Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » log hijackthis computer lento

2 pages: [1] 2
log hijackthis computer lento Opzioni
Topic Precedente · Topic Sucessivo
mhanuel
Inviato: Tuesday, August 31, 2010 10:06:18 AM
Rank: AiutAmico

Iscritto dal : 8/19/2010
Posts: 37
salve a tutti da qualche giorno il pc va a rilento, per aprire le cartelle appare sempre quell'odiosa torcia e carica anche per minuti per infine farmi vedere il contenuto...
stesso risultato per aprire dei programmi
ho seguito la vostra guida passo passo e ora vi allego il log
grazie in anticipo



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11.48.36, on 31/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Cobian Backup 10\cbVSCService.exe
C:\Programmi\EeePC\ACPI\AsTray.exe
C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\Programmi\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Elantech\ETDCtrl.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=14542
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Programmi\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Programmi\MRU-Blaster\mrublaster.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281957615937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281957577390
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Programmi\Cobian Backup 10\cbVSCService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9984 bytes
Torna in alto
 
Sponsor
Inviato: Tuesday, August 31, 2010 10:06:18 AM

 
Torna in alto
 
monsee
Inviato: Tuesday, August 31, 2010 12:47:04 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Una domanda: hai installato soltanto il Firewall di COMODO o anche qualcos'altro della suite? Te lo domando per capir se la tua configurazione è tale da poter causare dei conflitti.
Installa, comunque, Malwarebytes' AntiMalware (scaricabile da Aiutamici) e aggiornalo. Lo userai, poi, in Modalità Provvisoria.

Per quel che attiene al LOG che hai postato:
Disabilita il Ripristino configurazione di sistema, vai in Modalità Provvisoria e "fixa" la seguente voce:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=14542 [questa fa parte della Toolbar di Babylon, che è una grossa seccatura]
O23 - Service: Norton Internet Security - Unknown owner - C:\Programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing) [questo dovrebbe essere un relitto di una Norton Internet Security da te disinstallata]

Terminata questa operazione, sempre restando in Modalità Provvisoria, lancia Malwarebytes' AntiMalware in scansione completa. Rimuovi o metti in Quarantena tutte le voci maligne che eventualmente ti saran rilevate, ma segnatele da una parte in modo da potercele, poi, riferire.

Dopo di che, torna in Modalità Normale e vai a fare una scansione online sul sito Housecall/Trendmicro.
Se ti vien rilevata qualche voce "maligna", scegli, al termine della scansione, di eliminarla (e segnatela, così ci riferisci).
Se niente ti vien rilevato, procedi a riattivare il Ripristino configurazione di sistema e poi a crearti manualmente un "punto di rispristino" cui poter ritornare in caso di bisogno.
Torna in alto
 
carbas
Inviato: Tuesday, August 31, 2010 2:01:34 PM
Rank: Newbie

Iscritto dal : 8/31/2010
Posts: 2
Torna in alto
 
logic
Inviato: Tuesday, August 31, 2010 2:13:36 PM

Rank: AiutAmico

Iscritto dal : 2/25/2010
Posts: 1,008
Interessante !!!




____________________________
Tutto va imparato non per esibirlo ma per adoperarlo.
Farsi notare è una prerogativa da imbecilli; i veri geni, il più delle volte, passano inosservati.!
Torna in alto
 
a.roselli
Inviato: Tuesday, August 31, 2010 5:42:27 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,053



alfonso_aiutamici@hotmail.it
Torna in alto
 
mhanuel
Inviato: Wednesday, September 01, 2010 12:00:55 PM
Rank: AiutAmico

Iscritto dal : 8/19/2010
Posts: 37
Ciao
ringrazio per i consigli
ho fatto tutto come suggerito
ma il problema persiste
le cartelle si aprono lentamente ed inoltre ho notato
che alcune volte il cursore "scappa" e le icone dei vari programmi
si rendono visibili dopo qualche secondo
cè qualche altra cosa che si può fare?
grazie
Torna in alto
 
usb00
Inviato: Wednesday, September 01, 2010 12:17:56 PM
Rank: Member

Iscritto dal : 9/1/2010
Posts: 24
Scarica <b>Combofix</b>: clicca qui per il download

Quando lo salvi hai la possibilità di rinominare il file: rinomina l’exe in pippo.exe

● crea una cartella apposita sul Desktop e, al suo interno, posiziona, il tool che hai scaricato
● disconnettiti da Internet
● sconnetti, fisicamente, il modem dal computer
● accedi al sistema in <b>modalità provvisoria</b> con un account con privilegi di <b>Amministratore</b>
● lancia <b>ComboFix </b>e segui le istruzioni che verranno rilasciate per eseguire la scansione
● senza eseguire altre operazioni, lascia che il tool completi la scansione e la fase di creazione del log
● al termine della operazione, il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)

Note - durante la scansione:
● verranno creati alcuni file sul desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'<b>antivirus</b> in uso: <b>prosegui ignorando il messaggio</b>
● il firewall, se attivo, potrebbe rilasciare un avviso che verranno rimossi alcuni driver (consentire)

Verrà creato un log in Disco Locale C: dal nome <b>combofix.txt </b>che dovrai inviare qui.

