Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

controllo log Opzioni
giovanni6161
Inviato: Thursday, December 10, 2009 10:23:13 PM
Rank: AiutAmico

Iscritto dal : 4/1/2008
Posts: 187
ciao a tutti mi potete controllare i log di hijackthis? voglio pulire un po il secondo pc grazie


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:15, on 10.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\conmsyrtl.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Dati applicazioni\SeekService\seekservice145.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\SeekService\seekservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stefano\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Programmi\ShareazaTb\ShareazaDx.dll
O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Programmi\ShareazaTb\ShareazaDx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Servizio Acronis Scheduler2] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Sistema de Comm] conmsyrtl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Programmi\LimeWire\LimeWire.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO.lnk = C:\Programmi\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA487843-CA52-4990-BC47-B5B6FC38541E}: NameServer = 212.216.172.62,194.243.154.62
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Servizio Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Dati applicazioni\SeekService\seekservice145.exe

--
End of file - 8316 bytes
Sponsor
Inviato: Thursday, December 10, 2009 10:23:13 PM

 
r16
Inviato: Thursday, December 10, 2009 11:39:01 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
Se proprio vuoi ripulire il pc, comincia a prendere in considerazione di cambiare antivirus.
giovanni6161
Inviato: Friday, December 11, 2009 2:48:14 PM
Rank: AiutAmico

Iscritto dal : 4/1/2008
Posts: 187
ciao ,mi potresti consigliare un buon antivirus leggero per il sistema? intanto ecco il log di malwarebytes

Malwarebytes' Anti-Malware 1.42
Versione del database: 3344
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.12.2009 14:46:20
mbam-log-2009-12-11 (14-46-16).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 140894
Tempo trascorso: 27 minute(s), 5 second(s)

Processi delle memoria infetti: 1
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 4

Processi delle memoria infetti:
C:\WINDOWS\conmsyrtl.exe (Trojan.Agent) -> No action taken.

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekservice (Adware.Agent) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sistema de comm (Backdoor.IRCBot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sistema de comm (Backdoor.IRCBot) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\conmsyrtl.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Stefano\Impostazioni locali\Temp\eraseme_56835.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Stefano\Impostazioni locali\Temporary Internet Files\Content.IE5\FTVMZKAZ\salvando-usb[1].exe (Trojan.Agent) -> No action taken.
C:\Programmi\SeekService\uninstall.exe (Adware.Agent) -> No action taken.
r16
Inviato: Friday, December 11, 2009 3:07:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina quello che ha trovato Malwarebytes.

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Più avanti, ti indicherò l'antivirus da installare.
giovanni6161
Inviato: Friday, December 11, 2009 3:47:47 PM
Rank: AiutAmico

Iscritto dal : 4/1/2008
Posts: 187
ecco il log di combofix:


ComboFix 09-12-10.01 - Stefano 11.12.2009 15:36:11.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1040.18.2047.1660 [GMT 1:00]
Eseguito da: c:\documents and settings\Stefano\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091211-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-11-11 al 2009-12-11 )))))))))))))))))))))))))))))))))))
.

