Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Outloox lentissino e con errori nella ricezione Opzioni
testabianca
Inviato: Wednesday, May 20, 2009 9:48:37 AM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Non riesco più a scaricare la posta con Outlook e noto un forte rallentamento nella navigazione. Allego log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.15.36, on 18/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\rnamfler\naomf.exe
C:\Programmi\a-squared Free\a2service.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Programmi\Innovative Solutions\DriverMax\devices.exe
C:\Programmi\filehippo.com\UpdateChecker.exe
c:\programmi\rnamfler\radprcmp.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\Fastweb\PrintAndFax\FaxMonitor.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\Programmi\rnamfler\naofsvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ThreatFire\TFService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\agostino\Desktop\PROGRAMMI PERMANENTI\Greenshot-0.5.001_1 Cattura parti schermo\Greenshot.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speedapps.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Programmi\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Programmi\WOT\WOT.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCTVRemote] C:\Programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Programmi\rnamfler\naomf.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FILECO~1\INSTAL~1\updateservice\isuspm.exe -startup
O4 - HKLM\..\Run: [ThreatFire] C:\Programmi\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CM] "C:\PROGRA~1\VCM\cm.exe" 212.150.243.4
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [DriverMax] "C:\Programmi\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [filehippo.com] "C:\Programmi\filehippo.com\UpdateChecker.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: VCM.lnk = C:\Programmi\VCM\cm.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: PrintAndFax.lnk = C:\Programmi\Fastweb\PrintAndFax\FaxMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Add to Local Website Archive - C:\Documents and Settings\agostino\Dati applicazioni\aignes\Local Website Archive\config\iearc.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {1FFF3455-713D-4141-A2A5-896D4691AC5C} - C:\Programmi\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {1FFF3455-713D-4141-A2A5-896D4691AC5C} - C:\Programmi\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Start Local Website Archive - {40A024CA-8EF2-4475-B0AB-20FB7092A14A} - C:\Programmi\Local Website Archive\wsarc.exe (HKCU)
O9 - Extra button: Add to Local Website Archive - {A9BAE3D6-0728-466E-9576-995870AA9061} - C:\Programmi\Local Website Archive\wsarc_add.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\programmi\bonjour\mdnsnsp.dll' missing
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Programmi\WOT\WOT.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Programmi\rnamfler\naofsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: ThreatFire - PC Tools - C:\Programmi\ThreatFire\TFService.exe

--
End of file - 12601 bytes

Aiuto dai cari amici del forum.
Ringrazio e saluto tutti.
Sponsor
Inviato: Wednesday, May 20, 2009 9:48:37 AM

 
a.roselli
Inviato: Wednesday, May 20, 2009 11:18:21 AM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,055
Il log è pulito da spyware

Fai una scansione Antivirus on line da questo indirizzo
http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym



alfonso_aiutamici@hotmail.it

testabianca
Inviato: Wednesday, May 20, 2009 1:58:21 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Ho tentato di eseguite quanto suggerito ma dopo aver caricato activex w le difinizioni dei virus iniziando la scansione arriva avviso che allego.
r16
Inviato: Wednesday, May 20, 2009 2:03:01 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.


Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)



testabianca
Inviato: Wednesday, May 20, 2009 2:04:31 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Ho notato che aprendo outlook non appare più in sovraimpressione la finestra di AVAST per il controllo. Vuol dire qualcosa?
Ho eseguito la diagnostica del programma outlook ma tutto è OK.
Dipendesse da AVAST che si è rovinato? Se costretto a disinstallarlo come fare per eliminare ogni sua traccia? E quale antivirus free mi suggerisci?
Grazie mille Roselli.
Un salutone.l
a.roselli
Inviato: Wednesday, May 20, 2009 2:16:36 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,055
Segui le indicazioni del superesperto r16

poi comunque passa a AVG è molto meglio di Avast.



alfonso_aiutamici@hotmail.it

testabianca
Inviato: Wednesday, May 20, 2009 2:34:27 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Malwarebytes' Anti-Malware 1.36
Versione del database: 2156
Windows 5.1.2600 Service Pack 3

