Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12:02, on 11/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Registry Mechanic\RegMech.exe
C:\documents and settings\robert\impostazioni locali\dati applicazioni\nnuvb.exe
C:\Programmi\PoivY.com\PoivY\PoivY.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BANTAI USA & EZRAEL [AL - MUKHLIS STUDIO]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ITALIA version Toolbar - {323d5e65-9ec7-481e-a888-5bbe30b80dfb} - C:\Programmi\ITALIA_version\tbITA1.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ITALIA version Toolbar - {323d5e65-9ec7-481e-a888-5bbe30b80dfb} - C:\Programmi\ITALIA_version\tbITA1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ITALIA version Toolbar - {323d5e65-9ec7-481e-a888-5bbe30b80dfb} - C:\Programmi\ITALIA_version\tbITA1.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Programmi\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [RegistryMechanic] C:\Programmi\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [nnuvb] "c:\documents and settings\robert\impostazioni locali\dati applicazioni\nnuvb.exe" nnuvb
O4 - HKCU\..\Run: [PoivY] "C:\Programmi\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Programmi\Orbitdownloader\orbitdm.exe
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06CA1489-7A07-44F8-AC7C-CE71BEE165C4}: NameServer = 212.17.192.216,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{06CA1489-7A07-44F8-AC7C-CE71BEE165C4}: NameServer = 212.17.192.216,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{06CA1489-7A07-44F8-AC7C-CE71BEE165C4}: NameServer = 212.17.192.216,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98afac31ba94) (gupdate1c98afac31ba94) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 11596 bytes

Ciao.
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO.
Esegui una scansione completa del sistema
Posta il log.
*********************************************************************************************************


Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.

ComboFix 09-01-21.04 - Robert 2009-03-11 13:54:36.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.2046.1390 [GMT 1:00]
Eseguito da: c:\documents and settings\Robert\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2009-02-11 al 2009-03-11 )))))))))))))))))))))))))))))))))))
.