2009-12-11 14:28 . 2009-12-11 14:30 -------- d-----w- c:\programmi\Unlocker
2009-12-11 13:12 . 2009-12-11 13:12 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Malwarebytes
2009-12-11 13:12 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-11 13:12 . 2009-12-11 13:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-11 13:11 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-11 13:11 . 2009-12-11 13:12 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-08 13:08 . 2009-12-08 13:08 159168 ----a-w- c:\windows\system32\drivers\afcdp.sys
2009-12-08 13:08 . 2009-12-08 13:08 911552 ----a-w- c:\windows\system32\drivers\tdrpm255.sys
2009-12-08 13:08 . 2009-12-08 13:08 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-12-08 13:08 . 2009-12-08 13:08 157248 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-12-08 13:07 . 2009-12-08 13:08 -------- d-----w- c:\programmi\File comuni\Acronis
2009-12-08 13:07 . 2009-12-08 13:07 -------- d-----w- c:\programmi\Acronis
2009-12-07 18:47 . 2009-11-26 14:36 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SeekService\seekservice145.exe
2009-12-07 18:44 . 2009-12-11 14:20 -------- d-----w- c:\programmi\SeekService
2009-12-07 18:44 . 2009-12-07 18:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SeekService
2009-12-07 18:44 . 2009-12-07 18:45 -------- d-----w- c:\programmi\Power MP3 WMA Converter
2009-12-07 12:41 . 2009-09-30 09:41 361472 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\FgPhotofitDll.dll
2009-12-07 12:41 . 2009-09-21 10:14 8192 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\OpenGLCheck.dll
2009-12-07 12:41 . 2009-08-19 10:40 655872 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\msvcr90.dll
2009-12-07 12:41 . 2009-08-19 10:40 572928 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\msvcp90.dll
2009-12-07 12:41 . 2009-10-08 09:30 13312 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\PhotoFaceConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 6144 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\DetectOpenGLConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 5120 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 9216 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\UploadPhotofitConsole.exe
2009-12-07 12:41 . 2009-08-19 10:40 4178264 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\D3DX9_41.dll
2009-12-07 12:41 . 2009-09-30 18:14 15872 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\PhotoFaceConsole.XmlSerializers.dll
2009-12-04 10:54 . 2009-12-10 21:15 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\LimeWire
2009-12-04 10:53 . 2009-12-04 10:54 -------- d-----w- c:\programmi\LimeWire
2009-11-24 22:05 . 2009-11-24 22:05 -------- d-----w- c:\windows\system32\LogFiles
2009-11-18 20:04 . 2009-11-18 20:04 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Panasonic
2009-11-18 20:01 . 2009-11-18 20:01 -------- d-----w- c:\programmi\Panasonic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 13:57 . 2009-09-17 12:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-12-07 14:12 . 2009-10-08 21:42 398424 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-07 12:41 . 2009-10-08 13:40 175616 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\unrar64_nocrypt.dll
2009-12-07 12:41 . 2009-10-08 13:40 150528 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\unrar_nocrypt.dll
2009-12-07 12:41 . 2009-10-08 13:40 30208 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\FileDownloadConsole.exe
2009-11-26 14:21 . 2001-09-01 14:00 83770 ----a-w- c:\windows\system32\perfc010.dat
2009-11-26 14:21 . 2001-09-01 14:00 489320 ----a-w- c:\windows\system32\perfh010.dat
2009-11-24 23:54 . 2009-07-01 13:38 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-07-01 13:39 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-07-01 13:39 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-07-01 13:39 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-07-01 13:39 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-07-01 13:39 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-07-01 13:39 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-07-01 13:39 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-07-01 13:39 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-18 20:04 . 2009-07-01 13:49 66152 ----a-w- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-18 20:01 . 2009-06-29 05:18 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-14 02:05 . 2009-09-17 12:33 -------- d-----w- c:\programmi\Microsoft Works
2009-11-08 11:32 . 2009-07-01 15:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-11-07 02:35 . 2009-11-05 23:15 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-11-06 00:02 . 2009-07-01 13:49 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-05 23:15 . 2009-11-05 23:12 -------- d-----w- c:\programmi\Microsoft
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2009-11-05 23:15 . 2009-07-01 13:44 -------- d-----w- c:\programmi\Windows Live
2009-11-05 23:14 . 2009-11-05 23:14 -------- d-----w- c:\programmi\Microsoft Sync Framework
2009-11-05 23:13 . 2009-11-05 23:13 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2009-11-05 23:12 . 2009-11-05 23:12 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-11-05 22:56 . 2009-11-05 22:56 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-10-29 19:46 . 2009-10-29 19:22 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\ShareazaTb
2009-10-29 19:23 . 2009-10-29 19:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\10271
2009-10-29 19:22 . 2009-10-29 19:22 -------- d-----w- c:\programmi\ShareazaTb
2009-10-29 07:40 . 2008-08-26 06:57 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 01:13 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 01:13 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 17:53 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2008-04-14 01:13 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 01:13 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 01:13 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-10 20:08 . 2009-10-10 20:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 20:08 . 2009-10-10 20:08 152576 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-08 13:23 . 2009-10-08 13:14 152064 ----a-w- c:\windows\snap.dat
2009-10-08 13:17 . 2009-10-08 13:17 48620 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-26 07:24 . 2009-06-29 04:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

------- Sigcheck -------

[-] 2008-10-22 . E248A8391D7388A0A3679D1FB33E003D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-10-22 . E092AEB03D40F40854D4C3D90C9AFECC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}]
2009-08-10 14:07 91584 ----a-w- c:\programmi\ShareazaTb\ShareazaDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\programmi\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584]

[HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-06 5076088]
"Servizio Acronis Scheduler2"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2009-10-06 357688]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=

R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [08.12.2009 14:08 911552]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01.07.2009 14:39 114768]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmi\File comuni\Acronis\CDP\afcdpsrv.exe [08.12.2009 14:08 2326920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01.07.2009 14:39 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06.11.2009 00:15 54752]
R2 SeekService Service;SeekService Service;c:\documents and settings\All Users\Dati applicazioni\SeekService\seekservice145.exe [07.12.2009 19:47 58880]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [08.12.2009 14:08 159168]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [29.06.2009 06:18 17149]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [01.07.2009 14:49 23152]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [29.06.2009 06:18 362944]
.
------- Scansione supplementare -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CA487843-CA52-4990-BC47-B5B6FC38541E} = 212.216.172.62,194.243.154.62
FF - ProfilePath - c:\documents and settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\lj04s5be.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - google.it
FF - prefs.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=gsUUfwR7&q=
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=gsUUfwR7&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 15:40
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\WININET.dll
c:\programmi\SeekService\seekservice.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Ora fine scansione: 2009-12-11 15:41:39
ComboFix-quarantined-files.txt 2009-12-11 14:41

Pre-Run: 303'128'670'208 byte disponibili
Post-Run: 303'357'894'656 byte disponibili

- - End Of File - - 3572D48C5C320A2E575C87DF9BC578E1



r16
Inviato: Friday, December 11, 2009 4:10:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per disistallare Avast!:
Cessane l'esecuzione dalla Tray bar. (vicino all'orologio)
Scarica questo Tooll specifico sul Desktop:
http://files.avast.com/files/eng/aswclear.exe
Lo si deve eseguire in Modalità provvisoria.
Ecco la pagina con le istruzioni:
http://www.avast.com/eng/avast-uninstall-utility.html
Riavvia in Modalità normale. (sconnesso da internet)

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Scarica Avira:
http://www.aiutamici.com/software?ID=10908

Lo configuri esattamente come in questa guida, in formato PDF:

http://www.zeusnews.it/zz_upload/PSV/Guida%20completa%20di%20%20AVIRA%20Antivir%209.pdf

Le voci indicate nella prima immagine a pagina 10 della Guida, spuntale tutte (nell'immagine non lo sono).