Conclusa la scansione:
● riavvia il sistema in modalità normale
● ricollega, fisicamente, il modem al computer
● connettiti a Internet e invia il file di testo
Torna in alto
 
monsee
Inviato: Wednesday, September 01, 2010 12:34:12 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Non mettere l'exe "in una cartella posta sul desktop": lascialo su desktop e basta.
E segnati il suo esatto nome PRIMA di cambiarlo (ti servirà, quando dovrai disinstallarlo, perché dovrai ridargli il nome originale).

In quanto all'aver fatto quel che avevo chiesto... Cosa t'è emerso dalla scansione sul sito Housecall/Trendmicro?
Torna in alto
 
ghess
Inviato: Wednesday, September 01, 2010 1:08:11 PM

Rank: AiutAmico

Iscritto dal : 8/11/2010
Posts: 73
Mettere e, lanciare Combofix dal desktop da una sua cartella non pregiudica niente. L'ho appena fatto in modalità reale.
Al termine, il log viene salvato in C:\combofix.txt.
Torna in alto
 
monsee
Inviato: Wednesday, September 01, 2010 2:07:53 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Ragione in più per lasciare l'exe sul desktop, senta spostarlo altrove, mi pare...
La cosa ha una sua rilevanza, poi, per l'opera di disinstallazione.
Torna in alto
 
usb00
Inviato: Wednesday, September 01, 2010 2:28:21 PM
Rank: Member

Iscritto dal : 9/1/2010
Posts: 24
E' indifferente, come giustamente dice l'amico ghess.
Torna in alto
 
kyron
Inviato: Wednesday, September 01, 2010 3:57:20 PM
Rank: AiutAmico

Iscritto dal : 12/28/2009
Posts: 234
monsee ha scritto:
Ragione in più per lasciare l'exe sul desktop, senta spostarlo altrove, mi pare...
La cosa ha una sua rilevanza, poi, per l'opera di disinstallazione.

Non centra niente la disistallazione.
Lasciare l'.exe sul desktop, serve per eventuali script da fare.
Per la disistallazione corretta, ci sono tool appositi:
http://oldtimer.geekstogo.com/OTC.exe
Torna in alto
 
ghess
Inviato: Wednesday, September 01, 2010 6:30:37 PM

Rank: AiutAmico

Iscritto dal : 8/11/2010
Posts: 73
@monsee: Ragione in più per lasciare l'exe sul desktop, senza spostarlo altrove, mi pare...
La cosa ha una sua rilevanza, poi, per la disnstallazione.

Ragione, fattene tu una buona ragione per non dire scemenze del genere. Non sai quello che dici e ti arrampichi sugli specchi.
Torna in alto
 
mhanuel
Inviato: Wednesday, September 01, 2010 11:28:21 PM
Rank: AiutAmico

Iscritto dal : 8/19/2010
Posts: 37
ciao

dalla scansione sul sito Housecall/Trendmicro
non ha rilevato nulla
mi dice "nessuna minaccia rilevata"

ecco il log di combo fix



ComboFix 10-08-29.03 - Giuseppe 30/08/2010 14.52.11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.483 [GMT 2:00]
Eseguito da: c:\documents and settings\Giuseppe\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
c:\windows\pchealth\UploadLB\Config\config.xml
c:\windows\system32\Thumbs.db
c:\windows\system32\vbzlib1.dll
c:\windows\pchealth\UploadLB . . . . Eliminazione Fallita

.
((((((((((((((((((((((((( Files Creati Da 2010-07-28 al 2010-08-30 )))))))))))))))))))))))))))))))))))
.

