Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

pc e connessione lenta Opzioni
raffix
Inviato: Saturday, August 01, 2009 3:33:05 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 53
Salve..sono alle solite..ho il pc che mi va lento, non parliamo poi della connessione, non capisco il perchè..non voglio portare di nuovo il pc a formattare mi aiutate per favore?
Sponsor
Inviato: Saturday, August 01, 2009 3:33:05 PM

 
tool
Inviato: Saturday, August 01, 2009 3:38:10 PM

Rank: AiutAmico

Iscritto dal : 2/18/2007
Posts: 337
Con i test velocità adsl che risultato ti dà?
shapiro
Inviato: Saturday, August 01, 2009 3:38:46 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

posta un log di hijackthis

http://www.aiutamici.com/software?ID=11175

lancia il programma cliccando l’eseguibile e avvia la scansione, scegliendo la voce "Do a system scan and save a logfile" e mettilo in programmi o documenti se vuoi salvare il back-up delle voci rimosse
antonpaco
Inviato: Saturday, August 01, 2009 4:10:53 PM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
se dovessi decidere di formattarlo fai una bella cosa, prima di ritornare in rete crea l'immagine del disco fisso con macrium reflect che trovi in aiutamici in modo che la prossima volta in 5 minuti ripristini il tutto senza piu' formattare.
raffix
Inviato: Saturday, August 01, 2009 4:24:45 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 53
Questo è il risultato del test : in donload 2751 in upload 290
raffix
Inviato: Saturday, August 01, 2009 4:27:50 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 53
E questo è il log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.26.22, on 01/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Leon\Desktop\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Programmi\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Leon\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D19145B-C34A-4E53-8560-193917AC37B3}: NameServer = 85.37.17.11 85.38.28.69
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe

--
End of file - 7626 bytes
shapiro
Inviato: Saturday, August 01, 2009 4:36:51 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
nel log non sono presenti minacce

Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Leon\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)



scarica Atfcleaner

http://www.atribune.org/ccount/click.php?id=1

Avvia ATFCleaner.exe con un doppio click

1.1) seleziona la casella Select All
2.1) clicca sul pulsante Empty selected
3.1) aspetta l'avviso Done Cleaning
(se usi opera o firefox,spunta anche le loro sezioni)

Fai pulizia con ccleaner

http://www.aiutamici.com/software?ID=11223


Clicca i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati (Pulsante in basso a Destra)
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI



Scarica e installa
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo e fai una scansione completa del computer. Posta il rapporto ottenuto. Per ora non rimuovere nessuna eventuale minaccia rilevata
raffix
Inviato: Saturday, August 01, 2009 7:06:11 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 53
Ciao shapiro..ho fatto quello che mi hai detto, infine si è completata la scansione di malware, mi dice di aver trovato un file infetto: Adware.MyWebSearch ma non ho eliminato..ti posto il log:

Malwarebytes' Anti-Malware 1.39
Versione del database: 2540
Windows 5.1.2600 Service Pack 2

01/08/2009 19.00.25
mbam-log-2009-08-01 (19-00-19).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|)
Elementi scansionati: 121207
Tempo trascorso: 49 minute(s), 6 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
shapiro
Inviato: Saturday, August 01, 2009 8:07:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
si puoi levare quella schifezza

riavvia malwarebytes ed elimina



vai nella cartella Programmi o Program Files cerca ed eventualmente elimina queste cartelle (se le trovi)

FunWebProducts

MyWebSearch

Smiley Central





Fai anche questa scansione


Scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

(non installare la recovery console)

Disconnetiti da internet
Disattiva l'antivirus.
Avvia il file ComboFix.exe
Digita 1 per avviare il tool
Segui le istruzioni (non fare nulla durante la scansione, se spariscono le icone dal desktop è normale) e alla fine verrà generato un log.
Finito, posta il log che trovi in C:\Combofix.txt
raffix
Inviato: Saturday, August 01, 2009 8:47:30 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 53
Ecco il log di combofix:

ComboFix 09-07-31.04 - Leon 01/08/2009 20.31.21.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.383.155 [GMT 2:00]
Eseguito da: c:\documents and settings\Leon\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090801-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\3dc67.msp
c:\windows\Installer\5c09c.msi
c:\windows\system32\w32apiw.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-07-01 al 2009-08-01 )))))))))))))))))))))))))))))))))))
.

