ripgsm

October 17, 2012

Sir i'm wait for you next passage, thank you for the moment,

br

ripgsm

October 17, 2012

And for finish the New Fresh DSS LOG:

DDS .Log

DDS (Ver_2012-10-14.05) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2

Run by Administrator at 14:01:36 on 2012-10-17

Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.895.256 [GMT 2:00]

.

AV: Avira Desktop *Disabled/Updated* {00000000-0715-0000-08F2-12003094807C}

AV: Avira Desktop *Enabled/Updated* {00000000-0000-0000-0000-000000000000}

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Programmi\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\UnlockerAssistant.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\FLSDEVCP.EXE

C:\Programmi\Samsung\Kies\KiesTrayAgent.exe

C:\Programmi\Avira\AntiVir Desktop\avgnt.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\File comuni\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Microsoft ActiveSync\wcescomm.exe

C:\Programmi\Windows Media Player\WMPNSCFG.exe

C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Programmi\Samsung\Kies\Kies.exe

C:\Programmi\Skype\Phone\Skype.exe

C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

C:\PROGRA~1\MICROS~2\rapimgr.exe

C:\Programmi\Avira\AntiVir Desktop\avguard.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Programmi\Java\jre7\bin\jqs.exe

C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Programmi\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Programmi\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.it/

mStart Page = hxxp://search.chatzum.com/

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

mWinlogon: SFCDisable = dword:-99

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\programmi\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programmi\java\jre7\bin\ssv.dll

BHO: Guida per l'accesso a Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programmi\java\jre7\bin\jp2ssv.dll

EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\programmi\microsoft activesync\wcescomm.exe"

uRun: [WMPNSCFG] c:\programmi\windows media player\WMPNSCFG.exe

uRun: [KiesPDLR] c:\programmi\samsung\kies\external\firmwareupdate\KiesPDLR.exe

uRun: [KiesPreload] c:\programmi\samsung\kies\Kies.exe /preload

uRun: [Hwkqkx] c:\documents and settings\administrator\dati applicazioni\Hwkqkx.exe

uRun: [skype] "c:\programmi\skype\phone\Skype.exe" /minimized /regrun

uRun: [spybotSD TeaTimer] c:\programmi\spybot - search & destroy\TeaTimer.exe

mRun: [unlockerAssistant] "c:\windows\system32\UnlockerAssistant.exe"

mRun: [DWPersistentQueuedReporting] c:\programmi\file comuni\microsoft shared\dw\DWTRIG20.EXE -a

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [FLSDeviceControlPanel] c:\windows\system32\FLSDEVCP.EXE

mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"

mRun: [KiesTrayAgent] c:\programmi\samsung\kies\KiesTrayAgent.exe

mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min

mRun: [APSDaemon] "c:\programmi\file comuni\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\micros~1.lnk - c:\programmi\microsoft office\office10\OSA.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: ForceClassicControlPanel = dword:1

mPolicies-Explorer: NoSMHelp = dword:1

mPolicies-Explorer: NoResolveTrack = dword:1

IE: E&sporta in Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programmi\microsoft activesync\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programmi\microsoft activesync\INetRepl.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programmi\spybot - search & destroy\SDHelper.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341051059906

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{238477ED-4830-4949-8321-F5BB0E079032} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{ECFF9DB8-4104-4B82-A46C-918C063EC36E} : DHCPNameServer = 192.168.1.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programmi\file comuni\microsoft shared\web folders\PKMCDO.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\programmi\file comuni\skype\Skype4COM.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: RailNotification - <no file>

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\programmi\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 127.0.0.1 mpa.one.microsoft.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\dati applicazioni\mozilla\firefox\profiles\6afe5xxi.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/

FF - prefs.js: keyword.URL - hxxp://utils.chatzum.com/?url=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\programmi\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\programmi\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\programmi\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2012-09-18 12:08; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-1 36000]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2012-6-29 33824]

R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\avira\antivir desktop\sched.exe [2012-7-1 86224]

R2 AntiVirService;Avira Realtime Protection;c:\programmi\avira\antivir desktop\avguard.exe [2012-7-1 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-1 74640]

R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [2012-6-28 33404]

R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [2012-6-28 14272]

R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [2012-6-28 16314]

R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [2012-6-28 8344]

R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [2012-6-28 35226]

R2 MBAMScheduler;MBAMScheduler;c:\programmi\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-10 399432]

R2 MBAMService;MBAMService;c:\programmi\malwarebytes' anti-malware\mbamservice.exe [2012-10-10 676936]

R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [2006-5-19 15328]

R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [2006-5-19 13440]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-10 22856]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2012-6-27 753504]

S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2009-8-18 9472]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-6-27 130384]

S2 SkypeUpdate;Skype Updater;c:\programmi\skype\updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-28 250808]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-6-28 1684736]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-6-30 20032]

S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [2006-5-19 18880]

S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys --> c:\windows\system32\drivers\massfilter_hs.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\mozilla maintenance service\maintenanceservice.exe [2012-7-1 115168]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-6-28 27064]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-10-3 14848]

S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys --> c:\windows\system32\drivers\zgwhsdiag.sys [?]