2010-08-29 19:13 . 2010-08-29 19:13 -------- d-----w- C:\VirtualBox Portable
2010-08-29 15:19 . 2010-08-29 15:19 -------- d-----w- c:\programmi\Microsoft.NET
2010-08-29 15:15 . 2010-08-29 15:15 -------- d-----w- c:\programmi\Microsoft Visual Studio 8
2010-08-29 15:13 . 2010-08-29 15:20 -------- d-----w- c:\windows\SHELLNEW
2010-08-29 15:12 . 2010-08-29 15:12 -------- d-----r- C:\MSOCache
2010-08-29 12:40 . 2010-08-29 16:20 -------- d-----w- C:\pebuilder3110a
2010-08-29 11:14 . 2010-08-29 11:14 -------- d-----w- c:\windows\Sun
2010-08-28 19:30 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-08-28 19:30 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-08-28 19:19 . 2010-08-28 19:19 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Microsoft Help
2010-08-28 19:19 . 2010-08-30 06:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-08-28 17:46 . 2010-08-28 17:46 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Cooliris
2010-08-28 17:46 . 2010-06-14 10:08 545280 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-08-28 17:46 . 2010-06-14 10:08 4687360 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-08-28 17:46 . 2010-06-14 10:08 103424 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-08-28 17:46 . 2010-06-14 10:08 4687872 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-08-28 17:46 . 2010-06-14 10:08 425984 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-08-28 17:46 . 2010-06-14 10:08 152064 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-08-28 17:46 . 2010-06-14 10:08 57856 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-08-28 17:20 . 2010-08-28 17:20 -------- d-----w- c:\documents and settings\Giuseppe\dwhelper
2010-08-28 16:52 . 2010-08-28 16:52 503808 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-54753d32-n\msvcp71.dll
2010-08-28 16:52 . 2010-08-28 16:52 499712 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-54753d32-n\jmc.dll
2010-08-28 16:52 . 2010-08-28 16:52 348160 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-54753d32-n\msvcr71.dll
2010-08-28 16:52 . 2010-08-28 16:52 12800 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-22519e2f-n\decora-d3d.dll
2010-08-28 16:52 . 2010-08-28 16:52 61440 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-22519e2f-n\decora-sse.dll
2010-08-28 16:51 . 2010-08-28 16:51 -------- d-----w- c:\programmi\File comuni\Java
2010-08-28 16:51 . 2010-08-28 16:50 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 16:50 . 2010-08-28 16:50 -------- d-----w- c:\programmi\Java
2010-08-28 16:06 . 2010-07-23 15:22 43008 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-28 16:06 . 2010-07-23 15:22 338944 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-28 16:06 . 2010-07-23 15:22 1496064 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-28 16:06 . 2010-07-23 15:22 346112 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-28 15:22 . 2010-08-28 15:22 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Google
2010-08-27 11:24 . 2010-08-18 15:13 52224 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-27 11:24 . 2010-08-18 15:13 101376 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-26 15:33 . 2008-04-13 09:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-08-26 15:33 . 2008-04-13 09:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-08-26 15:32 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-08-26 15:30 . 2010-08-26 15:30 -------- d-----w- c:\programmi\File comuni\PCSuite
2010-08-26 15:30 . 2010-08-26 15:30 -------- d-----w- c:\programmi\File comuni\Nokia
2010-08-26 15:28 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-08-26 15:28 . 2010-08-26 15:28 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-08-26 15:27 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-08-26 15:27 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-08-26 15:27 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-08-26 15:27 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-08-26 15:27 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-08-26 15:27 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-08-26 15:26 . 2010-08-26 15:24 36453152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_ita_web.exe
2010-08-26 15:25 . 2010-08-26 15:25 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-08-26 15:25 . 2010-08-26 15:25 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-08-26 15:25 . 2010-08-26 15:25 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-08-26 15:25 . 2010-08-26 15:25 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-08-26 15:25 . 2010-08-26 15:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-08-26 14:04 . 2010-08-26 14:04 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\GARMIN
2010-08-26 14:04 . 2010-08-26 14:04 -------- d-----w- C:\Garmin
2010-08-26 14:04 . 2010-08-26 14:04 -------- d-----w- c:\programmi\Garmin
2010-08-25 17:59 . 2010-08-25 17:59 -------- d-----w- c:\programmi\Astonsoft
2010-08-25 15:34 . 2010-08-30 09:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-08-25 15:34 . 2010-08-25 15:47 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-08-25 15:28 . 2010-08-25 15:28 -------- d-----w- c:\programmi\CCleaner
2010-08-25 15:22 . 2010-08-25 15:24 -------- d-----w- c:\programmi\SpywareBlaster
2010-08-25 15:19 . 2010-08-28 19:42 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni
2010-08-25 15:19 . 2010-08-25 15:19 -------- d-----w- c:\documents and settings\Proprietario\Menu Avvio
2010-08-25 15:19 . 2010-08-25 15:19 -------- d-----w- c:\documents and settings\Proprietario
2010-08-25 14:31 . 2010-08-25 14:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-08-25 14:29 . 2008-04-13 16:53 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-08-25 14:29 . 2008-04-13 16:53 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-08-17 21:25 . 2010-08-17 21:27 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Skype
2010-08-17 21:06 . 2010-08-17 21:06 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Systenance
2010-08-17 21:04 . 2010-08-17 21:17 -------- d-----w- c:\programmi\Index.dat Analyzer
2010-08-17 21:00 . 2010-08-17 21:00 -------- d-----w- c:\programmi\MRU-Blaster
2010-08-17 20:36 . 2010-08-17 20:43 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Disk Cleaner
2010-08-17 20:36 . 2010-08-17 20:49 -------- d-----w- c:\programmi\Disk Cleaner
2010-08-17 18:18 . 2010-08-17 18:18 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Safe mirror
2010-08-17 18:12 . 2010-08-17 18:28 -------- d-----w- c:\programmi\Cobian Backup 10
2010-08-17 17:56 . 2010-08-17 17:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrium
2010-08-17 17:54 . 2010-08-17 17:54 43646 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}\_7EC800011302E1DCCD5EC0.exe
2010-08-17 17:54 . 2010-08-17 17:54 43646 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}\_3D2A0315C2A3AF4656C8F8.exe
2010-08-17 17:54 . 2010-08-17 17:54 29926 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}\_574E77735DFB13FA487538.exe
2010-08-17 17:54 . 2010-08-17 17:54 43646 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}\_D707CE1C009F1381803C2C.exe
2010-08-17 17:54 . 2010-08-17 17:54 43646 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}\_21F3885A18D238E15AAE81.exe
2010-08-17 17:54 . 2010-08-17 17:54 109534 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}\_6FEFF9B68218417F98F549.exe
2010-08-17 17:54 . 2010-08-17 17:54 -------- d-----w- c:\programmi\Macrium
