Benvenuto Ospite

Inviato: Tuesday, January 20, 2009 6:54:56 PM

Iscritto dal : 12/20/2003
da qualche giorno ho notato un sensibile rallentamento del pc e un uso della ram abbastanza alto.
Allego il log di Hjackthis per un controllo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.39.16, on 20/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
I:\Programmi\Programmi EXE\Hjackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [SmartRAM] "C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - (no file)

End of file - 5949 bytes
Inviato: Tuesday, January 20, 2009 7:01:47 PM
Iscritto dal : 8/7/2007
Elimina queste 2 voci di HJT:
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - (no file)
Scarica ed installa MalwareBytes:
clicca qui per il download :
Prima di fare la scansione AGGIORNALO.
Esegui una scansione completa del sistema e, una volta terminata la scansione,assicurati che tutti i files evidenziati, siano selezionati, e clicca Rimuovi Selezionati
Posta il log.
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Dimmi se noti miglioramenti.

Inviato: Tuesday, January 20, 2009 7:23:01 PM

Iscritto dal : 12/20/2003
Ho iniziato a seguire le istruzioni che mi hai dato iniziando da Hjacthis per cancellare le due voci ma c'è un problema, quando vado a cliccare Fix checked si apre una finestra a cui rispondo SI. Rifaccio la scansione con HJ e con somma sorpresa i due file sono ancora lì.
Ho ripetuto l'operazione più volte ma sono sempre lì.
Che debbo fare??
Inviato: Tuesday, January 20, 2009 7:57:09 PM

Iscritto dal : 12/20/2003
Questo è il log di MalwareBytes.

Malwarebytes' Anti-Malware 1.33
Versione del database: 1671
Windows 5.1.2600 Service Pack 3

20/01/2009 19.54.41
mbam-log-2009-01-20 (19-54-41).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 108464
Tempo trascorso: 26 minute(s), 12 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\RECYCLER\S-1-5-21-602162358-790525478-725345543-1003\Dc53.exe (Malware.Tool) -> Quarantined and deleted successfully.
Inviato: Tuesday, January 20, 2009 8:24:24 PM

Iscritto dal : 12/20/2003
A riciao

Questo è il log di Combofix.
Devo dirti che ho notato un diminuzione nell'uso della ram. Prima era stabilizzata dal 45 al 55% ( solo con Firefox apert) ora varia da 65 a 74%. Bel recupero.

Ho visto che combofix ha eliminato dei files. Mi potresti dire che files erano e che danno facevano.

Altra cosa, nel log mi dice che non ho la console di ripristino installata, è utile installarla oppure ne posso fare a meno???


ComboFix 09-01-19.05 - Aldo 2009-01-20 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1022.661 [GMT 1:00]
Eseguito da: c:\documents and settings\Aldo\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Creato nuovo punto di ripristino


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

c:\documents and settings\Aldo\Dati applicazioni\.#
c:\documents and settings\Aldo\Dati applicazioni\.#\MBX@AC4@1213A78.###
c:\documents and settings\Aldo\Dati applicazioni\.#\MBX@AC4@1213A88.###
c:\documents and settings\Aldo\Dati applicazioni\.#\MBX@AC4@1213A98.###
c:\documents and settings\Aldo\Dati applicazioni\.#\MBX@AC4@1213AC8.###
c:\documents and settings\Aldo\Dati applicazioni\.#\MBX@AC4@1213B28.###
c:\documents and settings\Aldo\Dati applicazioni\.#\MBX@AC4@1213B48.###
c:\documents and settings\Aldo\Dati applicazioni\.#\MBX@B98@1213A78.###
c:\documents and settings\Aldo\Dati applicazioni\.#\MBX@B98@1213A88.###
c:\documents and settings\Aldo\Dati applicazioni\.#\MBX@B98@1213A98.###
c:\documents and settings\Aldo\Dati applicazioni\.#\MBX@B98@1213AC8.###
c:\documents and settings\Aldo\Dati applicazioni\.#\MBX@B98@1213B28.###
c:\documents and settings\Aldo\Dati applicazioni\.#\MBX@B98@1213B48.###

((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))


((((((((((((((((((((((((( Files Creati Da 2008-12-20 al 2009-01-20 )))))))))))))))))))))))))))))))))))