Fai una scansione completa e posta il log.
giovanni6161
Inviato: Friday, December 11, 2009 5:20:15 PM
Rank: AiutAmico

Iscritto dal : 4/1/2008
Posts: 187
ecco il log di avira




Avira AntiVir Personal
Data del file di report: venerdì, 11. dicembre 2009 16:55

Ricerca di 1432060 virus e programmi indesiderati.

Concesso in licenza a : Avira AntiVir Personal - FREE Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows XP
Versione di Windows : (Service Pack 3) [5.1.2600]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : AMMINIST-EFC4D4

Informazioni sulla versione:
BUILD.DAT : 9.0.0.21 21699 Bytes 04.12.2009 14:20:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13.10.2009 10:26:40
AVSCAN.DLL : 9.0.3.0 47873 Bytes 03.03.2009 10:14:29
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:56
LUKERES.DLL : 9.0.2.0 12545 Bytes 03.03.2009 10:15:14
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 15:54:05
VBASE002.VDF : 7.10.1.1 2048 Bytes 19.11.2009 15:54:05
VBASE003.VDF : 7.10.1.2 2048 Bytes 19.11.2009 15:54:05
VBASE004.VDF : 7.10.1.3 2048 Bytes 19.11.2009 15:54:05
VBASE005.VDF : 7.10.1.4 2048 Bytes 19.11.2009 15:54:05
VBASE006.VDF : 7.10.1.5 2048 Bytes 19.11.2009 15:54:06
VBASE007.VDF : 7.10.1.6 2048 Bytes 19.11.2009 15:54:06
VBASE008.VDF : 7.10.1.7 2048 Bytes 19.11.2009 15:54:06
VBASE009.VDF : 7.10.1.8 2048 Bytes 19.11.2009 15:54:06
VBASE010.VDF : 7.10.1.9 2048 Bytes 19.11.2009 15:54:06
VBASE011.VDF : 7.10.1.10 2048 Bytes 19.11.2009 15:54:06
VBASE012.VDF : 7.10.1.11 2048 Bytes 19.11.2009 15:54:06
VBASE013.VDF : 7.10.1.79 209920 Bytes 25.11.2009 15:54:06
VBASE014.VDF : 7.10.1.128 197632 Bytes 30.11.2009 15:54:07
VBASE015.VDF : 7.10.1.178 195584 Bytes 07.12.2009 15:54:07
VBASE016.VDF : 7.10.1.179 2048 Bytes 07.12.2009 15:54:07
VBASE017.VDF : 7.10.1.180 2048 Bytes 07.12.2009 15:54:07
VBASE018.VDF : 7.10.1.181 2048 Bytes 07.12.2009 15:54:07
VBASE019.VDF : 7.10.1.182 2048 Bytes 07.12.2009 15:54:07
VBASE020.VDF : 7.10.1.183 2048 Bytes 07.12.2009 15:54:07
VBASE021.VDF : 7.10.1.184 2048 Bytes 07.12.2009 15:54:07
VBASE022.VDF : 7.10.1.185 2048 Bytes 07.12.2009 15:54:08
VBASE023.VDF : 7.10.1.186 2048 Bytes 07.12.2009 15:54:08
VBASE024.VDF : 7.10.1.187 2048 Bytes 07.12.2009 15:54:08
VBASE025.VDF : 7.10.1.188 2048 Bytes 07.12.2009 15:54:08
VBASE026.VDF : 7.10.1.189 2048 Bytes 07.12.2009 15:54:08
VBASE027.VDF : 7.10.1.190 2048 Bytes 07.12.2009 15:54:08
VBASE028.VDF : 7.10.1.191 2048 Bytes 07.12.2009 15:54:08
VBASE029.VDF : 7.10.1.192 2048 Bytes 07.12.2009 15:54:08
VBASE030.VDF : 7.10.1.193 2048 Bytes 07.12.2009 15:54:08
VBASE031.VDF : 7.10.1.217 160768 Bytes 11.12.2009 15:54:08
Motore : 8.2.1.108
AEVDF.DLL : 8.1.1.2 106867 Bytes 08.11.2009 06:38:52
AESCRIPT.DLL : 8.1.3.2 582010 Bytes 11.12.2009 15:54:13
AESCN.DLL : 8.1.3.0 127348 Bytes 11.12.2009 15:54:12
AESBX.DLL : 8.1.1.1 246132 Bytes 08.11.2009 06:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 11.12.2009 15:54:12
AEPACK.DLL : 8.2.0.3 422261 Bytes 08.11.2009 06:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08.11.2009 06:38:38
AEHEUR.DLL : 8.1.0.186 2183544 Bytes 11.12.2009 15:54:11
AEHELP.DLL : 8.1.8.0 237942 Bytes 11.12.2009 15:54:09
AEGEN.DLL : 8.1.1.80 364917 Bytes 11.12.2009 15:54:09
AEEMU.DLL : 8.1.1.0 393587 Bytes 08.11.2009 06:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 11.12.2009 15:54:09
AEBB.DLL : 8.1.0.3 53618 Bytes 08.11.2009 06:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:48:02
AVPREF.DLL : 9.0.3.0 44289 Bytes 26.08.2009 14:14:06
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07.11.2008 14:25:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:45
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:12
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:38
NETNT.DLL : 9.0.0.0 11521 Bytes 07.11.2008 14:41:28
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17.06.2009 13:11:50
RCTEXT.DLL : 9.0.73.0 87809 Bytes 03.11.2009 07:16:42