2010-08-17 16:55 . 2007-12-28 07:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-08-17 16:34 . 2008-05-30 12:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-08-17 16:34 . 2010-08-17 16:34 -------- d-----w- c:\windows\Logs
2010-08-17 16:34 . 2010-08-17 16:41 -------- d-----w- c:\programmi\Pictomio
2010-08-17 16:26 . 2010-08-17 16:26 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Leadertech
2010-08-17 15:33 . 2010-08-17 15:33 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\AdobeUM
2010-08-17 12:48 . 2008-04-14 12:00 2560 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\USMT\iconlib.dll
2010-08-17 11:35 . 2010-08-17 11:35 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\UltraVNC
2010-08-17 11:34 . 2010-08-17 12:37 -------- d-----w- c:\programmi\UltraVNC
2010-08-16 20:49 . 2010-08-16 20:49 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Datalayer
2010-08-16 20:49 . 2010-08-16 20:49 -------- d-----w- c:\documents and settings\Giuseppe\Phone Browser
2010-08-16 20:48 . 2010-08-16 20:48 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Nokia
2010-08-16 20:44 . 2010-08-16 20:44 -------- d-----w- c:\programmi\Epocware
2010-08-16 20:26 . 2010-08-16 20:26 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Template
2010-08-16 20:09 . 2010-08-16 20:12 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Apple Computer
2010-08-16 20:09 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-16 20:09 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-16 20:08 . 2010-08-16 20:08 -------- d-----w- c:\programmi\iPod
2010-08-16 20:08 . 2010-08-16 20:09 -------- d-----w- c:\programmi\iTunes
2010-08-16 20:08 . 2010-08-16 20:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-16 20:07 . 2010-08-16 20:08 -------- d-----w- c:\programmi\QuickTime
2010-08-16 20:07 . 2010-08-16 20:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-08-16 20:07 . 2010-08-16 20:07 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Apple
2010-08-16 20:07 . 2010-08-16 20:07 -------- d-----w- c:\programmi\Apple Software Update
2010-08-16 20:07 . 2010-04-19 18:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-08-16 20:07 . 2010-04-19 18:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-08-16 20:06 . 2010-08-16 20:06 -------- d-----w- c:\programmi\Bonjour
2010-08-16 20:06 . 2010-08-16 20:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2010-08-16 20:06 . 2010-08-16 20:08 -------- d-----w- c:\programmi\File comuni\Apple
2010-08-16 20:05 . 2010-08-16 20:09 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Apple Computer
2010-08-16 20:02 . 2010-08-16 20:02 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\TomTom
2010-08-16 20:02 . 2010-08-16 20:02 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\TomTom
2010-08-16 20:02 . 2010-08-16 20:02 -------- d-----w- c:\programmi\TomTom HOME 2
2010-08-16 20:01 . 2010-08-16 20:01 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\TurboPOI
2010-08-16 20:01 . 2010-08-16 20:01 -------- d-----w- C:\TurboPOI
2010-08-16 20:00 . 2010-08-16 20:00 -------- d-----w- c:\programmi\TurboPOI
2010-08-16 19:54 . 2010-08-16 19:54 -------- d-----w- c:\programmi\VDownloader
2010-08-16 19:53 . 2010-08-16 19:53 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\VDownloader
2010-08-16 18:53 . 2010-08-16 18:53 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-16 18:28 . 2010-08-16 18:29 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-08-16 17:34 . 2010-08-16 17:34 -------- d-----w- c:\programmi\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 17:46 . 2010-08-15 22:29 71520 ----a-w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-08-29 15:21 . 2009-02-04 08:12 -------- d-----w- c:\programmi\Microsoft Works
2010-08-29 15:21 . 2010-08-16 18:53 -------- d-----w- c:\programmi\MSBuild
2010-08-28 15:24 . 2009-02-04 08:20 84702 ----a-w- c:\windows\system32\perfc010.dat
2010-08-28 15:24 . 2009-02-04 08:20 489980 ----a-w- c:\windows\system32\perfh010.dat
2010-08-26 15:32 . 2010-08-26 15:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-08-26 15:32 . 2010-08-26 15:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-26 10:13 . 2010-08-26 10:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-08-17 15:37 . 2009-02-04 08:11 -------- d-----w- c:\programmi\File comuni\Adobe
2010-08-17 11:54 . 2009-02-04 07:36 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-16 20:28 . 2010-08-16 20:25 162 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\wklnhst.dat
2010-08-16 18:53 . 2010-08-16 18:53 -------- d-----w- c:\programmi\Reference Assemblies
2010-08-15 22:30 . 2010-08-15 22:29 137 ----a-w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-07-29 18:28 . 2010-07-29 18:28 12256 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2010-07-29 18:28 . 2010-07-29 18:28 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-07-29 18:27 . 2010-07-29 18:27 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-06-30 12:31 . 2009-02-04 08:20 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2009-02-04 08:20 669696 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2009-02-04 08:20 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 09:02 . 2009-02-04 08:20 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2009-02-04 08:20 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-02-04 08:20 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-02-04 07:35 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-02-04 08:20 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"="c:\programmi\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\programmi\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 94208]
"ETDWare"="c:\programmi\Elantech\ETDCtrl.exe" [2009-01-23 416768]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-14 17508864]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
SuperHybridEngine.lnk - c:\programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-20 00:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2009-02-06 16:08 454000 ----a-w- c:\programmi\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\UltraVNC\\winvnc.exe"=
"c:\\Programmi\\UltraVNC\\vncviewer.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [29/07/2010 20.28.02 15328]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\programmi\Cobian Backup 10\cbVSCService.exe [17/08/2010 20.28.30 67584]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 18.33.38 50704]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [29/07/2010 20.27.42 220128]
S2 Norton Internet Security;Norton Internet Security;"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/04/2009 18.14.51 1684736]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [29/07/2010 20.27.52 44512]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [29/07/2010 20.28.26 12256]
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-08-25 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SpybotSD.exe [2010-08-25 13:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=it&q=
FF - component: c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-PcSync - c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
HKLM-Run-Adobe Photo Downloader - c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 15:00
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Windows Live\Family Safety\fsssvc.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-30 15:09:03 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-08-30 13:08