2009-03-11 12:59 . 2009-03-11 12:59 <DIR> d-------- c:\windows\LastGood
2009-03-09 23:25 . 2009-03-09 23:29 <DIR> d-------- c:\documents and settings\Robert\Dati applicazioni\PoivY
2009-03-09 23:21 . 2009-03-09 23:21 <DIR> d-------- c:\programmi\PoivY.com
2009-03-06 17:17 . 2009-03-06 17:17 <DIR> d-------- c:\programmi\EA GAMES
2009-03-06 17:17 . 2004-08-18 04:14 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-03-05 22:02 . 2009-03-05 22:03 <DIR> d-------- c:\programmi\Live-Player
2009-03-05 22:02 . 2009-03-05 22:03 <DIR> d-------- c:\documents and settings\Robert\Dati applicazioni\live-player
2009-03-04 21:10 . 2009-03-11 13:52 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-02 18:34 . 2009-03-09 16:53 189,496 --a------ c:\windows\system32\PnkBstrB.xtr
2009-03-02 13:10 . 2009-03-02 13:20 <DIR> d-------- c:\documents and settings\Robert\Dati applicazioni\LimeWire
2009-02-25 19:12 . 2009-02-25 19:12 <DIR> d-------- c:\programmi\DsNET Corp
2009-02-25 19:12 . 2009-02-25 19:18 <DIR> d-------- c:\documents and settings\Robert\Dati applicazioni\Desktopicon
2009-02-19 17:20 . 2009-02-19 17:20 <DIR> d-------- c:\documents and settings\Robert\Dati applicazioni\Leadertech
2009-02-14 20:31 . 2009-02-14 20:31 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2009-02-14 14:32 . 2009-02-14 14:32 <DIR> d--h-c--- c:\documents and settings\All Users\Dati applicazioni\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-02-14 14:24 . 2009-02-14 14:24 <DIR> d-------- C:\ProgramData
2009-02-14 14:24 . 2009-02-14 14:24 5,850 --a------ c:\windows\system32\ealregsnapshot1.reg
2009-02-11 21:19 . 2009-02-11 21:19 <DIR> d-------- c:\programmi\MSI
2009-02-11 21:17 . 2009-03-02 15:19 <DIR> d-------- c:\programmi\Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 11:49 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-03-11 11:38 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\Orbit
2009-03-10 23:36 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\uTorrent
2009-03-10 22:33 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-03-09 17:37 --------- d-----w c:\programmi\eMule
2009-03-09 15:53 189,496 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-09 15:23 139,984 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-06 15:53 --------- d-----w c:\programmi\Windows Live Safety Center
2009-03-06 11:00 --------- d-----w c:\programmi\Registry Easy
2009-03-02 17:28 75,064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-02 12:16 --------- d-----w c:\programmi\CCleaner
2009-02-25 19:15 --------- d-----w c:\programmi\EA Sports
2009-02-25 19:07 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-25 09:52 --------- d-----w c:\programmi\Messenger Plus! Live
2009-02-21 18:13 --------- d-----w c:\programmi\ITALIA_version
2009-02-16 14:45 22,328 ----a-w c:\documents and settings\Robert\Dati applicazioni\PnkBstrK.sys
2009-02-16 14:45 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2009-02-16 14:41 --------- d-----w c:\programmi\Ubisoft
2009-02-15 23:54 --------- d-----w c:\programmi\Spyware Terminator
2009-02-14 15:58 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\Xfire
2009-02-14 14:36 --------- d-----w c:\programmi\Xfire
2009-02-14 13:32 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-14 13:24 --------- d-----w c:\programmi\Electronic Arts
2009-02-12 00:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-11 15:16 --------- d-----w c:\programmi\Google
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-08 22:30 --------- d-----w c:\programmi\Microsoft Games for Windows - LIVE
2009-02-08 21:26 --------- d-----w c:\programmi\Smith
2009-02-05 20:50 42,320 ----a-w c:\windows\system32\xfcodec.dll
2009-02-04 12:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-02-02 12:16 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\Ubisoft
2009-02-02 12:13 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ubisoft
2009-02-02 11:59 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\InstallShield
2009-02-01 14:10 --------- d-----w c:\programmi\uusee
2009-01-31 17:05 --------- d-----w c:\programmi\PC Wizard 2008
2009-01-31 01:13 --------- d-----w c:\programmi\Lavasoft
2009-01-31 01:12 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-01-31 01:12 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-01-30 18:43 --------- d-----w c:\programmi\AGEIA Technologies
2009-01-30 16:02 106 ----a-w C:\sccfg.sys
2009-01-30 15:55 138,624 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-30 15:53 504,832 ----a-w c:\windows\system32\winlogon.exe
2009-01-30 12:06 --------- d-----w c:\programmi\Avira
2009-01-30 12:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2009-01-26 10:42 --------- d-----w c:\programmi\Call of Duty
2009-01-21 13:07 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\NASA
2009-01-21 13:06 --------- d-----w c:\programmi\NASA
2009-01-20 20:50 --------- d-----w c:\programmi\StreamerOne
2009-01-20 13:32 --------- d-----w c:\programmi\MSXML 6.0
2009-01-19 15:24 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-19 11:47 --------- d--h--r c:\documents and settings\Robert\Dati applicazioni\SecuROM
2009-01-19 11:16 --------- d-----w c:\programmi\MSBuild
2009-01-19 11:14 --------- d-----w c:\programmi\Reference Assemblies
2009-01-16 11:32 77,824 ----a-w c:\windows\SysDat.dll
2009-01-15 23:20 --------- d-----w c:\programmi\Bit Che
2009-01-15 23:20 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\Convivea
2009-01-15 01:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 01:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-15 01:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-15 01:03 72,704 ----a-w c:\windows\system32\admparse.dll
2009-01-15 01:03 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-01-15 01:03 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-01-15 01:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 01:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 01:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 00:50 156,160 ----a-w c:\windows\system32\msls31.dll
2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-25 23:08 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-21 19:44 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe
2008-12-20 21:49 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-06-16 17:32 30,601 ----a-w c:\documents and settings\Robert\x.exe
.