20/05/2009 14.31.53
mbam-log-2009-05-20 (14-31-53).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 155000
Tempo trascorso: 22 minute(s), 41 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Questo il log di Malwarebytes. Ora scarico ed eseguo ComboFix.
Ciao R.16
testabianca
Inviato: Wednesday, May 20, 2009 2:56:33 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
ComboFix 09-05-19.08 - agostino 20/05/2009 14.42.51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.400 [GMT 2:00]
Eseguito da: c:\documents and settings\agostino\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090519-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - svchost.exe: deleted 88 bytes in 2 streams.
/wow section - STAGE 1
"PV" non è riconosciuto come comando interno o esterno


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\agostino\Dati applicazioni\inst.exe
c:\programmi\QUAD Utilities
c:\windows\msvrc20.dll
c:\windows\system32\2
c:\windows\system32\2\BiMMonNT.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-04-20 al 2009-05-20 )))))))))))))))))))))))))))))))))))
.

2009-05-20 11:46 . 2009-05-20 11:53 -------- d-----w c:\windows\LastGood
2009-05-16 09:35 . 2009-05-16 09:35 -------- d-----w c:\documents and settings\LocalService\Menu Avvio
2009-05-13 10:11 . 2009-03-03 10:19 39184 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-05-13 10:11 . 2009-03-03 10:19 33040 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-05-13 10:11 . 2009-03-03 10:19 12560 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-13 10:11 . 2009-03-03 10:19 51472 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-05-13 10:11 . 2009-05-13 10:14 -------- d-----w c:\programmi\ThreatFire
2009-05-13 10:11 . 2009-05-13 10:11 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-05-11 16:36 . 2009-05-11 16:36 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2009-05-11 12:46 . 2009-05-11 12:47 -------- d-----w c:\documents and settings\agostino\Dati applicazioni\FileZilla
2009-05-10 07:52 . 2009-05-10 07:52 -------- d-----w c:\documents and settings\agostino\Impostazioni locali\Dati applicazioni\dcunningham.net
2009-05-05 16:20 . 2009-05-05 16:20 -------- d-----w c:\programmi\UltraUXThemePatcher
2009-05-05 16:01 . 2009-05-05 16:20 -------- d-----w c:\windows\VistaMizer
2009-05-01 08:11 . 2003-06-25 14:05 266360 ----a-w c:\windows\system32\TweakUI.exe
2009-04-23 11:10 . 2009-04-23 11:10 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-04-21 13:04 . 2009-04-21 13:04 -------- d-----w c:\programmi\UnH Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 12:49 . 2009-03-07 18:11 601180192 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-20 07:34 . 2009-01-28 14:32 -------- d-----w c:\programmi\SpywareBlaster
2009-05-19 21:16 . 2009-03-07 18:11 7032140 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-19 21:16 . 2007-09-26 16:34 384 ----a-w c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000004-20021102}.dat
2009-05-19 21:16 . 2007-09-26 16:34 384 ----a-w c:\windows\system32\DVCState-{00000000-00000000-0000000C-00001102-00000004-20021102}.dat
2009-05-19 17:14 . 2009-01-26 09:24 -------- d-----w c:\programmi\Photocopier
2009-05-19 17:13 . 2008-12-10 16:29 1480 ----a-w c:\windows\AUTOLNCH.REG
