ciao a tutti mi potete controllare i log di hijackthis? voglio pulire un po il secondo pc grazie


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:15, on 10.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\conmsyrtl.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Dati applicazioni\SeekService\seekservice145.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\SeekService\seekservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stefano\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Programmi\ShareazaTb\ShareazaDx.dll
O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Programmi\ShareazaTb\ShareazaDx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Servizio Acronis Scheduler2] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Sistema de Comm] conmsyrtl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Programmi\LimeWire\LimeWire.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO.lnk = C:\Programmi\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA487843-CA52-4990-BC47-B5B6FC38541E}: NameServer = 212.216.172.62,194.243.154.62
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Servizio Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Dati applicazioni\SeekService\seekservice145.exe

--
End of file - 8316 bytes

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
Se proprio vuoi ripulire il pc, comincia a prendere in considerazione di cambiare antivirus.

Elimina quello che ha trovato Malwarebytes.

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Più avanti, ti indicherò l'antivirus da installare.

Per disistallare Avast!:
Cessane l'esecuzione dalla Tray bar. (vicino all'orologio)
Scarica questo Tooll specifico sul Desktop:
http://files.avast.com/files/eng/aswclear.exe
Lo si deve eseguire in Modalità provvisoria.
Ecco la pagina con le istruzioni:
http://www.avast.com/eng/avast-uninstall-utility.html
Riavvia in Modalità normale. (sconnesso da internet)

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Scarica Avira:
http://www.aiutamici.com/software?ID=10908

Lo configuri esattamente come in questa guida, in formato PDF:

http://www.zeusnews.it/zz_upload/PSV/Guida%20completa%20di%20%20AVIRA%20Antivir%209.pdf

Le voci indicate nella prima immagine a pagina 10 della Guida, spuntale tutte (nell'immagine non lo sono).

Fai una scansione completa e posta il log.

up

ho fatto tutto come mi hai indicato ecco il log (il file del log si chiama log.txt è lo stesso?)


ComboFix 09-12-10.01 - Stefano 12.12.2009 15:41:48.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1040.18.2047.1608 [GMT 1:00]
Eseguito da: c:\documents and settings\Stefano\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-11-12 al 2009-12-12 )))))))))))))))))))))))))))))))))))
.