------- Sigcheck -------

2009-01-30 16:53 504832 1dbd3966123ac2f6ade783f7f17f8c7f c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{323d5e65-9ec7-481e-a888-5bbe30b80dfb}"= "c:\programmi\ITALIA_version\tbITA1.dll" [2009-02-21 1882136]

[HKEY_CLASSES_ROOT\clsid\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]
2009-02-21 19:14 1882136 --a------ c:\programmi\ITALIA_version\tbITA1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{323d5e65-9ec7-481e-a888-5bbe30b80dfb}"= "c:\programmi\ITALIA_version\tbITA1.dll" [2009-02-21 1882136]

[HKEY_CLASSES_ROOT\clsid\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{323D5E65-9EC7-481E-A888-5BBE30B80DFB}"= "c:\programmi\ITALIA_version\tbITA1.dll" [2009-02-21 1882136]

[HKEY_CLASSES_ROOT\clsid\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Creative WebCam Tray"="c:\programmi\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"EA Core"="c:\programmi\Electronic Arts\EADM\Core.exe" [2009-02-06 3325952]
"RegistryMechanic"="c:\programmi\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"nnuvb"="c:\documents and settings\robert\impostazioni locali\dati applicazioni\nnuvb.exe" [2009-03-05 212992]
"PoivY"="c:\programmi\PoivY.com\PoivY\PoivY.exe" [2008-09-26 9102112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-30 2776576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Orbit.lnk - c:\programmi\Orbitdownloader\orbitdm.exe [2008-12-15 1711304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WeGame.lnk]
backup=c:\windows\pss\WeGame.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Robert^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a------ 2007-09-26 17:05 734264 c:\programmi\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Xfire\\xfire.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\Call of Duty\\CoDMP.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Robert\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\StreamerOne\\StreamerOne.exe"=
"c:\\Programmi\\uusee\\UUSeePlayer.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\rundll32.exe"=
"c:\\Programmi\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\PoivY.com\\PoivY\\PoivY.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-01-30 138624]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\27.tmp --> c:\windows\system32\27.tmp [?]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-11-03 178913]
S4 gupdate1c98afac31ba94;Google Update Service (gupdate1c98afac31ba94);c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-09 133104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df917d00-b3fb-11dd-ac3b-001bfc852f2b}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WIN31.dll.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-11 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-09 22:01]

2009-03-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-09 22:04]

2009-03-06 c:\windows\Tasks\Schedule Task Weekly.job
- c:\programmi\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - (no file)


.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {06CA1489-7A07-44F8-AC7C-CE71BEE165C4} = 212.17.192.216,208.67.222.222
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 13:55:05
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\27.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1614895754-484763869-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A20BFBA4-B4D1-B9A9-F298-8D06F6BC5DDB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abdepjjlpdlgljefoccmhhlcpgbohnphod"=hex:61,61,00,00
"bbdepjjlpdlgljefocnlkgkkmapaeopgajfb"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-1614895754-484763869-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,1e,13,c7,97,d8,ba,58,b6,19,7a,89,48,fd,49,54,ae,2e,5e,1e,2a,b4,1a,
49,54,94,d4,b1,76,31,be,96,ec,bb,32,fa,a3,92,b9,a7,73,f8,67,25,68,64,37,0b,\
"??"=hex:66,a4,e9,12,e0,08,84,24,3b,82,b6,f4,d8,bf,00,4e

[HKEY_USERS\S-1-5-21-1614895754-484763869-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:5d,d4,08,67,40,e8,61,31,56,d0,2b,9a,b6,09,f7,ae,e6,ec,08,13,50,
3c,c1,92,e8,b1,82,f2,b8,ba,5a,b4,ae,e4,b6,f5,7c,f9,20,d1,41,67,47,ab,80,ca,\
"rkeysecu"=hex:fe,ac,e4,65,95,5e,a5,de,39,83,43,20,60,89,01,b1
.
Ora fine scansione: 2009-03-11 13:56:08
ComboFix-quarantined-files.txt 2009-03-11 12:56:06
ComboFix2.txt 2009-01-27 12:06:29

