Olimpo Informatico

[kk]

Ciao a tutti, mi sono iscritto al sito per cercare di risolvere un problema..ho letto una discussione in questo sito sempre su explorer ma il mio problema mi sembra diverso...
Il mio pc continua a mandare in esecuzione explorer.exe e poi a terminarlo da solo nel giro di pochi secondi, facendo scomparire tutte le icone e chiudendo tutte le finestre ad eccezione di alcuni file di testo e delle pagine di firefox...
ho già fatto la scansione con avg aggiornato ad oggi ma non trova niente...
QUALCUNO PUO' AIUTARMI?
THANKS...

[Sante62]

Ciao kk e benvenuto...
Scarica e fai la scansione con questo tool;
posta poi il risultato;
fai la scansione anche con Combofix seguendo questo topic postando il risultato come indicato;
Poi guarda questa discussione per postare un log di Hijackthis.
Apri il task manager (CTRL+ALT+CANC); si aprirà il registro di sistema;
Naviga attraverso queste chiavi:

[kk]

Il primo tool mi da errore (impossibile accedere ad un file..), però combofix sembra aver sistemato le cose, ti posto il report, ci capirai più di me..

ComboFix 08-02-19.2 - user 2008-02-19 16.50.45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1584 [GMT 1:00]
Eseguito da: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ssqonon.dll
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Menu Avvio\UUSEE~1.LNK
C:\Programmi\uusee
C:\Programmi\uusee\AD\1\000\index_new.html
C:\Programmi\uusee\AD\1\000\uue_new.jpg
C:\Programmi\uusee\AD\1\001\index_new.html
C:\Programmi\uusee\AD\1\001\uue_new.jpg
C:\Programmi\uusee\AD\1\chunwan\cw.html
C:\Programmi\uusee\AD\1\cy\cy.html
C:\Programmi\uusee\AD\1\dm\dm.html
C:\Programmi\uusee\AD\1\dsj\dsj.html
C:\Programmi\uusee\AD\1\dst\dst.html
C:\Programmi\uusee\AD\1\dy\dy.html
C:\Programmi\uusee\AD\1\jk\jk.html
C:\Programmi\uusee\AD\1\ty\ty.html
C:\Programmi\uusee\AD\1\uu\uu.html
C:\Programmi\uusee\AD\1\yl\yl.html
C:\Programmi\uusee\AD\1\yx\yx.html
C:\Programmi\uusee\AD\1\zx\zx.html
C:\Programmi\uusee\AD\2\100\index.html
C:\Programmi\uusee\AD\2\200\index.html
C:\Programmi\uusee\AD\2\300\index.html
C:\Programmi\uusee\AD\UUAD_Banner_1.html
C:\Programmi\uusee\AD\UUAD_Banner_3.html
C:\Programmi\uusee\AD\UUAD_Buffering.html
C:\Programmi\uusee\AD\UUAD_Buffering.jpg
C:\Programmi\uusee\AD\UUAD_TextLink_0.xml
C:\Programmi\uusee\bass-plugins.exe
C:\Programmi\uusee\skins\UUPlayer\About.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_Compact_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_Compact_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_Compact_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_FullScreen_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_FullScreen_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_FullScreen_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
C:\Programmi\uusee\skins\UUPlayer\Dlg_Back.bmp
C:\Programmi\uusee\skins\UUPlayer\Dlg_Detect.bmp
C:\Programmi\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
C:\Programmi\uusee\skins\UUPlayer\dxva_sig.txt
C:\Programmi\uusee\skins\UUPlayer\Icon_Information.bmp
C:\Programmi\uusee\skins\UUPlayer\Icon_Question.bmp
C:\Programmi\uusee\skins\UUPlayer\Icon_Stop.bmp
C:\Programmi\uusee\skins\UUPlayer\ListHeader_1.bmp
C:\Programmi\uusee\skins\UUPlayer\ListHeader_2.bmp
C:\Programmi\uusee\skins\UUPlayer\ListHeader_3.bmp
C:\Programmi\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
C:\Programmi\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
C:\Programmi\uusee\skins\UUPlayer\ListHeader_SP.bmp
C:\Programmi\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_0.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_5.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_6.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_7.bmp
C:\Programmi\uusee\skins\UUPlayer\Resource.h
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Group_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Group_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Group_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp
C:\Programmi\uusee\skins\UUPlayer\Thumbs.db
C:\Programmi\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp
C:\Programmi\uusee\skins\UUPlayer\TopTab_Browse.bmp
C:\Programmi\uusee\skins\UUPlayer\TopTab_Browse1.bmp
C:\Programmi\uusee\skins\UUPlayer\TopTab_Play.bmp
C:\Programmi\uusee\skins\UUPlayer\TopTab_Play1.bmp
C:\Programmi\uusee\skins\UUPlayer\TopTab_Record.bmp
C:\Programmi\uusee\skins\UUPlayer\TopTab_Record1.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_Arrow.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_Collapse.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_Expand.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_Header.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
C:\Programmi\uusee\skins\UUPlayer\UUSEE.ui
C:\Programmi\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Control_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Control_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Control_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Control_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Info.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Main_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Main_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Main_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Main_5.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Play_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Play_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Play_5.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Record_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Record_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Record_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Record_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Side_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Side_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Side_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Top_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Top_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Top_3.bmp
C:\Programmi\uusee\uninstuusee.exe
C:\Programmi\uusee\UUPlayer.dll
C:\Programmi\uusee\UUPlayer_update.ini
C:\Programmi\uusee\UUSee.url
C:\Programmi\uusee\UUSeePlayer.exe
C:\Programmi\uusee\UUTV_MY.xml
C:\Programmi\uusee\UUTV_UUPlayer.xml
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini2