S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys --> c:\windows\system32\drivers\zgwhsmdm.sys [?]

.

=============== Created Last 30 ================

.

2012-10-12 12:54:13 261600 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll

2012-10-12 12:54:11 96224 ----a-w- c:\programmi\mozilla firefox\webapprt-stub.exe

2012-10-12 12:54:11 157272 ----a-w- c:\programmi\mozilla firefox\webapp-uninstaller.exe

2012-10-10 14:44:02 -------- d-----w- c:\programmi\ChatZum Toolbar

2012-10-10 14:41:31 -------- d-----w- c:\documents and settings\administrator\dati applicazioni\Malwarebytes

2012-10-10 14:41:20 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Malwarebytes

2012-10-10 14:41:19 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-10 14:41:19 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

2012-10-10 14:28:32 -------- d-----w- c:\programmi\Spybot - Search & Destroy

2012-10-10 14:28:32 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Spybot - Search & Destroy

2012-10-09 13:55:57 -------- d-----r- c:\programmi\Skype

2012-10-08 10:03:18 -------- d-----w- c:\programmi\file comuni\Research In Motion

2012-10-08 09:51:09 -------- d-----w- c:\programmi\Feitian

2012-10-05 13:51:45 -------- d-----w- c:\documents and settings\administrator\impostazioni locali\dati applicazioni\Research In Motion

2012-10-03 16:54:09 -------- d-----w- c:\documents and settings\administrator\impostazioni locali\dati applicazioni\Omnius for SE

2012-10-03 13:47:01 -------- d-----w- c:\documents and settings\administrator\impostazioni locali\dati applicazioni\Sun

2012-10-03 09:22:58 -------- d-----w- c:\programmi\file comuni\XCPCSync.OEM

2012-10-02 13:26:39 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-30 14:19:43 -------- dc----w- C:\Temp

2012-09-29 16:28:26 -------- d-----w- c:\documents and settings\administrator\impostazioni locali\dati applicazioni\Apple Computer

2012-09-29 16:28:00 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-29 16:26:45 -------- d-----w- c:\programmi\iPod

2012-09-29 16:26:40 -------- d-----w- c:\programmi\iTunes

2012-09-29 16:26:40 -------- d-----w- c:\documents and settings\all users\dati applicazioni\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-09-29 16:25:59 -------- d-----w- c:\documents and settings\administrator\impostazioni locali\dati applicazioni\Apple

2012-09-29 16:24:53 -------- d-----w- c:\programmi\Bonjour

2012-09-29 16:24:32 -------- d-----w- c:\programmi\file comuni\Apple

2012-09-28 08:57:23 10344 ----a-w- c:\windows\system32\drivers\ssadcm.sys

2012-09-28 08:57:22 10216 ----a-w- c:\windows\system32\drivers\ssadwh.sys

2012-09-25 17:59:46 73696 ----a-w- c:\programmi\mozilla firefox\breakpadinjector.dll

.

==================== Find3M ====================

.

2012-10-09 10:59:24 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 10:59:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-02 13:26:25 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-02 13:26:25 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-02 13:26:25 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-29 23:15:30 3782214 -c--a-w- C:\chatzum_nt.exe

2012-08-28 15:05:06 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:05:04 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:05:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

2012-08-28 01:04:34 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-08-28 01:04:32 45320 ----a-w- c:\windows\system32\MAMACExtract.dll

2012-08-21 11:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll

.

============= FINISH: 14.02.11,56 ===============

And ATTACK .LOG

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-14.05)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 27/06/2012 22.27.42

System Uptime: 17/10/2012 9.01.24 (5 hours ago)

.

Motherboard: FUJITSU SIEMENS | | MS-7275-VB

Processor: Intel® Pentium® D CPU 3.00GHz | CPU 1 | 2991/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 130,227 GiB free.

