controllo LOG Hijack Opzioni
Inviato: Tuesday, March 31, 2009 8:16:37 AM
Se faccio doppio clic su disco C e D mi si apre la pagina cerca. Ho eliminato i file autorun.inf e ho fatto una scansione completa con nod 32 e non ha riscontrato problemi...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.05.53, on 31/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vero\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Aggiungi a &Windows Live Favorites -
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) -,0,1609,00
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0EF5925-E1A9-41E7-93D1-81F81C0FBA76}: NameServer =,
O17 - HKLM\System\CCS\Services\Tcpip\..\{E341E53D-9E21-49CB-A78A-563626934281}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =,
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =,
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Vero/My%20Documents/papa'_files/image001.jpg

End of file - 9098 bytes
Inviato: Tuesday, March 31, 2009 8:24:21 AM

Scarica e installa malwarebytes.

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

per ora non rimuovere niente

Scarica Lop S&D |
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)

scegli l'opzione 2 (invio)

allega il report C:\LopR.txt insieme ad un nuovo log di hijackthis

Inviato: Tuesday, March 31, 2009 1:47:36 PM
Ho scaricato malwarebites ma una volta installato non me lo apre... Ho provato a scaricarlo da un paio di link diversi da quello che mi hai segnalato te perche' a quel link non riesco ad accedere (mi dice indirizzo non trovato...)
Grazie per la risposta!
Inviato: Tuesday, March 31, 2009 1:58:55 PM

vedi se riesci a scaricarlo da ui e lancialo
Inviato: Tuesday, March 31, 2009 2:11:19 PM
no nemmeno da li riesco
Inviato: Tuesday, March 31, 2009 5:41:03 PM

prova con questo

Scarica Combofix
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Inviato: Tuesday, March 31, 2009 7:11:32 PM
ComboFix 09-03-30.04 - Vero 2009-03-31 18:24:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.191 [GMT 2:00]
Eseguito da: c:\documents and settings\Vero\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated)
* Resident AV is active


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\system32\P2P Networking
c:\windows\system32\P2P Networking\P2P Networking.eng

((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))


((((((((((((((((((((((((( Files Creati Da 2009-02-28 al 2009-03-31 )))))))))))))))))))))))))))))))))))

