Bytes 03/09/2009 22:22:08
AEGEN.DLL : 8.1.1.68 364918 Bytes 20/10/2009 19:47:46
AEEMU.DLL : 8.1.1.0 393587 Bytes 03/10/2009 00:38:38
AECORE.DLL : 8.1.8.1 184693 Bytes 16/09/2009 00:25:08
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:48:02
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/09/2009 22:46:47
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:25:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:45
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:12
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:38
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:41:28
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 13:11:50
RCTEXT.DLL : 9.0.37.1 87809 Bytes 22/04/2009 10:24:43

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: c:\program files\avira\antivir desktop\sysscan.avp
Report......................................: basso
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:, D:,
Scansione dei programmi attivi..............: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Attivo
Scansione ottimizzata.......................: Attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: medio
Categorie irregolari delle minacce..........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Avvio della scansione: martedì 20 ottobre 2009 21:59

Avvio della scansione dei file di sistema:
Firmato -> 'C:\Windows\system32\svchost.exe'
Firmato -> 'C:\Windows\system32\winlogon.exe'
Firmato -> 'C:\Windows\explorer.exe'
Firmato -> 'C:\Windows\system32\smss.exe'
Firmato -> 'C:\Windows\system32\wininet.DLL'
Firmato -> 'C:\Windows\system32\wsock32.DLL'
Firmato -> 'C:\Windows\system32\ws2_32.DLL'
Firmato -> 'C:\Windows\system32\services.exe'
Firmato -> 'C:\Windows\system32\lsass.exe'
Firmato -> 'C:\Windows\system32\csrss.exe'
Firmato -> 'C:\Windows\system32\drivers\kbdclass.sys'
Firmato -> 'C:\Windows\system32\spoolsv.exe'
Firmato -> 'C:\Windows\system32\alg.exe'
Firmato -> 'C:\Windows\system32\wuauclt.exe'
Firmato -> 'C:\Windows\system32\advapi32.DLL'
Firmato -> 'C:\Windows\system32\user32.DLL'
Firmato -> 'C:\Windows\system32\gdi32.DLL'
Firmato -> 'C:\Windows\system32\kernel32.DLL'
Firmato -> 'C:\Windows\system32\ntdll.DLL'
Firmato -> 'C:\Windows\system32\ntoskrnl.exe'
Firmato -> 'C:\Windows\system32\ctfmon.exe'
I file di sistema sono stati sottoposti a scansione (file '21')

È stata avviata la scansione per accertare la presenza di oggetti nascosti.
Sono stati esaminati '111225' oggetti, sono stati rilevati '0' oggetti nascosti.

La scansione dei processi in esecuzione verrà avviata:
Scansione processo 'SearchFilterHost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avscan.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avscan.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'chrome.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'PresentationFontCache.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'chrome.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'chrome.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'chrome.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'chrome.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'chrome.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'SearchProtocolHost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'winamp.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'wlcomm.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'WUDFHost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'WUDFHost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'NclToBTSrv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'NclMSBTSrv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'conime.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'NclRSSrv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'NclUSBSrv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TosSkypeApl.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'ServiceLayer.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TscHelp.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'MessengerDiscovery 2.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TosAVRC.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'ReModem.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TosBtHSP.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TosBtHid.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TosA2dp.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'Camfrog Video Chat.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TosBtMng.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'trillian.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'JetAudio.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'emule.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'PCSuite.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'CamRecorder.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'daemon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'msnmsgr.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'Skype.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'SplitCam.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'USBSafelyRemove.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'jusched.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'issch.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'RtHDVCpl.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'winampa.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avgnt.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'MSASCui.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'aaCenter.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'explorer.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'GoogleUpdate.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'taskeng.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'dwm.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'taskeng.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'taskeng.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'WLIDSVCM.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'WUDFHost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'SearchIndexer.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'WLIDSVC.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'WsxService.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TosBtSrv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TomTomHOMEService.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'raysat_3dsmax2010_32server.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'mdm.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'AppleMobileDeviceService.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avguard.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'sched.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'spoolsv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'rundll32.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'SLsvc.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'audiodg.exe' - '0' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'nvvsvc.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'USBSRService.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'winlogon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'lsm.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'lsass.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'services.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'csrss.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'wininit.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'csrss.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'smss.exe' - '1' modulo(i) scansionato(i)
92 processi scansionati con '92' Moduli

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
[INFO] Nessun virus è stato trovato!
Record master di avvio dell'Hard Disk 1
[INFO] Nessun virus è stato trovato!
Record master di avvio dell'Hard Disk 2
[INFO] Nessun virus è stato trovato!
[INFO] Avvia nuovamente la scansione con i diritti di amministratore
Record master di avvio dell'Hard Disk 3
[INFO] Nessun virus è stato trovato!
[INFO] Avvia nuovamente la scansione con i diritti di amministratore
Record master di avvio dell'Hard Disk 4
[INFO] Nessun virus è stato trovato!
[INFO] Avvia nuovamente la scansione con i diritti di amministratore
Record master di avvio dell'Hard Disk 5
[INFO] Nessun virus è stato trovato!
[INFO] Avvia nuovamente la scansione con i diritti di amministratore

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
[INFO] Nessun virus è stato trovato!
Record di avvio 'D:\'
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei file eseguibili (registro):
Il registro è stato scansionato ( 47 file ).


Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'
C:\pagefile.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AT8N5X1\upgrade[1].cab
[0] Tipo di archivio: CAB (Microsoft)
upgrade.exe
[1] Tipo di archivio: NSIS
[UnknownDir]/zwunzi.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/BHO.Zwangi.8
C:\Windows\System32\drivers\sptd.sys
[AVVISO] Impossibile aprire il file!
Inizia con la scansione di 'D:\' <SS-dobermann-SS>

Avvio della disinfezione:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AT8N5X1\upgrade[1].cab
[NOTA] Il file è stato spostato in quarantena con il nome '4b452ff5.qua'!


Fine della scansione: martedì 20 ottobre 2009 23:45
Tempo impiegato: 1:46:29 Ora(e)

La scansione è stata completamente eseguita.

35391 Directory scansionate
755866 I file sono stati scansionati
1 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
1 File spostati in quarantena
0 File rinominati
2 Impossibile scansionare i file
755863 File non infetti
4253 Archivi scansionati
2 Avvisi
2 Note
111225 Oggetti scansionati durante la scansione dei rootkit
0 Sono stati rilevati oggetti nascosti

[Seba:-)]

Ma perché questo zwunzi.exe viene collocato in una directory sconosciuta?

[UnknownDir]/zwunzi.exe

A questo punto comunque, dopo aver usato Findykill, Combofix ed Avira il computer dovrebbe essere più o meno pulito... farei una passatina anche con Malwarebytes'...

[klaude4d]

sto eseguendo malwarebytes, la directory e la seguente incollo il persorso che ha trovato avira : C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AT8N5X1\upgrade[1].cab
ci sono alcuni file che avira non riesce ad aprire mi e' successo altre volte e' normale? ad esmpio il .cab in questione dice che non e' riuscito ad aprirlo.
come mai alcuni file non li apre avira no ci riesce?