Pre-Run: 71.679.672.320 byte disponibili
Post-Run: 71.652.868.096 byte disponibili

- - End Of File - - 462A0AAAE1DB86C380F986BDB3502AB2



ditemi sè è il caso di rifare un controllo con hijackthis
non sò sè può servire ,ma il mio netbok è cominciato ad andare male
dopo aver installato il pacchetto office di windows
e forse è peggiorato volendo installare virtualbox
ho notato anche che quando apro le pagine internet con mozzilla
la prima scheda è tutto ok
se apro una nuova sceda
la apre correttamente ...ma in alto invece di leggere il nome della scheda in oggetto mi
dice "connessione fallita
e così per tutte le scheda che apro.
in attesa
grazie di tutto
Torna in alto
 
monsee
Inviato: Thursday, September 02, 2010 1:22:08 AM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Simpatiche notizie: ti sei beccato un bel worm! (che non si è lasciato far fuori da ComboFix)
Puoi trovar notizie sul fetecchio in questione [che ha due principali vie di penetrazione: 1) tramite email; 2) tramite software "crackato"] su
QUESTA pagina Web (che afferisce sostanzialmente a una variante) e anche su QUEST'ALTRA (che afferisce a un'altra variante consimile). Si tratta, in sostanza, di varianti del noto worm Netsky.
Potresti, per favore, render visibili i files e le cartelle nascoste e verificare se dentro alla tua cartella Windows c'è un file che si chiama FVProtect.exe? Il sospetto mi nasce dal fatto che questo fetecchio ha l'abitudine di "nascondersi" dietro all'etichetta di Norton Antivirus (non c'è alcun Norton installato? E al worm, che cosa importa?... ci pensa lui, a farlo -in qualche modo- comparire)... e tu presenti una voce che pare legata al Norton. Saper come stanno le cose potrebbe aiutarci a delimitare un poco il campo: esiston più varianti di codesto worm. Se tu trovassi il file in questione sarebbe un indicatore del fatto che ci troviamo dinnanzi alla variante P. Il che ci darebbe modo, spero, di disabilitare il suo avvio in contemporanea con Windows.
Postare un nuovo LOG di HijackThis non per niente è una cattiva idea, ma ho la sensazione che non sarà certo sufficiente.
Sarebbe, io credo, il caso che tu aggiornassi per bene il tuo AntiVir e poi te ne andassi in Modalità Provvisoria. Lì, apri il task manager e guarda se fra i processi ce n'è anche uno afferente al FVProtect.exe. Se lo rilevi, killalo. Dopo di che, lancia in scansione il tuo AntiVir (per farlo, vai in Risorse del computer e clicca col tasto destro del mouse sull'iconetta del Disco C, selezionando la voce relativa allo scansionamento con AntiVir. Elimina tutto quel che, di infetto, ti vien rilevato in corso di scansione.
Sarebbe, tanto per capire se c'è anche qualcos'altro, il caso che tu facessi Malwarebytes' AntiMalware (scansione completa, non veloce!) sempre in Modalità Provvisoria e dopo aver disabilitato il Ripristino configurazione di sistema. Rimuovi o sposta in Quarantena tutte le voci che ti verranno rilevate. Segnati i nomi dei files eliminati o messi in Quarantena con queste due scansioni, così potrai riferirceli. Il LOG di HijackThis fallo successivamente, in Modalità Normale.
Domani, purtroppo, io non avrò tempo libero sino quasi a sera. Comunque, non dubito che altri sapranno consigliarti.
Torna in alto
 
fdaccc
Inviato: Thursday, September 02, 2010 9:44:46 AM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
Vi avverto che con il nostro amico, che sembra aver seguito le istruzioni a metà per la fretta, non si potrà eseguire script alcuno:
Commenta:
Eseguito da: c:\documents and settings\Giuseppe\Documenti\Download\ComboFix.exe
Torna in alto
 
mhanuel
Inviato: Thursday, September 02, 2010 11:11:19 PM
Rank: AiutAmico

Iscritto dal : 8/19/2010
Posts: 37
Ciao a tutti

allegi il log di Hijack

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.05.35, on 02/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Cobian Backup 10\cbVSCService.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Programmi\MRU-Blaster\mrublaster.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281957615937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281957577390
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Programmi\Cobian Backup 10\cbVSCService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8318 bytes


ed il log di combofix
sperando di averlo fatto bene
altrimenti spiegatemi per favore come farlo bene