2009-05-19 11:44 . 2007-09-26 17:30 76960 ----a-w c:\documents and settings\agostino\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-16 16:15 . 2009-02-07 16:08 -------- d--h--r c:\programmi\rnamfler
2009-05-15 05:47 . 2009-03-11 12:23 -------- d-----w c:\programmi\Spyware Terminator
2009-05-14 05:28 . 2008-11-07 17:29 -------- d-----w c:\programmi\a-squared Free
2009-05-13 15:51 . 2009-02-01 17:32 -------- d-----w c:\programmi\VDOWNLOADER
2009-05-13 06:47 . 2008-06-09 08:45 -------- d-----w c:\programmi\Google
2009-05-12 16:40 . 2008-12-19 17:45 -------- d-----w c:\programmi\FormatFactory
2009-05-05 16:22 . 2009-01-13 10:21 -------- d-----w c:\programmi\7-Zip
2009-05-05 16:20 . 2007-01-03 10:53 219648 ----a-w c:\windows\system32\uxtheme.dll
2009-05-02 13:02 . 2008-11-29 18:50 -------- d-----w c:\programmi\Digital Support
2009-04-30 15:09 . 2004-08-19 13:39 14336 ----a-w c:\windows\system32\svchost.exe
2009-04-25 16:32 . 2008-06-06 09:45 -------- d-----w c:\programmi\eMule AdunanzA
2009-04-24 11:24 . 2008-11-09 11:15 -------- d-----w c:\programmi\IObit
2009-04-23 11:10 . 2007-09-26 16:28 -------- d-----w c:\programmi\File comuni\InstallShield
2009-04-22 10:14 . 2009-01-21 08:25 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-22 10:14 . 2009-01-21 07:59 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-18 06:21 . 2001-08-31 11:00 70544 ----a-w c:\windows\system32\perfc010.dat
2009-04-18 06:21 . 2001-08-31 11:00 440128 ----a-w c:\windows\system32\perfh010.dat
2009-04-10 06:23 . 2009-02-20 09:51 -------- d-----w c:\programmi\TuxMath
2009-04-07 06:02 . 2009-01-18 14:16 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-06 15:31 . 2008-11-15 16:03 -------- d-----w c:\programmi\Kantaris
2009-04-06 13:32 . 2009-01-18 14:16 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-18 14:16 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 07:30 . 2008-12-15 20:12 -------- d-----w c:\programmi\Any Video Converter
2009-04-02 15:04 . 2008-08-09 18:25 -------- d-----w c:\programmi\Java
2009-04-01 13:15 . 2009-04-01 13:15 -------- d-----w c:\programmi\Pivot Stickfigure Animator
2009-03-26 06:44 . 2008-12-08 14:56 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-24 10:57 . 2009-03-24 10:57 -------- d-----w c:\programmi\filehippo.com
2009-03-16 17:42 . 2009-03-16 17:42 524288 ----a-w c:\windows\opuc.dll
2009-03-13 08:46 . 2008-12-24 13:06 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-11 12:23 . 2009-03-11 12:23 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-03-07 13:53 . 2008-11-23 11:03 37270 ----a-w c:\windows\system32\OggDSuninst.exe
2009-03-06 14:19 . 2004-08-19 13:39 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2007-01-03 10:56 927744 ----a-w c:\windows\system32\wininet.dll
2009-02-26 13:59 . 2009-02-26 13:59 29 ----a-w c:\windows\system32\RfT_R.DAT
2009-02-24 14:33 . 2009-02-24 14:33 24575 ----a-w c:\windows\system32\Mpwinapppiobas69.dat
2009-02-24 09:32 . 2008-12-24 13:06 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-02-24 09:31 . 2008-12-24 13:06 95640 ----a-w c:\windows\system32\drivers\pctplfw.sys
2009-02-20 17:08 . 2007-01-03 10:56 78336 ----a-w c:\windows\system32\ieencode.dll
.