2009-01-20 15:51 . 2009-01-20 15:51 <DIR> d-------- c:\documents and settings\Aldo\Dati applicazioni\MAGIX
2009-01-16 16:25 . 2009-01-16 16:25 <DIR> d-------- c:\programmi\K-Lite Codec Pack
2009-01-16 16:16 . 2009-01-16 16:16 <DIR> d-------- C:\videooutput
2009-01-16 16:15 . 2009-01-16 16:15 <DIR> d-------- c:\programmi\Smallvideosoft
2009-01-16 16:15 . 2007-03-07 00:45 3,086,336 --a------ c:\windows\system32\NCMedia.dll
2009-01-16 16:15 . 2007-03-07 00:45 3,086,336 --a------ c:\windows\system32\flvvideo.dll
2009-01-16 16:15 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2009-01-16 10:13 . 2009-01-16 10:18 <DIR> d-------- c:\programmi\Image Mender
2009-01-16 10:06 . 2009-01-16 10:06 <DIR> d-------- c:\documents and settings\Aldo\Dati applicazioni\Media Player Classic
2009-01-16 10:01 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-15 11:01 . 2009-01-15 11:02 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-13 10:20 . 2009-01-13 10:20 <DIR> d-------- c:\programmi\Quick StartUp
2009-01-13 09:34 . 2009-01-13 09:34 <DIR> d-------- c:\programmi\Easy Video Downloader
2009-01-12 08:30 . 2009-01-12 08:30 <DIR> d-------- c:\programmi\File comuni\EZB Systems
2009-01-12 07:58 . 2009-01-12 08:33 <DIR> d-------- c:\programmi\UltraISO
2009-01-12 06:51 . 2009-01-12 06:51 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Ubisoft
2009-01-11 09:55 . 2009-01-11 09:55 3,686,454 --a------ c:\windows\ACD Wallpaper.bmp
2009-01-10 12:04 . 2009-01-10 12:04 <DIR> d-------- c:\documents and settings\Aldo\Dati applicazioni\AISoftware
2009-01-05 10:34 . 2009-01-05 10:34 <DIR> d-------- c:\programmi\Microsoft Virtual PC
2008-12-31 16:53 . 2008-12-31 16:53 <DIR> d-------- c:\programmi\File comuni\SWF Studio
2008-12-30 11:20 . 2008-12-30 11:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MAGIX
2008-12-30 11:20 . 2003-04-18 15:29 44,544 --a------ c:\windows\system32\msxml4a.dll
2008-12-30 11:17 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2008-12-30 11:17 . 2001-05-16 17:54 309,616 --a------ c:\windows\system32\wmv8dmod.dll
2008-12-30 11:17 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\
2008-12-30 11:15 . 2008-12-30 11:20 <DIR> d-------- c:\programmi\File comuni\MAGIX Shared
2008-12-30 11:08 . 2008-12-30 11:21 <DIR> d-------- c:\programmi\MAGIX
2008-12-30 11:08 . 2002-09-20 23:33 1,089,536 --a------ c:\windows\system32\ROBOEX32.DLL
2008-12-30 11:08 . 1998-10-15 16:28 85,504 --a------ c:\windows\system32\HtmlWH.dll
2008-12-30 11:08 . 1999-01-28 13:44 49,152 --a------ c:\windows\system32\INETWH32.dll
2008-12-30 11:07 . 2008-12-30 11:21 <DIR> d-------- c:\windows\system32\MAGIX
2008-12-30 11:07 . 2007-02-07 10:53 663,552 --a------ c:\windows\system32\mgxoschk.dll
2008-12-30 11:07 . 2008-12-30 11:21 6,192 --a------ c:\windows\mgxoschk.ini
2008-12-30 10:58 . 2008-12-30 10:59 <DIR> d-------- c:\documents and settings\Aldo\Dati applicazioni\ACD Systems
2008-12-30 10:53 . 2008-12-30 10:58 <DIR> d-------- c:\programmi\File comuni\ACD Systems
2008-12-30 10:53 . 2008-12-30 10:53 <DIR> d-------- c:\programmi\ACD Systems
2008-12-30 10:53 . 2008-12-30 10:53 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ACD Systems
2008-12-28 20:33 . 2008-12-28 20:33 <DIR> d-------- c:\windows\NV10003260.TMP
2008-12-28 20:33 . 2005-12-21 04:40 304,128 -ra------ c:\windows\system32\drivers\nvnrm.sys
2008-12-28 20:33 . 2005-12-21 04:40 222,592 -ra------ c:\windows\system32\drivers\nvsnpu.sys
2008-12-28 20:33 . 2005-12-21 04:39 204,288 -ra------ c:\windows\system32\fdco1.dll
2008-12-28 20:33 . 2005-12-20 17:23 176,128 --a------ c:\windows\system32\nvunrm.exe
2008-12-28 20:33 . 2005-12-21 04:40 101,632 -ra------ c:\windows\system32\drivers\nvtcp.sys
2008-12-28 20:33 . 2005-12-20 17:23 35,840 -ra------ c:\windows\system32\nvconrm.dll
2008-12-28 20:33 . 2005-12-21 04:40 34,048 -ra------ c:\windows\system32\drivers\NVENETFD.sys
2008-12-28 20:33 . 2005-12-21 04:40 13,056 -ra------ c:\windows\system32\drivers\nvnetbus.sys
2008-12-28 20:33 . 2005-12-21 04:39 9,728 -ra------ c:\windows\system32\bdco1.dll
2008-12-28 20:33 . 2005-12-08 04:06 3,657 --a------ c:\windows\system32\nvnrm.nvu
2008-12-28 20:26 . 2008-12-28 20:26 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2008-12-28 20:23 . 2008-12-31 10:58 1,686 --a------ c:\windows\system32\%LocalXml%
2008-12-28 20:16 . 2008-12-28 20:16 <DIR> d-------- c:\windows\nview
2008-12-28 20:16 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-12-28 20:16 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-12-28 20:16 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-12-28 20:15 . 2008-12-28 20:15 <DIR> d-------- C:\NVIDIA
2008-12-28 20:15 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-28 19:45 . 2003-05-12 20:25 503,808 --a------ c:\windows\system32\
2008-12-28 19:45 . 2004-01-25 17:48 303,104 --a------ c:\windows\system32\
2008-12-28 19:45 . 2001-08-18 20:00 262,144 --a------ c:\windows\system32\mpg4ds32.axu
2008-12-28 19:45 . 2003-05-21 01:10 210,432 --a------ c:\windows\system32\
2008-12-28 19:45 . 2004-12-31 09:21 196,608 --a------ c:\windows\system32\
2008-12-28 14:34 . 2008-12-28 14:34 <DIR> d--h----- c:\windows\PIF
2008-12-28 14:34 . 2008-12-28 14:34 2,855 --a------ c:\windows\system32.PIF
2008-12-27 09:03 . 2009-01-12 06:40 <DIR> d-------- c:\programmi\Ubisoft
2008-12-27 07:53 . 2008-12-27 07:53 <DIR> dr-h----- c:\documents and settings\Aldo\Dati applicazioni\SecuROM
2008-12-27 07:45 . 2008-12-27 07:45 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-27 07:41 . 2008-12-27 07:41 <DIR> d-------- c:\windows\Logs
2008-12-27 07:41 . 2009-01-12 06:50 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-12-27 07:41 . 2009-01-12 06:50 22,328 --a------ c:\documents and settings\Aldo\Dati applicazioni\PnkBstrK.sys
2008-12-27 07:40 . 2009-01-12 06:50 2,337,865 --a------ c:\windows\system32\pbsvc.exe
2008-12-26 09:57 . 2009-01-20 17:37 <DIR> d-------- c:\programmi\eMule
2008-12-25 18:14 . 2008-12-25 18:14 <DIR> d-------- C:\Temp
2008-12-25 18:14 . 2008-12-25 18:14 133 --a------ c:\windows\usrwiz.ini
2008-12-23 16:32 . 2008-12-23 16:37 275 --a------ c:\windows\ImageInc.ini
2008-12-23 14:32 . 2008-12-30 10:56 <DIR> d-------- c:\windows\Downloaded Installations