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupda
.
((((((((((((((((((((((((( Files Creati Da 2008-01-19 al 2008-02-19 )))))))))))))))))))))))))))))))))))
.

2008-02-19 16:06 . 2008-02-19 16:06 <DIR> d-------- C:\Programmi\Panda Security
2008-02-19 16:06 . 2008-02-19 16:07 1,648 --a------ C:\WINDOWS\mozver.dat
2008-02-17 20:54 . 2008-02-19 15:41 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\AVG7
2008-02-17 20:54 . 2008-02-17 20:54 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2008-02-17 20:53 . 2008-02-17 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-02-17 19:59 . 2008-02-17 19:59 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-02-17 18:38 . 2008-02-17 19:58 <DIR> d-------- C:\Programmi\CCleaner
2008-02-15 18:05 . 2008-02-16 18:21 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\My Battle for Middle-earth Files
2008-02-15 15:54 . 2008-02-15 15:54 <DIR> d-------- C:\Programmi\EA GAMES
2008-02-15 15:31 . 2008-02-15 15:31 <DIR> d-------- C:\Programmi\DAEMON Tools Lite
2008-02-11 15:20 . 2008-02-18 18:00 <DIR> d-------- C:\Programmi\WarRock
2008-02-10 13:52 . 2008-02-10 13:52 <DIR> d-------- C:\ProgramData
2008-02-10 13:03 . 2008-02-15 21:16 <DIR> d-------- C:\Programmi\Electronic Arts
2008-02-09 17:41 . 2008-02-17 20:25 12 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-02-09 17:37 . 2008-02-17 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-02-09 17:31 . 2008-02-17 20:27 <DIR> d-------- C:\Programmi\ESET
2008-02-09 17:29 . 2008-02-17 20:48 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-02-07 17:09 . 2008-02-07 17:09 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\DAEMON Tools
2008-02-04 17:03 . 2008-02-04 17:03 1,568 --a------ C:\WINDOWS\system32\sdbackup.reg
2008-02-03 16:53 . 2008-02-03 16:55 <DIR> d-------- C:\Programmi\File comuni\uusee
2008-01-31 21:21 . 2008-01-31 21:21 <DIR> d-------- C:\Programmi\Thomson
2008-01-31 20:27 . 2008-01-31 20:27 <DIR> d-------- C:\Programmi\Windows Live Favorites
2008-01-31 19:50 . 2008-01-31 19:50 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-30 15:35 . 2008-02-03 16:07 <DIR> d-------- C:\Programmi\TVAnts
2008-01-26 17:54 . 2008-01-26 17:54 14,168 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-26 11:45 . 2008-01-31 20:19 <DIR> d-------- C:\Programmi\mIRC
2008-01-26 11:45 . 2008-01-31 20:33 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\mIRC
2008-01-20 16:33 . 2008-01-20 16:39 <DIR> d-------- C:\Programmi\TVUPlayer
2008-01-20 16:33 . 2008-01-20 16:37 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\TVU Networks
2008-01-20 16:17 . 2008-01-20 18:43 <DIR> d-------- C:\Programmi\SopCast

