Aiuto eliminazione virus

F

furbo1984

Digital-Forum Junior
Registrato
8 Novembre 2011
Messaggi
53
Salve a tutti,
come da oggetto temo di aver contratto un bel virus (o malware o altro) con il mio pc desktop.

Penso questo perchè un pò di tempo fa, tentando di aprire un pdf su internet con il browser mi era successo che il pc si bloccasse e poi non ripartisse. Messaggi strani, finestro pop up su finestre pop up etc..

Ho risolto mediante scansione combofix unita a ripristino configurazione di sistema.

Adesso appartemente il S.O. funziona correttamente ma ho notato questi due problemi, che vi vado ad elencare di seguito che mi fanno pensare che ci sia qualcosa che non va:

- Se faccio una ricerca su google immagini, mi da solo 24 risultati e poi mi da 36 caselle grigie (come se non caricasse l'immagine) e basta. Ho provato con altri pc a fare le stesse ricerche ed ottengo molti piu risultati.
In piu non riesco ad entrare nei setting delle ricerche di google (safesearche e il pulsante dell'ingranaggio al suo fianco)

- Se attacco un HD esterno o una Pennetta USB, quando la vado a disattivare mi dice che è impossibile poichè qualcosa sta accedendo ancora alla periferica. Chiaramente ho chiuso tutto quando provo a disattivare.

Ho gia fatto scansione con:

antivirus NOD32, negativa
combofix (piu e piu volte, ci impiega sempre molto tempo a portarla a termine)
malwareBytes, negativa
spybot S&D, negativa
Hjackthis


Riporto nel post di seguito i report di tali scansioni.

Qualcuno sa darmi qualche consiglio per risolvere questi problemi che sembrano cose da niente ma sono piuttosto fastidiosi, dato che la ricerca delle immagini mi serve spessissimo.


Dimenticavo, il mio S.O. è Windows xp professional SP3

Grazie a tutti anticipatamente.
Di seguito i report:
 
REPORT COMBOFIX:

ComboFix 12-03-08.02 - Intel 12/03/2012 19.39.43.6.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2117 [GMT 1:00]
Eseguito da: f:\internet download\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-12 al 2012-03-12 )))))))))))))))))))))))))))))))))))
.
.
2012-03-12 16:34 . 2012-03-12 16:34 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-03-12 16:34 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 21:17 . 2012-03-02 21:17 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-24 13:20 . 2012-02-25 14:37 -------- d-----w- c:\programmi\JDownloader(2)
2012-02-24 13:19 . 2012-02-24 13:19 237 ----a-w- C:\user.js
2012-02-21 10:58 . 2011-06-23 12:18 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-02-21 10:58 . 2011-06-23 12:18 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2012-02-15 12:58 . 2012-02-15 12:58 -------- d-----w- c:\documents and settings\Intel\Dati applicazioni\Remote
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 11:10 . 2011-06-23 11:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2012-02-17 17:50 . 2011-11-12 10:12 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-06_11.44.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-12 14:00 . 2012-03-12 14:00 16384 c:\windows\Temp\Perflib_Perfdata_418.dat
+ 2009-02-16 10:15 . 2008-04-14 02:14 51712 c:\windows\system32\dllcache\oobebaln.exe
+ 2009-02-16 10:15 . 2008-04-14 02:14 29184 c:\windows\system32\dllcache\msoobe.exe
+ 2011-10-02 11:08 . 2012-02-14 22:43 286052 c:\windows\system32\nvdrsdb1.bin
- 2011-10-02 11:08 . 2011-11-27 13:11 286052 c:\windows\system32\nvdrsdb1.bin
+ 2011-10-02 11:08 . 2012-02-14 22:43 286052 c:\windows\system32\nvdrsdb0.bin
- 2011-10-02 11:08 . 2011-12-07 20:29 286052 c:\windows\system32\nvdrsdb0.bin
+ 2012-02-20 11:10 . 2012-02-20 11:10 250016 c:\windows\system32\Macromed\Flash\FlashUtil11f_Plugin.exe
+ 2012-03-12 13:59 . 2012-03-12 13:59 389592 c:\windows\system32\FNTCACHE.DAT
+ 2012-03-09 20:55 . 2012-03-09 20:55 830976 c:\windows\Installer\772021f.msi
+ 2012-03-09 20:55 . 2012-03-09 20:55 323935 c:\windows\Installer\{39CB82CF-4B5D-4174-B2B3-C03DBE3CAFDE}\HD_Studio_12.exe
+ 2012-02-09 14:35 . 2012-02-09 14:35 974848 c:\windows\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\a217254a2962cc8affce5fa4f8e1f350\Newtonsoft.Json.ni.dll
+ 2009-04-04 18:56 . 2012-03-02 21:18 7351992 c:\windows\system32\Restore\rstrlog.dat
+ 2010-01-27 01:07 . 2012-02-20 11:10 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-01-27 01:07 . 2012-01-04 13:13 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2012-02-09 14:35 . 2012-02-09 14:35 2572288 c:\windows\assembly\NativeImages_v4.0.30319_32\Songr\52e0641fbe1c28d61fc3798fb4a074ca\Songr.ni.exe
+ 2012-02-09 14:34 . 2012-02-09 14:34 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\Interop.WMPLib\766b1d7e5adecc860607c5859ed131f2\Interop.WMPLib.ni.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\programmi\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"eMuleAutoStart"="c:\programmi\eMule\emule.exe" [2010-04-07 5758976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"itype"="c:\programmi\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-08 1451264]
"mylbx"="c:\programmi\My Lockbox\mylbx.exe" [2010-05-24 1614048]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"nwiz"="c:\programmi\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\programmi\File comuni\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Tasto di scelta rapida per l'avvio di AutoCAD.lnk
backup=c:\windows\pss\Tasto di scelta rapida per l'avvio di AutoCAD.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Intel^Menu Avvio^Programmi^Esecuzione automatica^Azureus Ultra Accelerator.lnk]
path=c:\documents and settings\Intel\Menu Avvio\Programmi\Esecuzione automatica\Azureus Ultra Accelerator.lnk
backup=c:\windows\pss\Azureus Ultra Accelerator.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
2003-03-27 13:11 151552 ----a-w- c:\windows\system32\stmctrl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2009-09-17 00:25 1196032 ----a-w- c:\programmi\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
2007-10-09 15:21 169328 ----a-w- c:\programmi\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-02-24 12:41 321344 ----a-w- c:\programmi\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\programmi\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-03-22 23:13 1591808 ----a-w- c:\programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-15 13:25 136176 ----atw- c:\documents and settings\Intel\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-11-10 16:06 406016 ------w- c:\windows\system32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 ----a-w- c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2009-11-03 20:45 1435240 ----a-w- c:\programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-01-07 01:36 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Programmi\\Cerberus LLC\\Cerberus FTP Server\\CerberusGUI.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7001:TCP"= 7001:TCP:BitTorrent