2009-03-31 08:29 . 2004-08-04 00:56 116,224 --a------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-31 08:29 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-31 08:28 . 2001-08-17 22:37 99,865 --a------ c:\windows\system32\dllcache\xlog.exe
2009-03-31 08:28 . 2004-08-10 12:00 28,288 --a------ c:\windows\system32\dllcache\xjis.nls
2009-03-31 08:28 . 2001-08-17 22:37 27,648 --a------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-31 08:28 . 2004-08-03 22:29 19,455 --a------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-31 08:28 . 2001-08-17 22:36 17,408 --a------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-31 08:28 . 2001-08-17 12:11 16,970 --a------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-31 08:28 . 2004-08-03 22:29 12,063 --a------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-31 08:28 . 2004-08-04 00:56 8,192 --a------ c:\windows\system32\dllcache\wshirda.dll
2009-03-31 08:28 . 2001-08-17 22:37 4,608 --a------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-31 08:26 . 2001-08-17 13:28 701,386 --a------ c:\windows\system32\dllcache\wdhaalba.sys
2009-03-31 08:25 . 2001-08-17 13:28 687,999 --a------ c:\windows\system32\dllcache\usrwdxjs.sys
2009-03-31 08:24 . 2001-08-17 13:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys
2009-03-31 08:24 . 2001-08-17 13:28 794,399 --a------ c:\windows\system32\dllcache\usr1806v.sys
2009-03-31 08:24 . 2001-08-17 13:28 793,598 --a------ c:\windows\system32\dllcache\usr1806.sys
2009-03-31 08:24 . 2001-08-17 13:28 765,884 --a------ c:\windows\system32\dllcache\usrti.sys
2009-03-31 08:24 . 2001-08-17 13:28 224,802 --a------ c:\windows\system32\dllcache\usr1807a.sys
2009-03-31 08:24 . 2001-08-17 13:28 113,762 --a------ c:\windows\system32\dllcache\usrpda.sys
2009-03-31 08:24 . 2004-08-03 23:10 78,464 --a------ c:\windows\system32\dllcache\usbvideo.sys
2009-03-31 08:24 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2009-03-31 08:24 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\dllcache\usbser.sys
2009-03-31 08:24 . 2001-08-17 13:28 7,556 --a------ c:\windows\system32\dllcache\usroslba.sys
2009-03-31 08:23 . 2001-08-17 22:36 94,720 --a------ c:\windows\system32\dllcache\umaxud32.dll
2009-03-31 08:23 . 2004-08-10 12:00 76,288 --a------ c:\windows\system32\dllcache\uniime.dll
2009-03-31 08:23 . 2001-08-17 22:36 69,632 --a------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-31 08:23 . 2004-08-10 12:00 65,024 --a------ c:\windows\system32\dllcache\unicdime.ime
2009-03-31 08:23 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\dllcache\usbaudio.sys
2009-03-31 08:23 . 2001-08-17 22:36 50,688 --a------ c:\windows\system32\dllcache\umaxscan.dll
2009-03-31 08:23 . 2004-08-03 22:31 32,384 --a------ c:\windows\system32\dllcache\usb101et.sys
2009-03-31 08:23 . 2001-08-17 22:36 28,160 --a------ c:\windows\system32\dllcache\umaxu40.dll
2009-03-31 08:23 . 2001-08-17 22:36 26,624 --a------ c:\windows\system32\dllcache\umaxu22.dll
2009-03-31 08:23 . 2001-08-17 13:58 22,912 --a------ c:\windows\system32\dllcache\umaxpcls.sys
2009-03-31 08:23 . 2004-08-03 23:08 17,024 --a------ c:\windows\system32\dllcache\usbohci.sys
2009-03-31 08:22 . 2001-08-17 22:36 525,568 --a------ c:\windows\system32\dllcache\tridxp.dll
