Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Computer lento... help!!!

Computer lento... help!!! Opzioni
Topic Precedente · Topic Sucessivo
loredana74
Inviato: Friday, November 06, 2009 1:41:58 PM
Rank: AiutAmico

Iscritto dal : 10/26/2005
Posts: 158
Potreste controllarmi gentilmente questo log visto che ultimamente mi sembra che il pc vada più lento del solito... grazie Applause


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.43.11, on 06/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\PowerISO\PWRISOVM.EXE
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\principale\Documenti\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\principale\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Documents and Settings\principale\Documenti\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244314161562
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47DDD093-8501-479B-BFA0-1CEB23CF2BC2}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: bw+0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {7A7DB6A0-8E18-408F-83B5-65C21C37010D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Documents and Settings\principale\Documenti\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 21475 bytes
Torna in alto
 
Sponsor
Inviato: Friday, November 06, 2009 1:41:58 PM

 
Torna in alto
 
shapiro
Inviato: Friday, November 06, 2009 1:50:34 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

se vuoi un pc piu' veloce, inizia col togliere Spyware Doctor, ci sono altri strumenti molto piu' leggeri

il log apparentemente non presenta minacce

fai una scansione con Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

NON TOCCARE NIENTE DURANTE LA SCANSIONE, NEMMENO IL MOUSE
Torna in alto
 
loredana74
Inviato: Friday, November 06, 2009 2:18:49 PM
Rank: AiutAmico

Iscritto dal : 10/26/2005
Posts: 158
Ecco il log di Combofix come mi avevi richiesto:

ComboFix 09-11-05.05 - principale 06/11/2009 14.04.28.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1396 [GMT 1:00]
Eseguito da: c:\documents and settings\principale\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\PRINCI~1\IMPOST~1\Temp\IadHide5.dll
c:\documents and settings\principale\Impostazioni locali\Temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-10-06 al 2009-11-06 )))))))))))))))))))))))))))))))))))
.