2009-08-01 18:15 . 2009-08-01 18:15 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\IMVU
2009-08-01 18:14 . 2009-08-01 18:14 82041 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\Uninstall.exe
2009-08-01 18:13 . 2009-08-01 18:14 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient
2009-08-01 14:59 . 2009-08-01 14:59 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\nCleaner
2009-08-01 14:53 . 2009-08-01 14:53 -------- d-----w- c:\programmi\NKProds
2009-08-01 13:28 . 2009-08-01 13:28 -------- d-----w- c:\programmi\Trend Micro
2009-08-01 13:19 . 2009-08-01 13:19 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\Malwarebytes
2009-08-01 13:18 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-01 13:18 . 2009-08-01 13:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-08-01 13:18 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 13:18 . 2009-08-01 13:19 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-31 06:36 . 2009-07-31 06:36 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\PCHealth
2009-07-30 20:19 . 2009-07-30 20:19 -------- d-----w- c:\windows\Sun
2009-07-27 18:14 . 2009-07-27 18:14 92192 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\IMVUupdater.exe
2009-07-27 18:14 . 2009-07-27 18:14 18688 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\imvuqualityagent.exe
2009-07-27 18:14 . 2009-07-27 18:14 49920 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\IMVUClient.exe
2009-07-27 18:08 . 2009-07-27 18:08 1249280 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\SceneWindow.dll
2009-07-27 18:08 . 2009-07-27 18:08 15872 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\MemoryHook.dll
2009-07-27 18:07 . 2009-07-27 18:07 296960 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\cal3d.dll
2009-07-27 18:07 . 2009-07-27 18:07 30720 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\CallStack.dll
2009-07-27 18:07 . 2009-07-27 18:07 257536 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\audiere.dll
2009-07-27 18:07 . 2009-07-27 18:07 192000 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\boost_python.dll
2009-07-21 08:23 . 2009-07-21 09:32 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\uTorrent
2009-07-17 14:08 . 2009-07-17 14:08 -------- d-----w- c:\documents and settings\Leon\Impostazioni locali\Dati applicazioni\Identities
2009-07-17 07:11 . 2009-07-17 07:11 -------- d-----w- c:\documents and settings\Leon\WINDOWS
2009-07-10 10:51 . 2009-07-10 10:51 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2009-07-10 10:50 . 2009-07-10 18:47 -------- d-----w- c:\programmi\SpeedFan
2009-07-09 11:32 . 2009-07-09 11:32 -------- d-sh--w- c:\documents and settings\Leon\PrivacIE
2009-07-09 11:30 . 2009-07-09 11:30 -------- d-sh--w- c:\documents and settings\Leon\IETldCache
2009-07-09 11:25 . 2009-07-29 19:48 -------- d-----w- c:\windows\ie8updates
2009-07-09 09:31 . 2009-07-09 09:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-07-09 09:28 . 2009-07-09 11:24 -------- dc-h--w- c:\windows\ie8
2009-07-09 09:22 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 09:22 . 2009-07-03 16:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 09:22 . 2009-07-03 16:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 09:19 . 2009-07-09 09:20 -------- d-----w- C:\b43c3b2f3175de090270c6c9ca
2009-07-09 09:13 . 2009-07-09 09:13 -------- d-----w- c:\programmi\Windows Defender
2009-07-09 08:09 . 2009-07-09 08:09 -------- d-----w- c:\programmi\AC3Filter
2009-07-03 14:18 . 2009-07-03 14:18 -------- d-----w- c:\documents and settings\Leon\Impostazioni locali\Dati applicazioni\Ahead
2009-07-03 14:14 . 2009-07-03 14:21 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\Ahead
2009-07-03 14:13 . 2009-07-03 14:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-07-03 14:03 . 2009-07-03 14:10 -------- d-----w- c:\programmi\File comuni\Ahead
2009-07-03 14:03 . 2009-07-03 14:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-07-03 13:12 . 2009-07-03 13:17 -------- d-----w- C:\DVDTemp
2009-07-03 13:11 . 2008-10-10 16:25 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-03 13:11 . 2008-10-04 08:22 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-07-03 13:11 . 2009-07-03 13:11 -------- d-----w- c:\programmi\ffdshow
2009-07-03 13:10 . 2009-07-11 06:20 -------- d-----w- c:\programmi\Free DVD Creator
2009-07-03 12:31 . 2009-07-03 12:31 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\InfraRecorder