2009-03-31 08:22 . 2001-08-17 22:36 216,064 --a------ c:\windows\system32\dllcache\um34scan.dll
2009-03-31 08:22 . 2001-08-17 22:36 211,968 --a------ c:\windows\system32\dllcache\um54scan.dll
2009-03-31 08:22 . 2001-08-17 12:51 166,784 --a------ c:\windows\system32\dllcache\tridxpm.sys
2009-03-31 08:22 . 2004-08-10 12:00 103,424 --a------ c:\windows\system32\dllcache\uihelper.dll
2009-03-31 08:22 . 2001-08-17 22:36 50,176 --a------ c:\windows\system32\dllcache\umaxp60.dll
2009-03-31 08:22 . 2001-08-17 22:36 47,616 --a------ c:\windows\system32\dllcache\umaxcam.dll
2009-03-31 08:22 . 2004-08-03 23:07 44,672 --a------ c:\windows\system32\dllcache\uagp35.sys
2009-03-31 08:22 . 2004-08-10 12:00 14,336 --a------ c:\windows\system32\dllcache\tsprof.exe
2009-03-31 08:22 . 2001-08-17 13:48 11,520 --a------ c:\windows\system32\dllcache\twotrack.sys
2009-03-31 08:21 . 2001-08-17 14:56 440,576 --a------ c:\windows\system32\dllcache\tridkb.dll
2009-03-31 08:21 . 2001-08-17 14:56 315,520 --a------ c:\windows\system32\dllcache\trid3d.dll
2009-03-31 08:21 . 2001-08-17 14:02 230,912 --a------ c:\windows\system32\dllcache\tosdvd03.sys
2009-03-31 08:21 . 2001-08-17 12:51 222,336 --a------ c:\windows\system32\dllcache\trid3dm.sys
2009-03-31 08:21 . 2001-08-17 12:51 159,232 --a------ c:\windows\system32\dllcache\tridkbm.sys
2009-03-31 08:21 . 2004-08-04 00:56 82,432 --a------ c:\windows\system32\dllcache\tp4mon.exe
2009-03-31 08:21 . 2001-08-17 22:35 42,496 --a------ c:\windows\system32\dllcache\tp4res.dll
2009-03-31 08:21 . 2001-08-17 12:12 34,375 --a------ c:\windows\system32\dllcache\tpro4.sys
2009-03-31 08:21 . 2001-08-17 22:36 31,744 --a------ c:\windows\system32\dllcache\tp4.dll
2009-03-31 08:19 . 2001-08-17 14:56 172,768 --a------ c:\windows\system32\dllcache\t2r4disp.dll
2009-03-31 08:19 . 2001-08-17 13:50 103,936 --a------ c:\windows\system32\dllcache\sx.sys
2009-03-31 08:19 . 2001-08-17 22:36 94,293 --a------ c:\windows\system32\dllcache\sxports.dll
2009-03-31 08:19 . 2001-08-17 22:36 53,760 --a------ c:\windows\system32\dllcache\sw_wheel.dll
2009-03-31 08:19 . 2001-08-17 12:50 36,640 --a------ c:\windows\system32\dllcache\t2r4mini.sys
2009-03-31 08:19 . 2001-08-17 22:36 10,240 --a------ c:\windows\system32\dllcache\swpidflt.dll
2009-03-31 08:19 . 2001-08-17 22:36 10,240 --a------ c:\windows\system32\dllcache\swpdflt2.dll
2009-03-31 08:19 . 2001-08-17 13:52 7,040 --a------ c:\windows\system32\dllcache\tandqic.sys
2009-03-31 08:19 . 2001-08-17 14:02 3,968 --a------ c:\windows\system32\dllcache\swusbflt.sys
2009-03-31 08:17 . 2004-08-10 12:00 456,704 --a------ c:\windows\system32\dllcache\smtpsvc.dll
2009-03-31 08:16 . 2001-08-17 14:56 147,200 --a------ c:\windows\system32\dllcache\smidispb.dll
2009-03-31 08:15 . 2004-08-03 22:41 404,990 --a------ c:\windows\system32\dllcache\slntamr.sys
2009-03-31 08:14 . 2001-08-17 22:36 386,560 --a------ c:\windows\system32\dllcache\sgiul50.dll
2009-03-31 08:14 . 2001-08-17 14:56 252,032 --a------ c:\windows\system32\dllcache\sis300iv.dll
2009-03-31 08:14 . 2001-07-21 14:29 161,568 --a------ c:\windows\system32\dllcache\sgsmusb.sys
2009-03-31 08:14 . 2001-08-17 12:50 101,760 --a------ c:\windows\system32\dllcache\sis300ip.sys
2009-03-31 08:14 . 2001-08-17 12:51 98,080 --a------ c:\windows\system32\dllcache\sgiulnt5.sys