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: c:\programmi\avira\antivir desktop\sysscan.avp
Report......................................: basso
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:, D:,
Scansione dei programmi attivi..............: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: medio
Categorie irregolari delle minacce..........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Avvio della scansione: venerdì, 11. dicembre 2009 16:55

È stata avviata la scansione per accertare la presenza di oggetti nascosti.
Sono stati esaminati '36207' oggetti, sono stati rilevati '0' oggetti nascosti.

La scansione dei processi in esecuzione verrà avviata:
Scansione processo 'avscan.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avcenter.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avgnt.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'sched.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avguard.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'msiexec.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'AcroRd32.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'ctfmon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'seekservice.exe' - '1' modulo(i) scansionato(i)
Il modulo è infetto -> 'C:\Programmi\SeekService\seekservice.exe'
Scansione processo 'UnlockerAssistant.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'schedhlp.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TrueImageMonitor.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'jusched.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'GrooveMonitor.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'explorer.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'alg.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'wmiapsrv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'seekservice145.exe' - '1' modulo(i) scansionato(i)
Il modulo è infetto -> 'C:\Documents and Settings\All Users\Dati applicazioni\SeekService\seekservice145.exe'
Scansione processo 'SeaPort.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'jqs.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'afcdpsrv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'schedul2.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'spoolsv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'lsass.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'services.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'winlogon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'csrss.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'smss.exe' - '1' modulo(i) scansionato(i)
Il processo 'seekservice.exe' verrà terminato
Il processo 'seekservice145.exe' verrà terminato
C:\Programmi\SeekService\seekservice.exe
[RILEVAMENTO] Contiene il modello di rilevamento per l'adware o lo spyware ADSPY/Zwangi.AA.17
[NOTA] Il file è stato eliminato.
C:\Documents and Settings\All Users\Dati applicazioni\SeekService\seekservice145.exe
[RILEVAMENTO] Contiene il modello di rilevamento per l'adware o lo spyware ADSPY/Zwangi.AA.17
[NOTA] Il file è stato eliminato.

38 processi scansionati con '36' Moduli

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
[INFO] Nessun virus è stato trovato!
Record master di avvio dell'Hard Disk 1
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
[INFO] Nessun virus è stato trovato!
Record di avvio 'D:\'
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei file eseguibili (registro):

Il registro è stato scansionato ( 56 file ).


Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'
C:\pagefile.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.
C:\Documents and Settings\Stefano\Desktop\My Downloads\The Black Eyed Peas - They Dont Want Music (Feat James Brown) (Pete Rock Remix).wma
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.WMA.Wima.24
C:\Programmi\Power MP3 WMA Converter\skssetup-112-SkserCS.exe
[0] Tipo di archivio: RSRC
--> Object
[1] Tipo di archivio: NSIS
--> [UnknownDir]/seekservice.dll
[RILEVAMENTO] Contiene modelli di riconoscimento dell'adware ADWARE/Zwangi.q
C:\System Volume Information\_restore{4144168B-986A-49EC-A2A7-92B3703F0BC9}\RP2\A0000337.exe
[RILEVAMENTO] Contiene il modello di rilevamento per l'adware o lo spyware ADSPY/Zwangi.AA.17
C:\System Volume Information\_restore{4144168B-986A-49EC-A2A7-92B3703F0BC9}\RP2\A0000338.exe
[RILEVAMENTO] Contiene il modello di rilevamento per l'adware o lo spyware ADSPY/Zwangi.AA.17
Inizia con la scansione di 'D:\'

Avvio della disinfezione:
C:\Documents and Settings\Stefano\Desktop\My Downloads\The Black Eyed Peas - They Dont Want Music (Feat James Brown) (Pete Rock Remix).wma
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.WMA.Wima.24
[NOTA] Il file è stato spostato in quarantena con il nome '4b877126.qua'!
C:\Programmi\Power MP3 WMA Converter\skssetup-112-SkserCS.exe
[NOTA] Il file è stato spostato in quarantena con il nome '4b957129.qua'!
C:\System Volume Information\_restore{4144168B-986A-49EC-A2A7-92B3703F0BC9}\RP2\A0000337.exe
[RILEVAMENTO] Contiene il modello di rilevamento per l'adware o lo spyware ADSPY/Zwangi.AA.17
[NOTA] Il file è stato spostato in quarantena con il nome '4b5270ee.qua'!
C:\System Volume Information\_restore{4144168B-986A-49EC-A2A7-92B3703F0BC9}\RP2\A0000338.exe
[RILEVAMENTO] Contiene il modello di rilevamento per l'adware o lo spyware ADSPY/Zwangi.AA.17
[NOTA] Il file è stato spostato in quarantena con il nome '4a3b5ae7.qua'!