2009-07-03 12:08 . 2009-07-03 12:12 -------- d-----w- c:\programmi\Elaborate Bytes
2009-07-03 11:18 . 2009-07-03 11:18 -------- d-----w- c:\programmi\AskTBar
2009-07-03 11:00 . 2009-07-03 11:00 -------- d-----w- c:\programmi\Nero
2009-07-03 10:36 . 2009-07-03 10:36 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\AVS4YOU
2009-07-03 10:36 . 2009-07-03 10:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-07-03 10:35 . 2009-07-03 10:35 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\FinalBurner Video DVD
2009-07-03 10:34 . 2009-07-03 10:35 -------- d-----w- C:\finalburner
2009-07-03 10:30 . 2009-07-03 10:42 -------- d-----w- c:\programmi\AVS4YOU
2009-07-03 10:30 . 2009-07-03 10:42 -------- d-----w- c:\programmi\File comuni\AVSMedia
2009-07-03 10:30 . 2003-05-21 11:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-03 10:30 . 2002-01-05 14:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-07-03 10:30 . 2002-01-05 13:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-07-03 10:30 . 2002-01-05 01:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-07-03 07:27 . 2004-08-19 12:00 25600 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-07-03 07:21 . 2009-07-03 07:21 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-07-03 07:17 . 2009-07-03 07:19 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-03 07:17 . 2009-07-03 07:17 -------- d-----w- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 13:45 . 2009-06-30 19:39 -------- d-----w- c:\programmi\Yahoo!
2009-07-03 16:55 . 2004-08-19 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 08:25 . 2004-08-19 12:00 48568 ----a-w- c:\windows\system32\perfc010.dat
2009-07-02 08:25 . 2004-08-19 12:00 347866 ----a-w- c:\windows\system32\perfh010.dat
2009-07-01 12:06 . 2009-06-22 13:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-06-30 19:40 . 2009-06-30 19:39 -------- d-----w- c:\programmi\CCleaner
2009-06-30 19:39 . 2009-06-30 19:39 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\Yahoo!
2009-06-28 17:52 . 2009-06-22 13:51 26600 ----a-w- c:\documents and settings\Leon\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-27 19:24 . 2009-06-27 19:23 -------- d-----w- c:\programmi\File comuni\Adobe
2009-06-27 19:23 . 2009-06-22 12:06 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-24 21:24 . 2009-06-24 21:24 -------- d-----w- c:\programmi\MSXML 4.0
2009-06-24 21:24 . 2009-06-22 19:29 -------- d-----w- c:\programmi\VS Revo Group
2009-06-23 14:07 . 2009-06-22 11:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-22 19:56 . 2009-06-22 19:56 -------- d-----w- c:\programmi\Microsoft
2009-06-22 19:56 . 2009-06-22 19:55 -------- d-----w- c:\programmi\Windows Live
2009-06-22 19:55 . 2009-06-22 19:55 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-06-22 19:49 . 2009-06-22 19:49 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-06-22 14:05 . 2009-06-22 14:05 -------- d-----w- c:\programmi\Alwil Software
2009-06-22 13:17 . 2009-06-22 13:17 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\Corel
2009-06-22 13:17 . 2009-06-22 13:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-22 13:17 . 2009-06-22 13:17 -------- d-----w- c:\programmi\Java
2009-06-22 13:17 . 2009-06-22 13:17 152576 ----a-w- c:\documents and settings\Leon\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-22 13:13 . 2009-06-22 13:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WEBREG
2009-06-22 13:13 . 2009-06-22 13:08 140342 ----a-w- c:\windows\HPHins13.dat
2009-06-22 13:13 . 2009-06-22 13:13 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\HP
2009-06-22 13:13 . 2009-06-22 13:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2009-06-22 13:13 . 2009-06-22 13:11 -------- d-----w- c:\programmi\File comuni\HP
2009-06-22 13:13 . 2009-06-22 13:09 -------- d-----w- c:\programmi\HP
2009-06-22 13:12 . 2009-06-22 13:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HPSSUPPLY
2009-06-22 13:10 . 2009-06-22 13:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard
2009-06-22 13:01 . 2009-06-22 13:01 -------- d-----w- c:\programmi\File comuni\Corel
2009-06-22 13:01 . 2009-06-22 12:05 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-06-22 13:01 . 2009-06-22 13:01 -------- d-----w- c:\programmi\Corel
2009-06-22 12:59 . 2009-06-22 12:58 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\ArcSoft