Pre-Run: 75.193.200.640 byte disponibili
Post-Run: 75,206,602,752 byte disponibili

276 --- E O F --- 2009-03-05 11:01:18

ComboFix 09-03-13.02 - Robert 2009-03-14 12:56:19.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.2046.1506 [GMT 1:00]
Eseguito da: c:\documents and settings\Robert\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Robert\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rgbopx.dll
.
---- Esecuzione precedente -------
.
c:\documents and settings\Robert\Impostazioni locali\Dati applicazioni\nnuvb.dat
c:\documents and settings\Robert\Impostazioni locali\Dati applicazioni\nnuvb.exe
c:\documents and settings\Robert\Impostazioni locali\Dati applicazioni\nnuvb_nav.dat
c:\documents and settings\Robert\Impostazioni locali\Dati applicazioni\nnuvb_navps.dat
c:\documents and settings\Robert\x.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-02-14 al 2009-03-14 )))))))))))))))))))))))))))))))))))
.

2009-03-12 17:46 . 2009-03-12 17:46 <DIR> d-------- c:\programmi\File comuni\Adobe AIR
2009-03-12 17:46 . 2009-03-12 17:46 <DIR> d-------- c:\programmi\Adobe Media Player
2009-03-11 16:00 . 2009-03-11 16:01 <DIR> d-------- c:\programmi\Rockstar Games
2009-03-11 15:49 . 2008-06-14 18:32 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-11 15:48 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-11 15:48 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-11 15:48 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-11 15:48 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-11 15:48 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-03-11 15:48 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-11 15:48 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-03-11 15:48 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-03-11 15:48 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-03-11 15:45 . 2004-08-19 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-11 15:40 . 2008-09-10 02:14 1,307,648 -----c--- c:\windows\system32\dllcache\msxml6.dll
2009-03-11 15:40 . 2008-04-13 18:53 92,672 -----c--- c:\windows\system32\dllcache\msxml6r.dll
2009-03-11 15:38 . 2009-03-11 15:40 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-11 15:34 . 2006-12-28 12:01 19,569 --a------ c:\windows\002827_.tmp
2009-03-11 15:05 . 2009-03-11 15:05 <DIR> d-------- c:\windows\EHome
2009-03-09 23:25 . 2009-03-09 23:29 <DIR> d-------- c:\documents and settings\Robert\Dati applicazioni\PoivY
2009-03-09 23:21 . 2009-03-09 23:21 <DIR> d-------- c:\programmi\PoivY.com
2009-03-06 17:17 . 2009-03-06 17:17 <DIR> d-------- c:\programmi\EA GAMES
2009-03-06 17:17 . 2004-08-18 04:14 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-03-05 22:02 . 2009-03-05 22:03 <DIR> d-------- c:\programmi\Live-Player
2009-03-05 22:02 . 2009-03-05 22:03 <DIR> d-------- c:\documents and settings\Robert\Dati applicazioni\live-player
2009-03-04 21:10 . 2009-03-14 12:29 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-02 18:34 . 2009-03-09 16:53 189,496 --a------ c:\windows\system32\PnkBstrB.xtr
2009-03-02 13:10 . 2009-03-02 13:20 <DIR> d-------- c:\documents and settings\Robert\Dati applicazioni\LimeWire
2009-02-25 19:12 . 2009-02-25 19:12 <DIR> d-------- c:\programmi\DsNET Corp
2009-02-25 19:12 . 2009-02-25 19:18 <DIR> d-------- c:\documents and settings\Robert\Dati applicazioni\Desktopicon
2009-02-19 17:20 . 2009-02-19 17:20 <DIR> d-------- c:\documents and settings\Robert\Dati applicazioni\Leadertech
2009-02-14 20:31 . 2009-02-14 20:31 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2009-02-14 14:32 . 2009-02-14 14:32 <DIR> d--h-c--- c:\documents and settings\All Users\Dati applicazioni\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-02-14 14:24 . 2009-02-14 14:24 <DIR> d-------- C:\ProgramData
2009-02-14 14:24 . 2009-02-14 14:24 5,850 --a------ c:\windows\system32\ealregsnapshot1.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 11:52 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\Orbit
2009-03-14 11:29 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-03-12 21:16 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-12 09:56 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-03-11 23:53 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\uTorrent
2009-03-11 15:44 --------- d-----w c:\programmi\Microsoft Games for Windows - LIVE