------- Sigcheck -------

[-] 2007-03-08 15:48 579072 BAB4F995E526484A235A276E269AAF7F c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-01-03 10:51 578048 14B5D6B20467DBA209853D65D1F6A124 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 02:13 588800 3DBD6DC6D74C517D55A1B3AECA88EF48 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 02:13 588800 3DBD6DC6D74C517D55A1B3AECA88EF48 c:\windows\system32\user32.dll
[7] 2008-04-14 02:13 579584 FA94696C0727BD59E517C674CD6E7C72 c:\windows\VistaMizer\old\user32.dll

[-] 2007-06-27 14:13 824320 0C7D45E58E856198D7C4018976627E01 c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 09:48 825344 69D5497609B4FB0981F17074671E072B c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 23:21 825344 714D8A2B05B2AAF0C6A39241A1ED914F c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 01:40 825344 39CCDA0E9B778792B06C1B9D794A9776 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 12:34 827392 93DB90BE4A10EC784DDC9C8601A28AA6 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 04:19 827392 FE184A2B736F216CCC22ABEEBB40787D c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 15:39 827904 BF9D17259082632F03F3FF5759C6AE32 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 8E694EC9DA095E518D9447B3293208EA c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 19:32 827904 F303CFED3D8B8348A54F7A53DDC7CCA0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:47 827904 3F7320E0F75F2B5A7A9AD32AEA08BF21 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:15 828416 C04C42D707CDB4129B86C4E96FA5C24B c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2007-01-03 10:56 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-06-27 13:23 823808 2513EAEB6C4172C7D7B5148CC41F7222 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 09:57 824832 21AA12B75CE02358E0AD8C706680869F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:49 824832 419A6F3D56E469BCBE71128A78463DA4 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:04 824832 ED2A73AB0EBA3C4CB6794077CD09EC95 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 12:58 826368 61D4F43D26EC9D21BEB6F38F22B396AB c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 C1089010BCC3FD01056D26E9A36BBB79 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:15 826368 4B54220877703198E55F61CB7B87979E c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:57 826368 D590241CADEC69A1BC157DC0452C92D1 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:04 826368 A4C79606C0D9835E8A5A8E5E5804AE60 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 22:31 826368 EF1520F95DD25F48C18502005F5EE995 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:03 927744 B1F5509BD1E600EE5A6CF10AB224C952 c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-03-03 00:03 927744 B1F5509BD1E600EE5A6CF10AB224C952 c:\windows\system32\wininet.dll
[-] 2009-03-03 00:03 927744 B1F5509BD1E600EE5A6CF10AB224C952 c:\windows\system32\dllcache\wininet.dll
[7] 2009-03-03 00:03 826368 0F74B461F95EC8373FFF5990DC619A75 c:\windows\VistaMizer\old\wininet.dll

[7] 2004-08-19 13:39 504832 4166454E2BCFCC20D1B8A5AC9FEAB243 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 02:14 549888 6DC43081C760EEC1130D2C8C145DF375 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 02:14 549888 6DC43081C760EEC1130D2C8C145DF375 c:\windows\system32\winlogon.exe
[7] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\VistaMizer\old\winlogon.exe

[7] 2009-02-09 11:14 2069888 FF69166080436A31A3EAC9CC7C3F1847 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 17:25 2069760 C812D8551FD3B6ACDBF7EB6B18B1B992 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 06:06 2063104 F89D8E24FBE047506D60B850D00BDEE3 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2007-01-03 11:06 2062976 45667B9D57A4C600C51900DC3202F9B9 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 13:22 2069760 93FB9D817B37DF1191B73DB7BC2F4006 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-14 01:54 2069632 5E95F445B70ADCF8876D1203852262A1 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-10 17:02 2327040 03C94C082FC31C0A6EFC9D1D8EA27D28 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-10 17:02 2327040 03C94C082FC31C0A6EFC9D1D8EA27D28 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:02 2327040 03C94C082FC31C0A6EFC9D1D8EA27D28 c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\VistaMizer\old\ntkrnlpa.exe

[7] 2009-02-10 17:14 2192896 3B5928FCD0DD3E10DEB1C13CA35201F6 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 17:25 2192896 0EE73494680235D59F4E57301D7AD580 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 16:06 2185856 763EA08993B467A3AF048EF185B1F805 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2007-01-03 10:50 2185728 28EB809770020C886A3E1C8A48D62E21 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 13:22 2192896 0F93D9366B222D63F9402F7ED45CF2A4 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-14 01:55 2192768 7D804C28404E94F57967DE3394201D55 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-09 11:23 2450048 3D4E0F6CA3402C59AA54B61550D7DD7D c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:23 2450048 3D4E0F6CA3402C59AA54B61550D7DD7D c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:23 2450048 3D4E0F6CA3402C59AA54B61550D7DD7D c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\VistaMizer\old\ntoskrnl.exe

[-] 2008-04-14 02:14 1554944 287B3020F1324E99F313C9E7FCFCCCCC c:\windows\explorer.exe
[-] 2007-06-13 13:10 1035776 B4E85805BE6D23DE697F7B3BA7492D0B c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-01-03 10:48 1035776 65C5B72C274674B06403D209E6F4A54F c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 02:14 1554944 287B3020F1324E99F313C9E7FCFCCCCC c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 02:14 1036288 70D7F99D95615C3C278367756287DB71 c:\windows\VistaMizer\old\explorer.exe