2009-12-12 14:40 . 2009-12-12 14:41 -------- d-----w- C:\32788R22FWJFW
2009-12-11 15:51 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-11 15:51 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-11 15:51 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-11 15:51 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-11 15:51 . 2009-12-11 15:51 -------- d-----w- c:\programmi\Avira
2009-12-11 15:51 . 2009-12-11 15:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-11 15:46 . 2009-12-11 15:46 -------- d-----w- c:\programmi\CCleaner
2009-12-11 14:28 . 2009-12-11 14:30 -------- d-----w- c:\programmi\Unlocker
2009-12-11 13:12 . 2009-12-11 13:12 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Malwarebytes
2009-12-11 13:12 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-11 13:12 . 2009-12-11 13:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-11 13:11 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-11 13:11 . 2009-12-11 13:12 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-08 13:08 . 2009-12-08 13:08 159168 ----a-w- c:\windows\system32\drivers\afcdp.sys
2009-12-08 13:08 . 2009-12-08 13:08 911552 ----a-w- c:\windows\system32\drivers\tdrpm255.sys
2009-12-08 13:08 . 2009-12-08 13:08 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-12-08 13:08 . 2009-12-08 13:08 157248 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-12-08 13:07 . 2009-12-08 13:08 -------- d-----w- c:\programmi\File comuni\Acronis
2009-12-08 13:07 . 2009-12-08 13:07 -------- d-----w- c:\programmi\Acronis
2009-12-07 18:44 . 2009-12-11 15:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SeekService
2009-12-07 18:44 . 2009-12-11 15:56 -------- d-----w- c:\programmi\SeekService
2009-12-07 18:44 . 2009-12-07 18:45 -------- d-----w- c:\programmi\Power MP3 WMA Converter
2009-12-07 12:41 . 2009-09-30 09:41 361472 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\FgPhotofitDll.dll
2009-12-07 12:41 . 2009-09-21 10:14 8192 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\OpenGLCheck.dll
2009-12-07 12:41 . 2009-08-19 10:40 655872 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\msvcr90.dll
2009-12-07 12:41 . 2009-08-19 10:40 572928 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\msvcp90.dll
2009-12-07 12:41 . 2009-10-08 09:30 13312 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\PhotoFaceConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 6144 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\DetectOpenGLConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 5120 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 9216 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\UploadPhotofitConsole.exe
2009-12-07 12:41 . 2009-08-19 10:40 4178264 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\D3DX9_41.dll
2009-12-07 12:41 . 2009-09-30 18:14 15872 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\PhotoFaceConsole.XmlSerializers.dll
2009-12-04 10:54 . 2009-12-10 21:15 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\LimeWire
2009-12-04 10:53 . 2009-12-04 10:54 -------- d-----w- c:\programmi\LimeWire
2009-11-24 22:05 . 2009-11-24 22:05 -------- d-----w- c:\windows\system32\LogFiles
2009-11-18 20:04 . 2009-11-18 20:04 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Panasonic
2009-11-18 20:01 . 2009-11-18 20:01 -------- d-----w- c:\programmi\Panasonic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 15:30 . 2001-09-01 14:00 83770 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 15:30 . 2001-09-01 14:00 489320 ----a-w- c:\windows\system32\perfh010.dat
2009-12-11 15:27 . 2009-07-01 13:38 -------- d-----w- c:\programmi\Alwil Software
2009-12-10 13:57 . 2009-09-17 12:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-12-07 14:12 . 2009-10-08 21:42 398424 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-07 12:41 . 2009-10-08 13:40 175616 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\unrar64_nocrypt.dll
2009-12-07 12:41 . 2009-10-08 13:40 150528 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\unrar_nocrypt.dll
2009-12-07 12:41 . 2009-10-08 13:40 30208 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\FileDownloadConsole.exe
2009-11-18 20:04 . 2009-07-01 13:49 66152 ----a-w- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-18 20:01 . 2009-06-29 05:18 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-14 02:05 . 2009-09-17 12:33 -------- d-----w- c:\programmi\Microsoft Works
2009-11-08 11:32 . 2009-07-01 15:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-11-07 02:35 . 2009-11-05 23:15 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-11-06 00:02 . 2009-07-01 13:49 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-05 23:15 . 2009-11-05 23:12 -------- d-----w- c:\programmi\Microsoft
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2009-11-05 23:15 . 2009-07-01 13:44 -------- d-----w- c:\programmi\Windows Live
2009-11-05 23:14 . 2009-11-05 23:14 -------- d-----w- c:\programmi\Microsoft Sync Framework
2009-11-05 23:13 . 2009-11-05 23:13 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2009-11-05 23:12 . 2009-11-05 23:12 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-11-05 22:56 . 2009-11-05 22:56 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-10-29 19:46 . 2009-10-29 19:22 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\ShareazaTb
2009-10-29 19:23 . 2009-10-29 19:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\10271
2009-10-29 19:22 . 2009-10-29 19:22 -------- d-----w- c:\programmi\ShareazaTb
2009-10-29 07:40 . 2008-08-26 06:57 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 01:13 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 01:13 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 17:53 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2008-04-14 01:13 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 01:13 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 01:13 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-10 20:08 . 2009-10-10 20:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 20:08 . 2009-10-10 20:08 152576 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-08 13:23 . 2009-10-08 13:14 152064 ----a-w- c:\windows\snap.dat
2009-10-08 13:17 . 2009-10-08 13:17 48620 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-26 07:24 . 2009-06-29 04:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