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
2009-01-20 19:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-01-20 19:05 6,268 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-20 19:05 598,048 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-20 19:04 8,390,176 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-20 19:04 70,820 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-20 17:25 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\uTorrent
2009-01-20 05:44 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-01-19 06:31 --------- d-----w c:\programmi\freeCommander2006
2009-01-18 15:35 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-18 10:50 --------- d-----w c:\programmi\IObit
2009-01-18 10:50 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\IObit
2009-01-18 09:42 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Winamp
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-12 05:40 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-11 12:34 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\U3
2009-01-08 08:38 --------- d-----w c:\programmi\Ant Movie Catalog
2009-01-06 07:55 --------- d-----w c:\programmi\CCleaner
2008-12-31 09:55 --------- d-----w c:\programmi\Logitech
2008-12-30 18:54 --------- d-----w c:\programmi\SUPERAntiSpyware
2008-12-30 10:37 --------- d-----w c:\programmi\Web Photo Album
2008-12-28 10:50 --------- d-----w c:\programmi\uTorrent
2008-12-18 15:38 --------- d-----w c:\programmi\Genie-Soft
2008-12-18 15:38 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Genie-Soft
2008-12-14 10:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-14 10:13 --------- d-----w c:\programmi\SpywareBlaster
2008-12-13 11:11 --------- d-----w c:\programmi\Google
2008-12-13 10:04 --------- d-----w c:\programmi\Your Uninstaller 2008
2008-12-13 10:04 --------- d-----w c:\programmi\Windows Messenger Remover
2008-12-13 10:04 --------- d-----w c:\programmi\Glary Utilities
2008-12-11 16:49 --------- d-----w c:\programmi\Activision
2008-12-11 14:39 172,032 ----a-w c:\windows\system32\poweroff.exe
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 18:30 --------- d-----w c:\programmi\Winamp
2008-12-10 18:20 --------- d-----w c:\programmi\Realtek AC97
2008-12-10 18:20 --------- d-----w c:\programmi\File comuni\InstallShield
2008-12-10 18:14 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2008-12-10 14:22 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\vlc
2008-12-08 17:10 --------- d-----w c:\programmi\Lupas Rename 2000
2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-12-08 10:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\RFA_Backups
2008-12-08 10:06 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-07 08:12 --------- d-----w c:\programmi\SuperAudiotool
2008-12-07 08:06 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Ahead
2008-12-07 07:02 --------- d-----w c:\programmi\Innovative Solutions
2008-12-07 06:37 --------- d-----w c:\programmi\JerMar Software Corp
2008-12-06 17:28 --------- d-----w c:\programmi\IcoDrive
2008-12-06 17:08 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Notepad++
2008-12-06 15:07 --------- d-----w c:\programmi\LuBook
2008-12-06 15:07 --------- d-----w c:\programmi\Acoustica CD Label Maker
2008-12-06 09:48 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-06 09:48 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Malwarebytes
2008-12-06 09:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\
2008-12-06 09:45 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\
2008-12-05 18:37 --------- d-----w c:\programmi\File comuni\LightScribe
2008-12-05 18:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\LightScribe
2008-12-05 18:35 --------- d-----w c:\programmi\File comuni\Ahead
2008-12-05 18:35 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ahead
2008-12-05 18:33 --------- d-----w c:\programmi\Nero
2008-12-05 18:33 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2008-12-05 18:23 --------- d-----w c:\programmi\Foxit Software
2008-12-05 18:23 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Foxit
2008-12-05 18:14 --------- d-----w c:\programmi\RFA
2008-12-05 17:50 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\URSoft
2008-12-05 17:47 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-05 17:47 --------- d-----w c:\programmi\Java
2008-12-05 17:43 --------- d-----w c:\programmi\IrfanView
2008-12-05 17:38 --------- d-----w c:\programmi\VideoLAN
2008-12-05 17:32 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Acoustica
2008-12-05 17:29 --------- d-----w c:\programmi\Notepad++
2008-12-05 17:25 --------- d-----w c:\programmi\Alcohol Soft
2008-12-05 17:19 --------- d-----w c:\programmi\BillP Studios
2008-12-05 17:19 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\WinPatrol
2008-12-05 17:17 --------- d-----w c:\programmi\ONES (I)
2008-12-05 17:14 4,142,592 ----a-w c:\windows\system32\QTINTF.DLL
2008-12-05 17:14 114,688 ----a-w c:\windows\system32\duninstall.exe
2008-12-05 17:14 --------- d-----w c:\programmi\DarKite
2008-12-05 17:13 --------- d-----w c:\programmi\DAMN NFO Viewer
2008-12-05 16:50 --------- d-----w c:\programmi\Gadwin Systems
2008-12-05 15:38 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-12-05 15:38 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-12-05 15:38 --------- d-----w c:\programmi\Kaspersky Lab
2008-12-05 15:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-12-05 15:30 --------- d-----w c:\programmi\Canon
2008-12-05 15:28 --------- d--h--w c:\documents and settings\All Users\Dati applicazioni\CanonBJ
2008-12-05 14:23 60,416 ----a-w c:\windows\ALCFDRTM.EXE
2008-12-05 11:12 --------- d-----w c:\programmi\File comuni\Logitech
2008-12-04 17:24 --------- d-----w c:\programmi\microsoft frontpage
2008-12-04 17:22 --------- d-----w c:\programmi\Servizi in linea
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadwin PrintScreen 2.6"="c:\programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 913408]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-01-06 202064]