[7] 2004-08-19 13:39 15360 5B33B4265966EE063C7FBEA28958D9C2 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 02:14 25088 91B6AAC828F8BBE1796275424E44DFB0 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 02:14 25088 91B6AAC828F8BBE1796275424E44DFB0 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 02:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]
"CM"="c:\progra~1\VCM\cm.exe" [2006-01-01 126976]
"DownloadAccelerator"="c:\programmi\DAP\DAP.EXE" [2008-11-28 3061248]
"RemoteCenter"="c:\programmi\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"DriverMax"="c:\programmi\Innovative Solutions\DriverMax\devices.exe" [2009-01-30 5386584]
"filehippo.com"="c:\programmi\filehippo.com\UpdateChecker.exe" [2009-03-23 146432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056]
"SBDrvDet"="c:\programmi\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-09 57344]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCTVRemote"="c:\programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"CloneDVDElbyDelay"="c:\programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-22 516440]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-26 2176000]
"wrna3ls"="c:\programmi\rnamfler\naomf.exe" [2006-04-01 1253960]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\updateservice\isuspm.exe" [2004-06-14 221184]
"ThreatFire"="c:\programmi\ThreatFire\TFTray.exe" [2009-03-03 263440]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-10-06 24576]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]

c:\documents and settings\agostino\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
VCM.lnk - c:\programmi\VCM\cm.exe [2008-11-22 126976]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Pinnacle Scheduler.lnk - c:\programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2007-9-27 245760]
PrintAndFax.lnk - c:\programmi\Fastweb\PrintAndFax\FaxMonitor.exe [2005-11-3 970856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Pinnacle\\PCTV Stereo\\TeleText\\WebServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\DAP\\DAP.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21928:TCP"= 21928:TCP:BitComet 21928 TCP
"21928:UDP"= 21928:UDP:BitComet 21928 UDP
"11603:TCP"= 11603:TCP:BitComet 11603 TCP
"11603:UDP"= 11603:UDP:BitComet 11603 UDP
"17054:TCP"= 17054:TCP:BitComet 17054 TCP
"17054:UDP"= 17054:UDP:BitComet 17054 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/01/2009 9.59.34 64160]
R0 ndisrd;ndisrd;c:\windows\system32\drivers\ndisrd.sys [22/11/2008 15.02.32 15340]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [13/05/2009 12.11.08 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [13/05/2009 12.11.09 39184]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11/08/2004 18.22.54 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 10.30.12 114768]
R1 is-QVPF3drv;is-QVPF3drv;c:\windows\system32\drivers\38729904.sys [07/03/2009 20.10.59 148496]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [24/12/2008 15.06.54 159600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [11/03/2009 14.23.32 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 10.30.12 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23.34.37 953168]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [24/12/2008 15.06.56 73840]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [26/09/2007 18.28.18 15840]
R2 ThreatFire;ThreatFire;c:\programmi\ThreatFire\TFService.exe service --> c:\programmi\ThreatFire\TFService.exe service [?]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [26/09/2007 18.56.01 698368]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [26/09/2007 19.07.59 44544]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [24/12/2008 15.06.29 95640]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [26/09/2007 19.11.17 6400]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [13/05/2009 12.11.09 33040]
S1 SASDIFSV;SASDIFSV; [x]
S1 SASKUTIL;SASKUTIL; [x]
S3 SASENUM;SASENUM; [x]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [02/03/2009 14.17.03 49632]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - TFNETMON
*Deregistered* - mchInjDrv
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 10:13]

2009-05-20 c:\windows\Tasks\User_Feed_Synchronization-{A6A01747-FD5F-45F8-86D4-862341F42BC4}.job
- c:\windows\system32\msfeedssync.exe [2007-01-03 10:56]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm
IE: &Clean Traces - c:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Add to Local Website Archive - c:\documents and settings\agostino\Dati applicazioni\aignes\Local Website Archive\config\iearc.htm
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.