2009-03-11 14:57 --------- d-----w c:\programmi\Activision
2009-03-11 14:54 --------- d-----w c:\programmi\Registry Easy
2009-03-11 11:49 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-03-09 17:37 --------- d-----w c:\programmi\eMule
2009-03-09 15:53 189,496 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-09 15:23 139,984 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-06 15:53 --------- d-----w c:\programmi\Windows Live Safety Center
2009-03-02 17:28 75,064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-02 14:19 --------- d-----w c:\programmi\Setup Files
2009-03-02 12:16 --------- d-----w c:\programmi\CCleaner
2009-02-25 19:15 --------- d-----w c:\programmi\EA Sports
2009-02-25 09:52 --------- d-----w c:\programmi\Messenger Plus! Live
2009-02-21 18:13 --------- d-----w c:\programmi\ITALIA_version
2009-02-16 14:45 22,328 ----a-w c:\documents and settings\Robert\Dati applicazioni\PnkBstrK.sys
2009-02-16 14:45 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2009-02-16 14:41 --------- d-----w c:\programmi\Ubisoft
2009-02-15 23:54 --------- d-----w c:\programmi\Spyware Terminator
2009-02-14 15:58 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\Xfire
2009-02-14 14:36 --------- d-----w c:\programmi\Xfire
2009-02-14 13:32 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-14 13:24 --------- d-----w c:\programmi\Electronic Arts
2009-02-11 20:19 --------- d-----w c:\programmi\MSI
2009-02-11 15:16 --------- d-----w c:\programmi\Google
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 21:26 --------- d-----w c:\programmi\Smith
2009-02-05 20:50 42,320 ----a-w c:\windows\system32\xfcodec.dll
2009-02-04 12:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-02-02 12:16 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\Ubisoft
2009-02-02 12:13 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ubisoft
2009-02-02 11:59 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\InstallShield
2009-02-01 14:10 --------- d-----w c:\programmi\uusee
2009-01-31 17:05 --------- d-----w c:\programmi\PC Wizard 2008
2009-01-31 01:13 --------- d-----w c:\programmi\Lavasoft
2009-01-31 01:12 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-01-31 01:12 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-01-30 18:43 --------- d-----w c:\programmi\AGEIA Technologies
2009-01-30 16:02 106 ----a-w C:\sccfg.sys
2009-01-30 15:55 138,624 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-30 12:06 --------- d-----w c:\programmi\Avira
2009-01-30 12:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2009-01-21 13:07 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\NASA
2009-01-21 13:06 --------- d-----w c:\programmi\NASA
2009-01-20 20:50 --------- d-----w c:\programmi\StreamerOne
2009-01-20 13:32 --------- d-----w c:\programmi\MSXML 6.0
2009-01-19 15:24 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-19 11:47 --------- d--h--r c:\documents and settings\Robert\Dati applicazioni\SecuROM
2009-01-19 11:16 --------- d-----w c:\programmi\MSBuild
2009-01-19 11:14 --------- d-----w c:\programmi\Reference Assemblies
2009-01-16 11:32 77,824 ----a-w c:\windows\SysDat.dll
2009-01-15 23:20 --------- d-----w c:\programmi\Bit Che
2009-01-15 23:20 --------- d-----w c:\documents and settings\Robert\Dati applicazioni\Convivea
2009-01-15 01:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 01:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-15 01:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-15 01:03 72,704 ----a-w c:\windows\system32\admparse.dll
2009-01-15 01:03 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-01-15 01:03 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-01-15 01:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 01:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 01:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 00:50 156,160 ----a-w c:\windows\system32\msls31.dll
2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-25 23:08 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-21 19:44 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe
2008-12-20 21:49 410,984 ----a-w c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{323d5e65-9ec7-481e-a888-5bbe30b80dfb}"= "c:\programmi\ITALIA_version\tbITA1.dll" [2009-02-21 1882136]