2009-11-06 12:47 . 2009-11-06 12:57 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\Coyotes Tale
2009-11-06 12:45 . 2009-11-06 12:47 -------- d-----w- c:\programmi\Coyote's Tale - Fire and Water
2009-11-06 08:54 . 2009-10-23 07:43 2064152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgcorex.dll
2009-11-05 07:24 . 2009-10-23 07:43 2025752 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgtray.exe
2009-11-04 21:33 . 2009-11-05 18:50 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\TMInc
2009-11-04 21:31 . 2009-11-04 21:31 -------- d-----w- c:\windows\Treasure Masters Inc
2009-11-04 10:17 . 2009-11-04 10:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PopCap
2009-11-04 10:17 . 2009-11-04 10:17 -------- d-----w- c:\programmi\Amazing Adventures The Lost Tomb
2009-11-03 09:29 . 2009-11-03 09:29 -------- d-----w- c:\documents and settings\principale\Impostazioni locali\Dati applicazioni\JollyBear
2009-11-03 09:29 . 2009-11-03 09:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\JollyBear
2009-11-03 09:28 . 2009-11-03 09:28 -------- d-----w- c:\windows\Big City Adventure - New York
2009-10-30 20:34 . 2009-11-02 10:03 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\Gold Casual Games
2009-10-30 20:34 . 2009-11-02 10:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Gold Casual Games
2009-10-29 05:59 . 2009-11-05 15:42 -------- d-----w- C:\Nostale(IT)
2009-10-28 21:10 . 2009-10-28 21:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AdventureChronicles1
2009-10-28 11:47 . 2009-10-28 11:47 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\MysteryStudio
2009-10-28 11:33 . 2009-10-28 11:33 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\SerpentOfIsis
2009-10-27 12:19 . 2009-10-27 12:19 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\Big Fish Games
2009-10-27 12:19 . 2009-10-27 12:19 -------- d-----w- c:\windows\Mystery in London
2009-10-26 12:52 . 2009-11-02 12:27 -------- d-----w- c:\programmi\Games
2009-10-26 11:41 . 2009-10-26 11:41 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\cerasus
2009-10-25 15:31 . 2009-10-26 20:31 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\cerasus.media
2009-10-25 15:30 . 2009-10-25 15:30 -------- d-----w- c:\windows\Mystery Stories-Island of Hope
2009-10-25 15:22 . 2009-10-25 15:22 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\Little Games Company
2009-10-25 15:22 . 2009-10-25 15:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Little Games Company
2009-10-24 13:04 . 2009-10-24 13:04 -------- d-----w- c:\windows\10 Days Under The Sea
2009-10-24 11:12 . 2009-10-24 11:12 -------- d--h--w- c:\windows\PIF
2009-10-23 11:31 . 2009-10-23 11:31 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\Total Eclipse
2009-10-22 18:15 . 2009-10-22 18:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IntDreams
2009-10-22 14:39 . 2009-10-22 14:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-22 14:21 . 2009-10-22 14:21 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-22 14:19 . 2009-10-22 14:19 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\SPORE
2009-10-21 19:30 . 2009-10-21 19:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Fashion Finder
2009-10-21 19:30 . 2009-10-22 14:19 -------- d-----w- c:\programmi\Fashion Finder - Secrets of Fashion
2009-10-21 19:24 . 2009-10-22 14:19 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\Bluemfcdlog
2009-10-21 11:48 . 2009-10-21 11:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Friday's games
2009-10-21 10:37 . 2009-10-21 10:41 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\PlayFirst
2009-10-20 20:15 . 2009-10-20 20:15 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\casanova
2009-10-19 10:48 . 2009-10-19 10:48 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\ERS G-Studio
2009-10-18 19:27 . 2009-10-18 19:28 -------- d-----w- c:\documents and settings\principale\Impostazioni locali\Dati applicazioni\TimeParadox
2009-10-18 19:26 . 2009-10-22 14:20 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\Zylom
2009-10-18 19:25 . 2006-09-26 10:03 98304 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-10-18 19:25 . 2006-09-26 10:03 161976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-10-16 12:10 . 2009-10-16 12:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Becky Brogan
2009-10-16 12:05 . 2009-10-16 12:05 -------- d-----w- c:\windows\Becky Brogan The Mystery of Meane Manor
2009-10-14 08:28 . 2009-10-18 18:56 -------- d-----w- c:\programmi\Hidden Expedition Titanic
2009-10-13 20:02 . 2009-10-13 20:02 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\Meridian93
2009-10-13 09:36 . 2009-10-13 09:36 -------- d-----w- c:\documents and settings\principale\Impostazioni locali\Dati applicazioni\TheLostIncaProphecy
2009-10-13 09:34 . 2009-10-13 09:34 -------- d-----w- c:\programmi\The Lost Inca Prophecy
2009-10-13 09:34 . 2009-10-13 09:34 -------- d-----w- c:\windows\The Lost Inca Prophecy
2009-10-13 09:07 . 2009-10-13 09:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BigFishGamesCache
