ciao a tutti!
è la prima volta che scrivo su questo forum e vorrei gentilmente chiedervi se potete aiutarmi o darmi qualche consiglio :)
da 5 giorni il mio pc (che è nuovo, ha 20 giorni di vita) si blocca. può succedere dopo 3 minuti o dopo 20, ma si blocca e non c'è +niente da fare, si muove il cursore del mouse ma non posso fare niente, non funziona nemmeno ctrl+alt+canc, e nemmeno il pulsante di riavvio del pc...
A volte poi quando si blocca emette un suono bip continuo fisso.
Un mio amico aveva avuto lo stesso identico problema una settimana prima, così gli ho chiesto come avesse risolto, e lui ha trovato la soluzione grazie a questo topic:
http://forum.aiutamici.com/yaf_postst64868_PC-che-si-blocca-e-bippa-allinfinito.aspxho provato quindi la stessa procedura anche io, ma purtroppo credo che nonostante gli effetti siano identici, la causa sia diversa, perchè non mi dà come problema mbr.
Vi vorrei gentilmente chiedere se qualcuno può aiutarmi... perchè non so più cosa fare :(
il log che mi esce da
Hijackthis è questo:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 17.11.58, on 27/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programmi\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\PDF Complete\pdfsvc.exe
C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [PDF Complete] C:\Programmi\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programmi\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone:
http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone:
http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone:
http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone:
http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone:
http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone:
http://www.mcafeeasap.com (HKLM)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0076241259685869) (0076241259685869mcinstcleanup) - Unknown owner - C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\007624~1.EXE (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programmi\PDF Complete\pdfsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
--
End of file - 6505 bytes
Invece il log del
Combofix (che ho fatto provando la procedura descritta nel'altro topic) è questo:
ComboFix 09-12-26.05 - Administrator 27/12/2009 16.59.21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2037.1502 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-11-27 al 2009-12-27 )))))))))))))))))))))))))))))))))))
.
2009-12-27 15:47 . 2009-12-27 15:47 118784 ----a-w- c:\windows\system32\chg.exe
2009-12-26 00:23 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-25 23:52 . 2009-12-25 23:52 1181328 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-25 23:51 . 2009-12-25 23:51 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-25 23:51 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-25 23:51 . 2009-12-25 23:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-12-25 23:51 . 2009-12-25 23:51 -------- d-----w- c:\programmi\Lavasoft
2009-12-25 23:40 . 2009-12-25 23:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-12-25 20:02 . 2009-12-25 20:02 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\PCHealth
2009-12-25 19:11 . 2009-12-25 19:11 -------- d-----w- C:\7450a78964743c95b7eee57b8b
2009-12-25 18:33 . 2009-12-25 19:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-25 18:33 . 2009-12-25 18:38 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-25 13:27 . 2009-12-25 14:35 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2009-12-25 13:27 . 2009-12-25 13:27 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2009-12-25 13:27 . 2009-12-25 13:27 -------- d-----w- c:\documents and settings\HelpAssistant\Phone Browser
2009-12-23 09:19 . 2009-12-01 20:33 916248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcfgx.dll
2009-12-19 11:46 . 2009-12-19 11:46 294656 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avglngx.dll
2009-12-17 23:12 . 2003-06-19 00:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-12-17 23:12 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-12-16 07:33 . 2009-12-16 07:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-12-15 12:30 . 2001-08-30 19:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-12-15 12:30 . 2001-08-30 19:41 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-12-12 12:41 . 2009-12-01 20:33 798488 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avginet.dll
2009-12-11 23:06 . 2009-12-11 23:06 -------- d--h--w- c:\windows\system32\CanonMP Uninstaller Information
2009-12-11 23:06 . 2005-08-04 04:13 49152 ----a-w- c:\windows\system32\cncisco.dll