"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
"WinPatrol"="c:\programmi\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-12-07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-30 19:54 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"EnableFirewall"= 0 (0x0)

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Activision\\Call of duty 4\\iw3mp.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Programmi\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Programmi\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-12-05 15172]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2007-01-09 55024]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [2008-12-30 1527900]

\Shell\AutoRun\command - lvpwmgh.exe
\Shell\explore\Command - lvpwmgh.exe
\Shell\open\Command - lvpwmgh.exe

\Shell\AutoRun\command - c:\resycled\ j:
\Shell\Open\command - resycled\ j:

\Shell\AutoRun\command - c:\resycled\ k:
\Shell\Open\command - resycled\ k:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
Contenuto della cartella 'Scheduled Tasks'

2009-01-18 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-01-14 13:15]

2009-01-18 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\ [2009-01-18 11:50]
------- Scansione supplementare -------
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Aldo\Dati applicazioni\Mozilla\Firefox\Profiles\r8pknyq1.default\
FF - prefs.js: browser.startup.homepage - hxxp://
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll


catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-01-20 20:06:14
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-602162358-790525478-725345543-1003\Software\SecuROM\License information*]

--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(992)
------------------------ Altri processi in esecuzione ------------------------
Ora fine scansione: 2009-01-20 20:08:15 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-01-20 19:08:12

Pre-Run: 13.880.242.176 byte disponibili
Post-Run: 13,808,721,920 byte disponibili

334 --- E O F --- 2009-01-15 10:02:42

Inviato: Wednesday, January 21, 2009 1:00:35 PM
Iscritto dal : 8/7/2007
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix che ne uscirà.
Hai delle infezioni in:D:\Autorun.inf

Bisogna disattivare momentaneamente il riconoscimento automatico delle periferiche USB;
serve il programma TweakUI scaricabile in questa pagina (lo trovi sulla destra verso metà pagina) e installalo:
Una volta installato, eseguilo e procedi con questi passaggi:

clicca sul simbolo + la sezione My Computer
clicca sul simbolo [+] la sottosezione Autoplay
Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI

Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Inserisci le tue chiavette e fai una scansione delle stesse, con il tuo antivirus.
Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato.
NB: in pratica tutte quelle partizioni o chiavette che siano, le devi scansionare con l'antivirus.
Inviato: Wednesday, January 21, 2009 3:12:40 PM

Iscritto dal : 12/20/2003
Fatto come hai detto.

La scansione delle chiavette USB con KIS ha dato esito negativo.

Questo è il log di Combofix


ComboFix 09-01-20.05 - Aldo 2009-01-21 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1022.674 [GMT 1:00]
Eseguito da: c:\documents and settings\Aldo\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Aldo\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Creato nuovo punto di ripristino


((((((((((((((((((((((((( Files Creati Da 2008-12-21 al 2009-01-21 )))))))))))))))))))))))))))))))))))