Fine della scansione: venerdì, 11. dicembre 2009 17:18
Tempo impiegato: 21:55 Minuto(i)

La scansione è stata completamente eseguita.

4099 Directory scansionate
145277 I file sono stati scansionati
8 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
2 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
4 File spostati in quarantena
0 File rinominati
1 Impossibile scansionare i file
145268 File non infetti
1269 Archivi scansionati
1 Avvisi
7 Note
36207 Oggetti scansionati durante la scansione dei rootkit
0 Sono stati rilevati oggetti nascosti

giovanni6161
Inviato: Saturday, December 12, 2009 2:33:45 PM
Rank: AiutAmico

Iscritto dal : 4/1/2008
Posts: 187
up
r16
Inviato: Saturday, December 12, 2009 3:15:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Fai una nuova scansione con Combofix, e posta il log.
Ricorda di eseguire la scansione, nelle modalità che ho descritto nel post sopra.
giovanni6161
Inviato: Saturday, December 12, 2009 3:54:06 PM
Rank: AiutAmico

Iscritto dal : 4/1/2008
Posts: 187
ho fatto tutto come mi hai indicato ecco il log (il file del log si chiama log.txt è lo stesso?)


ComboFix 09-12-10.01 - Stefano 12.12.2009 15:41:48.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1040.18.2047.1608 [GMT 1:00]
Eseguito da: c:\documents and settings\Stefano\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-11-12 al 2009-12-12 )))))))))))))))))))))))))))))))))))
.

2009-12-12 14:40 . 2009-12-12 14:41 -------- d-----w- C:\32788R22FWJFW
2009-12-11 15:51 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-11 15:51 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-11 15:51 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-11 15:51 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-11 15:51 . 2009-12-11 15:51 -------- d-----w- c:\programmi\Avira
2009-12-11 15:51 . 2009-12-11 15:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-11 15:46 . 2009-12-11 15:46 -------- d-----w- c:\programmi\CCleaner
2009-12-11 14:28 . 2009-12-11 14:30 -------- d-----w- c:\programmi\Unlocker
2009-12-11 13:12 . 2009-12-11 13:12 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Malwarebytes
2009-12-11 13:12 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-11 13:12 . 2009-12-11 13:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-11 13:11 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-11 13:11 . 2009-12-11 13:12 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-08 13:08 . 2009-12-08 13:08 159168 ----a-w- c:\windows\system32\drivers\afcdp.sys
2009-12-08 13:08 . 2009-12-08 13:08 911552 ----a-w- c:\windows\system32\drivers\tdrpm255.sys
2009-12-08 13:08 . 2009-12-08 13:08 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-12-08 13:08 . 2009-12-08 13:08 157248 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-12-08 13:07 . 2009-12-08 13:08 -------- d-----w- c:\programmi\File comuni\Acronis
2009-12-08 13:07 . 2009-12-08 13:07 -------- d-----w- c:\programmi\Acronis
2009-12-07 18:44 . 2009-12-11 15:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SeekService
2009-12-07 18:44 . 2009-12-11 15:56 -------- d-----w- c:\programmi\SeekService
2009-12-07 18:44 . 2009-12-07 18:45 -------- d-----w- c:\programmi\Power MP3 WMA Converter
2009-12-07 12:41 . 2009-09-30 09:41 361472 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\FgPhotofitDll.dll
2009-12-07 12:41 . 2009-09-21 10:14 8192 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\OpenGLCheck.dll
2009-12-07 12:41 . 2009-08-19 10:40 655872 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\msvcr90.dll
2009-12-07 12:41 . 2009-08-19 10:40 572928 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\msvcp90.dll
2009-12-07 12:41 . 2009-10-08 09:30 13312 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\PhotoFaceConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 6144 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\DetectOpenGLConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 5120 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 9216 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\UploadPhotofitConsole.exe
2009-12-07 12:41 . 2009-08-19 10:40 4178264 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\D3DX9_41.dll
2009-12-07 12:41 . 2009-09-30 18:14 15872 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\PhotoFaceConsole.XmlSerializers.dll
2009-12-04 10:54 . 2009-12-10 21:15 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\LimeWire
2009-12-04 10:53 . 2009-12-04 10:54 -------- d-----w- c:\programmi\LimeWire
2009-11-24 22:05 . 2009-11-24 22:05 -------- d-----w- c:\windows\system32\LogFiles
2009-11-18 20:04 . 2009-11-18 20:04 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Panasonic
2009-11-18 20:01 . 2009-11-18 20:01 -------- d-----w- c:\programmi\Panasonic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 15:30 . 2001-09-01 14:00 83770 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 15:30 . 2001-09-01 14:00 489320 ----a-w- c:\windows\system32\perfh010.dat
2009-12-11 15:27 . 2009-07-01 13:38 -------- d-----w- c:\programmi\Alwil Software
2009-12-10 13:57 . 2009-09-17 12:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-12-07 14:12 . 2009-10-08 21:42 398424 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-07 12:41 . 2009-10-08 13:40 175616 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\unrar64_nocrypt.dll
2009-12-07 12:41 . 2009-10-08 13:40 150528 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\unrar_nocrypt.dll
2009-12-07 12:41 . 2009-10-08 13:40 30208 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\FileDownloadConsole.exe
2009-11-18 20:04 . 2009-07-01 13:49 66152 ----a-w- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-18 20:01 . 2009-06-29 05:18 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-14 02:05 . 2009-09-17 12:33 -------- d-----w- c:\programmi\Microsoft Works
2009-11-08 11:32 . 2009-07-01 15:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-11-07 02:35 . 2009-11-05 23:15 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-11-06 00:02 . 2009-07-01 13:49 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-05 23:15 . 2009-11-05 23:12 -------- d-----w- c:\programmi\Microsoft
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2009-11-05 23:15 . 2009-07-01 13:44 -------- d-----w- c:\programmi\Windows Live
2009-11-05 23:14 . 2009-11-05 23:14 -------- d-----w- c:\programmi\Microsoft Sync Framework
2009-11-05 23:13 . 2009-11-05 23:13 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2009-11-05 23:12 . 2009-11-05 23:12 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-11-05 22:56 . 2009-11-05 22:56 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-10-29 19:46 . 2009-10-29 19:22 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\ShareazaTb
2009-10-29 19:23 . 2009-10-29 19:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\10271
2009-10-29 19:22 . 2009-10-29 19:22 -------- d-----w- c:\programmi\ShareazaTb
2009-10-29 07:40 . 2008-08-26 06:57 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 01:13 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 01:13 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 17:53 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2008-04-14 01:13 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 01:13 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 01:13 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-10 20:08 . 2009-10-10 20:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 20:08 . 2009-10-10 20:08 152576 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-08 13:23 . 2009-10-08 13:14 152064 ----a-w- c:\windows\snap.dat
2009-10-08 13:17 . 2009-10-08 13:17 48620 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-26 07:24 . 2009-06-29 04:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