D: is Removable

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP18: 20/07/2012 11.47.28 - Punto di arresto del sistema

RP19: 21/07/2012 12.01.55 - Punto di arresto del sistema

RP20: 22/07/2012 12.18.24 - Punto di arresto del sistema

RP21: 23/07/2012 12.29.34 - Punto di arresto del sistema

RP22: 24/07/2012 13.54.26 - Punto di arresto del sistema

RP23: 25/07/2012 14.12.27 - Punto di arresto del sistema

RP24: 26/07/2012 15.58.30 - Punto di arresto del sistema

RP25: 27/07/2012 16.54.38 - Punto di arresto del sistema

RP26: 28/07/2012 17.17.55 - Punto di arresto del sistema

RP27: 29/07/2012 17.39.29 - Punto di arresto del sistema

RP28: 30/07/2012 19.05.49 - Punto di arresto del sistema

RP29: 31/07/2012 19.19.21 - Punto di arresto del sistema

RP30: 01/08/2012 20.07.49 - Punto di arresto del sistema

RP31: 02/08/2012 11.00.12 - Installed BlackBerry Desktop Software.

RP32: 03/08/2012 12.22.32 - Installazione driver non firmato

RP33: 04/08/2012 10.14.37 - MiniUnlocker installato

RP34: 04/08/2012 10.35.00 - MiniUnlocker installato

RP35: 04/08/2012 12.01.32 - Installazione driver non firmato

RP36: 04/08/2012 12.02.59 - Installato MD Touch Mini

RP37: 04/08/2012 12.03.33 - Installazione driver non firmato

RP38: 04/08/2012 12.14.26 - Installazione driver non firmato

RP39: 04/08/2012 12.32.06 - Revo Uninstaller Pro's restore point - MD Touch Mini

RP40: 04/08/2012 12.33.56 - Rimosso MD Touch Mini

RP41: 05/08/2012 13.21.18 - Punto di arresto del sistema

RP42: 06/08/2012 19.01.10 - Punto di arresto del sistema

RP43: 13/09/2012 10.02.43 - Punto di arresto del sistema

RP44: 14/09/2012 19.16.32 - Punto di arresto del sistema

RP45: 16/09/2012 14.03.02 - Punto di arresto del sistema

RP46: 18/09/2012 12.07.43 - Installed Java 6 Update 35

RP47: 18/09/2012 13.26.42 - Installed Advance Turbo Flasher 9.10

RP48: 19/09/2012 17.03.33 - Punto di arresto del sistema

RP49: 20/09/2012 17.55.48 - Punto di arresto del sistema

RP50: 21/09/2012 21.44.18 - Punto di arresto del sistema

RP51: 22/09/2012 23.39.34 - Punto di arresto del sistema

RP52: 23/09/2012 23.45.19 - Punto di arresto del sistema

RP53: 25/09/2012 0.17.52 - Punto di arresto del sistema

RP54: 25/09/2012 16.49.54 - Software Distribution Service 3.0

RP55: 26/09/2012 21.19.27 - Punto di arresto del sistema

RP56: 27/09/2012 18.21.05 - Software Distribution Service 3.0

RP57: 29/09/2012 9.38.58 - Punto di arresto del sistema

RP58: 29/09/2012 18.26.21 - iTunes installato

RP59: 30/09/2012 16.17.20 - Installazione driver non firmato

RP60: 01/10/2012 16.36.44 - Punto di arresto del sistema

RP61: 02/10/2012 15.25.56 - Installed Java 7 Update 7

RP62: 03/10/2012 20.33.25 - Punto di arresto del sistema

RP63: 04/10/2012 21.34.58 - Punto di arresto del sistema

RP64: 06/10/2012 12.03.00 - Punto di arresto del sistema

RP65: 07/10/2012 12.15.37 - Punto di arresto del sistema

RP66: 08/10/2012 12.03.12 - Installed BlackBerry Desktop Software.

RP67: 09/10/2012 15.38.19 - Skype™ 5.10 rimosso

RP68: 09/10/2012 15.47.52 - Revo Uninstaller Pro's restore point - Skype

RP69: 09/10/2012 17.25.25 - Software Distribution Service 3.0

RP70: 09/10/2012 20.28.27 - Aggiorna a driver privo di firma digitale

RP71: 09/10/2012 23.43.09 - Avira Free Antivirus - 09/10/2012 23.42

RP72: 10/10/2012 12.38.00 - Revo Uninstaller Pro's restore point - mobileEx

RP73: 10/10/2012 14.39.33 - Aggiorna a driver privo di firma digitale

RP74: 10/10/2012 15.57.28 - Aggiorna a driver privo di firma digitale

RP75: 11/10/2012 16.09.55 - Punto di arresto del sistema

RP76: 12/10/2012 16.33.07 - Punto di arresto del sistema

RP77: 13/10/2012 15.13.14 - Revo Uninstaller Pro's restore point - LGE Tool 1.79

RP78: 14/10/2012 19.18.53 - Punto di arresto del sistema

RP79: 15/10/2012 20.58.29 - Punto di arresto del sistema

RP80: 17/10/2012 9.40.09 - Punto di arresto del sistema

.

==== Installed Programs ======================

.