2009-03-31 08:14 . 2001-08-17 12:50 68,608 --a------ c:\windows\system32\dllcache\sis6306p.sys
2009-03-31 08:14 . 2004-08-10 12:00 18,944 --a------ c:\windows\system32\dllcache\simptcp.dll
2009-03-31 08:14 . 2001-07-21 14:29 18,400 --a------ c:\windows\system32\dllcache\sgsmld.sys
2009-03-31 08:14 . 2004-08-04 00:56 3,901 --a------ c:\windows\system32\dllcache\siint5.dll
2009-03-31 08:12 . 2001-08-17 22:36 495,616 --a------ c:\windows\system32\dllcache\sblfx.dll
2009-03-31 08:12 . 2001-08-17 14:56 245,632 --a------ c:\windows\system32\dllcache\s3savmx.dll
2009-03-31 08:12 . 2001-08-17 14:56 210,496 --a------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-31 08:12 . 2001-08-17 14:56 198,400 --a------ c:\windows\system32\dllcache\s3sav4.dll
2009-03-31 08:12 . 2001-08-17 14:56 179,264 --a------ c:\windows\system32\dllcache\s3sav3d.dll
2009-03-31 08:12 . 2001-08-17 12:50 77,824 --a------ c:\windows\system32\dllcache\s3sav4m.sys
2009-03-31 08:12 . 2001-08-17 12:50 75,392 --a------ c:\windows\system32\dllcache\s3savmxm.sys
2009-03-31 08:12 . 2001-08-17 22:36 62,496 --a------ c:\windows\system32\dllcache\s3mtrio.dll
2009-03-31 08:12 . 2001-08-17 12:50 61,504 --a------ c:\windows\system32\dllcache\s3sav3dm.sys
2009-03-31 08:10 . 2001-08-17 13:28 714,762 --a------ c:\windows\system32\dllcache\r2mdmkxx.sys
2009-03-31 08:09 . 2001-08-17 13:28 899,146 --a------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-31 08:08 . 2004-08-10 12:00 131,584 --a------ c:\windows\system32\dllcache\pmxviceo.dll
2009-03-31 08:08 . 2004-08-10 12:00 67,584 --a------ c:\windows\system32\dllcache\pmigrate.dll
2009-03-31 08:08 . 2001-08-17 13:53 17,792 --a------ c:\windows\system32\dllcache\ppa.sys
2009-03-31 08:08 . 2004-08-03 23:00 17,664 --a------ c:\windows\system32\dllcache\ppa3.sys
2009-03-31 08:08 . 2004-08-10 12:00 11,264 --a------ c:\windows\system32\dllcache\pmxmcro.dll
2009-03-31 08:08 . 2001-08-17 13:53 7,168 --a------ c:\windows\system32\dllcache\pnrmc.sys
2009-03-31 08:08 . 2004-08-10 12:00 6,144 --a------ c:\windows\system32\dllcache\pmxgl.dll
2009-03-31 08:07 . 2004-08-10 12:00 482,304 --a------ c:\windows\system32\dllcache\pintlgnt.ime
2009-03-31 08:07 . 2004-08-10 12:00 175,104 --a------ c:\windows\system32\dllcache\pintlcsa.dll
2009-03-31 08:07 . 2001-08-17 22:36 121,344 --a------ c:\windows\system32\dllcache\phvfwext.dll
2009-03-31 08:07 . 2004-08-10 12:00 79,360 --a------ c:\windows\system32\dllcache\phon.ime
2009-03-31 08:07 . 2004-08-10 12:00 70,144 --a------ c:\windows\system32\dllcache\pintlphr.exe
2009-03-31 08:07 . 2004-08-10 12:00 53,760 --a------ c:\windows\system32\dllcache\pintlcsd.dll
2009-03-31 08:07 . 2001-08-17 14:07 19,840 --a------ c:\windows\system32\dllcache\philtune.sys
2009-03-31 08:05 . 2001-08-17 22:36 44,544 --a------ c:\windows\system32\dllcache\ovui2.dll
2009-03-31 08:05 . 2001-08-17 22:36 41,984 --a------ c:\windows\system32\dllcache\ovui2rc.dll
2009-03-31 08:05 . 2004-08-10 12:00 36,927 --a------ c:\windows\system32\dllcache\padrs411.dll
2009-03-31 08:05 . 2004-08-10 12:00 31,744 --a------ c:\windows\system32\dllcache\pagecnt.dll
2009-03-31 08:05 . 2001-08-17 12:12 30,495 --a------ c:\windows\system32\dllcache\pc100nds.sys
2009-03-31 08:05 . 2001-08-17 12:11 30,282 --a------ c:\windows\system32\dllcache\pcntn5hl.sys
