ciao,adesso e' tardi comunque domani faccio tutto quello che mi hai consigliato volevo solo dirti che utilizzo un hd esterno collegato all'uscita usb. crea qualche problema? grazie a presto! ciao

Malwarebytes' Anti-Malware 1.34
Versione del database: 1801
Windows 5.1.2600 Service Pack 3

25/02/2009 15.27.49
mbam-log-2009-02-25 (15-27-49).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|H:\|)
Elementi scansionati: 130783
Tempo trascorso: 46 minute(s), 9 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)




ComboFix 09-02-24.02 - VINCENZO 2009-02-25 15.34.36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1023.510 [GMT 1:00]
Eseguito da: c:\documents and settings\VINCENZO\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *disabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\VINCENZO\Dati applicazioni\QUAD Backups
c:\documents and settings\VINCENZO\Dati applicazioni\QUAD Backups\02.23.2009,16-13-36\Automatic.reg
c:\documents and settings\VINCENZO\Dati applicazioni\QUAD Backups\02.23.2009,16-20-11\Automatic.reg
c:\documents and settings\VINCENZO\Desktop\QUAD Registry Cleaner.lnk
c:\documents and settings\VINCENZO\Menu Avvio\Programmi\QUAD Utilities
c:\documents and settings\VINCENZO\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk
c:\documents and settings\VINCENZO\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk
c:\documents and settings\VINCENZO\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk
c:\programmi\QUAD Utilities
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\program.log
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-01-25 al 2009-02-25 )))))))))))))))))))))))))))))))))))
.