2009-12-11 23:06 . 2005-08-04 04:12 221184 ----a-w- c:\windows\system32\CNCC150.DLL
2009-12-11 23:06 . 2005-08-04 04:12 69632 ----a-w- c:\windows\system32\CNCI150.DLL
2009-12-11 23:06 . 2005-05-30 10:45 139264 ----a-w- c:\windows\system32\CNCL150.DLL
2009-12-11 23:06 . 2009-12-11 23:06 -------- d-----w- C:\CanonMP
2009-12-11 23:01 . 2009-12-11 23:01 -------- d-----w- c:\documents and settings\Administrator\Phone Browser
2009-12-11 23:01 . 2009-12-11 23:01 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Datalayer
2009-12-11 23:01 . 2009-12-11 23:01 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Nokia
2009-12-11 22:55 . 2009-12-11 22:55 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\PC Suite
2009-12-11 22:55 . 2009-12-11 22:55 -------- d-----w- c:\programmi\Nokia
2009-12-11 22:55 . 2009-12-11 22:55 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-12-11 22:55 . 2009-12-11 22:55 -------- d-----w- c:\programmi\File comuni\Nokia
2009-12-11 22:55 . 2009-12-11 22:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Downloaded Installations
2009-12-11 18:00 . 2009-12-11 18:00 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2009-12-10 23:23 . 2008-04-13 18:13 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-10 23:23 . 2008-04-13 18:13 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-12-10 23:23 . 2008-04-13 17:53 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-12-10 23:23 . 2008-04-13 17:53 14720 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-12-10 23:23 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-12-10 23:23 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-12-07 10:12 . 2007-10-30 06:43 188416 ----a-w- c:\windows\system32\igfxres.dll
2009-12-06 13:46 . 2009-12-06 13:46 -------- d-----w- c:\programmi\Google
2009-12-05 20:39 . 2009-12-20 22:30 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Paint.NET
2009-12-05 20:30 . 2008-04-13 18:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-05 20:30 . 2001-08-30 22:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-05 20:30 . 2008-04-13 10:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-05 20:30 . 2008-04-13 10:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-05 19:58 . 2009-12-05 19:58 -------- d-----w- c:\programmi\Intel
2009-12-05 19:58 . 2007-08-10 14:12 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-12-05 19:58 . 2009-12-05 19:58 -------- d-----w- C:\Intel
2009-12-03 20:31 . 2009-12-03 20:31 -------- d-----w- c:\windows\Sun
2009-12-03 08:42 . 2009-12-03 08:42 -------- d-----w- C:\4e278f2b923e2177bca2e37e23c06b
2009-12-03 08:40 . 2009-12-03 08:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-02 21:52 . 2009-12-02 21:52 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\PCHealth
2009-12-02 21:44 . 2009-12-02 21:44 -------- d-----w- c:\windows\ie8updates
2009-12-02 21:43 . 2009-12-02 21:43 -------- d-----w- c:\programmi\MSXML 4.0
2009-12-02 20:10 . 2008-04-13 10:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-02 20:10 . 2008-04-13 10:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-02 20:10 . 2008-04-13 10:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-02 20:10 . 2008-04-13 10:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-12-02 15:22 . 2009-12-02 15:25 -------- d-----w- c:\programmi\eMule
2009-12-02 08:54 . 2009-12-12 12:42 3967256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2009-12-02 08:54 . 2009-12-01 20:33 497944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2009-12-02 08:54 . 2009-12-02 08:54 844056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2009-12-02 08:54 . 2009-12-02 08:54 1658136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 15:51 . 2009-11-03 02:12 71304 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-27 14:25 . 2009-12-01 20:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-12-25 23:53 . 2009-12-25 23:53 862040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-25 23:53 . 2009-12-25 23:53 206944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-25 23:53 . 2009-12-25 23:53 390288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-25 23:53 . 2009-12-25 23:53 537576 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-25 23:53 . 2009-12-25 23:53 370744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-25 23:53 . 2009-12-25 23:53 194104 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-25 23:53 . 2009-12-25 23:53 6296864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-25 23:53 . 2009-12-25 23:53 933120 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-25 23:53 . 2009-12-25 23:53 816272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-25 23:53 . 2009-12-25 23:53 822904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-25 23:53 . 2009-12-25 23:53 1643272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-25 23:53 . 2009-12-25 23:52 788880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-25 20:12 . 2009-12-02 00:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-12-25 20:09 . 2009-12-02 00:33 -------- d-----w- c:\programmi\Microsoft Works