2009-10-13 08:35 . 2009-10-13 08:35 -------- d-----w- c:\windows\OceaniX
2009-10-08 15:49 . 2009-10-08 15:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\GameHouse
2009-10-08 15:42 . 2009-10-22 17:47 -------- d-----w- c:\programmi\RealArcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 13:13 . 2009-04-17 07:29 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-06 07:59 . 2009-06-05 11:43 -------- d-----w- c:\programmi\Spyware Doctor
2009-10-25 07:53 . 2004-08-30 20:00 90814 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 07:53 . 2004-08-30 20:00 504426 ----a-w- c:\windows\system32\perfh010.dat
2009-10-24 11:02 . 2009-02-05 14:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-10-22 19:48 . 2008-11-14 21:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sandlot Games
2009-10-22 14:20 . 2008-11-12 10:48 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-18 19:25 . 2009-07-15 09:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Zylom
2009-10-17 17:31 . 2009-03-01 15:57 7308 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-11 19:26 . 2009-01-07 09:08 -------- d-----w- c:\documents and settings\principale\Dati applicazioni\GameHouse
2009-10-08 15:49 . 2009-02-03 11:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2009-10-08 15:23 . 2008-11-12 11:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-09-27 10:48 . 2009-09-24 16:47 -------- d-----w- c:\programmi\BitTorrent Fastest Tool
2009-09-16 11:11 . 2008-11-12 16:57 69648 ----a-w- c:\documents and settings\principale\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-16 11:10 . 2009-09-16 11:10 -------- d-----w- c:\programmi\Microsoft
2009-09-16 11:10 . 2009-09-16 11:10 -------- d-----w- c:\programmi\Windows Live
2009-09-16 11:02 . 2009-09-04 11:12 3096 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-09-16 10:55 . 2009-09-16 10:55 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-09-12 07:57 . 2009-09-12 07:57 -------- d-----w- c:\programmi\PowerISO
2009-09-11 18:13 . 2009-09-11 18:13 143736 ----a-w- c:\documents and settings\All Users\Dati applicazioni\BigFishGamesCache\Upgrade\stub\hidden-expedition-titanic_s1_l1_gF1081T1L1_d661277181.exe
2009-09-11 18:12 . 2009-09-11 18:12 2541480 ----a-w- c:\documents and settings\All Users\Dati applicazioni\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe
2009-09-11 14:17 . 2004-08-30 20:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 09:12 . 2009-09-10 09:12 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-04 21:03 . 2004-08-30 20:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 08:53 . 2009-01-09 11:16 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-29 07:56 . 2004-08-30 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-30 20:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-10-22 11:01 . 2009-09-24 16:47 724568 ----a-w- c:\programmi\BitTorrent Fastest Toolvlnet3.com_Installer.exe
2004-03-11 12:27 . 2008-11-12 10:48 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
2009-03-01 15:59 . 2009-03-01 15:57 56 --sh--r- c:\windows\system32\B14B0ECACF.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:56 1062144 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-03-04 36864]
"AlcoholAutomount"="c:\documents and settings\principale\Documenti\Alcohol 120\axcmd.exe" [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-05 2028312]
"LogitechCommunicationsManager"="c:\programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-06-06 148888]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"PWRISOVM.EXE"="c:\programmi\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"combofix"="c:\combofix\CF7683.exe" [2009-11-06 398336]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-03-28 94208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 13:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [13/11/2008 14.49.20 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [05/06/2009 12.52.27 130936]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [12/11/2008 16.34.06 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/11/2008 14.49.17 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/11/2008 14.49.20 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13/11/2008 14.49.04 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/11/2008 14.49.04 297752]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [05/06/2009 12.52.09 348752]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mchInjDrv
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 14:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spzu.sys >>UNKNOWN [0x8A6FF938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF771FD60 sfsync02.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF7978B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1547161642-152049171-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6c,7b,75,18,b4,c3,f3,4c,18,04,03,58,e6,4f,7a,d3,d8,d2,5d,df,33,44,b6,
cf,3c,b1,0b,3b,0f,31,6e,7a,95,22,87,55,ac,17,7c,e6,6f,ef,af,a8,5e,8c,e5,e7,\
"??"=hex:8f,dc,f4,61,ef,f9,30,3d,ec,8a,26,9e,3d,7b,e4,ed