**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b1,0c,63,da,a9,
0d,c8,4d,e2,63,26,f1,3f,c8,ff,68,e8,df,dc,61,e9,53,46,05,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,9a,6e,b1,4a,3a,
12,bd,0b,6a,9c,d6,61,af,45,84,18,6b,23,25,13,31,c4,00,28,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,81,17,29,ac,39,
bd,69,24,ff,7c,85,e0,43,d4,0e,fe,25,72,64,22,4e,46,77,61,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,58,67,86,82,d7,
ba,11,26,86,8c,21,01,be,91,eb,e7,09,5a,14,75,03,04,64,d6,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,ca,c2,27,c4,12,
37,35,71,f5,1d,4d,73,a8,13,5c,05,e9,d1,b3,ac,40,f2,12,cb,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,37,92,f5,39,19,
81,c5,ec,df,20,58,62,78,6b,cf,c8,3c,5a,32,ee,3d,03,b9,e5,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,67,4f,0e,b1,0e,
35,7c,5d,fb,a7,78,e6,12,2f,9a,ea,af,3b,28,9c,ef,3b,1e,d5,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4b,25,ad,7b,43,
95,83,35,01,3a,48,fc,e8,04,4a,f1,94,86,5b,0c,a3,fe,eb,1f,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,f7,6d,d6,79,c6,
66,ca,76,f6,0f,4e,58,98,5b,89,c9,37,4d,82,34,41,85,30,c7,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,ed,aa,a1,87,8b,
22,68,00,3d,ce,ea,26,2d,45,aa,78,81,bf,0a,7c,a0,df,d9,33,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,06,7f,85,4a,c4,
6f,f7,e8,2a,b7,cc,b5,b9,7f,41,e7,e3,c6,f8,59,53,2e,14,f1,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,33,28,cc,f4,63,
14,5b,1d,6c,43,2d,1e,aa,22,2f,9c,3f,97,0b,4a,2a,60,96,02,6c,43,2d,1e,aa,22,\
.
Ora fine scansione: 2009-05-20 14.53.07
ComboFix-quarantined-files.txt 2009-05-20 12:53

Pre-Run: 25.301.196.800 byte disponibili
Post-Run: 25.338.621.952 byte disponibili

343 --- E O F --- 2009-05-13 15:19

Questo il log di KomboFix.
testabianca
Inviato: Wednesday, May 20, 2009 3:03:51 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Per r.16
dimmi quando posso disinstallare ComboFix e cosa fare e se sei anche tu convinto che AGV è migliore dimmi come disinstallare Avast.
In attesa ti saluto caramente.
r16
Inviato: Wednesday, May 20, 2009 3:04:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Salve.
Qualcosa è stato eliminato.
Hai degli ADS:
Lancia Hijackthis e pulisci gli ADS in questo modo:(esclusivamente, su partizioni in NTFS):
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected
Miglioramenti?
testabianca
Inviato: Wednesday, May 20, 2009 4:59:57 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Per r16
Eseguito pulizia ADS (trovati 3 file).
Se tutto regolare aiutami a sostituire l'antivirus.
testabianca
Inviato: Wednesday, May 20, 2009 5:41:30 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Miglioramento accettabile.
Outlook ripartito dopo aver riconfigurato gli account.
Posso disinstallare ComboFix?
r16
Inviato: Wednesday, May 20, 2009 5:45:42 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Salve.
Si puoi disistallare Combofix.
Per il discorso dell'antivirus, io e il Boss (Roselli) abbiamo punti di vista diversi:
Io come antivirus preferisco Antivir (scaricabile anche da questo sito)
Fai la tua libera scelta.
Saluti.
Scusa:
Per disistallare Avast usa questo tool:
http://files.avast.com/files/eng/aswclear.exe
Ecco le istruzioni:
http://www.avast.com/eng/avast-uninstall-utility.html
testabianca
Inviato: Wednesday, May 20, 2009 7:15:42 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Tutto fatto come da istruzioni dettagliatee ringrazio con tutto il cuore.
Salutissimi
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.