Da un po di tempo il mio lap top ha una lentezza esagerata quasi impossibile lavorare.
Mipotreste controllare il log allegato?
Grazie anticipatamente
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.43.29, on 22/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Hcontrol.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\ATKOSD.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\ATnotes\ATnotes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\CH_Utility.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\Programmi\Asus\Asus Hotkey\Hotkey.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\SGD\bin\sgd.exe
C:\Programmi\OpenOffice.org1.0.3\program\soffice.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ATnotes.exe] C:\Programmi\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\RunOnce: [] C:\Programmi\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=it&product=SymNRT&version=2008.0.1.14&build=Symantec&a=00000082.0000000f.0000001b&b=00000082.0000001e.0000004a&c=00000082.00000046.000000b5
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 1.0.3.lnk = C:\Programmi\OpenOffice.org1.0.3\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Demone SGD.lnk = C:\SGD\bin\sgd.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 1.0.3.lnk = C:\Programmi\OpenOffice.org1.0.3\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: Demone SGD.lnk = C:\SGD\bin\sgd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Programmi\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Startup: Demone SGD.lnk = C:\SGD\bin\sgd.exe
O4 - Global Startup: Chrontel TV.lnk = C:\WINDOWS\system32\CH_Utility.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: ASUS Hotkey.lnk = C:\Programmi\Asus\Asus Hotkey\Hotkey.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programmi\File comuni\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--
End of file - 7764 bytes

Ciao io rilevo una voce sospetta:

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)



Attendi gli esperti che ti danno indicazioni per eliminare.


Nell'attesa se non lo hai sul pc scarica ed installa da questo sito MALWAREBYTES (se e' gia' presente sul tup pc aggiornalo)e fai una scansione completa,se rileva qualcosa mettilo in quarantena,NON eliminare nulla.

HO FATTO LA SCANSIONE CON L'ANTIVIRUS DA VOI CONSIGLIATO ED HA TROVATO 28 ELEMENTI DANNOSI.
COSA DEVO FARE?

MILLE GRAZIE PER I CONSIGLI DATI

QUESTO E' IL LOG.
GRAZIE



Malwarebytes' Anti-Malware 1.36
Versione del database: 2029
Windows 5.1.2600 Service Pack 3

23/04/2009 16.18.03
mbam-log-2009-04-23 (16-17-34).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 124438
Tempo trascorso: 1 hour(s), 1 minute(s), 21 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 2
Cartelle infette: 6
File infetti: 19

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
C:\Programmi\MyWay (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\1.bin (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\Cache (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\History (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\Settings (Adware.MyWay) -> No action taken.

File infetti:
C:\Programmi\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\1.bin\PARTNER4.DAT (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\1.bin\PARTNER5.DAT (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\1.bin\PARTNER6.DAT (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\Cache\files.ini (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\Cache\0040F312.bin (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\Cache\00411D5C.bin (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\Cache\00414C75.bin (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\Cache\0537854B (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\Cache\112BF37F (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\History\search (Adware.MyWay) -> No action taken.
C:\Programmi\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> No action taken.
C:\A (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> No action taken.

ECCO IL FILE

TI RINGRAZIO DI CUORE





ComboFix 09-04-23.A3 - ASUS 23/04/2009 16.57.15.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.191.53 [GMT 2:00]
Eseguito da: c:\documents and settings\ASUS\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ASUS\Dati applicazioni\Microsoft\SystemCertificates\Request
c:\documents and settings\ASUS\Dati applicazioni\Microsoft\SystemCertificates\Request\Certificates\562DBEEE02B60164CF1C17728DCDE38B22249863
c:\programmi\QUAD Utilities
c:\windows\system32\mdm.exe
c:\windows\system32\users32.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-05-23 al 2009-4-23 )))))))))))))))))))))))))))))))))))
.