2009-06-22 12:55 . 2009-06-22 12:55 -------- d-----w- c:\programmi\File comuni\ArcSoft
2009-06-22 12:55 . 2009-06-22 12:55 -------- d-----w- c:\programmi\ArcSoft
2009-06-22 12:54 . 2009-06-22 12:54 -------- d-----w- c:\programmi\Trust
2009-06-22 12:54 . 2009-06-22 12:54 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\InstallShield
2009-06-22 12:48 . 2009-06-22 12:48 -------- d-----w- c:\programmi\WIDCOMM
2009-06-22 12:41 . 2009-06-22 12:41 -------- d-----w- c:\programmi\Realtek AC97
2009-06-22 12:31 . 2009-06-22 12:31 -------- d-----w- c:\programmi\Pirelli
2009-06-22 12:31 . 2009-06-22 12:31 -------- d-----w- c:\programmi\Common Files
2009-06-22 12:31 . 2009-06-22 12:31 -------- d-----w- c:\programmi\Alice ti aiuta
2009-06-22 12:31 . 2009-06-22 12:31 -------- d-----w- c:\programmi\Motive
2009-06-22 12:31 . 2009-06-22 12:31 2232 ----a-w- c:\windows\java\Packages\Data\N1R1FBT7.DAT
2009-06-22 12:31 . 2009-06-22 12:31 155995 ----a-w- c:\windows\java\Packages\3RFBL3D7.ZIP
2009-06-22 12:31 . 2009-06-22 12:31 2678 ----a-w- c:\windows\java\Packages\Data\WXR5Z97P.DAT
2009-06-22 12:31 . 2009-06-22 12:31 2678 ----a-w- c:\windows\java\Packages\Data\4OI0S471.DAT
2009-06-22 12:31 . 2009-06-22 12:31 2678 ----a-w- c:\windows\java\Packages\Data\JRTFNTVT.DAT
2009-06-22 12:31 . 2009-06-22 12:31 2678 ----a-w- c:\windows\java\Packages\Data\GME5JB1N.DAT
2009-06-22 12:31 . 2009-06-22 12:31 2678 ----a-w- c:\windows\java\Packages\Data\B9RP7LRD.DAT
2009-06-22 12:30 . 2009-06-22 12:30 -------- d-----w- c:\programmi\Telecom Italia
2009-06-22 12:24 . 2009-06-22 12:24 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\Logitech
2009-06-22 12:22 . 2009-06-22 12:22 -------- d-----w- c:\programmi\File comuni\Logitech
2009-06-22 12:22 . 2009-06-22 12:22 -------- d-----w- c:\programmi\Logitech
2009-06-22 12:18 . 2009-06-22 12:17 -------- d-----w- c:\programmi\Ahead
2009-06-22 12:07 . 2009-06-22 12:07 -------- d-----w- c:\programmi\ATI Technologies
2009-06-22 11:55 . 2009-06-22 11:55 -------- d-----w- c:\programmi\microsoft frontpage
2009-06-22 11:53 . 2009-06-22 11:53 -------- d-----w- c:\programmi\Servizi in linea
2009-06-22 11:51 . 2009-06-22 11:51 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-16 14:53 . 2004-08-19 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:53 . 2004-08-19 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\ui\plugins\npswf32.dll
2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\pixomatic.dll
2009-06-08 23:43 . 2009-06-08 23:43 4608 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\w9xpopen.exe
2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\MSVCR71.dll
2009-06-08 23:43 . 2009-06-08 23:43 327680 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\pythoncom25.dll
2009-06-08 23:43 . 2009-06-08 23:43 2113536 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\python25.dll
2009-06-08 23:43 . 2009-06-08 23:43 102400 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\pywintypes25.dll
2009-06-03 19:25 . 2004-08-19 12:00 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:41 . 2004-08-19 12:00 346112 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-06-22 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\Leon\Menu Avvio\Programmi\Esecuzione automatica\
IMVU.lnk - c:\documents and settings\Leon\Dati applicazioni\IMVUClient\IMVUClient.exe [2009-7-27 49920]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-27 113664]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-6-22 212992]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-5-31 577597]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-6-22 450560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Leon\\Desktop\\emule.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22/06/2009 16.05.56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/06/2009 16.05.56 20560]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [22/06/2009 14.54.31 457856]
S0 CanonDrv;CanonDrv;c:\windows\system32\Drivers\CanonDrv.sys --> c:\windows\system32\Drivers\CanonDrv.sys [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-07-31 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-08-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Leon\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 20:38
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*]
"0140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2009-08-01 20.41.16
ComboFix-quarantined-files.txt 2009-08-01 18:40