------- Sigcheck -------

[-] 2008-10-22 . E248A8391D7388A0A3679D1FB33E003D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-10-22 . E092AEB03D40F40854D4C3D90C9AFECC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-11_14.40.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-12-12 11:18 . 2009-12-12 11:18 16384 c:\windows\Temp\Perflib_Perfdata_600.dat
+ 2001-09-01 14:00 . 2009-12-11 15:30 70948 c:\windows\system32\perfc009.dat
- 2001-09-01 14:00 . 2009-11-26 14:21 70948 c:\windows\system32\perfc009.dat
+ 2009-12-11 15:51 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2001-09-01 14:00 . 2009-12-11 15:30 441832 c:\windows\system32\perfh009.dat
- 2001-09-01 14:00 . 2009-11-26 14:21 441832 c:\windows\system32\perfh009.dat
+ 2009-12-11 15:27 . 2009-12-11 15:27 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2009-12-11 15:51 . 2009-12-11 15:51 228352 c:\windows\Installer\ce6e0.msi
+ 2009-12-12 11:22 . 2009-12-12 11:22 195584 c:\windows\Installer\43c8d.msi
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}]
2009-08-10 14:07 91584 ----a-w- c:\programmi\ShareazaTb\ShareazaDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\programmi\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584]

[HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-06 5076088]
"Servizio Acronis Scheduler2"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2009-10-06 357688]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=

R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [08.12.2009 14:08 911552]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmi\File comuni\Acronis\CDP\afcdpsrv.exe [08.12.2009 14:08 2326920]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06.11.2009 00:15 54752]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [08.12.2009 14:08 159168]
S2 SeekService Service;SeekService Service;"c:\documents and settings\All Users\Dati applicazioni\SeekService\seekservice145.exe" "c:\programmi\SeekService\seekservice.dll" Service --> c:\documents and settings\All Users\Dati applicazioni\SeekService\seekservice145.exe [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [29.06.2009 06:18 17149]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [01.07.2009 14:49 23152]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [29.06.2009 06:18 362944]
.
------- Scansione supplementare -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CA487843-CA52-4990-BC47-B5B6FC38541E} = 212.216.172.62,194.243.154.62
FF - ProfilePath - c:\documents and settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\lj04s5be.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.it
FF - prefs.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=gsUUfwR7&q=
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=gsUUfwR7&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-12 15:44
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2220)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Ora fine scansione: 2009-12-12 15:45:55
ComboFix-quarantined-files.txt 2009-12-12 14:45
ComboFix2.txt 2009-12-11 14:41

Pre-Run: 303'264'411'648 byte disponibili
Post-Run: 303'239'098'368 byte disponibili

- - End Of File - - F39895136B0C8FE6748A511FA6CB4D14

ho eseguito alla lettera cosa mi hai detto, ma combofix ha fatto tutto come se lo aprissi normalmente senza trascinare sopra il file


ComboFix 09-12-10.01 - Stefano 12.12.2009 17:10:55.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1040.18.2047.1599 [GMT 1:00]
Eseguito da: c:\documents and settings\Stefano\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Stefano\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\documents and settings\All Users\Dati applicazioni\SeekService\seekservice145.exe"
"c:\windows\conmsyrtl.exe"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\SeekService
c:\programmi\SeekService
c:\programmi\SeekService\seekservice.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SEEKSERVICE_SERVICE
-------\Service_SeekService Service


((((((((((((((((((((((((( Files Creati Da 2009-11-12 al 2009-12-12 )))))))))))))))))))))))))))))))))))
.