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 16:03 --------- d-----w C:\Programmi\Steam
2008-02-19 15:59 --------- d-----w C:\Programmi\PeerGuardian2
2008-02-19 15:42 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-02-19 08:23 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\OpenOffice.org2
2008-02-18 17:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-18 06:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-17 19:19 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\uTorrent
2008-02-17 12:39 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\teamspeak2
2008-02-16 17:02 --------- d-----w C:\Programmi\eMule
2008-02-15 20:43 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\dvdcss
2008-02-10 16:43 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-02-10 12:53 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-09 16:27 --------- d-----w C:\Programmi\internet security & programs
2008-02-04 16:02 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-03 16:52 --------- d-----w C:\Programmi\Google
2008-01-31 19:27 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-01-31 19:27 --------- d-----w C:\Programmi\Lexmark Fax Solutions
2008-01-31 18:18 --------- d-----w C:\Programmi\Analog Devices
2008-01-17 15:57 17,896 ----a-w C:\Documents and Settings\user\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-01-17 15:21 --------- d-----w C:\Programmi\Briscola
2008-01-11 15:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2007-12-26 18:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2007-12-26 18:13 --------- d-----w C:\Programmi\Avanquest update
2007-12-26 18:11 --------- d-----w C:\Programmi\Motorola Phone Tools
2007-12-26 18:08 92,064 ----a-w C:\Documents and Settings\user\mqdmmdm.sys
2007-12-26 18:08 9,232 ----a-w C:\Documents and Settings\user\mqdmmdfl.sys
2007-12-26 18:08 79,328 ----a-w C:\Documents and Settings\user\mqdmserd.sys
2007-12-26 18:08 66,656 ----a-w C:\Documents and Settings\user\mqdmbus.sys
2007-12-26 18:08 6,208 ----a-w C:\Documents and Settings\user\mqdmcmnt.sys
2007-12-26 18:08 5,936 ----a-w C:\Documents and Settings\user\mqdmwhnt.sys
2007-12-26 18:08 4,048 ----a-w C:\Documents and Settings\user\mqdmcr.sys
2007-12-26 18:08 25,600 ----a-w C:\Documents and Settings\user\usbsermptxp.sys
2007-12-26 18:08 22,768 ----a-w C:\Documents and Settings\user\usbsermpt.sys
2007-12-25 16:37 --------- d-----w C:\Programmi\Conduit
2007-12-25 14:55 --------- d-----w C:\Programmi\Opera
2007-12-25 14:33 --------- d-----w C:\Programmi\Coolstreaming_Tool-Bar_v1.0
2007-12-20 18:23 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Hamachi
2007-12-19 16:36 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-19 16:16 --------- d-----w C:\Programmi\Hamachi
2007-10-17 16:12 22,328 ----a-w C:\Documents and Settings\user\Dati applicazioni\PnkBstrK.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"PeerGuardian"="C:\Programmi\PeerGuardian2\pg2.exe" [2005-09-18 17:40 1421824]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [ ]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Steam"="c:\programmi\steam\steam.exe" [2007-12-13 17:03 1266936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Programmi\Ahead\InCD\InCD.exe" [2006-03-14 03:06 1397760]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00 155648]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"SpeedTouch USB Diagnostics"="C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-17 20:55 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-17 20:53 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Programmi\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Programmi\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddcyy.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^hamachi.lnk]
path=C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2007-02-13 01:00 312240 C:\Programmi\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google IME Autoupdater]
C:\Programmi\Google\Google Pinyin\GooglePinyinDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-06-26 19:07 190024 C:\Programmi\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Programmi\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--------- 2006-07-13 06:12 729088 C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2006-12-18 14:34 868352 C:\Programmi\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-01-26 11:38 866816 C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Programmi\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"usnjsvc"=3 (0x3)
"InCDsrv"=2 (0x2)
"IDriverT"=3 (0x3)
"NMIndexingService"=3 (0x3)
"WinDefend"=2 (0x2)

R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2007-08-29 15:36]
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 00:59]
S3 dump_wmimmc;dump_wmimmc;C:\Documents and Settings\user\Desktop\ [2008-02-19 17:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76348d4f-1f4a-11dc-9fd0-806d6172696f}]
\Shell\AutoRun\command - D:\Bin\Assetup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 17:03:50
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\AlienGUIse\wbload.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-19 17:07:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-19 16:07:44
.
2008-02-12 19:41:04 --- E O F ---


le due chiavi non ci sono, quindi quelle sono ok.., mi affido ad un tuo giudizio, è tutto ok o devo fare altro tipo usare Hijackthis?
Grazie 1000 in anticipo...ciao..

[Sante62]

Fai la scansione con Norman Malware Cleaner
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria
Avvia Norman Malware Cleaner.
Viene generato un log sul desktop chiamandolo NFix_2008-01-gg_hh-mm-ss.log, alla fine della scansione postalo qui;
fai anche la Scansione con GMER
Ricorda che i log di GMER sono due: Autostart e Rootkit. Postali su www.freefilehosting.net come indicato quì
Infine, posta anche un log di Hijackthis seguendo la discussione con ho indicato sopra.

[kk]

Primo passaggio fatto, ti posto il report, adesso faccio gli altri...


Edit Sante: log rimosso perchè troppo lungo;
Caricalo su www.freefilehosting.net come indicato quì
Grazie...

[kk]

Edit Sante: come sopra...

[kk]

non me lo prende tutto...

[Sante62]