ComboFix 10-08-29.03 - Giuseppe 02/09/2010 22.53.11.3.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.800 [GMT 2:00]
Eseguito da: c:\documents and settings\Giuseppe\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EE84-FFFC-FFFF-0200-00004FBCC4F1}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\pchealth\UploadLB

.
((((((((((((((((((((((((( Files Creati Da 2010-08-02 al 2010-09-02 )))))))))))))))))))))))))))))))))))
.

2010-09-02 16:03 . 2010-09-02 16:03 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2010-09-02 14:27 . 2010-09-02 14:27 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Uniblue
2010-09-01 21:10 . 2010-09-01 21:10 -------- d-----w- c:\documents and settings\Administrator.ETTORE
2010-09-01 07:35 . 2010-09-01 07:35 -------- d-----w- c:\documents and settings\Administrator
2010-09-01 07:28 . 2010-09-01 07:28 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Malwarebytes
2010-09-01 07:28 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-01 07:28 . 2010-09-01 07:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-09-01 07:28 . 2010-09-01 07:28 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-09-01 07:28 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 20:10 . 2010-08-31 20:10 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Danea
2010-08-31 11:07 . 2010-08-31 11:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\COMODO
2010-08-31 11:05 . 2010-08-31 11:05 -------- d-----w- c:\programmi\COMODO
2010-08-31 08:58 . 2010-08-31 11:02 35888 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-08-31 08:55 . 2010-08-31 11:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo Downloader
2010-08-31 08:01 . 2010-08-31 08:01 388096 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-31 08:01 . 2010-08-31 08:01 -------- d-----w- c:\programmi\Trend Micro
2010-08-29 19:13 . 2010-08-29 19:13 -------- d-----w- C:\VirtualBox Portable
2010-08-29 15:19 . 2010-08-29 15:19 -------- d-----w- c:\programmi\Microsoft.NET
2010-08-29 15:15 . 2010-08-29 15:15 -------- d-----w- c:\programmi\Microsoft Visual Studio 8
2010-08-29 15:13 . 2010-08-29 15:20 -------- d-----w- c:\windows\SHELLNEW
2010-08-29 15:12 . 2010-08-29 15:12 -------- d-----r- C:\MSOCache
2010-08-29 12:40 . 2010-08-29 16:20 -------- d-----w- C:\pebuilder3110a
2010-08-29 11:14 . 2010-08-29 11:14 -------- d-----w- c:\windows\Sun
2010-08-28 19:30 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-08-28 19:30 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-08-28 19:19 . 2010-08-28 19:19 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Microsoft Help
2010-08-28 19:19 . 2010-08-30 20:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-08-28 17:46 . 2010-08-28 17:46 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Cooliris
2010-08-28 17:46 . 2010-06-14 10:08 545280 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-08-28 17:46 . 2010-06-14 10:08 4687360 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-08-28 17:46 . 2010-06-14 10:08 103424 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-08-28 17:46 . 2010-06-14 10:08 4687872 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-08-28 17:46 . 2010-06-14 10:08 425984 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-08-28 17:46 . 2010-06-14 10:08 152064 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-08-28 17:46 . 2010-06-14 10:08 57856 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-08-28 17:20 . 2010-08-28 17:20 -------- d-----w- c:\documents and settings\Giuseppe\dwhelper
2010-08-28 16:52 . 2010-08-28 16:52 503808 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-54753d32-n\msvcp71.dll
2010-08-28 16:52 . 2010-08-28 16:52 499712 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-54753d32-n\jmc.dll
2010-08-28 16:52 . 2010-08-28 16:52 348160 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-54753d32-n\msvcr71.dll
2010-08-28 16:52 . 2010-08-28 16:52 12800 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-22519e2f-n\decora-d3d.dll
2010-08-28 16:52 . 2010-08-28 16:52 61440 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-22519e2f-n\decora-sse.dll
2010-08-28 16:51 . 2010-08-28 16:51 -------- d-----w- c:\programmi\File comuni\Java
2010-08-28 16:51 . 2010-08-28 16:50 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 16:50 . 2010-08-28 16:50 -------- d-----w- c:\programmi\Java
2010-08-28 16:06 . 2010-07-23 15:22 43008 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-28 16:06 . 2010-07-23 15:22 338944 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-28 16:06 . 2010-07-23 15:22 1496064 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-28 16:06 . 2010-07-23 15:22 346112 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-28 15:22 . 2010-08-28 15:22 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Google
2010-08-27 11:24 . 2010-08-18 15:13 52224 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-27 11:24 . 2010-08-18 15:13 101376 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-26 15:33 . 2008-04-13 09:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-08-26 15:33 . 2008-04-13 09:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-08-26 15:32 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-08-26 15:30 . 2010-08-26 15:30 -------- d-----w- c:\programmi\File comuni\PCSuite
2010-08-26 15:30 . 2010-08-26 15:30 -------- d-----w- c:\programmi\File comuni\Nokia
2010-08-26 15:28 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-08-26 15:28 . 2010-08-26 15:28 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-08-26 15:27 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-08-26 15:27 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-08-26 15:27 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-08-26 15:27 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-08-26 15:27 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-08-26 15:27 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-08-26 15:26 . 2010-08-26 15:24 36453152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_ita_web.exe
2010-08-26 15:25 . 2010-08-26 15:25 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-08-26 15:25 . 2010-08-26 15:25 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-08-26 15:25 . 2010-08-26 15:25 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-08-26 15:25 . 2010-08-26 15:25 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-08-26 15:25 . 2010-08-26 15:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-08-26 14:04 . 2010-08-26 14:04 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\GARMIN
2010-08-26 14:04 . 2010-08-26 14:04 -------- d-----w- C:\Garmin
2010-08-26 14:04 . 2010-08-26 14:04 -------- d-----w- c:\programmi\Garmin
2010-08-25 17:59 . 2010-08-25 17:59 -------- d-----w- c:\programmi\Astonsoft
2010-08-25 15:34 . 2010-09-02 08:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-08-25 15:34 . 2010-08-25 15:47 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-08-25 15:28 . 2010-08-25 15:28 -------- d-----w- c:\programmi\CCleaner
2010-08-25 15:22 . 2010-08-25 15:24 -------- d-----w- c:\programmi\SpywareBlaster
2010-08-25 15:19 . 2010-08-28 19:42 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni
2010-08-25 15:19 . 2010-08-25 15:19 -------- d-----w- c:\documents and settings\Proprietario\Menu Avvio
2010-08-25 15:19 . 2010-08-25 15:19 -------- d-----w- c:\documents and settings\Proprietario
2010-08-25 14:31 . 2010-08-25 14:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-08-25 14:29 . 2008-04-13 16:53 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-08-25 14:29 . 2008-04-13 16:53 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-08-17 21:25 . 2010-08-17 21:27 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Skype