Pre-Run: 19.138.977.792 byte disponibili
Post-Run: 19.136.552.960 byte disponibili

242 --- E O F --- 2009-07-31 06:37
shapiro
Inviato: Saturday, August 01, 2009 10:54:31 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:

killAll
file::

c:\windows\java\Packages\Data\N1R1FBT7.DAT
c:\windows\java\Packages\3RFBL3D7.ZIP
c:\windows\java\Packages\Data\WXR5Z97P.DAT
c:\windows\java\Packages\Data\4OI0S471.DAT
c:\windows\java\Packages\Data\JRTFNTVT.DAT
c:\windows\java\Packages\Data\GME5JB1N.DAT
c:\windows\java\Packages\Data\B9RP7LRD.DAT





salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.
raffix
Inviato: Sunday, August 02, 2009 12:26:33 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 53
Fatto:

ComboFix 09-07-31.04 - Leon 02/08/2009 11.58.58.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.383.120 [GMT 2:00]
Eseguito da: c:\documents and settings\Leon\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Leon\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090801-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\java\Packages\3RFBL3D7.ZIP"
"c:\windows\java\Packages\Data\4OI0S471.DAT"
"c:\windows\java\Packages\Data\B9RP7LRD.DAT"
"c:\windows\java\Packages\Data\GME5JB1N.DAT"
"c:\windows\java\Packages\Data\JRTFNTVT.DAT"
"c:\windows\java\Packages\Data\N1R1FBT7.DAT"
"c:\windows\java\Packages\Data\WXR5Z97P.DAT"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\java\Packages\3RFBL3D7.ZIP
c:\windows\java\Packages\Data\4OI0S471.DAT
c:\windows\java\Packages\Data\B9RP7LRD.DAT
c:\windows\java\Packages\Data\GME5JB1N.DAT
c:\windows\java\Packages\Data\JRTFNTVT.DAT
c:\windows\java\Packages\Data\N1R1FBT7.DAT
c:\windows\java\Packages\Data\WXR5Z97P.DAT

.
((((((((((((((((((((((((( Files Creati Da 2009-07-02 al 2009-08-02 )))))))))))))))))))))))))))))))))))
.

