grazie per risposta....

ps:la prossima volta fai scrivere all interprete. :-) .... adesso mi trovo a oslo .... e scrivo da tastierra tedesca...... scusami ma e' un trauma :O(

---

mi sembra di capire che quell aggiornamento comprende anche i precedenti servicepack.fai cosi':start,tutti i programmi,windows update,si aprira' una finestra con due opzioni.clicca su "personalizzato"e scarica ed installa tutti gli aggiornamenti ad alta priorita' che ti indichera'.tutto questo se il tuo sistema operativo è originale,se è contraffatto non saprei che dirti.

io il link che gli avevo inviato l ho preso da aiutamici.......

i link che ho postato io li ho postati facendo copia e incolla, non so se è questo il difetto....

2 domande:
1 l'installazione è ferma da un'ora su "esecuzione pulitura", non so se si è bloccata.....
2 il server dove lavoro ha un problema: "Error IBM 1801" (non sta acceso) e quando si accende (x pochi minuti) dice che la ROM non è sufficiente (io la ROM ho sempre pensato che fosse una Romena....) voi ne sapete qualcosa?
Ve lo chiedo xchè l'assistenza ci ha chiesto 1200 euro solo per venirlo a vedere!!!!!!!!

è un buon prezzo dato che ci sei a quella asistenza rimandali a questo post :-)
chissà quanto costa fare un analisi di un log

ancora fermo allo stesso punto........è normale?

si. a suo tempo ho comprato un dell che mi è arrivato con già tutto installato (e senza nessun cd allegato)

r16?

ComboFix:
ComboFix 10-04-15.05 - Proprietario 16/04/2010 18.24.51.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.766.396 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-03-16 al 2010-04-16 )))))))))))))))))))))))))))))))))))
.