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"54010:TCP"= 54010:TCP:Samsung AllShare SlideShow Service
.
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [25/05/2010 11.04.17 43792]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [23/06/2008 23.21.48 150568]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [08/10/2008 7.50.14 34312]
R2 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [27/02/2009 2.20.17 464264]
R2 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [27/02/2009 2.20.27 234888]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [08/10/2008 7.47.58 468224]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [25/05/2010 11.04.18 142648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [02/10/2011 12.08.37 2253120]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [23/02/2009 18.33.20 59466]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [10/06/2010 15.06.46 136176]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31/08/2001 10.00.00 3584]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [10/06/2010 15.06.46 136176]
S3 pcPAD16;pcPAD Filter Service 16;c:\windows\system32\drivers\PCPAD16.sys [20/09/2010 18.11.10 33374]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [20/08/2010 18.52.35 588032]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [23/02/2009 18.33.20 538925]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12.16.28 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/02/2009 21.53.08 717296]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-10 14:06]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-10 14:06]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-308236825-725345543-1003Core.job
- c:\documents and settings\Intel\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-27 13:25]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-308236825-725345543-1003UA.job
- c:\documents and settings\Intel\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-27 13:25]
.
2012-03-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-15 20:18]
.
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Intel\Dati applicazioni\Mozilla\Firefox\Profiles\ra6gkhwe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/IG
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109989&babsrc=adbartrp&mntrId=945525480000000000000022159f50dd&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109989
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 945525480000000000000022159f50dd
FF - user.js: extensions.BabylonToolbar_i.hardId - 945525480000000000000022159f50dd
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15394
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:19
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-12 20:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
.
c:\docume~1\Intel\IMPOST~1\Temp\catchme.dll 53248 bytes executable
.
Scansione completata con successo
Files nascosti: 1
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-308236825-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:ac,1b,7f,be,21,1e,a4,e9,49,63,a1,1c,d3,35,d1,bf,f2,57,e3,2e,87,4d,8a,
d2,d4,a3,00,c0,67,a6,2a,e9,e9,e8,0b,96,54,7c,ed,d7,ee,9c,fb,a9,da,81,98,b5,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
.
[HKEY_USERS\S-1-5-21-343818398-308236825-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:bd,fa,fb,b5,1b,f3,cc,37,b0,77,0c,82,c4,54,9f,91,53,55,2a,11,19,
c2,6f,2d,69,12,99,ca,f1,46,83,2d,77,08,cd,c6,21,88,4d,3a,f6,24,83,ed,26,3a,\
"rkeysecu"=hex:2b,af,8e,5e,98,1e,5d,dd,99,de,12,1c,fc,95,8b,17
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\04\1d\0b\10)?"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140710900063D11C8EF10054038389C"="C?\\windows\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(848)
c:\programmi\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WININET.dll
c:\programmi\SpeedBit Video Accelerator\CommPipe.dll
c:\programmi\SpeedBit Video Accelerator\Collector.dll
.
- - - - - - - > 'explorer.exe'(4460)
c:\windows\system32\WININET.dll
c:\programmi\ESET\ESET NOD32 Antivirus\eplgHooks.dll
c:\programmi\NVIDIA Corporation\nView\nview.dll
c:\programmi\NVIDIA Corporation\nView\NVWRSIT.DLL
c:\programmi\SpeedBit Video Accelerator\Accelerator.dll
c:\programmi\SpeedBit Video Accelerator\CommPipe.dll
c:\programmi\SpeedBit Video Accelerator\Collector.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2012-03-12 20:29:04
ComboFix-quarantined-files.txt 2012-03-12 19:28
ComboFix2.txt 2012-03-08 19:54
ComboFix3.txt 2012-03-02 22:46
ComboFix4.txt 2012-03-02 21:04
ComboFix5.txt 2012-03-12 18:34
.
Pre-Run: 36.891.799.552 byte disponibili
Post-Run: 36.867.092.480 byte disponibili
.
- - End Of File - - 32A40E8CB5A017E649FCF006DED03CCE
 