2009-02-23 15:57 . 2009-02-23 15:57 <DIR> d-------- c:\programmi\LuckyTender
2009-02-20 23:56 . 2009-02-20 23:57 <DIR> d-------- C:\Temp
2009-02-20 23:55 . 2009-02-25 14:32 <DIR> d-------- c:\programmi\lg_fwupdate
2009-02-20 23:55 . 1998-06-24 00:00 115,016 --a------ c:\windows\system32\MSINET.OCX
2009-02-20 23:55 . 1998-07-22 00:00 102,912 --a------ c:\windows\system32\Vb6stkit.dll
2009-02-20 23:55 . 1998-07-22 00:00 102,160 --a------ c:\windows\system32\VB6KO.DLL
2009-02-20 23:55 . 2006-02-17 14:19 16,384 --a------ c:\windows\system32\lgfwunis.exe
2009-02-20 23:55 . 2009-02-25 14:32 386 --a------ c:\windows\lgfwup.ini
2009-02-20 23:52 . 2005-01-07 17:34 486,766 --a------ c:\windows\CLBUDF.tbl
2009-02-20 23:52 . 2007-06-04 18:25 162,096 --------- c:\windows\system32\drivers\CLBUDF.sys
2009-02-20 23:52 . 2007-06-04 18:24 131,072 --a------ c:\windows\IBUnInst.exe
2009-02-20 23:52 . 2007-06-04 18:25 16,048 --------- c:\windows\system32\drivers\CLBStor.sys
2009-02-20 23:51 . 2009-02-20 23:51 <DIR> d-------- c:\programmi\LightScribeODK
2009-02-20 23:51 . 2009-02-20 23:51 <DIR> d-------- c:\programmi\File comuni\LightScribe
2009-02-20 23:51 . 2002-12-11 20:11 35,680 --a------ c:\windows\system32\WMPrfITA.prx
2009-02-20 23:38 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-02-20 23:38 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-02-20 22:14 . 2009-02-22 23:30 <DIR> d-------- c:\programmi\Feurio
2009-02-19 23:39 . 2002-07-17 09:20 45,056 --a------ c:\windows\system32\WNASPI2K.BAK
2009-02-19 23:39 . 2002-07-17 08:53 16,877 --a------ c:\windows\system32\drivers\ASPI2K.BAK
2009-02-19 23:39 . 2002-07-17 16:22 5,600 --a------ c:\windows\system\WINASPI.BAK
2009-02-19 23:39 . 2002-07-17 16:22 4,672 --a------ c:\windows\system\WOWPOST.BAK
2009-02-19 22:55 . 2009-02-22 23:26 1,180 --a------ c:\windows\cdplayer.ini
2009-02-18 00:07 . 2009-02-18 00:11 <DIR> d-------- c:\documents and settings\VINCENZO\Dati applicazioni\DeepBurner
2009-02-15 23:40 . 2009-02-16 09:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\DriverScanner
2009-02-15 23:39 . 2009-02-15 23:48 <DIR> d-------- c:\windows\SxsCaPendDel
2009-02-15 23:38 . 2009-02-15 23:40 <DIR> d--h-c--- c:\documents and settings\All Users\Dati applicazioni\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-02-15 23:30 . 2009-02-15 23:30 <DIR> dr-h----- C:\AHCache
2009-02-15 23:16 . 2009-02-16 09:45 <DIR> d-------- c:\documents and settings\VINCENZO\Dati applicazioni\Uniblue
2009-02-15 22:46 . 2002-07-17 09:20 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-02-15 22:46 . 2002-07-17 08:53 16,877 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-02-15 22:46 . 2002-07-17 16:22 5,600 --a------ c:\windows\system\WINASPI.DLL
2009-02-15 22:46 . 2002-07-17 16:22 4,672 --a------ c:\windows\system\WOWPOST.EXE
2009-02-15 16:06 . 2009-02-15 22:19 <DIR> d----c--- c:\documents and settings\All Users\Dati applicazioni\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-02-08 19:25 . 2009-02-08 19:24 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-08 19:25 . 2009-02-08 19:24 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-08 19:24 . 2009-02-08 19:24 <DIR> d-------- c:\programmi\Java
2009-02-07 22:18 . 2009-02-15 22:28 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-02-07 22:18 . 2009-02-07 22:18 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-02-07 22:18 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 22:18 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-07 00:38 . 2009-02-07 00:38 <DIR> d-------- c:\programmi\Trend Micro
2009-02-03 00:39 . 2009-02-23 15:57 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-03 00:04 . 2009-02-03 00:04 <DIR> d-------- c:\programmi\Windows Defender
2009-02-02 23:08 . 2009-02-07 00:14 <DIR> d-------- c:\programmi\RegSeeker
2009-02-02 13:23 . 2009-02-24 13:30 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-02 13:23 . 2009-02-02 13:23 <DIR> d-------- c:\programmi\AVG
2009-02-02 13:23 . 2009-02-02 13:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-02-02 13:23 . 2009-02-02 13:23 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-02 13:23 . 2009-02-02 13:23 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-02 13:23 . 2009-02-02 13:23 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-02 13:11 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-02-02 13:11 . 2009-01-20 14:12 130,928 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-02-02 13:11 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-02-02 13:10 . 2009-02-24 15:03 <DIR> d-------- c:\programmi\PC Tools Firewall Plus
2009-02-02 13:10 . 2009-02-02 13:10 <DIR> d-------- c:\programmi\File comuni\PC Tools
2009-02-02 13:10 . 2008-09-22 12:29 97,408 --a------ c:\windows\system32\drivers\pctfw.sys
2009-02-02 13:10 . 2009-01-21 10:38 95,640 --a------ c:\windows\system32\drivers\pctplfw.sys
2009-02-01 22:54 . 2009-02-01 23:13 <DIR> d-------- c:\programmi\File comuni\AVSMedia
2009-02-01 22:54 . 2009-02-01 22:54 <DIR> d-------- c:\documents and settings\VINCENZO\Dati applicazioni\AVS4YOU
2009-02-01 22:54 . 2009-02-01 22:54 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-02-01 22:54 . 2008-06-19 11:53 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-01-29 22:18 . 2009-01-29 22:18 <DIR> d-------- c:\documents and settings\NetworkService\Dati applicazioni\PCToolsSpamMonitorPlus
2009-01-29 22:18 . 2009-01-29 22:18 <DIR> d-------- c:\documents and settings\NetworkService\Dati applicazioni\PCToolsFirewallPlus
2009-01-29 17:29 . 2009-01-29 17:29 <DIR> d-------- c:\documents and settings\VINCENZO\Dati applicazioni\Babylon
2009-01-29 17:29 . 2009-01-29 17:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-01-29 17:28 . 2009-02-08 19:08 0 --a------ c:\windows\system32\drivers\6d082a8e.sys
2009-01-27 14:54 . 2009-01-27 14:55 267 --a------ c:\windows\phedit.ini
2009-01-26 23:01 . 2009-01-26 23:01 <DIR> d-------- c:\documents and settings\NetworkService\Dati applicazioni\iolo
2009-01-26 22:33 . 2009-01-26 22:33 <DIR> d-------- c:\documents and settings\LocalService\Dati applicazioni\iolo
2009-01-26 22:33 . 2009-01-26 22:33 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-01-26 22:29 . 2009-01-26 22:54 <DIR> d-------- c:\documents and settings\VINCENZO\Dati applicazioni\iolo
2009-01-26 22:29 . 2009-01-26 22:33 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\iolo
2009-01-25 23:04 . 2009-01-25 23:04 <DIR> d-------- C:\Program Files
2009-01-25 22:25 . 2009-01-25 22:25 <DIR> d-------- c:\programmi\Infogrames
2009-01-25 18:58 . 2009-01-25 18:58 <DIR> d-------- c:\programmi\EA Sports

