ciao, allora ti ringrazio ancora della considerazione...
ho fatto come mi hai detto, il pc mi sembra meglio.. possibile??!
intanto ti allego il log...
(ah.. probabilmente ho fatto un c*****a.., ho istallato rescue..!!)
grazie ancora
ComboFix 11-09-12.02 - Marco 12/09/2011 16.07.32.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.489 [GMT 2:00]
Eseguito da: c:\documents and settings\Marco\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {0012EE84-FFFC-FFFF-0200-00004FBCC4F1}
AV: Lavasoft Ad-Watch Live! Anti-virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\acad.exe.b65b7658.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\acad.exe.f941824a.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\acstart16.exe.cdd1300.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\admigrator.exe.d6d69233.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\Ngen.exe.2c05686e.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\RegAsm.exe.11f1da13.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL10D.tmp.1fb1e151.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL11C.tmp.f1f1e38f.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL12A.tmp.804586cc.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL12B.tmp.c431e5cd.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL12F.tmp.d3e361d1.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL16.tmp.996e442b.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL167.tmp.b42f759e.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL190.tmp.1b3e0054.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL195.tmp.6edbdb59.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL198.tmp.3aa0f85c.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL1CD.tmp.8a8940de.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL27.tmp.f387046b.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL3A.tmp.2e7afbd4.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL4.tmp.e59df020.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL41.tmp.88558ce3.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL43.tmp.102e4ae5.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL44.tmp.541aa9e6.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL46.tmp.dbf367e8.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL47.tmp.1fdfc6e9.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL50.tmp.5a958f21.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL51.tmp.9e81ee22.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL6.tmp.6d76ae22.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL66.tmp.84c2a66.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL7.tmp.b1630d23.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL7E.tmp.96ddfcd4.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL8.tmp.f54f6c24.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL8C.tmp.2531a011.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL9A.tmp.b385434e.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SLB8.tmp.5fc59f3c.ini
c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory\SLE4.tmp.929946f5.ini
c:\documents and settings\Marco\WINDOWS
c:\programmi\messenger\msmsgsin.exe
c:\windows\IsUn0410.exe
c:\windows\system32\autorun.i
c:\windows\system32\autorun.in
c:\windows\system32\AutoRun.inf
c:\windows\system32\bit4ipki.dll.conf
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-12 al 2011-09-12 )))))))))))))))))))))))))))))))))))
.
.
2011-09-12 14:23 . 2011-09-12 14:24 -------- d-----w- c:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\ApplicationHistory
2011-09-03 10:17 . 2011-09-03 10:17 603136 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-18 01:11 . 2011-08-18 01:11 -------- d-----w- c:\windows\system32\XPSViewer
2011-08-18 01:10 . 2011-08-18 01:10 -------- d-----w- c:\programmi\MSBuild
2011-08-18 01:10 . 2011-08-18 01:10 -------- d-----w- c:\programmi\Reference Assemblies
2011-08-18 01:10 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-08-18 01:09 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-08-18 01:09 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-08-18 01:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-08-18 01:09 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-08-18 01:09 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-08-18 01:09 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-08-18 01:09 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-08-18 01:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-08-18 01:09 . 2011-08-18 01:10 -------- dc----w- C:\188cd149846b916924
2011-08-17 07:32 . 2011-08-17 07:32 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\Uniblue
2011-08-17 07:31 . 2011-08-17 07:31 -------- d-----w- c:\programmi\Uniblue
2011-08-16 09:41 . 2011-08-16 09:41 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\Easeware
2011-08-16 08:43 . 2011-08-16 08:43 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\DriverCure
2011-08-16 08:43 . 2011-08-16 08:43 -------- d-----w- c:\documents and settings\Marco\Dati applicazioni\ParetoLogic
2011-08-16 08:40 . 2011-08-16 09:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic
2011-08-16 07:41 . 2011-08-16 07:41 -------- d-----w- c:\programmi\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2002-09-10 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-02 07:16 . 2011-05-18 07:15 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 09:32 . 2002-09-10 12:00 26624 -c--a-w- c:\windows\system32\userinit.exe
2011-08-12 08:56 . 2009-10-29 14:08 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-12 08:56 . 2011-08-12 11:55 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-07-21 12:59 . 2011-08-12 08:52 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-18 14:49 . 2008-04-24 14:36 286720 ----a-w- c:\windows\system32\bit4extplg.dll
2011-07-18 14:49 . 2009-03-23 16:16 1028096 ----a-w- c:\windows\system32\bit4ipki.dll
2011-07-15 13:29 . 2002-09-10 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-09-10 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 13:55 . 2011-07-06 13:43 6803 ----a-w- c:\documents and settings\Marco\Dati applicazioni\mdbu.bin
2011-06-30 08:38 . 2010-04-08 23:25 97504 -c--a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 08:38 . 2010-04-08 23:25 29400 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38 . 2010-04-08 23:25 242600 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38 . 2010-04-08 23:25 17416 -c--a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37 . 2011-05-05 17:20 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-24 14:10 . 2006-04-06 16:08 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2002-09-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2002-09-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2002-09-10 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-04-06 16:46 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-09-10 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 55296]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Marco\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.2.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - c:\programmi\File comuni\Autodesk Shared\acstart16.exe [2004-2-25 10872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"995:TCP"= 995:TCP:PEC arrivo
"465:TCP"= 465:TCP:PEC uscita
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/08/2011 10.52.55 64512]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [09/04/2010 1.25.46 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [09/04/2010 1.25.46 29400]
R2 CLPSLS;COMODO livePCsupport Service;c:\programmi\COMODO\COMODO livePCsupport\CLPSLS.exe [19/02/2010 17.00.24 148744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [21/07/2011 14.59.06 2152152]
R2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [25/02/2010 16.59.52 86016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [30/04/2004 14.35.00 24832]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programmi\Lavasoft\Ad-Aware\kernexplorer.sys [21/07/2011 14.59.08 15232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - HELPSVC
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 07:40]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.tiscali.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: bancaroma.it
Trusted Zone: unicreditbanca.it
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-09-12 16:22
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2520)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\SOUNDMAN.EXE
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Ora fine scansione: 2011-09-12 16:34:53 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-09-12 14:34
.
Pre-Run: 33.993.555.968 byte disponibili
Post-Run: 34.576.982.016 byte disponibili
.
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B12927DEEC163348A2EC158C6F247452