------- Sigcheck -------

[-] 2008-10-22 . E248A8391D7388A0A3679D1FB33E003D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-10-22 . E092AEB03D40F40854D4C3D90C9AFECC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-11_14.40.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-12-12 11:18 . 2009-12-12 11:18 16384 c:\windows\Temp\Perflib_Perfdata_600.dat
+ 2001-09-01 14:00 . 2009-12-11 15:30 70948 c:\windows\system32\perfc009.dat
- 2001-09-01 14:00 . 2009-11-26 14:21 70948 c:\windows\system32\perfc009.dat
+ 2009-12-11 15:51 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2001-09-01 14:00 . 2009-12-11 15:30 441832 c:\windows\system32\perfh009.dat
- 2001-09-01 14:00 . 2009-11-26 14:21 441832 c:\windows\system32\perfh009.dat
+ 2009-12-11 15:27 . 2009-12-11 15:27 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2009-12-11 15:51 . 2009-12-11 15:51 228352 c:\windows\Installer\ce6e0.msi
+ 2009-12-12 11:22 . 2009-12-12 11:22 195584 c:\windows\Installer\43c8d.msi
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}]
2009-08-10 14:07 91584 ----a-w- c:\programmi\ShareazaTb\ShareazaDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\programmi\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584]

[HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-06 5076088]
"Servizio Acronis Scheduler2"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2009-10-06 357688]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=

R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [08.12.2009 14:08 911552]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmi\File comuni\Acronis\CDP\afcdpsrv.exe [08.12.2009 14:08 2326920]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06.11.2009 00:15 54752]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [08.12.2009 14:08 159168]
S2 SeekService Service;SeekService Service;"c:\documents and settings\All Users\Dati applicazioni\SeekService\seekservice145.exe" "c:\programmi\SeekService\seekservice.dll" Service --> c:\documents and settings\All Users\Dati applicazioni\SeekService\seekservice145.exe [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [29.06.2009 06:18 17149]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [01.07.2009 14:49 23152]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [29.06.2009 06:18 362944]
.
------- Scansione supplementare -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CA487843-CA52-4990-BC47-B5B6FC38541E} = 212.216.172.62,194.243.154.62
FF - ProfilePath - c:\documents and settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\lj04s5be.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.it
FF - prefs.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=gsUUfwR7&q=
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=gsUUfwR7&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-12 15:44
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2220)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Ora fine scansione: 2009-12-12 15:45:55
ComboFix-quarantined-files.txt 2009-12-12 14:45
ComboFix2.txt 2009-12-11 14:41

Pre-Run: 303'264'411'648 byte disponibili
Post-Run: 303'239'098'368 byte disponibili

- - End Of File - - F39895136B0C8FE6748A511FA6CB4D14
r16
Inviato: Saturday, December 12, 2009 4:03:03 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\documents and settings\All Users\Dati applicazioni\SeekService\seekservice145.exe
C:\WINDOWS\conmsyrtl.exe