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 14:29 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-02-24 22:02 --------- d-----w c:\programmi\Mozilla Thunderbird
2009-02-23 15:18 --------- d-----w c:\programmi\IObit
2009-02-22 22:21 --------- d-----w c:\programmi\CyberLink
2009-02-22 21:31 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-02-22 21:08 --------- d-----w c:\documents and settings\VINCENZO\Dati applicazioni\Vso
2009-02-20 22:55 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-20 22:50 --------- d-----w c:\documents and settings\VINCENZO\Dati applicazioni\CyberLink
2009-02-08 18:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-02-02 12:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-01-30 20:34 --------- d-----w c:\documents and settings\VINCENZO\Dati applicazioni\OpenOffice.org2
2009-01-30 14:00 --------- d-----w c:\programmi\Unlocker
2009-01-26 13:57 --------- d-----w c:\programmi\File comuni\Apple
2009-01-26 13:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-01-25 20:06 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-24 21:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\MAGIX
2009-01-21 23:00 --------- d-----w c:\documents and settings\VINCENZO\Dati applicazioni\MAGIX
2009-01-21 22:34 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLdw.DAT
2009-01-21 22:31 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2009-01-19 22:20 --------- d-----w c:\documents and settings\VINCENZO\Dati applicazioni\Ashampoo
2009-01-19 12:22 --------- d-----w c:\documents and settings\VINCENZO\Dati applicazioni\IObit
2009-01-16 14:27 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2009-01-16 14:24 --------- d-----w c:\programmi\Nokia
2009-01-16 14:24 --------- d-----w c:\programmi\File comuni\Nokia
2009-01-16 14:19 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-16 14:19 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-16 14:13 --------- d-----w c:\programmi\File comuni\PCSuite
2009-01-16 14:12 --------- d-----w c:\programmi\PC Connectivity Solution
2009-01-11 13:37 --------- d-----w c:\programmi\Ubi Soft
2009-01-10 18:15 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\vsosdk
2009-01-06 13:15 --------- d-----w c:\programmi\File comuni\Sonic Shared
2009-01-06 13:13 --------- d-----w c:\programmi\File comuni\Roxio Shared
2009-01-05 16:16 --------- d-----w c:\documents and settings\VINCENZO\Dati applicazioni\Roxio
2009-01-04 22:26 --------- d-----w c:\documents and settings\LocalService\Dati applicazioni\Roxio
2009-01-04 22:21 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-01-04 22:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sonic
2009-01-04 22:12 --------- d-----w c:\programmi\File comuni\SightSpeed
2009-01-04 22:10 --------- d-----w c:\programmi\DivX
2009-01-03 12:49 --------- d-----w c:\documents and settings\VINCENZO\Dati applicazioni\Software Informer
2008-12-30 00:19 --------- d-----w c:\programmi\CCleaner
2008-12-29 23:34 --------- d-----w c:\documents and settings\VINCENZO\Dati applicazioni\KC Softwares
2008-12-29 23:13 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\UDL
2008-12-29 23:11 --------- d-----w c:\programmi\EPSON
2008-12-27 18:18 --------- d-----w c:\programmi\UnderCoverXP
2008-12-20 22:31 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 13:35 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-09-14 20:27 47,360 ----a-w c:\documents and settings\VINCENZO\Dati applicazioni\pcouffin.sys
2008-10-11 19:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008101120081012\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"CTSysVol"="c:\programmi\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"EPSON Stylus Photo R240 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304]
"Power2GoExpress"="c:\programmi\CyberLink\Power2Go\Power2GoExpress.exe" [2007-07-23 2499880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-02 1601304]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2008-05-14 87336]
"LanguageShortcut"="c:\programmi\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"InstantBurn"="c:\progra~1\CyberLink\INSTAN~1\Win2K\IBurn.exe" [2007-06-04 599600]
"LGODDFU"="c:\programmi\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-02 13:23 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CyberLink\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"CTRegRun"=c:\windows\CTRegRun.EXE
"EPSON Stylus Photo R240 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"NeroFilterCheck"=c:\programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-09-03 11264]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-02 325128]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-02 107272]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2009-02-20 16048]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-02-02 159600]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\programmi\CyberLink\PowerDVD\000.fcl [2009-02-20 23:47:43 61424]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-02 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-02 298264]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2009-02-20 162096]
R2 pctappevent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-02-02 73840]
R2 windefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S1 6d082a8e;6d082a8e;c:\windows\system32\drivers\6d082a8e.sys [2009-01-29 0]
S1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [2009-01-04 241664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-16 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-16 8320]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-02-02 95640]
.
Contenuto della cartella 'Scheduled Tasks'