2009-03-31 08:05 . 2001-08-17 12:11 29,769 --a------ c:\windows\system32\dllcache\pcntn5m.sys
2009-03-31 08:05 . 2004-08-03 22:31 29,502 --a------ c:\windows\system32\dllcache\pca200e.sys
2009-03-31 08:05 . 2001-08-17 12:12 26,153 --a------ c:\windows\system32\dllcache\pcmlm56.sys
2009-03-31 08:05 . 2001-08-17 14:05 25,216 --a------ c:\windows\system32\dllcache\ovsound2.sys
2009-03-31 08:05 . 2004-08-10 12:00 15,872 --a------ c:\windows\system32\dllcache\padrs404.dll
2009-03-31 08:05 . 2004-08-10 12:00 15,360 --a------ c:\windows\system32\dllcache\padrs804.dll
2009-03-31 08:05 . 2004-08-10 12:00 14,336 --a------ c:\windows\system32\dllcache\padrs412.dll
2009-03-31 08:04 . 2001-08-17 14:05 351,616 --a------ c:\windows\system32\dllcache\ovcodek2.sys
2009-03-31 08:04 . 2001-08-17 22:36 116,736 --a------ c:\windows\system32\dllcache\ovcodec2.dll
2009-03-31 08:04 . 2001-08-17 13:28 54,186 --a------ c:\windows\system32\dllcache\otcsercb.sys
2009-03-31 08:04 . 2001-08-17 14:05 48,000 --a------ c:\windows\system32\dllcache\ovcam2.sys
2009-03-31 08:04 . 2001-08-17 12:12 43,689 --a------ c:\windows\system32\dllcache\otceth5.sys
2009-03-31 08:04 . 2001-08-17 22:36 39,424 --a------ c:\windows\system32\dllcache\ovcoms.exe
2009-03-31 08:04 . 2001-08-17 14:05 31,872 --a------ c:\windows\system32\dllcache\ovce.sys
2009-03-31 08:04 . 2001-08-17 14:05 28,032 --a------ c:\windows\system32\dllcache\ovcd.sys
2009-03-31 08:04 . 2001-08-17 12:12 27,209 --a------ c:\windows\system32\dllcache\otc06x5.sys
2009-03-31 08:04 . 2001-08-17 14:05 25,088 --a------ c:\windows\system32\dllcache\ovca.sys
2009-03-31 08:04 . 2001-08-17 22:36 20,480 --a------ c:\windows\system32\dllcache\ovcomc.dll
2009-03-31 08:02 . 2004-08-03 22:31 132,695 --a------ c:\windows\system32\dllcache\netwlan5.sys
2009-03-31 08:02 . 2001-08-17 14:56 91,488 --a------ c:\windows\system32\dllcache\n9i3disp.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
2009-03-30 21:32 --------- d-----w c:\program files\EarthLink Setup
2009-03-26 09:54 --------- d-----w c:\program files\Common Files\Apple
2009-03-25 00:28 --------- d-----w c:\program files\MessengerDiscovery
2009-03-23 23:50 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-20 03:45 --------- d-----w c:\program files\Common Files\Adobe
2009-03-12 10:17 --------- d-----w c:\program files\Windows Live
2009-03-10 07:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-10 07:13 --------- d-----w c:\program files\Google
2009-03-05 21:52 --------- dc----w c:\documents and settings\Vero\Application Data\DNA
2009-03-05 09:32 --------- d-----w c:\program files\DNA
2009-02-28 14:28 --------- d-----w c:\program files\eMule
2009-02-27 23:41 --------- d-----w c:\program files\CCleaner
2009-02-22 19:33 --------- d-----w c:\program files\TomTom HOME 2
2009-02-17 21:25 --------- dc----w c:\documents and settings\Vero\Application Data\ZoomBrowser EX
2009-02-17 21:08 --------- dc----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-10-14 18:58 0 -c--a-w c:\documents and settings\Vero\Application Data\wklnhst.dat
2006-12-18 01:40 88 -csh--r c:\windows\system32\5C32E8E32B.sys
2006-12-18 01:40 3,766 -csha-w c:\windows\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-07-09 949376]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-06 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