2009-12-11 15:51 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-11 15:51 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-11 15:51 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-11 15:51 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-11 15:51 . 2009-12-11 15:51 -------- d-----w- c:\programmi\Avira
2009-12-11 15:51 . 2009-12-11 15:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-11 15:46 . 2009-12-11 15:46 -------- d-----w- c:\programmi\CCleaner
2009-12-11 14:28 . 2009-12-11 14:30 -------- d-----w- c:\programmi\Unlocker
2009-12-11 13:12 . 2009-12-11 13:12 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Malwarebytes
2009-12-11 13:12 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-11 13:12 . 2009-12-11 13:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-11 13:11 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-11 13:11 . 2009-12-11 13:12 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-08 13:08 . 2009-12-08 13:08 159168 ----a-w- c:\windows\system32\drivers\afcdp.sys
2009-12-08 13:08 . 2009-12-08 13:08 911552 ----a-w- c:\windows\system32\drivers\tdrpm255.sys
2009-12-08 13:08 . 2009-12-08 13:08 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-12-08 13:08 . 2009-12-08 13:08 157248 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-12-08 13:07 . 2009-12-08 13:08 -------- d-----w- c:\programmi\File comuni\Acronis
2009-12-08 13:07 . 2009-12-08 13:07 -------- d-----w- c:\programmi\Acronis
2009-12-07 18:44 . 2009-12-07 18:45 -------- d-----w- c:\programmi\Power MP3 WMA Converter
2009-12-07 12:41 . 2009-09-30 09:41 361472 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\FgPhotofitDll.dll
2009-12-07 12:41 . 2009-09-21 10:14 8192 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\OpenGLCheck.dll
2009-12-07 12:41 . 2009-08-19 10:40 655872 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\msvcr90.dll
2009-12-07 12:41 . 2009-08-19 10:40 572928 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\msvcp90.dll
2009-12-07 12:41 . 2009-10-08 09:30 13312 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\PhotoFaceConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 6144 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\DetectOpenGLConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 5120 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 9216 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\UploadPhotofitConsole.exe
2009-12-07 12:41 . 2009-08-19 10:40 4178264 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\D3DX9_41.dll
2009-12-07 12:41 . 2009-09-30 18:14 15872 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\PhotoFaceConsole.XmlSerializers.dll
2009-12-04 10:54 . 2009-12-10 21:15 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\LimeWire
2009-12-04 10:53 . 2009-12-04 10:54 -------- d-----w- c:\programmi\LimeWire
2009-11-24 22:05 . 2009-11-24 22:05 -------- d-----w- c:\windows\system32\LogFiles
2009-11-18 20:04 . 2009-11-18 20:04 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Panasonic
2009-11-18 20:01 . 2009-11-18 20:01 -------- d-----w- c:\programmi\Panasonic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 15:30 . 2001-09-01 14:00 83770 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 15:30 . 2001-09-01 14:00 489320 ----a-w- c:\windows\system32\perfh010.dat
2009-12-11 15:27 . 2009-07-01 13:38 -------- d-----w- c:\programmi\Alwil Software
2009-12-10 13:57 . 2009-09-17 12:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-12-07 14:12 . 2009-10-08 21:42 398424 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-07 12:41 . 2009-10-08 13:40 175616 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\unrar64_nocrypt.dll
2009-12-07 12:41 . 2009-10-08 13:40 150528 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\unrar_nocrypt.dll
2009-12-07 12:41 . 2009-10-08 13:40 30208 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\FileDownloadConsole.exe
2009-11-18 20:04 . 2009-07-01 13:49 66152 ----a-w- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-18 20:01 . 2009-06-29 05:18 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-14 02:05 . 2009-09-17 12:33 -------- d-----w- c:\programmi\Microsoft Works
2009-11-08 11:32 . 2009-07-01 15:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-11-07 02:35 . 2009-11-05 23:15 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-11-06 00:02 . 2009-07-01 13:49 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-05 23:15 . 2009-11-05 23:12 -------- d-----w- c:\programmi\Microsoft
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2009-11-05 23:15 . 2009-07-01 13:44 -------- d-----w- c:\programmi\Windows Live
2009-11-05 23:14 . 2009-11-05 23:14 -------- d-----w- c:\programmi\Microsoft Sync Framework
2009-11-05 23:13 . 2009-11-05 23:13 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2009-11-05 23:12 . 2009-11-05 23:12 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-11-05 22:56 . 2009-11-05 22:56 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-10-29 19:46 . 2009-10-29 19:22 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\ShareazaTb
2009-10-29 19:23 . 2009-10-29 19:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\10271
2009-10-29 19:22 . 2009-10-29 19:22 -------- d-----w- c:\programmi\ShareazaTb
2009-10-29 07:40 . 2008-08-26 06:57 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 01:13 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 01:13 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 17:53 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2008-04-14 01:13 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 01:13 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 01:13 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-10 20:08 . 2009-10-10 20:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 20:08 . 2009-10-10 20:08 152576 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-08 13:23 . 2009-10-08 13:14 152064 ----a-w- c:\windows\snap.dat
2009-10-08 13:17 . 2009-10-08 13:17 48620 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-26 07:24 . 2009-06-29 04:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