2009-02-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe []

2009-02-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-09 c:\windows\Tasks\Schedule Task Weekly.job
- c:\programmi\Registry Easy\RE.exe []

2009-02-22 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

2009-02-22 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\ [2009-02-21 18:42]

2009-02-25 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-QUAD Windows service - c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
HKCU-Run-QUAD Scheduler - c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe


.
------- Scansione supplementare -------
.
FF - ProfilePath - c:\documents and settings\VINCENZO\Dati applicazioni\Mozilla\Firefox\Profiles\4yzoc5hd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 18
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.notify.interval - 750000
FF - user.js: content.switch.threshold - 750000
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
.
------- Associazioni dei file -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 15:36:24
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-839522115-1715567821-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-02-25 15.38.08
ComboFix-quarantined-files.txt 2009-02-25 14:38:06

Pre-Run: 24.534.839.296 byte disponibili
Post-Run: 24,506,978,304 byte disponibili

315 --- E O F --- 2009-02-24 17:31:46




CIAO ECCOTI I LOG...SOLO UNA COSA NON SO' SE HO DISABILITATO L'ANTIVIRUS HO AVG FREE NON SO COME SI FA' A INTERROMPERE LA PROTEZIONE COMBO FIX MI HA RILEVATO LA PRESENZA MA HO FATTO LA SCANSIONE UGUALMENTE.