Folder::
c:\programmi\SeekService
c:\documents and settings\All Users\Dati applicazioni\SeekService

Driver::
SeekService Service


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
giovanni6161
Inviato: Saturday, December 12, 2009 5:24:47 PM
Rank: AiutAmico

Iscritto dal : 4/1/2008
Posts: 187
ho eseguito alla lettera cosa mi hai detto, ma combofix ha fatto tutto come se lo aprissi normalmente senza trascinare sopra il file


ComboFix 09-12-10.01 - Stefano 12.12.2009 17:10:55.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1040.18.2047.1599 [GMT 1:00]
Eseguito da: c:\documents and settings\Stefano\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Stefano\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\documents and settings\All Users\Dati applicazioni\SeekService\seekservice145.exe"
"c:\windows\conmsyrtl.exe"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\SeekService
c:\programmi\SeekService
c:\programmi\SeekService\seekservice.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SEEKSERVICE_SERVICE
-------\Service_SeekService Service


((((((((((((((((((((((((( Files Creati Da 2009-11-12 al 2009-12-12 )))))))))))))))))))))))))))))))))))
.

2009-12-11 15:51 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-11 15:51 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-11 15:51 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-11 15:51 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-11 15:51 . 2009-12-11 15:51 -------- d-----w- c:\programmi\Avira
2009-12-11 15:51 . 2009-12-11 15:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-11 15:46 . 2009-12-11 15:46 -------- d-----w- c:\programmi\CCleaner
2009-12-11 14:28 . 2009-12-11 14:30 -------- d-----w- c:\programmi\Unlocker
2009-12-11 13:12 . 2009-12-11 13:12 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Malwarebytes
2009-12-11 13:12 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-11 13:12 . 2009-12-11 13:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-11 13:11 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-11 13:11 . 2009-12-11 13:12 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-08 13:08 . 2009-12-08 13:08 159168 ----a-w- c:\windows\system32\drivers\afcdp.sys
2009-12-08 13:08 . 2009-12-08 13:08 911552 ----a-w- c:\windows\system32\drivers\tdrpm255.sys
2009-12-08 13:08 . 2009-12-08 13:08 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-12-08 13:08 . 2009-12-08 13:08 157248 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-12-08 13:07 . 2009-12-08 13:08 -------- d-----w- c:\programmi\File comuni\Acronis
2009-12-08 13:07 . 2009-12-08 13:07 -------- d-----w- c:\programmi\Acronis
2009-12-07 18:44 . 2009-12-07 18:45 -------- d-----w- c:\programmi\Power MP3 WMA Converter
2009-12-07 12:41 . 2009-09-30 09:41 361472 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\FgPhotofitDll.dll
2009-12-07 12:41 . 2009-09-21 10:14 8192 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\OpenGLCheck.dll
2009-12-07 12:41 . 2009-08-19 10:40 655872 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\msvcr90.dll
2009-12-07 12:41 . 2009-08-19 10:40 572928 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\msvcp90.dll
2009-12-07 12:41 . 2009-10-08 09:30 13312 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\PhotoFaceConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 6144 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\DetectOpenGLConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 5120 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe
2009-12-07 12:41 . 2009-09-29 19:29 9216 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\UploadPhotofitConsole.exe
2009-12-07 12:41 . 2009-08-19 10:40 4178264 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\D3DX9_41.dll
2009-12-07 12:41 . 2009-09-30 18:14 15872 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\PhotoFaceConsole.XmlSerializers.dll
2009-12-04 10:54 . 2009-12-10 21:15 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\LimeWire
2009-12-04 10:53 . 2009-12-04 10:54 -------- d-----w- c:\programmi\LimeWire
2009-11-24 22:05 . 2009-11-24 22:05 -------- d-----w- c:\windows\system32\LogFiles
2009-11-18 20:04 . 2009-11-18 20:04 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Panasonic
2009-11-18 20:01 . 2009-11-18 20:01 -------- d-----w- c:\programmi\Panasonic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 15:30 . 2001-09-01 14:00 83770 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 15:30 . 2001-09-01 14:00 489320 ----a-w- c:\windows\system32\perfh010.dat
2009-12-11 15:27 . 2009-07-01 13:38 -------- d-----w- c:\programmi\Alwil Software
2009-12-10 13:57 . 2009-09-17 12:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-12-07 14:12 . 2009-10-08 21:42 398424 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-07 12:41 . 2009-10-08 13:40 175616 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\unrar64_nocrypt.dll
2009-12-07 12:41 . 2009-10-08 13:40 150528 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\unrar_nocrypt.dll
2009-12-07 12:41 . 2009-10-08 13:40 30208 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\EA\EASW\GameFace\FileDownloadConsole.exe
2009-11-18 20:04 . 2009-07-01 13:49 66152 ----a-w- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-18 20:01 . 2009-06-29 05:18 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-14 02:05 . 2009-09-17 12:33 -------- d-----w- c:\programmi\Microsoft Works
2009-11-08 11:32 . 2009-07-01 15:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-11-07 02:35 . 2009-11-05 23:15 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-11-06 00:02 . 2009-07-01 13:49 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-05 23:15 . 2009-11-05 23:12 -------- d-----w- c:\programmi\Microsoft
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2009-11-05 23:15 . 2009-07-01 13:44 -------- d-----w- c:\programmi\Windows Live
2009-11-05 23:14 . 2009-11-05 23:14 -------- d-----w- c:\programmi\Microsoft Sync Framework
2009-11-05 23:13 . 2009-11-05 23:13 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2009-11-05 23:12 . 2009-11-05 23:12 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-11-05 22:56 . 2009-11-05 22:56 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-10-29 19:46 . 2009-10-29 19:22 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\ShareazaTb
2009-10-29 19:23 . 2009-10-29 19:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\10271
2009-10-29 19:22 . 2009-10-29 19:22 -------- d-----w- c:\programmi\ShareazaTb
2009-10-29 07:40 . 2008-08-26 06:57 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 01:13 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 01:13 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 17:53 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2008-04-14 01:13 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 01:13 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 01:13 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-10 20:08 . 2009-10-10 20:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 20:08 . 2009-10-10 20:08 152576 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-08 13:23 . 2009-10-08 13:14 152064 ----a-w- c:\windows\snap.dat
2009-10-08 13:17 . 2009-10-08 13:17 48620 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-26 07:24 . 2009-06-29 04:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