c:\documents and settings\Vero\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2006-06-05 21504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-14 24576]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Vero^Start Menu^Programs^Startup^My]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-08-04 01:51 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-12-10 03:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-12 21:56 342312 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a--c--- 2005-08-12 23:16 1121792 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra--c--- 2006-12-27 23:53 73840 c:\program files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2006-03-08 18:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-06 14:08 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-12-09 12:12 234856 c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 22:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-19 02:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Vero\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

"4662:TCP"= 4662:TCP:eMule: TCP in ingresso
"4672:UDP"= 4672:UDP:emule: UDP in ingresso
"16137:TCP"= 16137:TCP:utorrent

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-07-09 15424]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2008-05-07 81920]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-10-24 102400]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [2008-05-07 100352]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [2008-05-07 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [2008-05-07 100352]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [2008-05-07 100352]

\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
Contenuto della cartella 'Scheduled Tasks'

2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

WebBrowser-{5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)

------- Scansione supplementare -------
uStart Page = hxxp://
uSearchMigratedDefaultURL = hxxp://{searchTerms}&sourceid=ie7&
mStart Page = hxxp://
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://
IE: Aggiungi a &Windows Live Favorites -
IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel
LSP: c:\windows\system32\imon.dll
Trusted Zone:
Trusted Zone:
Trusted Zone:
Trusted Zone:
DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} - hxxps://,0,1609,00
FF - ProfilePath - c:\documents and settings\Vero\Application Data\Mozilla\Firefox\Profiles\qd21s8yz.default\
FF - prefs.js: - hxxp://
FF - prefs.js: - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll


catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-03-31 18:35:18
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1768200084-1115828012-2689965132-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{60FD261A-85E6-5476-181F-22496CC86764}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(1340)
c:\program files\Eset\pr_imon.dll
------------------------ Altri processi in esecuzione ------------------------
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ESET\nod32krn.exe
Ora fine scansione: 2009-03-31 18:39:17 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-31 16:39:12

Pre-Run: 19,693,907,968 bytes free
Post-Run: 19,596,316,672 bytes free

[boot loader]
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

355 --- E O F --- 2009-03-14 02:03:10
Inviato: Wednesday, April 01, 2009 9:54:30 AM

combofix ha eliminato un po' di infezioni

adesso vai su questo sito

controlla questo â–º c:\windows\system32\dllcache\pintlphr.exe

quando finisce la scansione vai in fondo alla pagina e clicca su COPY TO CLIPBOARD -

e incolla il report in blocco note e postalo nel forum

Inviato: Wednesday, April 01, 2009 11:38:19 AM
pare non abbia trovato niente... solo che se clicco su copy to clipboard non mi salva niente (o forse sono io ignorante e non so deve me lo salva...) Se vado su blocco note e clicco incolla non incolla nulla! Quindi non so come postartelo. Scusa la rottura!
Inviato: Wednesday, April 01, 2009 11:45:18 AM

disattiva il tuo antivirus


seleziona la partizione da scansionare e clicca su Scan per avviare la scansione
terminata la scansione, in caso di rilevazione di infezioni, clicca su Neutralize all
si apriranno dei popup dove potrai scegliere se cancellare o disinfettare l'oggetto: metti la spunta su Apply to all e clicca su Quarantine

per salvare il Report che verrà rilasciato, clicca sul tasto Reports - salvalo ed allegalo

Inviato: Thursday, April 02, 2009 10:35:19 PM
ho fatto tutta la procedura, ma il report che mi salva e' veramente lunghissimo e per incollartelo tutto dovrei fare a pezzi e ci metto un secolo! E' davvero infinito come report! Ma come allegato via mail non si puo'?! Cmq mi ha trovato alcuni virus che ho disinfettato o cancellato (la voce quarantena non me la dava)... Il problema purtroppo persiste. Io come antivirus ho nod 32, secondo te e' meglio kaspesky?
Inviato: Friday, April 03, 2009 11:52:17 AM

postami il risultato dei file infetti( fai copia incolla) in un file di testo

kaspersky (secondo me) e' il migliore tra gli antivirus a pagamento