CIAO,
PURTROPPO NON CI SONO MIGLIORAMENTI SENSIBILI HO NOTATO CHE IL LETTORE MULTIMEDIALE VLC MI FA' PIANTARE IL PC ! HO FATTO LA PROVA NEL VISIONARE UN FILMATO IN FORMATO AVI (HA SEMPRE FUNZIONATO BENISSIMO)NON RIESCE NEANCHE AD APRIRSI.POCHI GIORNI FA' HO INSTALLATO UN NUOVO MASTERIZZATORE E HO INSTALLATO ANCHE UN PACCHETTO DI SOFTWARE CYBERLINK CHE ERA NELLA CONFEZIONE,PUO' DARSI CHE NON VADA D'ACCORDO CON VLC?PER QUANTO RIGUARDA LA VOCE "QUAD" CHE E' STATA RIMOSSA CREDO SI TRATTI DI UN PROGRAMMA DI PULIZIA DEL REGISTRO DA ME ACQUISTATO CON REGOLARE LICENZA.MI SPIACEREBBE NON POTERLO USARE VISTO CHE NON E' GRATIS PROVA A DARE UN OCCHIATA AL PROGRAMMA,ECCOTI IL LINK:
http://quad-cleaner.com/it/default.asp[url=http://quad-cleaner.com/it/default.asp

Ciao.

Mi dispiace, ma penso che Combofix, "QUAD" te lo ha fulminato.
Lo devi reistallare, e ricordarti che non è compatibile con le scansioni di Combofix.
Puoi disistallarlo Combofix. (nelle modalità descritte)
Prova a disistallare il SOFTWARE CYBERLINK , e vedi se VLC torna normale.
E' probabile che ci sia un conflitto fra programmi.

Ciao.
Perchè pensi che di non potere farlo con il suo Unistall?
Se vuoi disistallare CyberLink puoi fare anche cosi:
Con la funzione "Cerca" digita: CyberLink e cancelli tutto quello che trova.
Questi sono i percorsi che vedo in Combofix, e HJT:
c:\programmi\CyberLink
c:\documents and settings\All Users\Dati applicazioni\CyberLink
c:\documents and settings\VINCENZO\Dati applicazioni\CyberLink
E queste sono le chiavi del registro, che lo fanno partire, con i relativi drivers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}

ciao,ho eliminato tutte le cartelle riguardo cyberlink tranne "c:programmi/cyberlink" mi dice che ho l'accesso negato al file. cosa faccio la cancello in modalita' provvisoria? poi una curiosita' ma perche' i programmi della ssuite e la suite stessa non risultano essere installati in "installazione applicazioni" e' la prima volta che mi capita di installare un programma e non essere nella lista dei programmi installati.ciao scusa per l'ignoranza in materia

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.45.40, on 27/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSysVol] C:\Programmi\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKCU\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /M "Stylus Photo R240" /EF "HKCU"
O4 - HKCU\..\Run: [QUAD Windows service] C:\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
O4 - HKCU\..\Run: [QUAD Scheduler] C:\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (pctoolsfirewallplus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6118 bytes


CIAO SONO RIUSCITO A RIMUOVERE TUTTE LE VOCI CYBERLINK
LA TERZ'ULTIMA RIGA DEL LOG NON MI E' CHIARA MI SEMBRA CHE FACESSE PARTE DELLA SUITE DI CYBERLINK NON HO NESSUN PROGRAMMA PER SCRIVERE SUI DVD PUO' DARSI SIA UN RESIDUO RIMASTO.

Ciao,
il problema c'e' ancoraVLC mi fa' piantare il pc e la cosa strane e' che l'ho sempre utilizzato per visionare i filmati.RIGUARDO QUELLA VOCE SE DICI CHE E' DI NERO POSSO RIMUOVERLA? NO HO IL PROGRAMMA INSTALLATO.

fatto ma durante l'installazione di VLC si e' piantato tutto!!!!! sono riucito ad effettuare l'installazione completa ma se voglio aprire vlc si inchioda tutto e devo riavviare,ma perche'?????????? cavolo non e' possibile! non dirmi che devo formattare tutto e' un peccato. va be' grazie