------- Sigcheck -------

[-] 2008-10-22 . E248A8391D7388A0A3679D1FB33E003D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-10-22 . E092AEB03D40F40854D4C3D90C9AFECC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-11_14.40.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-12-12 16:14 . 2009-12-12 16:14 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
+ 2001-09-01 14:00 . 2009-12-11 15:30 70948 c:\windows\system32\perfc009.dat
- 2001-09-01 14:00 . 2009-11-26 14:21 70948 c:\windows\system32\perfc009.dat
+ 2009-12-11 15:51 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2001-09-01 14:00 . 2009-11-26 14:21 441832 c:\windows\system32\perfh009.dat
+ 2001-09-01 14:00 . 2009-12-11 15:30 441832 c:\windows\system32\perfh009.dat
+ 2009-12-11 15:27 . 2009-12-11 15:27 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2009-12-11 15:51 . 2009-12-11 15:51 228352 c:\windows\Installer\ce6e0.msi
+ 2009-12-12 11:22 . 2009-12-12 11:22 195584 c:\windows\Installer\43c8d.msi
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}]
2009-08-10 14:07 91584 ----a-w- c:\programmi\ShareazaTb\ShareazaDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\programmi\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584]

[HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-06 5076088]
"Servizio Acronis Scheduler2"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2009-10-06 357688]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=

R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [08.12.2009 14:08 911552]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmi\File comuni\Acronis\CDP\afcdpsrv.exe [08.12.2009 14:08 2326920]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06.11.2009 00:15 54752]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [08.12.2009 14:08 159168]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [29.06.2009 06:18 17149]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [01.07.2009 14:49 23152]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [29.06.2009 06:18 362944]
.
------- Scansione supplementare -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CA487843-CA52-4990-BC47-B5B6FC38541E} = 212.216.172.62,194.243.154.62
FF - ProfilePath - c:\documents and settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\lj04s5be.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.it
FF - prefs.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=gsUUfwR7&q=
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=gsUUfwR7&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-12 17:14
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\WININET.dll
c:\programmi\Unlocker\UnlockerHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-12 17:17:08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-12 16:17
ComboFix2.txt 2009-12-12 14:45
ComboFix3.txt 2009-12-11 14:41

Pre-Run: 303'228'579'840 byte disponibili
Post-Run: 303'129'432'064 byte disponibili

- - End Of File - - 1E754D435FB630527B0BF0807C72E4BB
r16
Inviato: Saturday, December 12, 2009 10:43:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.
Posta un log di HJT.
giovanni6161
Inviato: Saturday, December 12, 2009 11:27:34 PM
Rank: AiutAmico

Iscritto dal : 4/1/2008
Posts: 187
ecco il log di hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:38, on 12.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stefano\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Programmi\ShareazaTb\ShareazaDx.dll
O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Programmi\ShareazaTb\ShareazaDx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Servizio Acronis Scheduler2] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA487843-CA52-4990-BC47-B5B6FC38541E}: NameServer = 212.216.172.62,194.243.154.62
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Servizio Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 7171 bytes
r16
Inviato: Saturday, December 12, 2009 11:44:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /Uninstall
Attendi la fine dei lavori senza toccare tastiera, mouse o altro.

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:

O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Programmi\ShareazaTb\ShareazaDx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Servizio Acronis Scheduler2] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO 1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Riavvia il pc.

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected

Fai uno ScanDisk, e una deframmentazione del HD.
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Finita tutta la procedura, dimmi come funziona il pc, e se riscontri problemi.
giovanni6161
Inviato: Sunday, December 13, 2009 2:49:35 PM
Rank: AiutAmico

Iscritto dal : 4/1/2008
Posts: 187
ciao ho ho eseguito tutto come mi hai detto tu, ora il computer è più reattivo grazie infinite un plauso per te e tutto il forum Angel
r16
Inviato: Sunday, December 13, 2009 2:52:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Di niente.
Ciao.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.