%WS4_ARP_DISPLAY%

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) - Italiano

Advance Turbo Flasher 9.10

Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521)

Aggiornamento della protezione per Windows Internet Explorer 8 (KB2699988)

Aggiornamento della protezione per Windows Internet Explorer 8 (KB2744842)

Aggiornamento della protezione per Windows XP (KB2566454)

Aggiornamento della protezione per Windows XP (KB2584146)

Aggiornamento della protezione per Windows XP (KB2618451)

Aggiornamento della protezione per Windows XP (KB2620712)

Aggiornamento della protezione per Windows XP (KB2661637)

Aggiornamento della protezione per Windows XP (KB2695962)

Aggiornamento per Windows XP (KB2718704)

Aggiornamento per Windows XP (KB2736233)

Aggiornamento rapido per Windows XP (KB2633952)

Apple Mobile Device Support

Apple Software Update

Assistente per l'accesso a Windows Live

ATI Display Driver

Attribute Changer 6.20

Avira Free Antivirus

Axalto e-gate drivers v3.0.6.0

BlackBerry Desktop Software 5.0.1

Bonjour

CCleaner

CDBurnerXP

Client Windows Rights Management con Service Pack 2

FLS-4 Driver Installation

Fuse Drivers

HashTab 4.0.0.1

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

iTunes

JAU Update

Java 7 Update 7

Java Auto Updater

Java 6 Update 35

Junk Mail filter update

Malwarebytes Anti-Malware versione 1.65.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA

Microsoft .NET Framework 3.5 Service Pack 1 Language Pack - ITA

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile Language Pack - ITA

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended Language Pack - ITA

Microsoft ActiveSync

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office XP Professional con FrontPage

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.9

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WinUsb 1.0

Microsoft WinUsb 2.0

MiniUnlocker

mobileEx

Motorola Driver Installation

Mozilla Firefox 16.0.1 (x86 it)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

MSXML 6.0 Parser

Nokia Connectivity Cable Driver

Nokia Flashing Cable Driver

Nokia Service Tool Drivers

NsPro v6.4.2

Omnius for SE v1.38

Pacchetto driver Windows - Microsoft (USBCCID) SmartCardReader (06/21/2006 6.0.6000.16386)

Phoenix Service Software

PL-2303 USB-to-Serial

Realtek High Definition Audio Driver

Revo Uninstaller Pro 2.2.0

RSDLite

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Segoe UI

Skype™ 5.10

Soft Data Fax Modem with SmartCP

SP2 compatibilità versioni precedenti Client Windows Rights Management

Spybot - Search & Destroy

Strumento di caricamento di Windows Live

Supporto applicazioni Apple

VodafoneStation2

WebFldrs XP

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

WinRAR gestione archivi

WinUSB Drivers x86

.

==== End Of File ===========================

October 17, 2012

Here the scansion from aswMBR log

Run date: 2012-10-17 13:42:37

-----------------------------

13:42:37.171 OS Version: Windows 5.1.2600 Service Pack 3

13:42:37.171 Number of processors: 2 586 0x604

13:42:37.171 ComputerName: PC UserName:

13:42:37.953 Initialize success

13:43:16.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

13:43:16.000 Disk 0 Vendor: ST3160815AS 3.AAA Size: 152627MB BusType: 3

13:43:16.015 Disk 0 MBR read successfully

13:43:16.015 Disk 0 MBR scan

13:43:16.015 Disk 0 Windows XP default MBR code

13:43:16.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152623 MB offset 19

13:43:16.031 Disk 0 scanning sectors +312573408

13:43:16.140 Disk 0 scanning C:\WINDOWS\system32\drivers

13:43:20.453 Service scanning

13:43:30.640 Modules scanning

13:43:44.218 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**

13:43:44.218 Disk 0 trace - called modules:

13:43:44.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

13:43:44.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b5cab8]

13:43:44.734 3 CLASSPNP.SYS[f74fbfd7] -> nt!IofCallDriver -> \Device\0000006d[0x84b3ef18]

13:43:44.734 5 ACPI.sys[f7372620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84b3dd98]

13:43:44.734 Scan finished successfully

13:44:14.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"

13:44:14.343 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

October 17, 2012

Thankk you for the reply Sir, i've done all how you Guide, i hope.

Here the MBAM Scansion in normaly modality:

Malwarebytes Anti-Malware (Prova) 1.65.0.1400

www.malwarebytes.org

Versione database: v2012.10.17.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: PC [amministratore]

Protezione: Attivata

17/10/2012 13.30.28

mbam-log-2012-10-17 (13-30-28).txt

Tipo di scansione: Scansione veloce

Opzioni di scansione disattivate:

Elementi esaminati: 198935

Tempo impiegato: 7 minuti, 55 secondi

Processi rilevati in memoria: 0