[HKEY_USERS\S-1-5-21-1547161642-152049171-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:9d,73,55,c7,6d,0b,1f,e6,be,62,36,dc,86,12,bb,39,b3,25,06,b3,29,
78,bd,da,1e,c7,72,a9,67,85,aa,63,13,e6,1a,e0,bc,08,d4,81,d2,51,2b,ed,75,35,\
"rkeysecu"=hex:ed,70,18,ba,75,13,ba,71,ba,44,64,fb,bf,8c,cb,4e

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Spyware Doctor\pctsSvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\documents and settings\principale\Documenti\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programmi\HP\Digital Imaging\bin\hpqimzone.exe
c:\programmi\Logitech\QuickCam10\COCIManager.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-06 14.18.59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-06 13:18
ComboFix2.txt 2009-06-05 23:31

Pre-Run: 159.308.828.672 byte disponibili
Post-Run: 159.320.838.144 byte disponibili

- - End Of File - - C4106B525E90FA8E4FD9B6552EC17F0B
Torna in alto
 
shapiro
Inviato: Friday, November 06, 2009 9:20:30 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
loredana74 vai sul sito di virustotal e controlla questo file

c:\windows\system32\B14B0ECACF.sys
Torna in alto
 
loredana74
Inviato: Friday, November 06, 2009 9:47:01 PM
Rank: AiutAmico

Iscritto dal : 10/26/2005
Posts: 158
Com'è che non riesco a trovare nella cartella system32 il file che mi hai menzionato? Ho sfogliato la cartella file per file ma non c'è... mica è normale? d'oh!
Torna in alto
 
shapiro
Inviato: Friday, November 06, 2009 9:51:34 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su --Strumenti>>> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti

controlla ora se riesci a vederlo altrimenti usa la funzione ''cerca'' di windows per vedere se e' ancora nel pc
Torna in alto
 
loredana74
Inviato: Friday, November 06, 2009 10:06:29 PM
Rank: AiutAmico

Iscritto dal : 10/26/2005
Posts: 158
Niente... ho fatto come mi hai detto visualizzando anche file e cartelle nascoste... ho usato il comando cerca nella cartella di system32 ma nemmeno nelle sottocartelle c'è quel tipo di file o almeno non riesce a trovare nulla con quel nome ed estensione... che faccio? d'oh!
Torna in alto
 
shapiro
Inviato: Friday, November 06, 2009 10:17:26 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
niente, non fare niente ...probabilmente eì stato eliminato

Scarica ed installa CCleaner: clicca qui per il download
http://www.filehippo.com/download_ccleaner/
Una volta installato configuralo in questo modo:
lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi clicca su:
Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
alla voce Pulizia, nella sezione Avanzate spunta le voci Vecchi dati Prefetch e Disinstallatori aggiornamenti di WinUpdate
nel menu a sinistra, clicca sulla voce Pulizia
clicca su tasto Avvia pulizia per eseguire la scansione
finita la scansione, sempre nel menu a sinistra, clicca sulla voce Registro e spunta tutte le voci comprese nella sezione meno la voce estensioni file non usate
clicca sul tasto Trova problemi ed avvia una scansione
al termine della scansione clicca sulla voce Ripara selezionati e prosegui con la riparazione (questo ultimo passaggio ripetilo più volte, fino a quando non verranno rilevati più problemi da correggere)


Fai una scansione con malwarebytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .
Torna in alto
 
loredana74
Inviato: Saturday, November 07, 2009 1:56:19 PM
Rank: AiutAmico

Iscritto dal : 10/26/2005
Posts: 158
Allora ecco il log della scansione fatta con Malwarebytes:

Malwarebytes' Anti-Malware 1.41
Versione del database: 3112
Windows 5.1.2600 Service Pack 3

07/11/2009 13.53.27
mbam-log-2009-11-07 (13-53-20).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 192223
Tempo trascorso: 55 minute(s), 40 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 4

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{FAA3670C-628C-4EAD-BF28-1A9F9B46DE33}\RP537\A0134370.exe (Malware.Packer.Krunchy) -> No action taken.
C:\System Volume Information\_restore{FAA3670C-628C-4EAD-BF28-1A9F9B46DE33}\RP537\A0134369.exe (Malware.Packer.Krunchy) -> No action taken.
C:\System Volume Information\_restore{FAA3670C-628C-4EAD-BF28-1A9F9B46DE33}\RP547\A0136234.exe (Malware.Packer.Krunchy) -> No action taken.
C:\System Volume Information\_restore{FAA3670C-628C-4EAD-BF28-1A9F9B46DE33}\RP554\A0136759.exe (Malware.Packer.Krunchy) -> No action taken.


La stessa scansione l'ho fatta con AVG e mi riscontra nella stessa cartella System Volume Information un Trojan Generic14VGI ed un virus Win32/Rustock.Q
Torna in alto
 
shapiro
Inviato: Saturday, November 07, 2009 2:03:18 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
riavvia malwarebytes ed elimina tutto

per sicurezza disattiva il ripristino- riavvia il pc e riattivalo creando un nuovo punto

Commenta:
Per disattivare il ripristino di sistema vai su :
Start/tasto destro del mouse su risorse del computer/proprietà/Ripristino configurazione del sistema/e metti la spunta su "disattiva ripristino configurazione del sistema"


sai dirmi se noti miglioramenti?
Torna in alto
 
loredana74
Inviato: Monday, November 09, 2009 10:05:29 AM
Rank: AiutAmico

Iscritto dal : 10/26/2005
Posts: 158
Volevo ringraziarti per l'aiuto datomi, ho fatto tutto ciò che mi hai consigliato e credo che abbia risolto tutto. Grazie ancora Drool
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Computer lento... help!!!


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.