------- Sigcheck -------

[-] 2008-10-22 . E248A8391D7388A0A3679D1FB33E003D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-10-22 . E092AEB03D40F40854D4C3D90C9AFECC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-11_14.40.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-12-12 16:14 . 2009-12-12 16:14 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
+ 2001-09-01 14:00 . 2009-12-11 15:30 70948 c:\windows\system32\perfc009.dat
- 2001-09-01 14:00 . 2009-11-26 14:21 70948 c:\windows\system32\perfc009.dat
+ 2009-12-11 15:51 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2001-09-01 14:00 . 2009-11-26 14:21 441832 c:\windows\system32\perfh009.dat
+ 2001-09-01 14:00 . 2009-12-11 15:30 441832 c:\windows\system32\perfh009.dat
+ 2009-12-11 15:27 . 2009-12-11 15:27 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2009-12-11 15:51 . 2009-12-11 15:51 228352 c:\windows\Installer\ce6e0.msi
+ 2009-12-12 11:22 . 2009-12-12 11:22 195584 c:\windows\Installer\43c8d.msi
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}]
2009-08-10 14:07 91584 ----a-w- c:\programmi\ShareazaTb\ShareazaDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\programmi\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584]

[HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-06 5076088]
"Servizio Acronis Scheduler2"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2009-10-06 357688]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=

R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [08.12.2009 14:08 911552]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmi\File comuni\Acronis\CDP\afcdpsrv.exe [08.12.2009 14:08 2326920]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06.11.2009 00:15 54752]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [08.12.2009 14:08 159168]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [29.06.2009 06:18 17149]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [01.07.2009 14:49 23152]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [29.06.2009 06:18 362944]
.
------- Scansione supplementare -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CA487843-CA52-4990-BC47-B5B6FC38541E} = 212.216.172.62,194.243.154.62
FF - ProfilePath - c:\documents and settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\lj04s5be.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.it
FF - prefs.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=gsUUfwR7&q=
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=gsUUfwR7&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-12 17:14
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\WININET.dll
c:\programmi\Unlocker\UnlockerHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-12 17:17:08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-12 16:17
ComboFix2.txt 2009-12-12 14:45
ComboFix3.txt 2009-12-11 14:41

Pre-Run: 303'228'579'840 byte disponibili
Post-Run: 303'129'432'064 byte disponibili

- - End Of File - - 1E754D435FB630527B0BF0807C72E4BB

ecco il log di hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:38, on 12.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stefano\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Programmi\ShareazaTb\ShareazaDx.dll
O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Programmi\ShareazaTb\ShareazaDx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Servizio Acronis Scheduler2] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA487843-CA52-4990-BC47-B5B6FC38541E}: NameServer = 212.216.172.62,194.243.154.62
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Servizio Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 7171 bytes

ciao ho ho eseguito tutto come mi hai detto tu, ora il computer è più reattivo grazie infinite un plauso per te e tutto il forum