2009-12-25 20:01 . 2009-12-02 00:33 -------- d-----w- c:\programmi\Microsoft SQL Server
2009-12-21 23:52 . 2009-12-02 00:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PDFC
2009-12-12 12:42 . 2009-12-12 12:42 4043032 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2009-12-12 12:42 . 2009-12-12 12:42 3776280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2009-12-12 12:42 . 2009-12-12 12:42 2352920 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgresf.dll
2009-12-11 23:07 . 2009-12-11 23:07 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ
2009-12-11 21:31 . 2009-12-01 20:57 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2009-12-06 10:02 . 2009-12-02 00:33 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-03 08:46 . 2009-04-06 08:23 543550 ----a-w- c:\windows\system32\perfh010.dat
2009-12-03 08:46 . 2009-04-06 08:23 105292 ----a-w- c:\windows\system32\perfc010.dat
2009-12-02 13:19 . 2009-12-25 23:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-02 08:48 . 2009-12-01 17:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-12-01 21:47 . 2009-12-01 21:44 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Winamp
2009-12-01 21:46 . 2009-12-01 21:44 -------- d-----w- c:\programmi\Winamp
2009-12-01 21:04 . 2009-12-01 21:04 -------- d-----w- c:\programmi\uTorrent
2009-12-01 20:34 . 2009-12-01 20:34 -------- d-----w- c:\programmi\Tumble Bugs
2009-12-01 17:17 . 2009-12-01 17:17 1925024 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2009-12-01 17:03 . 2009-12-01 17:03 -------- d-----w- c:\programmi\Microsoft
2009-12-01 17:03 . 2009-12-01 17:03 -------- d-----w- c:\programmi\Windows Live
2009-12-01 17:03 . 2009-12-01 17:03 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-12-01 16:59 . 2009-12-01 16:59 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-12-01 16:58 . 2009-12-01 16:58 0 ----a-w- c:\windows\nsreg.dat
2009-12-01 16:40 . 2009-12-01 16:40 -------- d-----w- c:\programmi\Collegamenti programmi
2009-11-03 02:22 . 2009-11-03 02:22 1964 --sha-r- c:\windows\system32\drivers\103C_HP_BPC_HP Compaq dx2420 Microtower_YB_0Comp_QCZC944_EVC479EAABZ_48_I2A78h_SMSI_V1.0_B5.18_T090220_WXP3_L410_M2038_J320_7Intel_8e Pentium III Xeon_92.59_#091103_N10EC8136_(VC479EA#ABZ)_X_CD3_Z_2_G808629C2.MRK
2009-11-03 02:07 . 2009-04-06 08:11 88207 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-03 01:53 . 2009-11-03 01:53 142 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\fusioncache.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 1306624]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\programmi\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"SetRefresh"="c:\programmi\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 137752]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\programmi\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26/12/2009 0.53.31 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [02/12/2009 14.19.01 1181328]
R2 pdfcDispatcher;PDF Document Manager;c:\programmi\PDF Complete\pdfsvc.exe [03/11/2009 3.15.11 635416]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 20.09.28 11032]
S2 0076241259685869mcinstcleanup;McAfee Application Installer Cleanup (0076241259685869);c:\docume~1\ADMINI~1\IMPOST~1\Temp\007624~1.EXE c:\progra~1\FILECO~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\007624~1.EXE c:\progra~1\FILECO~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
.
------- Scansione supplementare -------
.
uStart Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\0jy9wa6h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-27 17:01
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\programmi\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-3355448605-723523119-1391511913-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,5f,ee,7f,21,a1,6c,4d,a7,ed,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,5f,ee,7f,21,a1,6c,4d,a7,ed,6b,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(612)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2009-12-27 17:02:37
ComboFix-quarantined-files.txt 2009-12-27 16:02
Pre-Run: 250.260.635.648 byte disponibili
Post-Run: 250.229.116.928 byte disponibili
- - End Of File - - AEF4519B2E81EE7655BB877440E979DE
grazie mille in anticipo!