2009-04-23 06:52 . 2009-04-23 06:52 -------- d-----w c:\documents and settings\ASUS\Dati applicazioni\Malwarebytes
2009-04-23 06:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 06:52 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 06:52 . 2009-04-23 06:52 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-23 06:18 . 2009-04-23 06:19 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-04-15 05:48 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 05:48 . 2009-03-06 14:19 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 05:48 . 2009-02-09 11:22 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 05:48 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 05:48 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 05:47 . 2009-02-09 10:51 683520 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 05:47 . 2009-02-09 10:51 734720 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 05:47 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 05:47 . 2009-02-09 10:51 736256 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 05:46 . 2009-03-27 06:48 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 05:46 . 2008-04-21 21:14 219136 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 06:54 . 2005-12-27 09:47 85860 ----a-w C:\winzip.log
2009-04-23 06:52 . 2009-04-23 06:52 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-16 06:04 . 2002-10-04 17:03 48728 ----a-w c:\windows\system32\perfc010.dat
2009-04-16 06:04 . 2002-10-04 17:03 346870 ----a-w c:\windows\system32\perfh010.dat
2009-03-23 17:39 . 2009-03-23 17:39 -------- d-----w c:\programmi\JkDefrag
2009-03-23 17:38 . 2009-03-23 17:38 -------- d-----w c:\programmi\CloneSpy
2009-03-23 17:37 . 2009-03-23 17:37 -------- d-----w c:\documents and settings\ASUS\Dati applicazioni\Yahoo!
2009-03-23 17:37 . 2009-03-23 17:37 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-03-23 17:37 . 2009-03-23 17:37 -------- d-----w c:\programmi\Yahoo!
2009-03-21 14:07 . 2009-03-21 14:06 1033728 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-09 17:39 . 2006-03-06 09:39 13030 ----a-w C:\PDOXUSRS.NET
2009-03-06 14:19 . 2002-10-04 17:02 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-05-10 05:23 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:03 . 2004-08-23 18:35 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2006-10-17 10:04 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2007-05-09 09:44 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 01:26 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2002-10-04 17:02 161792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-02-10 17:02 . 2008-10-14 19:47 2069760 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-10 17:02 . 2002-09-09 11:34 2069760 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 13:04 . 2008-10-14 19:47 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 13:04 . 2002-10-04 16:03 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2008-10-14 19:47 2192768 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:23 . 2002-10-04 17:02 2192768 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2008-10-14 19:47 2027520 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:22 . 2008-10-14 19:47 2148864 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:22 . 2002-10-04 17:03 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2002-10-04 17:02 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-09-10 05:41 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2002-10-04 17:02 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:51 . 2002-10-04 17:02 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 10:39 . 2002-10-04 17:03 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2002-10-04 17:03 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-05 10:59 . 2002-11-08 17:00 76875 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-02-05 10:37 . 2002-10-04 17:03 251600 --sha-r C:\ntldr
2009-02-05 07:16 . 2008-10-09 18:04 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-03 19:57 . 2009-02-03 19:57 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:57 . 2002-10-04 17:03 56832 ----a-w c:\windows\system32\secur32.dll
2008-04-18 17:57 . 2008-04-18 17:57 81 ----a-w c:\programmi\WS_FTP.LOG
2008-04-18 17:57 . 2008-04-18 17:57 3944946 ----a-w c:\programmi\STLIST502
2008-02-06 07:46 . 2008-02-06 07:45 707072 ----a-w c:\programmi\ws_ftple_tuc.exe
2008-02-01 17:02 . 2005-01-24 09:35 26928 ----a-w c:\documents and settings\ASUS\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATnotes.exe"="c:\programmi\ATnotes\ATnotes.exe" [2005-01-05 1015808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"OM2_Monitor"="c:\programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\programmi\Internet Explorer\iexplore.exe" [2009-02-28 636072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="c:\windows\Hcontrol.exe" [2002-10-01 57344]
"SiS Tray"="c:\windows\System32\sistray.EXE" [2002-05-09 303104]
"SiS KHooker"="c:\windows\System32\khooker.exe" [2002-01-25 290816]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2002-10-01 126976]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2002-10-01 557056]
"SiSUSBRG"="c:\windows\sisUSBrg.exe" [2002-10-01 32768]
"Power_Gear"="c:\progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2002-05-08 69632]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-09-01 282624]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-05 1601304]
"PCTVOICE"="pctspk.exe" - c:\windows\system32\pctspk.exe [2002-10-01 163840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\ASUS\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 1.0.3.lnk - c:\programmi\OpenOffice.org1.0.3\program\quickstart.exe [2003-4-14 61440]
Demone SGD.lnk - c:\sgd\bin\sgd.exe [2008-5-22 221184]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Chrontel TV.lnk - c:\windows\system32\CH_Utility.exe [2002-11-8 61440]
ASUS ChkMail.lnk - c:\programmi\Asus\Asus ChkMail\ChkMail.exe [2002-11-8 40960]
ASUS Hotkey.lnk - c:\programmi\Asus\Asus Hotkey\Hotkey.exe [2002-11-8 548864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 07:16 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\SGD\\bin\\sgd.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Programmi\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico; [x]
R3 NE2000;NE2000 Compatible PCMCIA;c:\windows\system32\DRIVERS\ne2000.sys [2001-08-17 15872]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\DRIVERS\tffsport.sys [2008-04-13 149376]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-05 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-02-05 107272]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-05 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-05 298264]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2002-10-01 177280]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{639a0a21-e3d7-11dd-8b14-001ca200c29b}]
\Shell\AutoRun\command - wd_windows_tools\WDSetup.exe
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 16:59
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-04-23 17.00.31
ComboFix-quarantined-files.txt 2009-04-23 15:00