2009-08-02 09:31 . 2009-08-02 09:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-01 18:15 . 2009-08-01 21:18 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\IMVU
2009-08-01 18:14 . 2009-08-01 18:14 82041 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\Uninstall.exe
2009-08-01 18:13 . 2009-08-01 18:14 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient
2009-08-01 14:59 . 2009-08-01 14:59 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\nCleaner
2009-08-01 14:53 . 2009-08-01 14:53 -------- d-----w- c:\programmi\NKProds
2009-08-01 13:28 . 2009-08-01 13:28 -------- d-----w- c:\programmi\Trend Micro
2009-08-01 13:19 . 2009-08-01 13:19 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\Malwarebytes
2009-08-01 13:18 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-01 13:18 . 2009-08-01 13:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-08-01 13:18 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 13:18 . 2009-08-01 13:19 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-31 06:36 . 2009-07-31 06:36 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\PCHealth
2009-07-30 20:19 . 2009-07-30 20:19 -------- d-----w- c:\windows\Sun
2009-07-27 18:14 . 2009-07-27 18:14 92192 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\IMVUupdater.exe
2009-07-27 18:14 . 2009-07-27 18:14 18688 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\imvuqualityagent.exe
2009-07-27 18:14 . 2009-07-27 18:14 49920 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\IMVUClient.exe
2009-07-27 18:08 . 2009-07-27 18:08 1249280 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\SceneWindow.dll
2009-07-27 18:08 . 2009-07-27 18:08 15872 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\MemoryHook.dll
2009-07-27 18:07 . 2009-07-27 18:07 296960 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\cal3d.dll
2009-07-27 18:07 . 2009-07-27 18:07 30720 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\CallStack.dll
2009-07-27 18:07 . 2009-07-27 18:07 257536 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\audiere.dll
2009-07-27 18:07 . 2009-07-27 18:07 192000 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\boost_python.dll
2009-07-21 08:23 . 2009-07-21 09:32 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\uTorrent
2009-07-17 14:08 . 2009-07-17 14:08 -------- d-----w- c:\documents and settings\Leon\Impostazioni locali\Dati applicazioni\Identities
2009-07-17 07:11 . 2009-07-17 07:11 -------- d-----w- c:\documents and settings\Leon\WINDOWS
2009-07-10 10:51 . 2009-07-10 10:51 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2009-07-10 10:50 . 2009-07-10 18:47 -------- d-----w- c:\programmi\SpeedFan
2009-07-09 11:32 . 2009-07-09 11:32 -------- d-sh--w- c:\documents and settings\Leon\PrivacIE
2009-07-09 11:30 . 2009-07-09 11:30 -------- d-sh--w- c:\documents and settings\Leon\IETldCache
2009-07-09 11:25 . 2009-07-29 19:48 -------- d-----w- c:\windows\ie8updates
2009-07-09 09:31 . 2009-07-09 09:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-07-09 09:28 . 2009-07-09 11:24 -------- dc-h--w- c:\windows\ie8
2009-07-09 09:22 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 09:22 . 2009-07-03 16:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 09:22 . 2009-07-03 16:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 09:19 . 2009-07-09 09:20 -------- d-----w- C:\b43c3b2f3175de090270c6c9ca
2009-07-09 09:13 . 2009-07-09 09:13 -------- d-----w- c:\programmi\Windows Defender
2009-07-09 08:09 . 2009-07-09 08:09 -------- d-----w- c:\programmi\AC3Filter
2009-07-03 14:18 . 2009-07-03 14:18 -------- d-----w- c:\documents and settings\Leon\Impostazioni locali\Dati applicazioni\Ahead
2009-07-03 14:14 . 2009-07-03 14:21 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\Ahead
2009-07-03 14:13 . 2009-07-03 14:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-07-03 14:03 . 2009-07-03 14:10 -------- d-----w- c:\programmi\File comuni\Ahead
2009-07-03 14:03 . 2009-07-03 14:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-07-03 13:12 . 2009-07-03 13:17 -------- d-----w- C:\DVDTemp
2009-07-03 13:11 . 2008-10-10 16:25 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-03 13:11 . 2008-10-04 08:22 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-07-03 13:11 . 2009-07-03 13:11 -------- d-----w- c:\programmi\ffdshow
2009-07-03 13:10 . 2009-07-11 06:20 -------- d-----w- c:\programmi\Free DVD Creator
2009-07-03 12:31 . 2009-07-03 12:31 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\InfraRecorder
2009-07-03 12:08 . 2009-07-03 12:12 -------- d-----w- c:\programmi\Elaborate Bytes
2009-07-03 11:18 . 2009-07-03 11:18 -------- d-----w- c:\programmi\AskTBar
2009-07-03 11:00 . 2009-07-03 11:00 -------- d-----w- c:\programmi\Nero
2009-07-03 10:36 . 2009-07-03 10:36 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\AVS4YOU
2009-07-03 10:36 . 2009-07-03 10:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-07-03 10:35 . 2009-07-03 10:35 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\FinalBurner Video DVD
2009-07-03 10:34 . 2009-07-03 10:35 -------- d-----w- C:\finalburner
2009-07-03 10:30 . 2009-07-03 10:42 -------- d-----w- c:\programmi\AVS4YOU
2009-07-03 10:30 . 2009-07-03 10:42 -------- d-----w- c:\programmi\File comuni\AVSMedia
2009-07-03 10:30 . 2003-05-21 11:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-03 10:30 . 2002-01-05 14:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-07-03 10:30 . 2002-01-05 13:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-07-03 10:30 . 2002-01-05 01:37 344064 ----a-w- c:\windows\system32\msvcr70.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 13:45 . 2009-06-30 19:39 -------- d-----w- c:\programmi\Yahoo!
2009-07-03 16:55 . 2004-08-19 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 07:21 . 2009-07-03 07:21 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-07-02 08:25 . 2004-08-19 12:00 48568 ----a-w- c:\windows\system32\perfc010.dat
2009-07-02 08:25 . 2004-08-19 12:00 347866 ----a-w- c:\windows\system32\perfh010.dat
2009-07-01 12:06 . 2009-06-22 13:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-06-30 19:40 . 2009-06-30 19:39 -------- d-----w- c:\programmi\CCleaner
2009-06-30 19:39 . 2009-06-30 19:39 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\Yahoo!
2009-06-28 17:52 . 2009-06-22 13:51 26600 ----a-w- c:\documents and settings\Leon\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-27 19:24 . 2009-06-27 19:23 -------- d-----w- c:\programmi\File comuni\Adobe