2010-08-17 21:06 . 2010-08-17 21:06 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Systenance
2010-08-17 21:04 . 2010-08-17 21:17 -------- d-----w- c:\programmi\Index.dat Analyzer
2010-08-17 21:00 . 2010-08-17 21:00 -------- d-----w- c:\programmi\MRU-Blaster
2010-08-17 20:36 . 2010-08-17 20:43 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Disk Cleaner
2010-08-17 20:36 . 2010-08-17 20:49 -------- d-----w- c:\programmi\Disk Cleaner
2010-08-17 18:18 . 2010-08-17 18:18 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Safe mirror
2010-08-17 18:12 . 2010-08-17 18:28 -------- d-----w- c:\programmi\Cobian Backup 10
2010-08-17 17:56 . 2010-08-17 17:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrium
2010-08-17 17:54 . 2010-08-17 17:54 43646 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}\_7EC800011302E1DCCD5EC0.exe
2010-08-17 17:54 . 2010-08-17 17:54 43646 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}\_3D2A0315C2A3AF4656C8F8.exe
2010-08-17 17:54 . 2010-08-17 17:54 29926 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}\_574E77735DFB13FA487538.exe
2010-08-17 17:54 . 2010-08-17 17:54 43646 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}\_D707CE1C009F1381803C2C.exe
2010-08-17 17:54 . 2010-08-17 17:54 43646 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}\_21F3885A18D238E15AAE81.exe
2010-08-17 17:54 . 2010-08-17 17:54 109534 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}\_6FEFF9B68218417F98F549.exe
2010-08-17 17:54 . 2010-08-17 17:54 -------- d-----w- c:\programmi\Macrium
2010-08-17 16:55 . 2007-12-28 07:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-08-17 16:34 . 2008-05-30 12:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-08-17 16:34 . 2010-08-17 16:34 -------- d-----w- c:\windows\Logs
2010-08-17 16:34 . 2010-08-17 16:41 -------- d-----w- c:\programmi\Pictomio
2010-08-17 16:26 . 2010-08-17 16:26 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Leadertech
2010-08-17 15:33 . 2010-08-17 15:33 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\AdobeUM
2010-08-17 12:48 . 2008-04-14 12:00 2560 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\USMT\iconlib.dll
2010-08-17 11:35 . 2010-08-17 11:35 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\UltraVNC
2010-08-17 11:34 . 2010-08-17 12:37 -------- d-----w- c:\programmi\UltraVNC
2010-08-16 20:49 . 2010-08-16 20:49 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Datalayer
2010-08-16 20:49 . 2010-08-16 20:49 -------- d-----w- c:\documents and settings\Giuseppe\Phone Browser
2010-08-16 20:48 . 2010-08-16 20:48 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Nokia
2010-08-16 20:44 . 2010-08-16 20:44 -------- d-----w- c:\programmi\Epocware
2010-08-16 20:26 . 2010-08-16 20:26 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Template
2010-08-16 20:09 . 2010-08-16 20:12 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Apple Computer
2010-08-16 20:09 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-16 20:09 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-16 20:08 . 2010-08-16 20:08 -------- d-----w- c:\programmi\iPod
2010-08-16 20:08 . 2010-08-16 20:09 -------- d-----w- c:\programmi\iTunes
2010-08-16 20:08 . 2010-08-16 20:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-16 20:07 . 2010-08-16 20:08 -------- d-----w- c:\programmi\QuickTime
2010-08-16 20:07 . 2010-08-16 20:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-08-16 20:07 . 2010-08-16 20:07 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Apple
2010-08-16 20:07 . 2010-08-16 20:07 -------- d-----w- c:\programmi\Apple Software Update
2010-08-16 20:07 . 2010-04-19 18:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 06:33 . 2009-02-04 08:20 84702 ----a-w- c:\windows\system32\perfc010.dat
2010-09-02 06:33 . 2009-02-04 08:20 489980 ----a-w- c:\windows\system32\perfh010.dat
2010-09-01 20:03 . 2010-08-16 20:25 348 ----a-w- c:\documents and settings\Giuseppe\Dati applicazioni\wklnhst.dat
2010-08-30 19:52 . 2010-08-15 22:29 71520 ----a-w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-08-29 15:21 . 2009-02-04 08:12 -------- d-----w- c:\programmi\Microsoft Works
2010-08-29 15:21 . 2010-08-16 18:53 -------- d-----w- c:\programmi\MSBuild
2010-08-26 15:32 . 2010-08-26 15:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-08-26 15:32 . 2010-08-26 15:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-26 10:13 . 2010-08-26 10:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-08-17 15:37 . 2009-02-04 08:11 -------- d-----w- c:\programmi\File comuni\Adobe
2010-08-17 11:54 . 2009-02-04 07:36 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-16 18:53 . 2010-08-16 18:53 -------- d-----w- c:\programmi\Reference Assemblies
2010-08-15 22:30 . 2010-08-15 22:29 137 ----a-w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-07-29 18:28 . 2010-07-29 18:28 12256 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2010-07-29 18:28 . 2010-07-29 18:28 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-07-29 18:27 . 2010-07-29 18:27 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-06-30 12:31 . 2009-02-04 08:20 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2009-02-04 08:20 669696 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2009-02-04 08:20 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 09:02 . 2009-02-04 08:20 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2009-02-04 08:20 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-02-04 08:20 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-02-04 07:35 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-02-04 08:20 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-09-01_22.52.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-04 08:20 . 2010-09-02 06:33 71708 c:\windows\system32\perfc009.dat
+ 2009-02-04 08:20 . 2010-09-02 06:33 441772 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 94208]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-14 17508864]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Giuseppe\Menu Avvio\Programmi\Esecuzione automatica\
MRU-Blaster Silent Clean.lnk - c:\programmi\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\UltraVNC\\winvnc.exe"=
"c:\\Programmi\\UltraVNC\\vncviewer.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [29/07/2010 20.28.02 15328]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [01/06/2010 19.00.22 25240]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [04/06/2010 11.55.58 229312]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\programmi\Cobian Backup 10\cbVSCService.exe [17/08/2010 20.28.30 67584]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 18.33.38 50704]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [29/07/2010 20.27.42 220128]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/04/2009 18.14.51 1684736]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [29/07/2010 20.27.52 44512]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [29/07/2010 20.28.26 12256]
S4 Norton Internet Security;Norton Internet Security;"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-08-25 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SpybotSD.exe [2010-08-25 13:31]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=it&q=
FF - component: c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\goh9r3ck.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 22:57
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1292)
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
Ora fine scansione: 2010-09-02 23:00:29
ComboFix-quarantined-files.txt 2010-09-02 21:00
ComboFix2.txt 2010-09-01 22:54
ComboFix3.txt 2010-08-30 13:09