2009-01-20 15:51 . 2009-01-20 15:51 <DIR> d-------- c:\documents and settings\Aldo\Dati applicazioni\MAGIX
2009-01-16 16:25 . 2009-01-16 16:25 <DIR> d-------- c:\programmi\K-Lite Codec Pack
2009-01-16 16:16 . 2009-01-16 16:16 <DIR> d-------- C:\videooutput
2009-01-16 16:15 . 2009-01-16 16:15 <DIR> d-------- c:\programmi\Smallvideosoft
2009-01-16 16:15 . 2007-03-07 00:45 3,086,336 --a------ c:\windows\system32\NCMedia.dll
2009-01-16 16:15 . 2007-03-07 00:45 3,086,336 --a------ c:\windows\system32\flvvideo.dll
2009-01-16 16:15 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2009-01-16 10:13 . 2009-01-16 10:18 <DIR> d-------- c:\programmi\Image Mender
2009-01-16 10:06 . 2009-01-16 10:06 <DIR> d-------- c:\documents and settings\Aldo\Dati applicazioni\Media Player Classic
2009-01-16 10:01 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-15 11:01 . 2009-01-15 11:02 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-13 10:20 . 2009-01-13 10:20 <DIR> d-------- c:\programmi\Quick StartUp
2009-01-13 09:34 . 2009-01-13 09:34 <DIR> d-------- c:\programmi\Easy Video Downloader
2009-01-12 08:30 . 2009-01-12 08:30 <DIR> d-------- c:\programmi\File comuni\EZB Systems
2009-01-12 07:58 . 2009-01-12 08:33 <DIR> d-------- c:\programmi\UltraISO
2009-01-12 06:51 . 2009-01-12 06:51 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Ubisoft
2009-01-11 09:55 . 2009-01-11 09:55 3,686,454 --a------ c:\windows\ACD Wallpaper.bmp
2009-01-10 12:04 . 2009-01-10 12:04 <DIR> d-------- c:\documents and settings\Aldo\Dati applicazioni\AISoftware
2009-01-05 10:34 . 2009-01-05 10:34 <DIR> d-------- c:\programmi\Microsoft Virtual PC
2008-12-31 16:53 . 2008-12-31 16:53 <DIR> d-------- c:\programmi\File comuni\SWF Studio
2008-12-30 11:20 . 2008-12-30 11:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MAGIX
2008-12-30 11:20 . 2003-04-18 15:29 44,544 --a------ c:\windows\system32\msxml4a.dll
2008-12-30 11:17 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2008-12-30 11:17 . 2001-05-16 17:54 309,616 --a------ c:\windows\system32\wmv8dmod.dll
2008-12-30 11:17 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\
2008-12-30 11:15 . 2008-12-30 11:20 <DIR> d-------- c:\programmi\File comuni\MAGIX Shared
2008-12-30 11:08 . 2008-12-30 11:21 <DIR> d-------- c:\programmi\MAGIX
2008-12-30 11:08 . 2002-09-20 23:33 1,089,536 --a------ c:\windows\system32\ROBOEX32.DLL
2008-12-30 11:08 . 1998-10-15 16:28 85,504 --a------ c:\windows\system32\HtmlWH.dll
2008-12-30 11:08 . 1999-01-28 13:44 49,152 --a------ c:\windows\system32\INETWH32.dll
2008-12-30 11:07 . 2008-12-30 11:21 <DIR> d-------- c:\windows\system32\MAGIX
2008-12-30 11:07 . 2007-02-07 10:53 663,552 --a------ c:\windows\system32\mgxoschk.dll
2008-12-30 11:07 . 2008-12-30 11:21 6,192 --a------ c:\windows\mgxoschk.ini
2008-12-30 10:58 . 2008-12-30 10:59 <DIR> d-------- c:\documents and settings\Aldo\Dati applicazioni\ACD Systems
2008-12-30 10:53 . 2008-12-30 10:58 <DIR> d-------- c:\programmi\File comuni\ACD Systems
2008-12-30 10:53 . 2008-12-30 10:53 <DIR> d-------- c:\programmi\ACD Systems