Pre-Run: 10.596.106.240 byte disponibili
Post-Run: 10.624.221.184 byte disponibili

169 --- E O F --- 2009-04-16 01:10

SEMBRA MIGLIORATO, VOGLIO CHIEDERTI UN ALTRA COSA: MI SEGNALA OGNI TANTO UN MESSAGGIO. MEMORIA VIRTUALE INSUFFICIENTE WINDOWS CERCA DI AUMENTARLA.

GRAZIE




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.26.32, on 23/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Hcontrol.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATKOSD.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\ATnotes\ATnotes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\CH_Utility.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\Programmi\Asus\Asus Hotkey\Hotkey.exe
C:\SGD\bin\sgd.exe
C:\Programmi\OpenOffice.org1.0.3\program\soffice.exe
C:\WINDOWS\explorer.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ATnotes.exe] C:\Programmi\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\RunOnce: [] C:\Programmi\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=it&product=SymNRT&version=2009.0.5.26&build=Symantec&a=00000082.0000000f.0000001b&b=00000082.0000001e.0000004a&c=00000082.00000046.000000b5
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 1.0.3.lnk = C:\Programmi\OpenOffice.org1.0.3\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Demone SGD.lnk = C:\SGD\bin\sgd.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 1.0.3.lnk = C:\Programmi\OpenOffice.org1.0.3\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: Demone SGD.lnk = C:\SGD\bin\sgd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Programmi\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Startup: Demone SGD.lnk = C:\SGD\bin\sgd.exe
O4 - Global Startup: Chrontel TV.lnk = C:\WINDOWS\system32\CH_Utility.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: ASUS Hotkey.lnk = C:\Programmi\Asus\Asus Hotkey\Hotkey.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programmi\File comuni\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--
End of file - 7209 bytes

LO APRO MA CON IL TASTO DESTRO NON FUNZIONA
SCUSAMI MA SONO IMBRANATO

NON SI APRE LA LISTA
VEDO SOLO SELEZIONA IL TIPO DI INSTALLAZIONE

No, non è possibile.
Vai in Tutti programmi e clicca "SERVICES & DEVICES".
Non può non aprirsi.

Ciao.
Scusa, ma ho avuto un imprevisto.
Esegui queste indicazioni:
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ATnotes.exe] C:\Programmi\ATnotes\ATnotes.exe
O4 - HKCU\..\RunOnce: [] C:\Programmi\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&lan guage=it&product=SymNRT&version=2009.0.5.26&build=Symantec&a=00000082.0000000f.0 000001b&b=00000082.0000001e.0000004a&c=00000082.00000046.000000b5

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il pc.

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Vediamo se il pc và meglio.
Se il pc è migliorato notevolmente, Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.