Pre-Run: 73.941.995.520 byte disponibili
Post-Run: 73.930.358.784 byte disponibili

- - End Of File - - 1B0005820EC4546773A4E8A9B9A39AC5


grazie
Torna in alto
 
monsee
Inviato: Friday, September 03, 2010 12:11:51 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Il secondo "attacco" con ComboFix ha avuto risultati assai migliori del primo. La "chiave bloccata" che risulta NON è da eliminare.
Comunque, non hai fatto quel che ti avevo chiesto (andare in Modalità Provvisoria dopo aver disabilitato il Ripristino configurazione di sistema e scansionare il Disco C prima con il tuo antivirus [ben aggiornato] e poi con Malwarebytes' AntiMalware [ben aggiornato anch'esso]), né mi hai detto se hai trovato o no il file e il processo che t'avevo chiesto di cercare)...

Verifica di NON avere una cartella
c:\programmi\Norton Internet Security
(controlla anche fra i files e le cartelle "nascoste")

Verifica, inoltre, di non avere questo valore nel tuo Registro di Sistema:
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

E svuota la cartella Prefetch (ma SENZA eliminarla: devi solo eliminarne il contenuto, la cartella è "di Sistema" e deve rimanere dove sta [ossia, in C:/Windows]).
Torna in alto
 
fdaccc
Inviato: Friday, September 03, 2010 6:16:54 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
E dopo dicci come va il PC.
A dopo.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » log hijackthis computer lento


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.