2008-12-30 10:53 . 2008-12-30 10:53 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ACD Systems
2008-12-28 20:33 . 2008-12-28 20:33 <DIR> d-------- c:\windows\NV10003260.TMP
2008-12-28 20:33 . 2005-12-21 04:40 304,128 -ra------ c:\windows\system32\drivers\nvnrm.sys
2008-12-28 20:33 . 2005-12-21 04:40 222,592 -ra------ c:\windows\system32\drivers\nvsnpu.sys
2008-12-28 20:33 . 2005-12-21 04:39 204,288 -ra------ c:\windows\system32\fdco1.dll
2008-12-28 20:33 . 2005-12-20 17:23 176,128 --a------ c:\windows\system32\nvunrm.exe
2008-12-28 20:33 . 2005-12-21 04:40 101,632 -ra------ c:\windows\system32\drivers\nvtcp.sys
2008-12-28 20:33 . 2005-12-20 17:23 35,840 -ra------ c:\windows\system32\nvconrm.dll
2008-12-28 20:33 . 2005-12-21 04:40 34,048 -ra------ c:\windows\system32\drivers\NVENETFD.sys
2008-12-28 20:33 . 2005-12-21 04:40 13,056 -ra------ c:\windows\system32\drivers\nvnetbus.sys
2008-12-28 20:33 . 2005-12-21 04:39 9,728 -ra------ c:\windows\system32\bdco1.dll
2008-12-28 20:33 . 2005-12-08 04:06 3,657 --a------ c:\windows\system32\nvnrm.nvu
2008-12-28 20:26 . 2008-12-28 20:26 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2008-12-28 20:23 . 2008-12-31 10:58 1,686 --a------ c:\windows\system32\%LocalXml%
2008-12-28 20:16 . 2008-12-28 20:16 <DIR> d-------- c:\windows\nview
2008-12-28 20:16 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-12-28 20:16 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-12-28 20:16 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-12-28 20:15 . 2008-12-28 20:15 <DIR> d-------- C:\NVIDIA
2008-12-28 20:15 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-28 19:45 . 2003-05-12 20:25 503,808 --a------ c:\windows\system32\
2008-12-28 19:45 . 2004-01-25 17:48 303,104 --a------ c:\windows\system32\
2008-12-28 19:45 . 2001-08-18 20:00 262,144 --a------ c:\windows\system32\mpg4ds32.axu
2008-12-28 19:45 . 2003-05-21 01:10 210,432 --a------ c:\windows\system32\
2008-12-28 19:45 . 2004-12-31 09:21 196,608 --a------ c:\windows\system32\
2008-12-28 14:34 . 2008-12-28 14:34 <DIR> d--h----- c:\windows\PIF
2008-12-28 14:34 . 2008-12-28 14:34 2,855 --a------ c:\windows\system32.PIF
2008-12-27 09:03 . 2009-01-12 06:40 <DIR> d-------- c:\programmi\Ubisoft
2008-12-27 07:53 . 2008-12-27 07:53 <DIR> dr-h----- c:\documents and settings\Aldo\Dati applicazioni\SecuROM
2008-12-27 07:45 . 2008-12-27 07:45 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-27 07:41 . 2008-12-27 07:41 <DIR> d-------- c:\windows\Logs
2008-12-27 07:41 . 2009-01-12 06:50 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-12-27 07:41 . 2009-01-12 06:50 22,328 --a------ c:\documents and settings\Aldo\Dati applicazioni\PnkBstrK.sys
2008-12-27 07:40 . 2009-01-12 06:50 2,337,865 --a------ c:\windows\system32\pbsvc.exe
2008-12-26 09:57 . 2009-01-21 13:16 <DIR> d-------- c:\programmi\eMule
2008-12-25 18:14 . 2008-12-25 18:14 <DIR> d-------- C:\Temp
2008-12-25 18:14 . 2008-12-25 18:14 133 --a------ c:\windows\usrwiz.ini
2008-12-23 16:32 . 2008-12-23 16:37 275 --a------ c:\windows\ImageInc.ini
2008-12-23 14:32 . 2008-12-30 10:56 <DIR> d-------- c:\windows\Downloaded Installations