2009-06-27 19:23 . 2009-06-22 12:06 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-24 21:24 . 2009-06-24 21:24 -------- d-----w- c:\programmi\MSXML 4.0
2009-06-24 21:24 . 2009-06-22 19:29 -------- d-----w- c:\programmi\VS Revo Group
2009-06-23 14:07 . 2009-06-22 11:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-22 19:56 . 2009-06-22 19:56 -------- d-----w- c:\programmi\Microsoft
2009-06-22 19:56 . 2009-06-22 19:55 -------- d-----w- c:\programmi\Windows Live
2009-06-22 19:55 . 2009-06-22 19:55 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-06-22 19:49 . 2009-06-22 19:49 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-06-22 14:05 . 2009-06-22 14:05 -------- d-----w- c:\programmi\Alwil Software
2009-06-22 13:17 . 2009-06-22 13:17 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\Corel
2009-06-22 13:17 . 2009-06-22 13:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-22 13:17 . 2009-06-22 13:17 -------- d-----w- c:\programmi\Java
2009-06-22 13:17 . 2009-06-22 13:17 152576 ----a-w- c:\documents and settings\Leon\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-22 13:13 . 2009-06-22 13:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WEBREG
2009-06-22 13:13 . 2009-06-22 13:08 140342 ----a-w- c:\windows\HPHins13.dat
2009-06-22 13:13 . 2009-06-22 13:13 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\HP
2009-06-22 13:13 . 2009-06-22 13:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2009-06-22 13:13 . 2009-06-22 13:11 -------- d-----w- c:\programmi\File comuni\HP
2009-06-22 13:13 . 2009-06-22 13:09 -------- d-----w- c:\programmi\HP
2009-06-22 13:12 . 2009-06-22 13:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HPSSUPPLY
2009-06-22 13:10 . 2009-06-22 13:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard
2009-06-22 13:01 . 2009-06-22 13:01 -------- d-----w- c:\programmi\File comuni\Corel
2009-06-22 13:01 . 2009-06-22 12:05 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-06-22 13:01 . 2009-06-22 13:01 -------- d-----w- c:\programmi\Corel
2009-06-22 12:59 . 2009-06-22 12:58 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\ArcSoft
2009-06-22 12:55 . 2009-06-22 12:55 -------- d-----w- c:\programmi\File comuni\ArcSoft
2009-06-22 12:55 . 2009-06-22 12:55 -------- d-----w- c:\programmi\ArcSoft
2009-06-22 12:54 . 2009-06-22 12:54 -------- d-----w- c:\programmi\Trust
2009-06-22 12:54 . 2009-06-22 12:54 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\InstallShield
2009-06-22 12:48 . 2009-06-22 12:48 -------- d-----w- c:\programmi\WIDCOMM
2009-06-22 12:41 . 2009-06-22 12:41 -------- d-----w- c:\programmi\Realtek AC97
2009-06-22 12:31 . 2009-06-22 12:31 -------- d-----w- c:\programmi\Pirelli
2009-06-22 12:31 . 2009-06-22 12:31 -------- d-----w- c:\programmi\Common Files
2009-06-22 12:31 . 2009-06-22 12:31 -------- d-----w- c:\programmi\Alice ti aiuta
2009-06-22 12:31 . 2009-06-22 12:31 -------- d-----w- c:\programmi\Motive
2009-06-22 12:30 . 2009-06-22 12:30 -------- d-----w- c:\programmi\Telecom Italia
2009-06-22 12:24 . 2009-06-22 12:24 -------- d-----w- c:\documents and settings\Leon\Dati applicazioni\Logitech
2009-06-22 12:22 . 2009-06-22 12:22 -------- d-----w- c:\programmi\File comuni\Logitech
2009-06-22 12:22 . 2009-06-22 12:22 -------- d-----w- c:\programmi\Logitech
2009-06-22 12:18 . 2009-06-22 12:17 -------- d-----w- c:\programmi\Ahead
2009-06-22 12:07 . 2009-06-22 12:07 -------- d-----w- c:\programmi\ATI Technologies
2009-06-22 11:55 . 2009-06-22 11:55 -------- d-----w- c:\programmi\microsoft frontpage
2009-06-22 11:53 . 2009-06-22 11:53 -------- d-----w- c:\programmi\Servizi in linea
2009-06-22 11:51 . 2009-06-22 11:51 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-16 14:53 . 2004-08-19 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:53 . 2004-08-19 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\ui\plugins\npswf32.dll
2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\pixomatic.dll
2009-06-08 23:43 . 2009-06-08 23:43 4608 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\w9xpopen.exe
2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\MSVCR71.dll
2009-06-08 23:43 . 2009-06-08 23:43 327680 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\pythoncom25.dll
2009-06-08 23:43 . 2009-06-08 23:43 2113536 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\python25.dll
2009-06-08 23:43 . 2009-06-08 23:43 102400 ----a-w- c:\documents and settings\Leon\Dati applicazioni\IMVUClient\pywintypes25.dll
2009-06-03 19:25 . 2004-08-19 12:00 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:41 . 2004-08-19 12:00 346112 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-01_18.38.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-02 10:08 . 2009-08-02 10:08 16384 c:\windows\Temp\Perflib_Perfdata_670.dat
+ 2009-08-02 10:08 . 2009-08-02 10:08 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
+ 2009-08-02 09:30 . 2009-08-02 09:30 16384 c:\windows\Temp\Perflib_Perfdata_5c0.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-06-22 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-27 113664]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-6-22 212992]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-5-31 577597]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-6-22 450560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Leon\\Desktop\\emule.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22/06/2009 16.05.56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/06/2009 16.05.56 20560]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [22/06/2009 14.54.31 457856]
S0 CanonDrv;CanonDrv;c:\windows\system32\Drivers\CanonDrv.sys --> c:\windows\system32\Drivers\CanonDrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-08-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-08-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Leon\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 12:09
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*]
"0140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\WININET.dll
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
c:\progra~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
c:\programmi\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-02 12.23.09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-02 10:23
ComboFix2.txt 2009-08-01 18:41