[HKEY_CLASSES_ROOT\clsid\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]
2009-02-21 19:14 1882136 --a------ c:\programmi\ITALIA_version\tbITA1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{323d5e65-9ec7-481e-a888-5bbe30b80dfb}"= "c:\programmi\ITALIA_version\tbITA1.dll" [2009-02-21 1882136]

[HKEY_CLASSES_ROOT\clsid\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{323D5E65-9EC7-481E-A888-5BBE30B80DFB}"= "c:\programmi\ITALIA_version\tbITA1.dll" [2009-02-21 1882136]

[HKEY_CLASSES_ROOT\clsid\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-30 2776576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Orbit.lnk - c:\programmi\Orbitdownloader\orbitdm.exe [2008-12-15 1711304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WeGame.lnk]
backup=c:\windows\pss\WeGame.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Robert^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a------ 2007-09-26 17:05 734264 c:\programmi\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Xfire\\xfire.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Robert\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\StreamerOne\\StreamerOne.exe"=
"c:\\Programmi\\uusee\\UUSeePlayer.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\PoivY.com\\PoivY\\PoivY.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-01-30 138624]
S2 gupdate1c98afac31ba94;Google Update Service (gupdate1c98afac31ba94);c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\27.tmp --> c:\windows\system32\27.tmp [?]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-11-03 178913]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-14 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-09 22:01]

2009-03-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-09 22:04]

2009-03-06 c:\windows\Tasks\Schedule Task Weekly.job
- c:\programmi\Registry Easy\RE.exe [2008-09-23 16:30]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {06CA1489-7A07-44F8-AC7C-CE71BEE165C4} = 212.17.192.216,208.67.222.222
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 12:57:44
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\27.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1614895754-484763869-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A20BFBA4-B4D1-B9A9-F298-8D06F6BC5DDB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abdepjjlpdlgljefoccmhhlcpgbohnphod"=hex:61,61,00,00
"bbdepjjlpdlgljefocnlkgkkmapaeopgajfb"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-1614895754-484763869-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,1e,13,c7,97,d8,ba,58,b6,19,7a,89,48,fd,49,54,ae,2e,5e,1e,2a,b4,1a,
49,54,94,d4,b1,76,31,be,96,ec,bb,32,fa,a3,92,b9,a7,73,f8,67,25,68,64,37,0b,\
"??"=hex:66,a4,e9,12,e0,08,84,24,3b,82,b6,f4,d8,bf,00,4e

[HKEY_USERS\S-1-5-21-1614895754-484763869-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:5d,d4,08,67,40,e8,61,31,56,d0,2b,9a,b6,09,f7,ae,e6,ec,08,13,50,
3c,c1,92,e8,b1,82,f2,b8,ba,5a,b4,ae,e4,b6,f5,7c,f9,20,d1,41,67,47,ab,80,ca,\
"rkeysecu"=hex:fe,ac,e4,65,95,5e,a5,de,39,83,43,20,60,89,01,b1
.
Ora fine scansione: 2009-03-14 12:58:33
ComboFix-quarantined-files.txt 2009-03-14 11:58:31
ComboFix2.txt 2009-03-11 12:56:09
ComboFix3.txt 2009-01-27 12:06:29

Pre-Run: 62,356,422,656 byte disponibili
Post-Run: 62,363,049,984 byte disponibili

284 --- E O F --- 2009-03-12 23:28:16

Ciao.
Riscontri problemi?

Ok.
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

Esegui queste operazioni di pulizia e sei a posto:
Disattiva il ripristino configurazione di sistema.
Riavvia il pc.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo
Ciao.