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
2009-01-21 10:42 87,368 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-21 10:42 10,508,320 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-21 06:03 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\uTorrent
2009-01-20 20:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-01-20 20:09 6,268 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-20 20:09 598,048 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-20 05:44 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-01-19 06:31 --------- d-----w c:\programmi\freeCommander2006
2009-01-18 15:35 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-18 10:50 --------- d-----w c:\programmi\IObit
2009-01-18 10:50 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\IObit
2009-01-18 09:42 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Winamp
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-12 05:40 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-11 12:34 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\U3
2009-01-08 08:38 --------- d-----w c:\programmi\Ant Movie Catalog
2009-01-06 07:55 --------- d-----w c:\programmi\CCleaner
2008-12-31 09:55 --------- d-----w c:\programmi\Logitech
2008-12-30 18:54 --------- d-----w c:\programmi\SUPERAntiSpyware
2008-12-30 10:37 --------- d-----w c:\programmi\Web Photo Album
2008-12-28 10:50 --------- d-----w c:\programmi\uTorrent
2008-12-18 15:38 --------- d-----w c:\programmi\Genie-Soft
2008-12-18 15:38 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Genie-Soft
2008-12-14 10:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-14 10:13 --------- d-----w c:\programmi\SpywareBlaster
2008-12-13 11:11 --------- d-----w c:\programmi\Google
2008-12-13 10:04 --------- d-----w c:\programmi\Your Uninstaller 2008
2008-12-13 10:04 --------- d-----w c:\programmi\Windows Messenger Remover
2008-12-13 10:04 --------- d-----w c:\programmi\Glary Utilities
2008-12-11 16:49 --------- d-----w c:\programmi\Activision
2008-12-11 14:39 172,032 ----a-w c:\windows\system32\poweroff.exe
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 18:30 --------- d-----w c:\programmi\Winamp
2008-12-10 18:20 --------- d-----w c:\programmi\Realtek AC97
2008-12-10 18:20 --------- d-----w c:\programmi\File comuni\InstallShield
2008-12-10 18:14 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2008-12-10 14:22 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\vlc
2008-12-08 17:10 --------- d-----w c:\programmi\Lupas Rename 2000
2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-12-08 10:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\RFA_Backups
2008-12-08 10:06 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-07 08:12 --------- d-----w c:\programmi\SuperAudiotool
2008-12-07 08:06 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Ahead
2008-12-07 07:02 --------- d-----w c:\programmi\Innovative Solutions
2008-12-07 06:37 --------- d-----w c:\programmi\JerMar Software Corp
2008-12-06 17:28 --------- d-----w c:\programmi\IcoDrive
2008-12-06 17:08 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Notepad++
2008-12-06 15:07 --------- d-----w c:\programmi\LuBook
2008-12-06 15:07 --------- d-----w c:\programmi\Acoustica CD Label Maker
2008-12-06 09:48 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-06 09:48 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Malwarebytes
2008-12-06 09:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\
2008-12-06 09:45 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\
2008-12-05 18:37 --------- d-----w c:\programmi\File comuni\LightScribe
2008-12-05 18:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\LightScribe
2008-12-05 18:35 --------- d-----w c:\programmi\File comuni\Ahead
2008-12-05 18:35 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ahead
2008-12-05 18:33 --------- d-----w c:\programmi\Nero
2008-12-05 18:33 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2008-12-05 18:23 --------- d-----w c:\programmi\Foxit Software
2008-12-05 18:23 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Foxit
2008-12-05 18:14 --------- d-----w c:\programmi\RFA
2008-12-05 17:50 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\URSoft
2008-12-05 17:47 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-05 17:47 --------- d-----w c:\programmi\Java
2008-12-05 17:43 --------- d-----w c:\programmi\IrfanView
2008-12-05 17:38 --------- d-----w c:\programmi\VideoLAN
2008-12-05 17:32 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Acoustica
2008-12-05 17:29 --------- d-----w c:\programmi\Notepad++
2008-12-05 17:25 --------- d-----w c:\programmi\Alcohol Soft
2008-12-05 17:19 --------- d-----w c:\programmi\BillP Studios
2008-12-05 17:19 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\WinPatrol
2008-12-05 17:17 --------- d-----w c:\programmi\ONES (I)
2008-12-05 17:14 4,142,592 ----a-w c:\windows\system32\QTINTF.DLL
2008-12-05 17:14 114,688 ----a-w c:\windows\system32\duninstall.exe
2008-12-05 17:14 --------- d-----w c:\programmi\DarKite
2008-12-05 17:13 --------- d-----w c:\programmi\DAMN NFO Viewer
2008-12-05 16:50 --------- d-----w c:\programmi\Gadwin Systems
2008-12-05 15:38 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-12-05 15:38 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-12-05 15:38 --------- d-----w c:\programmi\Kaspersky Lab
2008-12-05 15:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-12-05 15:30 --------- d-----w c:\programmi\Canon
2008-12-05 15:28 --------- d--h--w c:\documents and settings\All Users\Dati applicazioni\CanonBJ
2008-12-05 14:23 60,416 ----a-w c:\windows\ALCFDRTM.EXE
2008-12-05 11:12 --------- d-----w c:\programmi\File comuni\Logitech
2008-12-04 17:24 --------- d-----w c:\programmi\microsoft frontpage
2008-12-04 17:22 --------- d-----w c:\programmi\Servizi in linea
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadwin PrintScreen 2.6"="c:\programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 913408]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-01-06 202064]