Pre-Run: 13.924.188.160 byte disponibili
Post-Run: 13.920.038.912 byte disponibili

278 --- E O F --- 2009-07-31 06:37
shapiro
Inviato: Sunday, August 02, 2009 12:53:44 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
se non conosci questa cartella e il suo contenuto, eliminala

C:\b43c3b2f3175de090270c6c9ca


hai ancora installata la AskTBar toolbar? e' una porta aperta a spyware e schifezze varie

usa ccleaner, oramai sai come si usa

http://www.aiutamici.com/software?ID=11223

postami un nuovo hijackthis
raffix
Inviato: Sunday, August 02, 2009 1:20:45 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 53
Non mi sembra piu di avere la asktbar..in tal caso dimmi come eliminarla, ho cancellato quella cartella che mi hai detto e che non conoscevo, ho fatto pulizia con ccleaner e questo è il log di hijack..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.17.32, on 02/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Corel\Corel Graphics 12\PROGRAMS\CORELDRW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Programmi\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Leon\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D19145B-C34A-4E53-8560-193917AC37B3}: NameServer = 85.37.17.11 85.38.28.69
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe

--
End of file - 7306 bytes
shapiro
Inviato: Sunday, August 02, 2009 1:33:18 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio

Avvia il file avenger.exe

Copi e incolli nella finestra: "Imput script here" il SEGUENTE testo COSI' come l'ho scritto CON la dicitura folders to delete:

folders to delete:
C:\Programmi\AskTBar


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.


una cosa importantissima

installa al piu' presto il service pack 3 per la sicurezza del pc

http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&DisplayLang=it

il log e' a posto- appena finito con avenger postami il report e ci facciamo gli auguri di buone vacanze
raffix
Inviato: Sunday, August 02, 2009 2:55:02 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 53
Fatto..è tutto apposto adesso? Ti volevo chiedere un ultima cosa, come faccio a togliere tutti i programmi all'avvio quando accendo il pc..perchè mi rallentano. Grazie per avermi assistito e per la tua disponibilità, ti posto il reporter:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder "C:\Programmi\AskTBar" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
shapiro
Inviato: Sunday, August 02, 2009 5:24:05 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


per togliere i programmi dall'avvio automatico, usa questo programmino

http://www.revouninstaller.com/download/revosetup.exe

avvia il programma, clicca su strumenti\programmi ad avvio automatico e togli la spunta da quelli che non sono strettamente necessari-
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.