2010-04-16 16:15 . 2010-04-16 16:15 -------- d-----w- c:\windows\LastGood
2010-04-16 13:03 . 2008-04-13 16:53 92672 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-04-16 13:03 . 2008-04-13 17:13 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-04-16 13:03 . 2008-04-13 17:13 1306624 ------w- c:\windows\system32\msxml6.dll
2010-04-16 13:03 . 2008-04-13 16:53 92672 ------w- c:\windows\system32\msxml6r.dll
2010-04-16 13:03 . 2008-04-13 17:13 897024 -c----w- c:\windows\system32\dllcache\wmspdmoe.dll
2010-04-16 13:03 . 2008-04-13 17:13 1119744 -c----w- c:\windows\system32\dllcache\wmsdmoe2.dll
2010-04-16 13:03 . 2008-04-13 17:13 1001472 -c----w- c:\windows\system32\dllcache\wmvdmoe2.dll
2010-04-16 13:03 . 2008-04-13 17:13 98304 -c----w- c:\windows\system32\dllcache\wmpband.dll
2010-04-16 13:03 . 2008-04-13 17:13 221184 -c----w- c:\windows\system32\dllcache\wmpns.dll
2010-04-16 13:03 . 2008-04-13 17:13 151552 -c----w- c:\windows\system32\dllcache\wmidx.dll
2010-04-16 13:03 . 2008-04-13 17:13 114688 -c----w- c:\windows\system32\dllcache\wmpasf.dll
2010-04-16 13:03 . 2008-04-13 16:51 186880 -c----w- c:\windows\system32\dllcache\wmerror.dll
2010-04-16 12:56 . 2008-04-13 17:13 286720 -c----w- c:\windows\system32\dllcache\blackbox.dll
2010-04-16 12:53 . 2008-04-13 07:36 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2010-04-16 12:53 . 2008-04-13 09:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-04-16 08:34 . 2009-04-06 09:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-04-16 08:33 . 2009-02-10 14:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-04-16 08:28 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-04-16 08:27 . 2010-04-16 08:27 -------- d-----w- c:\programmi\Agnitum
2010-04-16 08:27 . 2010-04-16 08:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2010-04-15 11:41 . 2010-04-15 11:41 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Malwarebytes
2010-04-15 11:41 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 11:41 . 2010-04-15 11:41 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-15 11:41 . 2010-04-15 11:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-15 11:41 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 11:13 . 2010-04-09 11:13 27 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C98364860CAB473408E81B028FA65F7D.dll
2010-04-09 11:12 . 2010-04-09 11:12 152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
2010-04-09 11:12 . 2010-04-09 11:12 760 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_68AB67CA7DA70401B7448A2100000030.dll
2010-04-09 11:12 . 2010-04-09 11:12 907 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_3e43b73803c7c394f8a6b2f0402e19c2.dll
2010-04-09 11:11 . 2010-04-09 11:32 -------- d-----w- c:\programmi\Security Task Manager
2010-04-08 07:50 . 2010-04-08 07:50 4255072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-04-02 08:01 . 2010-04-02 08:01 4076824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2010-04-02 08:01 . 2010-04-02 08:01 2059544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtray.exe
2010-04-02 08:01 . 2010-04-02 08:01 1274136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-04-02 08:01 . 2010-04-02 08:01 1598744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssie.dll
2010-04-02 08:01 . 2010-04-02 08:01 1515224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgwd.dll
2010-04-02 08:01 . 2010-04-02 08:01 598296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgsrmx.dll
2010-04-02 08:01 . 2010-04-02 08:01 313112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avglogx.dll
2010-04-02 08:01 . 2010-04-02 08:01 459544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcclix.dll
2010-04-02 08:01 . 2010-04-02 08:01 1086744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchsvx.exe
2010-04-02 08:01 . 2010-04-02 08:01 556824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2010-04-02 08:01 . 2010-04-02 08:01 301336 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchclx.dll
2010-04-02 07:55 . 2010-04-02 07:55 1035032 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2010-04-02 07:55 . 2010-04-02 07:55 1685784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-03-31 15:31 . 2010-02-23 12:04 1664256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar\IEToolbar.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 16:16 . 2006-09-06 09:30 51792 -c--a-w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-16 16:14 . 2002-09-23 17:49 425432 ----a-w- c:\windows\system32\perfh010.dat
2010-04-16 16:14 . 2002-09-23 17:49 63180 ----a-w- c:\windows\system32\perfc010.dat
2010-04-16 13:05 . 2006-09-05 09:37 77811 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-04-16 10:27 . 2010-03-10 12:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar
2010-04-15 17:12 . 2007-05-16 11:56 -------- d-----w- c:\programmi\CCleaner
2010-04-15 15:42 . 2006-09-07 16:20 -------- d-----w- c:\programmi\Symantec
2010-04-15 15:38 . 2006-09-07 16:19 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2010-04-15 14:21 . 2006-10-23 12:44 49 ----a-w- c:\windows\wpd99.drv
2010-04-09 11:22 . 2009-07-20 10:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan
2010-03-15 07:36 . 2008-06-11 08:35 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-15 07:36 . 2010-03-15 07:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 07:36 . 2007-11-05 11:43 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 07:35 . 2008-06-11 08:35 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 12:31 . 2010-03-10 12:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-03-10 12:31 . 2008-06-11 08:34 -------- d-----w- c:\programmi\AVG
2010-03-10 06:15 . 2002-09-23 17:57 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:16 . 2006-06-23 11:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 14:44 . 2008-11-13 17:58 22907 ----a-w- c:\programmi\FirmaVerifica2.1_InstallLog.log
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 07:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/06/2008 10.35.24 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/06/2008 10.35.24 242696]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [16/04/2010 10.34.36 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [16/04/2010 10.28.00 1195008]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [15/03/2010 9.35.57 916760]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [15/03/2010 9.36.12 308064]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [16/04/2010 10.28.09 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [16/04/2010 10.33.29 257432]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.agenziadogane.it/wps/wcm/connect/ed
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {0EBEA047-F744-476B-B8C2-E03ED33DABC9} = 62.212.0.10
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\2g1nmhl6.default\
FF - prefs.js: browser.search.selectedEngine - Babylon
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPAdbESD.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-HijackThis - c:\docume~1\PROPRI~1\IMPOST~1\Temp\Rar$EX00.937\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-16 18:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2148)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\HPZipm12.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-16 18:41:08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-16 16:41

Pre-Run: 62.391.955.456 byte disponibili
Post-Run: 62.302.011.392 byte disponibili

- - End Of File - - 3BE4FA6BCE5973888813E20EA5BA1038


HJT già che ci siamo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.44.42, on 16/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\explorer.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\Rar$EX00.047\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.agenziadogane.it/wps/wcm/connect/ed
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EBEA047-F744-476B-B8C2-E03ED33DABC9}: NameServer = 62.212.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EBEA047-F744-476B-B8C2-E03ED33DABC9}: NameServer = 62.212.0.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EBEA047-F744-476B-B8C2-E03ED33DABC9}: NameServer = 62.212.0.10
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--
End of file - 5730 bytes

Hai installato tu, e lo usi questo programma?
c:\programmi\Security Task Manager