"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
"WinPatrol"="c:\programmi\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-12-07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-30 19:54 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"EnableFirewall"= 0 (0x0)

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Activision\\Call of duty 4\\iw3mp.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Programmi\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Programmi\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-12-05 15172]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2007-01-09 55024]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [2008-12-30 1527900]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
Contenuto della cartella 'Scheduled Tasks'

2009-01-18 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-01-14 13:15]

2009-01-18 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\ [2009-01-18 11:50]
------- Scansione supplementare -------
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Aldo\Dati applicazioni\Mozilla\Firefox\Profiles\r8pknyq1.default\
FF - prefs.js: browser.startup.homepage - hxxp://
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll


catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-01-21 14:57:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-602162358-790525478-725345543-1003\Software\SecuROM\License information*]

--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(984)
Ora fine scansione: 2009-01-21 14.58.21
ComboFix-quarantined-files.txt 2009-01-21 13:58:19

Pre-Run: 15.418.638.336 byte disponibili
Post-Run: 15,407,579,136 byte disponibili

286 --- E O F --- 2009-01-15 10:02:42
Inviato: Wednesday, January 21, 2009 3:18:14 PM

Iscritto dal : 12/20/2003
Ho dimenticato di chiederti cosa posso fare riguardo a quei due files che non si fissano con Hijackthis??

Questa finestra mostra le info di Hijackthis sui due files

Inviato: Wednesday, January 21, 2009 6:06:30 PM
Iscritto dal : 8/7/2007
Prova a eliminarle in Modalità provvisoria.
Altrimenti bisogna agire sul Registro.
La scansione con Kis, era per misura precauzionale , i file li aveva già eliminati Combofix, ma erano rimaste nel S.O le chiavi infette.
I problemi sono risolti?
Postami anche un log aggiornato di Hijackthis.
Inviato: Wednesday, January 21, 2009 6:17:12 PM

Iscritto dal : 12/20/2003
Sicuramente per quanto riguarda il consumo di ram la cosa è notevolmete migliorata.
Per quanto riguarda il pc, anche i programmi si aprono più velocemente di prima.
Direi proprio di Si, problemi risolti.

Ancora due cose.

- Quei due file li elimino sempre con Hijackthis in MP??
- E' consigliabile fare uso di Combofix a scadenze prefissate?? Non so due o tre volte al mese??

Grazie e Buona serata
Inviato: Wednesday, January 21, 2009 6:26:03 PM
Iscritto dal : 8/7/2007
Si, vedi di eliminare quelle voci in Modalità ProVV.
Per quanto riguarda Combofix: NO non lo puoi usare.
E' troppo pericoloso in mani inesperte, lo devi eliminare nelle modalità che ti ho già descritto.
Non commettere l'errore di usarlo, perchè ci sono seri rischi di formattare in caso di errore.
Io ti ho avvisato.
Inviato: Wednesday, January 21, 2009 6:53:45 PM

Iscritto dal : 12/20/2003
In effetti non uso programmi che possono danneggiare il pc. In caso di problemi posto sempre nel forum e mi affido a che ne sa molto più di me.
Ti ringrazio per la tua disponibilità
Inviato: Wednesday, January 21, 2009 7:04:27 PM
Iscritto dal : 8/7/2007
Ciao ,e scusa se sono stato un pò "categorico" per Combofix, ma non vale la pena correre certi rischi.