REPORT HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.09.51, on 12/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\AskBarDis\bar\bin\AskService.exe
C:\Programmi\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Programmi\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\fsproflt.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\windows\RTHDCPL.EXE
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\My Lockbox\mylbx.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Logitech\SetPointP\SetPoint.exe
C:\windows\system32\rundll32.exe
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\windows\System32\svchost.exe
C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmi\TechSmith\SnagIt 8\TSCHelp.exe
C:\windows\system32\PING.exe
C:\windows\system32\wuauclt.exe
C:\windows\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [mylbx] C:\Programmi\My Lockbox\mylbx.exe /a
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [googletalk] "C:\Programmi\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-21-343818398-308236825-725345543-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-343818398-308236825-725345543-1007\..\Run: [WX1G5A9I3ZVZ5F9ARLOONOFDD] C:\winlogon\CD165098942.exe /q (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://download.autodesk.com/esd/mapguide/SP1/ITA/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1235410607593
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: ASKService - Unknown owner - C:\Programmi\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Programmi\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Programmi\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\windows\system32\fsproflt.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

--
End of file - 8985 bytes
 
Ultima modifica:
REPORT MALWAREBYTES:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Versione database: v2012.03.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Intel :: UTENTE [amministratore]

12/03/2012 17.37.16
mbam-log-2012-03-12 (17-37-16).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 415362
Tempo impiegato: 1 ore, 17 minuti, 28 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)
 
Inizierei a disattivare per prima cosa il ripristino di configurazione di Xp ,poi seleziona e elimina premendo fix le sequenti cose

C:\Programmi\AskBarDis\bar\bin\AskService.exe

C:\Programmi\AskBarDis\bar\bin\ASKUpgrade.exe

02 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)

O23 - Service: ASKService - Unknown owner - C:\Programmi\AskBarDis\bar\bin\AskService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Programmi\AskBarDis\bar\bin\ASKUpgrade.exe


Cancella anche il contenuto della cartella TEMP

C:windows/temp

Fai anche una scansione on line Qui
 
ERCOLINO ha scritto:
Inizierei a disattivare per prima cosa il ripristino di configurazione di Xp ,poi seleziona e elimina premendo fix le sequenti cose

C:\Programmi\AskBarDis\bar\bin\AskService.exe

C:\Programmi\AskBarDis\bar\bin\ASKUpgrade.exe

02 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)

O23 - Service: ASKService - Unknown owner - C:\Programmi\AskBarDis\bar\bin\AskService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Programmi\AskBarDis\bar\bin\ASKUpgrade.exe


Cancella anche il contenuto della cartella TEMP

C:windows/temp

Fai anche una scansione on line Qui
Clicca per espandere...

Grazie 1000 innanzitutto,

ma le cose che mi hai detto devo farle nell'ordine in cui le hai dette??
 
Le selezioni tutte assieme e poi premi fix.

Il ripristino di configurazione e la prima cosa che va disattivata ,se si vuole eliminare qualsiasi virus ,visto che nessun antivirus ha accesso alla cartella restore.
 
ERCOLINO ha scritto:
Le selezioni tutte assieme e poi premi fix.

Il ripristino di configurazione e la prima cosa che va disattivata ,se si vuole eliminare qualsiasi virus ,visto che nessun antivirus ha accesso alla cartella restore.
Clicca per espandere...


Ho fatto tutto quello che mi hai detto, adesso sto facendo anche la scansione con NOD32, poi rifaccio hijackthis e riposto il log.
Mi puoi dire se va bene?

Perche ancora i problemi che avevo ce li ho..

Potrei anche riprovare combofix adesso che ho disattivato il ripristino configurazione di sistema, che dici??
 
c'è questo file "Perflib_Perfdata_2f4.dat" su c:windows\temp che non si cancella..
 
Non è un problema ,è innoquo ,fa parte del sistema operativo.

Prova a fare tutte le scansioni nuovamente
 
ERCOLINO ha scritto:
Non è un problema ,è innoquo ,fa parte del sistema operativo.

Prova a fare tutte le scansioni nuovamente
Clicca per espandere...


ecco il nuovo report hijackthis:


Codice: 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.38.23, on 12/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Programmi\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\fsproflt.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\windows\system32\wuauclt.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\windows\RTHDCPL.EXE
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\My Lockbox\mylbx.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Logitech\SetPointP\SetPoint.exe
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Programmi\Google\Google Talk\googletalk.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\windows\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\windows\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [mylbx] C:\Programmi\My Lockbox\mylbx.exe /a
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [googletalk] "C:\Programmi\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-21-343818398-308236825-725345543-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://download.autodesk.com/esd/mapguide/SP1/ITA/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235410607593
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Programmi\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\windows\system32\fsproflt.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

--
End of file - 8477 bytes
 
non riuscendo a risolvere il problema ho deciso di optare per una soluzione più drastica, ed ho formattato.

Era da tempo che ci pensavo, perche il pc stava diventando molto lento.. ho colto la palla al balzo..
 
Devi accedere o registrarti per poter rispondere.
Indietro
Alto Basso